diff --git a/.dockerignore b/.dockerignore index d70a57ad2..01ee60185 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,4 +2,3 @@ .stack-work .worktree lib/*/.stack-work -examples diff --git a/.gitignore b/.gitignore index 83976a546..875bd6f5d 100644 --- a/.gitignore +++ b/.gitignore @@ -43,3 +43,7 @@ stack.yaml.lock *.iml .idea/ out/ + +*.pv + +.worktree diff --git a/case-studies-regression/Tutorial_analyzed.spthy b/case-studies-regression/Tutorial_analyzed.spthy index 00b256681..4b3a4eff0 100644 --- a/case-studies-regression/Tutorial_analyzed.spthy +++ b/case-studies-regression/Tutorial_analyzed.spthy @@ -2,7 +2,8 @@ theory Tutorial begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: adec/2, aenc/2, fst/1[destructor], h/1, pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(m, pk(k)), k) = m, fst() = x.1, @@ -222,6 +223,14 @@ solve( Client_1( S, k ) ▶₀ #i ) qed qed + + + + + + + + /* All well-formedness checks were successful. */ end @@ -237,7 +246,7 @@ analyzing: examples/Tutorial.spthy analyzed: examples/Tutorial.spthy output: examples/Tutorial.spthy.tmp - processing time: 0.186242502s + processing time: 0.148807957s Client_session_key_secrecy (all-traces): verified (5 steps) Client_auth (all-traces): verified (11 steps) Client_auth_injective (all-traces): verified (15 steps) @@ -251,7 +260,7 @@ summary of summaries: analyzed: examples/Tutorial.spthy output: examples/Tutorial.spthy.tmp - processing time: 0.186242502s + processing time: 0.148807957s Client_session_key_secrecy (all-traces): verified (5 steps) Client_auth (all-traces): verified (11 steps) Client_auth_injective (all-traces): verified (15 steps) diff --git a/case-studies-regression/ake/bilinear/Chen_Kudla_analyzed.spthy b/case-studies-regression/ake/bilinear/Chen_Kudla_analyzed.spthy index e57abd980..c4c96291b 100644 --- a/case-studies-regression/ake/bilinear/Chen_Kudla_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/Chen_Kudla_analyzed.spthy @@ -3,11 +3,13 @@ theory Chen_Kudla begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, h/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* A variant of the Chen-Kudla protocol that uses ordered concatenation instead addition of points *} @@ -2574,6 +2576,12 @@ next qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -2589,7 +2597,7 @@ analyzing: examples/ake/bilinear/Chen_Kudla.spthy analyzed: examples/ake/bilinear/Chen_Kudla.spthy output: examples/ake/bilinear/Chen_Kudla.spthy.tmp - processing time: 57.029003883s + processing time: 88.051054428s key_agreement_reachable (exists-trace): verified (13 steps) key_secrecy_ephemeral_no_WPFS (all-traces): verified (679 steps) @@ -2601,7 +2609,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Chen_Kudla.spthy output: examples/ake/bilinear/Chen_Kudla.spthy.tmp - processing time: 57.029003883s + processing time: 88.051054428s key_agreement_reachable (exists-trace): verified (13 steps) key_secrecy_ephemeral_no_WPFS (all-traces): verified (679 steps) diff --git a/case-studies-regression/ake/bilinear/Chen_Kudla_eCK_analyzed.spthy b/case-studies-regression/ake/bilinear/Chen_Kudla_eCK_analyzed.spthy index 58b4538cb..647158edc 100644 --- a/case-studies-regression/ake/bilinear/Chen_Kudla_eCK_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/Chen_Kudla_eCK_analyzed.spthy @@ -3,11 +3,13 @@ theory Chen_Kudla begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, h/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* A variant of the Chen-Kudla protocol that uses ordered concatenation instead addition of points *} @@ -503,6 +505,12 @@ solve( (∃ matching #i3 #i4 sid. qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -518,7 +526,7 @@ analyzing: examples/ake/bilinear/Chen_Kudla_eCK.spthy analyzed: examples/ake/bilinear/Chen_Kudla_eCK.spthy output: examples/ake/bilinear/Chen_Kudla_eCK.spthy.tmp - processing time: 45.789046796s + processing time: 55.372479208s key_secrecy_eCK_like (all-traces): falsified - found trace (24 steps) ------------------------------------------------------------------------------ @@ -529,7 +537,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Chen_Kudla_eCK.spthy output: examples/ake/bilinear/Chen_Kudla_eCK.spthy.tmp - processing time: 45.789046796s + processing time: 55.372479208s key_secrecy_eCK_like (all-traces): falsified - found trace (24 steps) ============================================================================== diff --git a/case-studies-regression/ake/bilinear/Joux_EphkRev_analyzed.spthy b/case-studies-regression/ake/bilinear/Joux_EphkRev_analyzed.spthy index 4037d692d..140ce81ea 100644 --- a/case-studies-regression/ake/bilinear/Joux_EphkRev_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/Joux_EphkRev_analyzed.spthy @@ -3,7 +3,8 @@ theory Joux_EphkRev begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing, multiset -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -13,6 +14,12 @@ equations: section{* The Joux Protocol using Signatures*} + + + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --> @@ -1040,7 +1047,7 @@ analyzing: examples/ake/bilinear/Joux_EphkRev.spthy analyzed: examples/ake/bilinear/Joux_EphkRev.spthy output: examples/ake/bilinear/Joux_EphkRev.spthy.tmp - processing time: 24.81967429s + processing time: 28.081048642s session_key_establish (exists-trace): verified (28 steps) Session_Key_Secrecy_PFS (all-traces): falsified - found trace (14 steps) @@ -1052,7 +1059,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Joux_EphkRev.spthy output: examples/ake/bilinear/Joux_EphkRev.spthy.tmp - processing time: 24.81967429s + processing time: 28.081048642s session_key_establish (exists-trace): verified (28 steps) Session_Key_Secrecy_PFS (all-traces): falsified - found trace (14 steps) diff --git a/case-studies-regression/ake/bilinear/Joux_analyzed.spthy b/case-studies-regression/ake/bilinear/Joux_analyzed.spthy index 0b0354a67..a0301b024 100644 --- a/case-studies-regression/ake/bilinear/Joux_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/Joux_analyzed.spthy @@ -3,7 +3,8 @@ theory Joux begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing, multiset -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -13,6 +14,12 @@ equations: section{* The Joux Protocol using Signatures*} + + + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --> @@ -1056,7 +1063,7 @@ analyzing: examples/ake/bilinear/Joux.spthy analyzed: examples/ake/bilinear/Joux.spthy output: examples/ake/bilinear/Joux.spthy.tmp - processing time: 21.737366785s + processing time: 23.775688128s session_key_establish (exists-trace): verified (28 steps) Session_Key_Secrecy_PFS (all-traces): verified (22 steps) @@ -1068,7 +1075,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Joux.spthy output: examples/ake/bilinear/Joux.spthy.tmp - processing time: 21.737366785s + processing time: 23.775688128s session_key_establish (exists-trace): verified (28 steps) Session_Key_Secrecy_PFS (all-traces): verified (22 steps) diff --git a/case-studies-regression/ake/bilinear/RYY_PFS_analyzed.spthy b/case-studies-regression/ake/bilinear/RYY_PFS_analyzed.spthy index aee9a50e7..91310aaae 100644 --- a/case-studies-regression/ake/bilinear/RYY_PFS_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/RYY_PFS_analyzed.spthy @@ -3,11 +3,13 @@ theory RYY begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* RYY : UM-like identity based key exchange protocol *} rule (modulo E) KGC_Setup: @@ -382,6 +384,10 @@ solve( (∃ matching #i3 role2. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -397,7 +403,7 @@ analyzing: examples/ake/bilinear/RYY_PFS.spthy analyzed: examples/ake/bilinear/RYY_PFS.spthy output: examples/ake/bilinear/RYY_PFS.spthy.tmp - processing time: 7.876468162s + processing time: 8.291041154s key_agreement_reachable (exists-trace): verified (11 steps) key_secrecy_PFS (all-traces): falsified - found trace (12 steps) @@ -409,7 +415,7 @@ summary of summaries: analyzed: examples/ake/bilinear/RYY_PFS.spthy output: examples/ake/bilinear/RYY_PFS.spthy.tmp - processing time: 7.876468162s + processing time: 8.291041154s key_agreement_reachable (exists-trace): verified (11 steps) key_secrecy_PFS (all-traces): falsified - found trace (12 steps) diff --git a/case-studies-regression/ake/bilinear/RYY_analyzed.spthy b/case-studies-regression/ake/bilinear/RYY_analyzed.spthy index a86c01b6f..ea8dc63a2 100644 --- a/case-studies-regression/ake/bilinear/RYY_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/RYY_analyzed.spthy @@ -3,11 +3,13 @@ theory RYY begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* RYY : UM-like identity based key exchange protocol *} rule (modulo E) KGC_Setup: @@ -512,6 +514,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -527,7 +533,7 @@ analyzing: examples/ake/bilinear/RYY.spthy analyzed: examples/ake/bilinear/RYY.spthy output: examples/ake/bilinear/RYY.spthy.tmp - processing time: 7.735757739s + processing time: 7.663440743s key_agreement_reachable (exists-trace): verified (11 steps) key_secrecy_WPFS (all-traces): verified (53 steps) @@ -539,7 +545,7 @@ summary of summaries: analyzed: examples/ake/bilinear/RYY.spthy output: examples/ake/bilinear/RYY.spthy.tmp - processing time: 7.735757739s + processing time: 7.663440743s key_agreement_reachable (exists-trace): verified (11 steps) key_secrecy_WPFS (all-traces): verified (53 steps) diff --git a/case-studies-regression/ake/bilinear/Scott_EphkRev_analyzed.spthy b/case-studies-regression/ake/bilinear/Scott_EphkRev_analyzed.spthy index f201fa67e..cff366cb2 100644 --- a/case-studies-regression/ake/bilinear/Scott_EphkRev_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/Scott_EphkRev_analyzed.spthy @@ -3,11 +3,13 @@ theory Scott begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* Scott: MTI-C0 like identity based key exchange protocol *} rule (modulo E) KGC_Setup: @@ -292,6 +294,10 @@ solve( (∃ matching #i3 #i4 sid. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -307,7 +313,7 @@ analyzing: examples/ake/bilinear/Scott_EphkRev.spthy analyzed: examples/ake/bilinear/Scott_EphkRev.spthy output: examples/ake/bilinear/Scott_EphkRev.spthy.tmp - processing time: 23.640088606s + processing time: 26.475782942s key_agreement_reachable (exists-trace): verified (12 steps) key_secrecy (all-traces): falsified - found trace (15 steps) @@ -319,7 +325,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Scott_EphkRev.spthy output: examples/ake/bilinear/Scott_EphkRev.spthy.tmp - processing time: 23.640088606s + processing time: 26.475782942s key_agreement_reachable (exists-trace): verified (12 steps) key_secrecy (all-traces): falsified - found trace (15 steps) diff --git a/case-studies-regression/ake/bilinear/Scott_analyzed.spthy b/case-studies-regression/ake/bilinear/Scott_analyzed.spthy index 8fc84525b..286eb77e7 100644 --- a/case-studies-regression/ake/bilinear/Scott_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/Scott_analyzed.spthy @@ -3,11 +3,13 @@ theory Scott begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* Scott: MTI-C0 like identity based key exchange protocol *} rule (modulo E) KGC_Setup: @@ -1799,6 +1801,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -1814,7 +1820,7 @@ analyzing: examples/ake/bilinear/Scott.spthy analyzed: examples/ake/bilinear/Scott.spthy output: examples/ake/bilinear/Scott.spthy.tmp - processing time: 21.595820781s + processing time: 19.741494243s key_agreement_reachable (exists-trace): verified (10 steps) key_secrecy (all-traces): verified (518 steps) @@ -1826,7 +1832,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Scott.spthy output: examples/ake/bilinear/Scott.spthy.tmp - processing time: 21.595820781s + processing time: 19.741494243s key_agreement_reachable (exists-trace): verified (10 steps) key_secrecy (all-traces): verified (518 steps) diff --git a/case-studies-regression/ake/bilinear/TAK1_analyzed.spthy b/case-studies-regression/ake/bilinear/TAK1_analyzed.spthy index 9747c0074..ead5071a7 100644 --- a/case-studies-regression/ake/bilinear/TAK1_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/TAK1_analyzed.spthy @@ -3,13 +3,18 @@ theory TAK1 begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing, multiset -functions: fst/1, h/1, kdf/1, pair/2, snd/1, tag/1 +functions: fst/1[destructor], h/1, kdf/1, pair/2, snd/1[destructor], + tag/1 equations: fst() = x.1, snd() = x.2 section{* The TAK1 Protocol. *} + + + + rule (modulo E) Register_pk: [ Fr( ~ea ) ] --> @@ -2635,6 +2640,12 @@ next qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -2650,7 +2661,7 @@ analyzing: examples/ake/bilinear/TAK1.spthy analyzed: examples/ake/bilinear/TAK1.spthy output: examples/ake/bilinear/TAK1.spthy.tmp - processing time: 58.329091684s + processing time: 89.699475642s session_key_establish (exists-trace): verified (17 steps) Session_Key_Secrecy (all-traces): verified (725 steps) @@ -2662,7 +2673,7 @@ summary of summaries: analyzed: examples/ake/bilinear/TAK1.spthy output: examples/ake/bilinear/TAK1.spthy.tmp - processing time: 58.329091684s + processing time: 89.699475642s session_key_establish (exists-trace): verified (17 steps) Session_Key_Secrecy (all-traces): verified (725 steps) diff --git a/case-studies-regression/ake/bilinear/TAK1_eCK_like_analyzed.spthy b/case-studies-regression/ake/bilinear/TAK1_eCK_like_analyzed.spthy index 92284e10f..7551c9cb9 100644 --- a/case-studies-regression/ake/bilinear/TAK1_eCK_like_analyzed.spthy +++ b/case-studies-regression/ake/bilinear/TAK1_eCK_like_analyzed.spthy @@ -3,13 +3,18 @@ theory TAK1 begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing, multiset -functions: fst/1, h/1, kdf/1, pair/2, snd/1, tag/1 +functions: fst/1[destructor], h/1, kdf/1, pair/2, snd/1[destructor], + tag/1 equations: fst() = x.1, snd() = x.2 section{* The TAK1 Protocol. *} + + + + rule (modulo E) Register_pk: [ Fr( ~ea ) ] --> @@ -513,6 +518,12 @@ solve( ((∃ #k spartner. (Origin( spartner, XC ) @ #k)) ∧ qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -528,7 +539,7 @@ analyzing: examples/ake/bilinear/TAK1_eCK_like.spthy analyzed: examples/ake/bilinear/TAK1_eCK_like.spthy output: examples/ake/bilinear/TAK1_eCK_like.spthy.tmp - processing time: 77.067416766s + processing time: 128.789111454s session_key_establish (exists-trace): verified (17 steps) Session_Key_Secrecy (all-traces): falsified - found trace (21 steps) @@ -540,7 +551,7 @@ summary of summaries: analyzed: examples/ake/bilinear/TAK1_eCK_like.spthy output: examples/ake/bilinear/TAK1_eCK_like.spthy.tmp - processing time: 77.067416766s + processing time: 128.789111454s session_key_establish (exists-trace): verified (17 steps) Session_Key_Secrecy (all-traces): falsified - found trace (21 steps) diff --git a/case-studies-regression/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching_analyzed.spthy b/case-studies-regression/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching_analyzed.spthy index ef8191e68..f0b5ee088 100644 --- a/case-studies-regression/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching_analyzed.spthy +++ b/case-studies-regression/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching_analyzed.spthy @@ -3,8 +3,8 @@ theory DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching begin // Function signature and definition of the equational theory E builtins: diffie-hellman, multiset -functions: concat/2, first/1, fst/1, h/1, h1/1, h2/1, pair/2, second/1, - snd/1 +functions: concat/2, first/1, fst/1[destructor], h/1, h1/1, h2/1, pair/2, + second/1, snd/1[destructor] equations: concat(first(x), second(x)) = x, fst() = x.1, @@ -12,6 +12,10 @@ equations: + + + + rule (modulo E) generate_ltk: [ Fr( ~ea ) ] --[ RegKey( $A ), Honest( $A ) ]-> @@ -4893,6 +4897,18 @@ next qed qed + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -4908,7 +4924,7 @@ analyzing: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching.spthy analyzed: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching.spthy output: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching.spthy.tmp - processing time: 131.299403883s + processing time: 251.078191016s execution_match_same_key_NAXOS (exists-trace): verified (13 steps) eCK_key_secrecy (all-traces): verified (809 steps) @@ -4920,7 +4936,7 @@ summary of summaries: analyzed: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching.spthy output: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_keyreg_partially_matching.spthy.tmp - processing time: 131.299403883s + processing time: 251.078191016s execution_match_same_key_NAXOS (exists-trace): verified (13 steps) eCK_key_secrecy (all-traces): verified (809 steps) diff --git a/case-studies-regression/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching_analyzed.spthy b/case-studies-regression/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching_analyzed.spthy index 03c33341a..2d1b80310 100644 --- a/case-studies-regression/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching_analyzed.spthy +++ b/case-studies-regression/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching_analyzed.spthy @@ -3,8 +3,8 @@ theory DHKEA_NAXOS_C_eCK_PFS_partially_matching begin // Function signature and definition of the equational theory E builtins: diffie-hellman, multiset -functions: concat/2, first/1, fst/1, h/1, h1/1, h2/1, pair/2, second/1, - snd/1 +functions: concat/2, first/1, fst/1[destructor], h/1, h1/1, h2/1, pair/2, + second/1, snd/1[destructor] equations: concat(first(x), second(x)) = x, fst() = x.1, @@ -12,6 +12,10 @@ equations: + + + + rule (modulo E) generate_ltk: [ Fr( ~ea ) ] --[ RegKey( $A ), Honest( $A ) ]-> @@ -4848,6 +4852,18 @@ next qed qed + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -4863,7 +4879,7 @@ analyzing: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching.spthy analyzed: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching.spthy output: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching.spthy.tmp - processing time: 89.280744596s + processing time: 144.964944746s execution_match_same_key_NAXOS (exists-trace): verified (13 steps) eCK_key_secrecy (all-traces): verified (797 steps) @@ -4875,7 +4891,7 @@ summary of summaries: analyzed: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching.spthy output: examples/ake/dh/DHKEA_NAXOS_C_eCK_PFS_partially_matching.spthy.tmp - processing time: 89.280744596s + processing time: 144.964944746s execution_match_same_key_NAXOS (exists-trace): verified (13 steps) eCK_key_secrecy (all-traces): verified (797 steps) diff --git a/case-studies-regression/ake/dh/NAXOS_eCK_PFS_analyzed.spthy b/case-studies-regression/ake/dh/NAXOS_eCK_PFS_analyzed.spthy index e9f9451ea..c70763324 100644 --- a/case-studies-regression/ake/dh/NAXOS_eCK_PFS_analyzed.spthy +++ b/case-studies-regression/ake/dh/NAXOS_eCK_PFS_analyzed.spthy @@ -3,11 +3,13 @@ theory NAXOS_eCK begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) generate_ltk: @@ -346,6 +348,10 @@ solve( (∃ matchingSession #i3 matchingRole. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -361,7 +367,7 @@ analyzing: examples/ake/dh/NAXOS_eCK_PFS.spthy analyzed: examples/ake/dh/NAXOS_eCK_PFS.spthy output: examples/ake/dh/NAXOS_eCK_PFS.spthy.tmp - processing time: 3.726476553s + processing time: 3.771815967s eCK_PFS_key_secrecy (all-traces): falsified - found trace (15 steps) ------------------------------------------------------------------------------ @@ -372,7 +378,7 @@ summary of summaries: analyzed: examples/ake/dh/NAXOS_eCK_PFS.spthy output: examples/ake/dh/NAXOS_eCK_PFS.spthy.tmp - processing time: 3.726476553s + processing time: 3.771815967s eCK_PFS_key_secrecy (all-traces): falsified - found trace (15 steps) ============================================================================== diff --git a/case-studies-regression/ake/dh/NAXOS_eCK_analyzed.spthy b/case-studies-regression/ake/dh/NAXOS_eCK_analyzed.spthy index b8d251daa..0e5bdbb0b 100644 --- a/case-studies-regression/ake/dh/NAXOS_eCK_analyzed.spthy +++ b/case-studies-regression/ake/dh/NAXOS_eCK_analyzed.spthy @@ -3,11 +3,13 @@ theory NAXOS_eCK begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) generate_ltk: @@ -720,6 +722,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -735,7 +741,7 @@ analyzing: examples/ake/dh/NAXOS_eCK.spthy analyzed: examples/ake/dh/NAXOS_eCK.spthy output: examples/ake/dh/NAXOS_eCK.spthy.tmp - processing time: 3.804726704s + processing time: 5.187080124s eCK_key_secrecy (all-traces): verified (136 steps) ------------------------------------------------------------------------------ @@ -746,7 +752,7 @@ summary of summaries: analyzed: examples/ake/dh/NAXOS_eCK.spthy output: examples/ake/dh/NAXOS_eCK.spthy.tmp - processing time: 3.804726704s + processing time: 5.187080124s eCK_key_secrecy (all-traces): verified (136 steps) ============================================================================== diff --git a/case-studies-regression/ake/dh/UM_one_pass_attack_analyzed.spthy b/case-studies-regression/ake/dh/UM_one_pass_attack_analyzed.spthy index c833abe60..6fabdc64a 100644 --- a/case-studies-regression/ake/dh/UM_one_pass_attack_analyzed.spthy +++ b/case-studies-regression/ake/dh/UM_one_pass_attack_analyzed.spthy @@ -3,11 +3,15 @@ theory UM_one_pass_attack begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) Register_key_honest: [ Fr( ~ea ) ] --[ KeyReg( $A ) ]-> @@ -334,7 +338,7 @@ analyzing: examples/ake/dh/UM_one_pass_attack.spthy analyzed: examples/ake/dh/UM_one_pass_attack.spthy output: examples/ake/dh/UM_one_pass_attack.spthy.tmp - processing time: 3.472863111s + processing time: 4.71225803s key_agreement_reachable (exists-trace): verified (10 steps) CK_secure (all-traces): falsified - found trace (19 steps) @@ -346,7 +350,7 @@ summary of summaries: analyzed: examples/ake/dh/UM_one_pass_attack.spthy output: examples/ake/dh/UM_one_pass_attack.spthy.tmp - processing time: 3.472863111s + processing time: 4.71225803s key_agreement_reachable (exists-trace): verified (10 steps) CK_secure (all-traces): falsified - found trace (19 steps) diff --git a/case-studies-regression/ake/dh/UM_one_pass_fix_analyzed.spthy b/case-studies-regression/ake/dh/UM_one_pass_fix_analyzed.spthy index 15d64241a..c605f397a 100644 --- a/case-studies-regression/ake/dh/UM_one_pass_fix_analyzed.spthy +++ b/case-studies-regression/ake/dh/UM_one_pass_fix_analyzed.spthy @@ -3,11 +3,15 @@ theory UM_one_pass_fix begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) Register_key_honest: [ Fr( ~ea ) ] --[ KeyReg( $A ) ]-> @@ -790,7 +794,7 @@ analyzing: examples/ake/dh/UM_one_pass_fix.spthy analyzed: examples/ake/dh/UM_one_pass_fix.spthy output: examples/ake/dh/UM_one_pass_fix.spthy.tmp - processing time: 1.867010436s + processing time: 2.458205496s key_agreement_reachable (exists-trace): verified (10 steps) CK_secure (all-traces): verified (170 steps) @@ -802,7 +806,7 @@ summary of summaries: analyzed: examples/ake/dh/UM_one_pass_fix.spthy output: examples/ake/dh/UM_one_pass_fix.spthy.tmp - processing time: 1.867010436s + processing time: 2.458205496s key_agreement_reachable (exists-trace): verified (10 steps) CK_secure (all-traces): verified (170 steps) diff --git a/case-studies-regression/ake/dh/UM_three_pass_analyzed.spthy b/case-studies-regression/ake/dh/UM_three_pass_analyzed.spthy index 07e2d09d1..2d637e2d2 100644 --- a/case-studies-regression/ake/dh/UM_three_pass_analyzed.spthy +++ b/case-studies-regression/ake/dh/UM_three_pass_analyzed.spthy @@ -3,7 +3,8 @@ theory UM_three_pass begin // Function signature and definition of the equational theory E builtins: diffie-hellman, multiset -functions: MAC/2, concat/2, first/1, fst/1, h/1, pair/2, second/1, snd/1 +functions: MAC/2, concat/2, first/1, fst/1[destructor], h/1, pair/2, + second/1, snd/1[destructor] equations: concat(first(x), second(x)) = x, fst() = x.1, @@ -11,6 +12,12 @@ equations: + + + + + + rule (modulo E) Register_key_honest: [ Fr( ~ea ) ] --[ KeyReg( $A ) ]-> @@ -13322,6 +13329,14 @@ next qed qed + + + + + + + + /* All well-formedness checks were successful. */ end @@ -13337,7 +13352,7 @@ analyzing: examples/ake/dh/UM_three_pass.spthy analyzed: examples/ake/dh/UM_three_pass.spthy output: examples/ake/dh/UM_three_pass.spthy.tmp - processing time: 145.139672177s + processing time: 243.742273744s key_agreement_reachable (exists-trace): verified (14 steps) CK_secure_UM3 (all-traces): verified (1170 steps) @@ -13349,7 +13364,7 @@ summary of summaries: analyzed: examples/ake/dh/UM_three_pass.spthy output: examples/ake/dh/UM_three_pass.spthy.tmp - processing time: 145.139672177s + processing time: 243.742273744s key_agreement_reachable (exists-trace): verified (14 steps) CK_secure_UM3 (all-traces): verified (1170 steps) diff --git a/case-studies-regression/ake/dh/UM_three_pass_combined_analyzed.spthy b/case-studies-regression/ake/dh/UM_three_pass_combined_analyzed.spthy index 3c8a9d41b..8b222ed68 100644 --- a/case-studies-regression/ake/dh/UM_three_pass_combined_analyzed.spthy +++ b/case-studies-regression/ake/dh/UM_three_pass_combined_analyzed.spthy @@ -3,7 +3,8 @@ theory UM_three_pass_combined begin // Function signature and definition of the equational theory E builtins: diffie-hellman, multiset -functions: MAC/2, concat/2, first/1, fst/1, h/1, pair/2, second/1, snd/1 +functions: MAC/2, concat/2, first/1, fst/1[destructor], h/1, pair/2, + second/1, snd/1[destructor] equations: concat(first(x), second(x)) = x, fst() = x.1, @@ -11,6 +12,12 @@ equations: + + + + + + rule (modulo E) Register_key_honest: [ Fr( ~ea ) ] --[ KeyReg( $A ) ]-> @@ -826,6 +833,14 @@ solve( (∃ #l matchingComm. qed qed + + + + + + + + /* All well-formedness checks were successful. */ end @@ -841,7 +856,7 @@ analyzing: examples/ake/dh/UM_three_pass_combined.spthy analyzed: examples/ake/dh/UM_three_pass_combined.spthy output: examples/ake/dh/UM_three_pass_combined.spthy.tmp - processing time: 27.69925124s + processing time: 33.41183278s key_agreement_reachable (exists-trace): verified (14 steps) CK_secure_UM3 (all-traces): falsified - found trace (13 steps) @@ -853,7 +868,7 @@ summary of summaries: analyzed: examples/ake/dh/UM_three_pass_combined.spthy output: examples/ake/dh/UM_three_pass_combined.spthy.tmp - processing time: 27.69925124s + processing time: 33.41183278s key_agreement_reachable (exists-trace): verified (14 steps) CK_secure_UM3 (all-traces): falsified - found trace (13 steps) diff --git a/case-studies-regression/ake/dh/UM_three_pass_combined_fixed_analyzed.spthy b/case-studies-regression/ake/dh/UM_three_pass_combined_fixed_analyzed.spthy index 771f1ac8e..a02be408a 100644 --- a/case-studies-regression/ake/dh/UM_three_pass_combined_fixed_analyzed.spthy +++ b/case-studies-regression/ake/dh/UM_three_pass_combined_fixed_analyzed.spthy @@ -3,7 +3,8 @@ theory UM_three_pass_combined begin // Function signature and definition of the equational theory E builtins: diffie-hellman, multiset -functions: MAC/2, concat/2, first/1, fst/1, h/1, pair/2, second/1, snd/1 +functions: MAC/2, concat/2, first/1, fst/1[destructor], h/1, pair/2, + second/1, snd/1[destructor] equations: concat(first(x), second(x)) = x, fst() = x.1, @@ -11,6 +12,12 @@ equations: + + + + + + rule (modulo E) Register_key_honest: [ Fr( ~ea ) ] --[ KeyReg( $A ) ]-> @@ -5119,6 +5126,14 @@ next qed qed + + + + + + + + /* All well-formedness checks were successful. */ end @@ -5134,7 +5149,7 @@ analyzing: examples/ake/dh/UM_three_pass_combined_fixed.spthy analyzed: examples/ake/dh/UM_three_pass_combined_fixed.spthy output: examples/ake/dh/UM_three_pass_combined_fixed.spthy.tmp - processing time: 48.889843378s + processing time: 49.176624518s key_agreement_reachable (exists-trace): verified (14 steps) CK_secure_UM3 (all-traces): verified (417 steps) CK_secure (all-traces): verified (142 steps) @@ -5147,7 +5162,7 @@ summary of summaries: analyzed: examples/ake/dh/UM_three_pass_combined_fixed.spthy output: examples/ake/dh/UM_three_pass_combined_fixed.spthy.tmp - processing time: 48.889843378s + processing time: 49.176624518s key_agreement_reachable (exists-trace): verified (14 steps) CK_secure_UM3 (all-traces): verified (417 steps) CK_secure (all-traces): verified (142 steps) diff --git a/case-studies-regression/cav13/DH_example_analyzed.spthy b/case-studies-regression/cav13/DH_example_analyzed.spthy index 45a82321b..ba2814c85 100644 --- a/case-studies-regression/cav13/DH_example_analyzed.spthy +++ b/case-studies-regression/cav13/DH_example_analyzed.spthy @@ -3,11 +3,14 @@ theory ex1 begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, g/0, mac/2, pair/2, shk/0 [private], snd/1 +functions: fst/1[destructor], g/0, mac/2, pair/2, + shk/0[private,destructor], snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + rule (modulo E) Step1: [ Fr( ~tid ), Fr( ~x ) ] --> @@ -117,6 +120,12 @@ solve( Step1( tid, A, B, ~x ) ▶₀ #i ) qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -132,7 +141,7 @@ analyzing: examples/cav13/DH_example.spthy analyzed: examples/cav13/DH_example.spthy output: examples/cav13/DH_example.spthy.tmp - processing time: 0.188963086s + processing time: 0.11380966s Accept_Secret (all-traces): verified (9 steps) Accept_Secret_Counter (all-traces): falsified - found trace (7 steps) @@ -144,7 +153,7 @@ summary of summaries: analyzed: examples/cav13/DH_example.spthy output: examples/cav13/DH_example.spthy.tmp - processing time: 0.188963086s + processing time: 0.11380966s Accept_Secret (all-traces): verified (9 steps) Accept_Secret_Counter (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/ccs15/Attack_TPM_Envelope_analyzed-diff-noprove.spthy b/case-studies-regression/ccs15/Attack_TPM_Envelope_analyzed-diff-noprove.spthy index 35b77ea14..47c35f40a 100644 --- a/case-studies-regression/ccs15/Attack_TPM_Envelope_analyzed-diff-noprove.spthy +++ b/case-studies-regression/ccs15/Attack_TPM_Envelope_analyzed-diff-noprove.spthy @@ -2,8 +2,8 @@ theory TPM_Envelope begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2, aenc/2, fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3 equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -405,7 +405,7 @@ analyzing: examples/ccs15/Attack_TPM_Envelope.spthy analyzed: examples/ccs15/Attack_TPM_Envelope.spthy output: examples/ccs15/Attack_TPM_Envelope.spthy.tmp - processing time: 0.406507273s + processing time: 0.586439386s RHS : types (all-traces): analysis incomplete (1 steps) LHS : types (all-traces): analysis incomplete (1 steps) RHS : PCR_Write_charn (all-traces): analysis incomplete (1 steps) @@ -424,7 +424,7 @@ summary of summaries: analyzed: examples/ccs15/Attack_TPM_Envelope.spthy output: examples/ccs15/Attack_TPM_Envelope.spthy.tmp - processing time: 0.406507273s + processing time: 0.586439386s RHS : types (all-traces): analysis incomplete (1 steps) LHS : types (all-traces): analysis incomplete (1 steps) RHS : PCR_Write_charn (all-traces): analysis incomplete (1 steps) diff --git a/case-studies-regression/ccs15/DDH_analyzed-diff.spthy b/case-studies-regression/ccs15/DDH_analyzed-diff.spthy index 2ce9193c3..ca8fcdecb 100644 --- a/case-studies-regression/ccs15/DDH_analyzed-diff.spthy +++ b/case-studies-regression/ccs15/DDH_analyzed-diff.spthy @@ -3,7 +3,7 @@ theory DDH begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, g/0, pair/2, snd/1 +functions: fst/1[destructor], g/0, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -7566,7 +7566,7 @@ analyzing: examples/ccs15/DDH.spthy analyzed: examples/ccs15/DDH.spthy output: examples/ccs15/DDH.spthy.tmp - processing time: 9.251806612s + processing time: 16.052358045s DiffLemma: Observational_equivalence : verified (2522 steps) ------------------------------------------------------------------------------ @@ -7577,7 +7577,7 @@ summary of summaries: analyzed: examples/ccs15/DDH.spthy output: examples/ccs15/DDH.spthy.tmp - processing time: 9.251806612s + processing time: 16.052358045s DiffLemma: Observational_equivalence : verified (2522 steps) ============================================================================== diff --git a/case-studies-regression/ccs15/probEnc_analyzed-diff.spthy b/case-studies-regression/ccs15/probEnc_analyzed-diff.spthy index b21e0950b..6ffc60df5 100644 --- a/case-studies-regression/ccs15/probEnc_analyzed-diff.spthy +++ b/case-studies-regression/ccs15/probEnc_analyzed-diff.spthy @@ -2,7 +2,8 @@ theory probEnc begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pdec/2, penc/3, pk/1, snd/1 +functions: fst/1[destructor], pair/2, pdec/2, penc/3, pk/1, + snd/1[destructor] equations: fst() = x.1, pdec(penc(m, pk(k), r), k) = m, @@ -230,7 +231,7 @@ analyzing: examples/ccs15/probEnc.spthy analyzed: examples/ccs15/probEnc.spthy output: examples/ccs15/probEnc.spthy.tmp - processing time: 0.173091763s + processing time: 0.248409172s DiffLemma: Observational_equivalence : verified (75 steps) ------------------------------------------------------------------------------ @@ -241,7 +242,7 @@ summary of summaries: analyzed: examples/ccs15/probEnc.spthy output: examples/ccs15/probEnc.spthy.tmp - processing time: 0.173091763s + processing time: 0.248409172s DiffLemma: Observational_equivalence : verified (75 steps) ============================================================================== diff --git a/case-studies-regression/ccs15/rfid-feldhofer_analyzed-diff.spthy b/case-studies-regression/ccs15/rfid-feldhofer_analyzed-diff.spthy index c31aa649e..c7d0af06e 100644 --- a/case-studies-regression/ccs15/rfid-feldhofer_analyzed-diff.spthy +++ b/case-studies-regression/ccs15/rfid-feldhofer_analyzed-diff.spthy @@ -2,7 +2,8 @@ theory RFID_Feldhofer begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -1503,7 +1504,7 @@ analyzing: examples/ccs15/rfid-feldhofer.spthy analyzed: examples/ccs15/rfid-feldhofer.spthy output: examples/ccs15/rfid-feldhofer.spthy.tmp - processing time: 2.922807239s + processing time: 5.651746887s RHS : types (all-traces): verified (26 steps) LHS : types (all-traces): verified (26 steps) RHS : executable (exists-trace): verified (6 steps) @@ -1522,7 +1523,7 @@ summary of summaries: analyzed: examples/ccs15/rfid-feldhofer.spthy output: examples/ccs15/rfid-feldhofer.spthy.tmp - processing time: 2.922807239s + processing time: 5.651746887s RHS : types (all-traces): verified (26 steps) LHS : types (all-traces): verified (26 steps) RHS : executable (exists-trace): verified (6 steps) diff --git a/case-studies-regression/classic/NSLPK3_analyzed.spthy b/case-studies-regression/classic/NSLPK3_analyzed.spthy index 08dbbae21..2ef5f406f 100644 --- a/case-studies-regression/classic/NSLPK3_analyzed.spthy +++ b/case-studies-regression/classic/NSLPK3_analyzed.spthy @@ -2,7 +2,8 @@ theory NSLPK3 begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Register_pk: [ Fr( ~ltkA ) ] --> @@ -723,7 +726,7 @@ analyzing: examples/classic/NSLPK3.spthy analyzed: examples/classic/NSLPK3.spthy output: examples/classic/NSLPK3.spthy.tmp - processing time: 2.458191358s + processing time: 2.629416539s types (all-traces): verified (33 steps) nonce_secrecy (all-traces): verified (54 steps) injective_agree (all-traces): verified (92 steps) @@ -737,7 +740,7 @@ summary of summaries: analyzed: examples/classic/NSLPK3.spthy output: examples/classic/NSLPK3.spthy.tmp - processing time: 2.458191358s + processing time: 2.629416539s types (all-traces): verified (33 steps) nonce_secrecy (all-traces): verified (54 steps) injective_agree (all-traces): verified (92 steps) diff --git a/case-studies-regression/classic/NSLPK3_untagged_analyzed.spthy b/case-studies-regression/classic/NSLPK3_untagged_analyzed.spthy index 4cbff4a5c..4703ca57d 100644 --- a/case-studies-regression/classic/NSLPK3_untagged_analyzed.spthy +++ b/case-studies-regression/classic/NSLPK3_untagged_analyzed.spthy @@ -2,7 +2,8 @@ theory NSLPK3_untagged begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Register_pk: [ Fr( ~ltkA ) ] --> @@ -707,7 +710,7 @@ analyzing: examples/classic/NSLPK3_untagged.spthy analyzed: examples/classic/NSLPK3_untagged.spthy output: examples/classic/NSLPK3_untagged.spthy.tmp - processing time: 3.327810483s + processing time: 3.9124968s types (all-traces): verified (37 steps) nonce_secrecy (all-traces): verified (133 steps) session_key_setup_possible (exists-trace): verified (9 steps) @@ -720,7 +723,7 @@ summary of summaries: analyzed: examples/classic/NSLPK3_untagged.spthy output: examples/classic/NSLPK3_untagged.spthy.tmp - processing time: 3.327810483s + processing time: 3.9124968s types (all-traces): verified (37 steps) nonce_secrecy (all-traces): verified (133 steps) session_key_setup_possible (exists-trace): verified (9 steps) diff --git a/case-studies-regression/classic/NSPK3_analyzed.spthy b/case-studies-regression/classic/NSPK3_analyzed.spthy index 48727b12a..03fc82dc6 100644 --- a/case-studies-regression/classic/NSPK3_analyzed.spthy +++ b/case-studies-regression/classic/NSPK3_analyzed.spthy @@ -2,7 +2,8 @@ theory NSPK3 begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Register_pk: [ Fr( ~ltkA ) ] --> @@ -369,7 +372,7 @@ analyzing: examples/classic/NSPK3.spthy analyzed: examples/classic/NSPK3.spthy output: examples/classic/NSPK3.spthy.tmp - processing time: 2.399942541s + processing time: 3.631439739s types (all-traces): verified (33 steps) nonce_secrecy (all-traces): falsified - found trace (16 steps) injective_agree (all-traces): falsified - found trace (14 steps) @@ -383,7 +386,7 @@ summary of summaries: analyzed: examples/classic/NSPK3.spthy output: examples/classic/NSPK3.spthy.tmp - processing time: 2.399942541s + processing time: 3.631439739s types (all-traces): verified (33 steps) nonce_secrecy (all-traces): falsified - found trace (16 steps) injective_agree (all-traces): falsified - found trace (14 steps) diff --git a/case-studies-regression/classic/TLS_Handshake_analyzed.spthy b/case-studies-regression/classic/TLS_Handshake_analyzed.spthy index b1fb092c8..9b2a2fa4e 100644 --- a/case-studies-regression/classic/TLS_Handshake_analyzed.spthy +++ b/case-studies-regression/classic/TLS_Handshake_analyzed.spthy @@ -2,8 +2,9 @@ theory TLS_Handshake begin // Function signature and definition of the equational theory E -functions: PRF/1, adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sdec/2, - senc/2, sign/2, snd/1, true/0, verify/3 +functions: PRF/1, adec/2[destructor], aenc/2, fst/1[destructor], h/1, + pair/2, pk/1, sdec/2[destructor], senc/2, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -13,6 +14,14 @@ equations: + + + + + + + + section{* TLS Handshake *} text{* @@ -727,6 +736,8 @@ solve( SessionKeys( S, C, keyS, keyC ) @ #k ) qed qed + + /* All well-formedness checks were successful. */ end @@ -742,7 +753,7 @@ analyzing: examples/classic/TLS_Handshake.spthy analyzed: examples/classic/TLS_Handshake.spthy output: examples/classic/TLS_Handshake.spthy.tmp - processing time: 4.908224386s + processing time: 5.772305122s session_key_secrecy (all-traces): verified (95 steps) injective_agree (all-traces): verified (44 steps) session_key_setup_possible (exists-trace): verified (11 steps) @@ -755,7 +766,7 @@ summary of summaries: analyzed: examples/classic/TLS_Handshake.spthy output: examples/classic/TLS_Handshake.spthy.tmp - processing time: 4.908224386s + processing time: 5.772305122s session_key_secrecy (all-traces): verified (95 steps) injective_agree (all-traces): verified (44 steps) session_key_setup_possible (exists-trace): verified (11 steps) diff --git a/case-studies-regression/csf12/DH2_original_analyzed.spthy b/case-studies-regression/csf12/DH2_original_analyzed.spthy index c06e3e5cb..5fcc1f328 100644 --- a/case-studies-regression/csf12/DH2_original_analyzed.spthy +++ b/case-studies-regression/csf12/DH2_original_analyzed.spthy @@ -3,11 +3,16 @@ theory DH2_original begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: KDF/1, MAC/2, fst/1, h/1, pair/2, snd/1 +functions: KDF/1, MAC/2, fst/1[destructor], h/1, pair/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* DH2 *} rule (modulo E) Register_pk: @@ -1807,6 +1812,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -1822,7 +1831,7 @@ analyzing: examples/csf12/DH2_original.spthy analyzed: examples/csf12/DH2_original.spthy output: examples/csf12/DH2_original.spthy.tmp - processing time: 23.71053512s + processing time: 26.621186603s KAS_key_secrecy (all-traces): verified (501 steps) ------------------------------------------------------------------------------ @@ -1833,7 +1842,7 @@ summary of summaries: analyzed: examples/csf12/DH2_original.spthy output: examples/csf12/DH2_original.spthy.tmp - processing time: 23.71053512s + processing time: 26.621186603s KAS_key_secrecy (all-traces): verified (501 steps) ============================================================================== diff --git a/case-studies-regression/csf12/JKL_TS1_2004_KI_analyzed.spthy b/case-studies-regression/csf12/JKL_TS1_2004_KI_analyzed.spthy index af5abffc2..a027c815b 100644 --- a/case-studies-regression/csf12/JKL_TS1_2004_KI_analyzed.spthy +++ b/case-studies-regression/csf12/JKL_TS1_2004_KI_analyzed.spthy @@ -3,11 +3,15 @@ theory JKL_TS1_2004_KI begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* Jeong, Katz, Lee : TS1 (2004) *} rule (modulo E) generate_ltk: @@ -177,7 +181,7 @@ analyzing: examples/csf12/JKL_TS1_2004_KI.spthy analyzed: examples/csf12/JKL_TS1_2004_KI.spthy output: examples/csf12/JKL_TS1_2004_KI.spthy.tmp - processing time: 0.259058478s + processing time: 0.224174288s JKL2008_1_initiator_key (all-traces): falsified - found trace (7 steps) JKL2008_1_responder_key (all-traces): falsified - found trace (7 steps) @@ -189,7 +193,7 @@ summary of summaries: analyzed: examples/csf12/JKL_TS1_2004_KI.spthy output: examples/csf12/JKL_TS1_2004_KI.spthy.tmp - processing time: 0.259058478s + processing time: 0.224174288s JKL2008_1_initiator_key (all-traces): falsified - found trace (7 steps) JKL2008_1_responder_key (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/csf12/JKL_TS1_2008_KI_analyzed.spthy b/case-studies-regression/csf12/JKL_TS1_2008_KI_analyzed.spthy index 23b08f6de..4cd7d2897 100644 --- a/case-studies-regression/csf12/JKL_TS1_2008_KI_analyzed.spthy +++ b/case-studies-regression/csf12/JKL_TS1_2008_KI_analyzed.spthy @@ -3,11 +3,15 @@ theory JKL_TS1_2008_KI begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* Jeong, Katz, Lee : TS1 (2008) *} rule (modulo E) generate_ltk: @@ -222,7 +226,7 @@ analyzing: examples/csf12/JKL_TS1_2008_KI.spthy analyzed: examples/csf12/JKL_TS1_2008_KI.spthy output: examples/csf12/JKL_TS1_2008_KI.spthy.tmp - processing time: 0.262164037s + processing time: 0.281812421s JKL2008_1_initiator_key (all-traces): verified (15 steps) JKL2008_1_responder_key (all-traces): verified (15 steps) @@ -234,7 +238,7 @@ summary of summaries: analyzed: examples/csf12/JKL_TS1_2008_KI.spthy output: examples/csf12/JKL_TS1_2008_KI.spthy.tmp - processing time: 0.262164037s + processing time: 0.281812421s JKL2008_1_initiator_key (all-traces): verified (15 steps) JKL2008_1_responder_key (all-traces): verified (15 steps) diff --git a/case-studies-regression/csf12/JKL_TS2_2004_KI_wPFS_analyzed.spthy b/case-studies-regression/csf12/JKL_TS2_2004_KI_wPFS_analyzed.spthy index a93e908b1..079f08b67 100644 --- a/case-studies-regression/csf12/JKL_TS2_2004_KI_wPFS_analyzed.spthy +++ b/case-studies-regression/csf12/JKL_TS2_2004_KI_wPFS_analyzed.spthy @@ -3,11 +3,15 @@ theory JKL_TS2_2004_KI_wPFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* Jeong, Katz, Lee : TS2 (2004) *} rule (modulo E) generate_ltk: @@ -252,7 +256,7 @@ analyzing: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy analyzed: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy output: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy.tmp - processing time: 0.464152453s + processing time: 0.483356759s JKL2008_2_initiator_key (all-traces): falsified - found trace (7 steps) JKL2008_2_responder_key (all-traces): falsified - found trace (7 steps) @@ -264,7 +268,7 @@ summary of summaries: analyzed: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy output: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy.tmp - processing time: 0.464152453s + processing time: 0.483356759s JKL2008_2_initiator_key (all-traces): falsified - found trace (7 steps) JKL2008_2_responder_key (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/csf12/JKL_TS2_2008_KI_wPFS_analyzed.spthy b/case-studies-regression/csf12/JKL_TS2_2008_KI_wPFS_analyzed.spthy index bdecfcbb0..019ffd3e6 100644 --- a/case-studies-regression/csf12/JKL_TS2_2008_KI_wPFS_analyzed.spthy +++ b/case-studies-regression/csf12/JKL_TS2_2008_KI_wPFS_analyzed.spthy @@ -3,11 +3,15 @@ theory JKL_TS2_2008_KI_wPFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* Jeong, Katz, Lee : TS2 (2008) *} rule (modulo E) generate_ltk: @@ -446,7 +450,7 @@ analyzing: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy analyzed: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy output: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy.tmp - processing time: 1.040645075s + processing time: 1.492265415s JKL2008_2_initiator_key (all-traces): verified (40 steps) JKL2008_2_responder_key (all-traces): verified (37 steps) @@ -458,7 +462,7 @@ summary of summaries: analyzed: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy output: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy.tmp - processing time: 1.040645075s + processing time: 1.492265415s JKL2008_2_initiator_key (all-traces): verified (40 steps) JKL2008_2_responder_key (all-traces): verified (37 steps) diff --git a/case-studies-regression/csf12/KAS1_analyzed.spthy b/case-studies-regression/csf12/KAS1_analyzed.spthy index f8379923a..4f1bf18b1 100644 --- a/case-studies-regression/csf12/KAS1_analyzed.spthy +++ b/case-studies-regression/csf12/KAS1_analyzed.spthy @@ -2,7 +2,8 @@ theory KAS1 begin // Function signature and definition of the equational theory E -functions: KDF/1, MAC/2, adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: KDF/1, MAC/2, adec/2[destructor], aenc/2, fst/1[destructor], + h/1, pair/2, pk/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,10 @@ equations: + + + + section{* KAS1 *} rule (modulo E) Register_pk: @@ -244,6 +249,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -259,7 +268,7 @@ analyzing: examples/csf12/KAS1.spthy analyzed: examples/csf12/KAS1.spthy output: examples/csf12/KAS1.spthy.tmp - processing time: 0.853476642s + processing time: 0.682030799s KAS1_key_secrecy (all-traces): verified (38 steps) ------------------------------------------------------------------------------ @@ -270,7 +279,7 @@ summary of summaries: analyzed: examples/csf12/KAS1.spthy output: examples/csf12/KAS1.spthy.tmp - processing time: 0.853476642s + processing time: 0.682030799s KAS1_key_secrecy (all-traces): verified (38 steps) ============================================================================== diff --git a/case-studies-regression/csf12/KAS2_eCK_analyzed.spthy b/case-studies-regression/csf12/KAS2_eCK_analyzed.spthy index 03a123da6..b6c89add8 100644 --- a/case-studies-regression/csf12/KAS2_eCK_analyzed.spthy +++ b/case-studies-regression/csf12/KAS2_eCK_analyzed.spthy @@ -2,7 +2,8 @@ theory KAS2_eCK begin // Function signature and definition of the equational theory E -functions: KDF/1, MAC/2, adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: KDF/1, MAC/2, adec/2[destructor], aenc/2, fst/1[destructor], + h/1, pair/2, pk/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,10 @@ equations: + + + + section{* KAS2 *} rule (modulo E) Register_pk: @@ -228,6 +233,10 @@ solve( (∃ ss #i4 #i5 C D ms. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -243,7 +252,7 @@ analyzing: examples/csf12/KAS2_eCK.spthy analyzed: examples/csf12/KAS2_eCK.spthy output: examples/csf12/KAS2_eCK.spthy.tmp - processing time: 3.627476196s + processing time: 4.319540895s eCK_key_secrecy (all-traces): falsified - found trace (16 steps) ------------------------------------------------------------------------------ @@ -254,7 +263,7 @@ summary of summaries: analyzed: examples/csf12/KAS2_eCK.spthy output: examples/csf12/KAS2_eCK.spthy.tmp - processing time: 3.627476196s + processing time: 4.319540895s eCK_key_secrecy (all-traces): falsified - found trace (16 steps) ============================================================================== diff --git a/case-studies-regression/csf12/KAS2_original_analyzed.spthy b/case-studies-regression/csf12/KAS2_original_analyzed.spthy index 35bacac9b..624ce25b3 100644 --- a/case-studies-regression/csf12/KAS2_original_analyzed.spthy +++ b/case-studies-regression/csf12/KAS2_original_analyzed.spthy @@ -2,7 +2,8 @@ theory KAS2_original begin // Function signature and definition of the equational theory E -functions: KDF/1, MAC/2, adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: KDF/1, MAC/2, adec/2[destructor], aenc/2, fst/1[destructor], + h/1, pair/2, pk/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,10 @@ equations: + + + + section{* KAS2 *} rule (modulo E) Register_pk: @@ -329,24 +334,12 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m1 ) @ #vk.16 ) case Ephk_reveal - solve( !KU( adec(aenc(~m2, pk(~ltkA)), ~lkI) ) @ #vk.18 ) - case c_adec - solve( !KU( ~lkI ) @ #vk.19 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m2, pk(~ltkA)), ~lkI) ) @ #vk.18 ) next case Init_1 solve( !KU( ~lkR ) @ #vk.19 ) case Ltk_reveal - solve( !KU( adec(aenc(~m2, pk(~ltkA)), ~lkI) ) @ #vk.19 ) - case c_adec - solve( !KU( ~lkI ) @ #vk.20 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m2, pk(~ltkA)), ~lkI) ) @ #vk.19 ) qed qed qed @@ -367,24 +360,12 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m1 ) @ #vk.16 ) case Ephk_reveal - solve( !KU( adec(aenc(~m2, pk(~ltkA.1)), ~lkI) ) @ #vk.18 ) - case c_adec - solve( !KU( ~lkI ) @ #vk.19 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m2, pk(~ltkA.1)), ~lkI) ) @ #vk.18 ) next case Init_1 solve( !KU( ~ltkA ) @ #vk.19 ) case Ltk_reveal - solve( !KU( adec(aenc(~m2, pk(~ltkA.1)), ~lkI) ) @ #vk.19 ) - case c_adec - solve( !KU( ~lkI ) @ #vk.20 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m2, pk(~ltkA.1)), ~lkI) ) @ #vk.19 ) qed qed qed @@ -520,24 +501,12 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.14 ) case Ephk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.14 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.15 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.14 ) next case Resp_1 solve( !KU( ~ltkA.1 ) @ #vk.15 ) case Ltk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.15 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.16 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.15 ) qed qed qed @@ -572,24 +541,68 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.18 ) case Ephk_reveal - solve( !KU( adec(, ~lkR) - ) @ #vk.18 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.19 ) - case Ltk_reveal - by contradiction /* from formulas */ + solve( !KU( MAC(KDF(<~m1, z, $I, $R, aenc(~m1, pk(~ltkA)), + aenc(z, pk(~lkI))>), + <'Resp', $R, $I, aenc(z, pk(~lkI)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.9 ) + case Resp_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.18 ) + next + case c_MAC + solve( !KU( aenc(z, pk(~lkI)) ) @ #vk.11 ) + case Init_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.22 ) + next + case Resp_1 + solve( splitEqs(6) ) + case split_case_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.22 ) + next + case split_case_2 + by solve( !KU( adec(, ~lkR) + ) @ #vk.22 ) + qed + next + case c_aenc + by solve( !KU( adec(, ~lkR) + ) @ #vk.22 ) qed qed next case Resp_1 solve( !KU( ~ltkA.1 ) @ #vk.19 ) case Ltk_reveal - solve( !KU( adec(, ~lkR) - ) @ #vk.19 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.20 ) - case Ltk_reveal - by contradiction /* from formulas */ + solve( !KU( MAC(KDF(<~m1, z, $I, $R, aenc(~m1, pk(~ltkA)), + aenc(z, pk(~lkI))>), + <'Resp', $R, $I, aenc(z, pk(~lkI)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.13 ) + case Resp_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.19 ) + next + case c_MAC + solve( !KU( aenc(z, pk(~lkI)) ) @ #vk.14 ) + case Init_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.23 ) + next + case Resp_1 + solve( splitEqs(6) ) + case split_case_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.23 ) + next + case split_case_2 + by solve( !KU( adec(, ~lkR) + ) @ #vk.23 ) + qed + next + case c_aenc + by solve( !KU( adec(, ~lkR) + ) @ #vk.23 ) qed qed qed @@ -612,23 +625,23 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.18 ) case Ephk_reveal - solve( !KU( adec(, ~lkR) ) @ #vk.18 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.19 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, adec(c2, ~lkI), $I, $R, aenc(~m1, pk(~ltkA)), + c2>), + <'Resp', $R, $I, c2, aenc(~m1, pk(~ltkA))>) + ) @ #vk.9 ) + case c_MAC + by solve( !KU( adec(, ~lkR) ) @ #vk.21 ) qed next case Resp_1 solve( !KU( ~ltkA.1 ) @ #vk.19 ) case Ltk_reveal - solve( !KU( adec(, ~lkR) ) @ #vk.19 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.20 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, adec(c2, ~lkI), $I, $R, aenc(~m1, pk(~ltkA)), + c2>), + <'Resp', $R, $I, c2, aenc(~m1, pk(~ltkA))>) + ) @ #vk.13 ) + case c_MAC + by solve( !KU( adec(, ~lkR) ) @ #vk.22 ) qed qed qed @@ -749,23 +762,23 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.16 ) case Ephk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.16 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.17 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, ~m2, $I, $R, aenc(~m1, pk(~ltkA)), + aenc(~m2, pk(~lkI))>), + <'Resp', $R, $I, aenc(~m2, pk(~lkI)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.9 ) + case c_MAC + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.19 ) qed next case Resp_1 solve( !KU( ~lkI ) @ #vk.17 ) case Ltk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.17 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.18 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, ~m2, $I, $R, aenc(~m1, pk(~ltkA)), + aenc(~m2, pk(~lkI))>), + <'Resp', $R, $I, aenc(~m2, pk(~lkI)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.12 ) + case c_MAC + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.20 ) qed qed qed @@ -787,23 +800,23 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.16 ) case Ephk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.16 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.17 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, adec(aenc(~m2, pk(~ltkA.1)), ~lkI), $I, $R, + aenc(~m1, pk(~ltkA)), aenc(~m2, pk(~ltkA.1))>), + <'Resp', $R, $I, aenc(~m2, pk(~ltkA.1)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.9 ) + case c_MAC + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.19 ) qed next case Resp_1 solve( !KU( ~ltkA.1 ) @ #vk.17 ) case Ltk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.17 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.18 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, adec(aenc(~m2, pk(~ltkA.1)), ~lkI), $I, $R, + aenc(~m1, pk(~ltkA)), aenc(~m2, pk(~ltkA.1))>), + <'Resp', $R, $I, aenc(~m2, pk(~ltkA.1)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.12 ) + case c_MAC + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.20 ) qed qed qed @@ -1030,6 +1043,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -1045,8 +1062,8 @@ analyzing: examples/csf12/KAS2_original.spthy analyzed: examples/csf12/KAS2_original.spthy output: examples/csf12/KAS2_original.spthy.tmp - processing time: 6.329487017s - KAS_key_secrecy (all-traces): verified (254 steps) + processing time: 7.388368969s + KAS_key_secrecy (all-traces): verified (246 steps) ------------------------------------------------------------------------------ @@ -1056,8 +1073,8 @@ summary of summaries: analyzed: examples/csf12/KAS2_original.spthy output: examples/csf12/KAS2_original.spthy.tmp - processing time: 6.329487017s - KAS_key_secrecy (all-traces): verified (254 steps) + processing time: 7.388368969s + KAS_key_secrecy (all-traces): verified (246 steps) ============================================================================== */ diff --git a/case-studies-regression/csf12/KEA_plus_KI_KCI_analyzed.spthy b/case-studies-regression/csf12/KEA_plus_KI_KCI_analyzed.spthy index 3829add77..3bc43b6d3 100644 --- a/case-studies-regression/csf12/KEA_plus_KI_KCI_analyzed.spthy +++ b/case-studies-regression/csf12/KEA_plus_KI_KCI_analyzed.spthy @@ -3,11 +3,15 @@ theory KEA_plus_KI_KCI begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* KEA+ *} rule (modulo E) generate_ltk: @@ -288,7 +292,7 @@ analyzing: examples/csf12/KEA_plus_KI_KCI.spthy analyzed: examples/csf12/KEA_plus_KI_KCI.spthy output: examples/csf12/KEA_plus_KI_KCI.spthy.tmp - processing time: 0.518310666s + processing time: 0.519077841s keaplus_initiator_key (all-traces): verified (13 steps) keaplus_responder_key (all-traces): verified (13 steps) @@ -300,7 +304,7 @@ summary of summaries: analyzed: examples/csf12/KEA_plus_KI_KCI.spthy output: examples/csf12/KEA_plus_KI_KCI.spthy.tmp - processing time: 0.518310666s + processing time: 0.519077841s keaplus_initiator_key (all-traces): verified (13 steps) keaplus_responder_key (all-traces): verified (13 steps) diff --git a/case-studies-regression/csf12/KEA_plus_KI_KCI_wPFS_analyzed.spthy b/case-studies-regression/csf12/KEA_plus_KI_KCI_wPFS_analyzed.spthy index e51378241..bd161bf9e 100644 --- a/case-studies-regression/csf12/KEA_plus_KI_KCI_wPFS_analyzed.spthy +++ b/case-studies-regression/csf12/KEA_plus_KI_KCI_wPFS_analyzed.spthy @@ -3,11 +3,15 @@ theory KEA_plus_KI_KCI_wPFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* KEA+ *} rule (modulo E) generate_ltk: @@ -284,7 +288,7 @@ analyzing: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy analyzed: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy output: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy.tmp - processing time: 0.963469737s + processing time: 1.15632475s keaplus_initiator_key (all-traces): falsified - found trace (11 steps) keaplus_responder_key (all-traces): falsified - found trace (11 steps) @@ -296,7 +300,7 @@ summary of summaries: analyzed: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy output: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy.tmp - processing time: 0.963469737s + processing time: 1.15632475s keaplus_initiator_key (all-traces): falsified - found trace (11 steps) keaplus_responder_key (all-traces): falsified - found trace (11 steps) diff --git a/case-studies-regression/csf12/NAXOS_eCK_PFS_analyzed.spthy b/case-studies-regression/csf12/NAXOS_eCK_PFS_analyzed.spthy index 918ea69dc..0280a4c05 100644 --- a/case-studies-regression/csf12/NAXOS_eCK_PFS_analyzed.spthy +++ b/case-studies-regression/csf12/NAXOS_eCK_PFS_analyzed.spthy @@ -3,11 +3,13 @@ theory NAXOS_eCK_PFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) generate_ltk: @@ -345,6 +347,10 @@ solve( (∃ MatchingSession #i3 #i4 ms. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -360,7 +366,7 @@ analyzing: examples/csf12/NAXOS_eCK_PFS.spthy analyzed: examples/csf12/NAXOS_eCK_PFS.spthy output: examples/csf12/NAXOS_eCK_PFS.spthy.tmp - processing time: 3.704592822s + processing time: 5.38055565s eCK_PFS_key_secrecy (all-traces): falsified - found trace (13 steps) ------------------------------------------------------------------------------ @@ -371,7 +377,7 @@ summary of summaries: analyzed: examples/csf12/NAXOS_eCK_PFS.spthy output: examples/csf12/NAXOS_eCK_PFS.spthy.tmp - processing time: 3.704592822s + processing time: 5.38055565s eCK_PFS_key_secrecy (all-traces): falsified - found trace (13 steps) ============================================================================== diff --git a/case-studies-regression/csf12/NAXOS_eCK_analyzed.spthy b/case-studies-regression/csf12/NAXOS_eCK_analyzed.spthy index 9f8cb441d..0aaa05e6d 100644 --- a/case-studies-regression/csf12/NAXOS_eCK_analyzed.spthy +++ b/case-studies-regression/csf12/NAXOS_eCK_analyzed.spthy @@ -3,11 +3,13 @@ theory NAXOS_eCK begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) generate_ltk: @@ -719,6 +721,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -734,7 +740,7 @@ analyzing: examples/csf12/NAXOS_eCK.spthy analyzed: examples/csf12/NAXOS_eCK.spthy output: examples/csf12/NAXOS_eCK.spthy.tmp - processing time: 3.951969943s + processing time: 5.163789979s eCK_key_secrecy (all-traces): verified (134 steps) ------------------------------------------------------------------------------ @@ -745,7 +751,7 @@ summary of summaries: analyzed: examples/csf12/NAXOS_eCK.spthy output: examples/csf12/NAXOS_eCK.spthy.tmp - processing time: 3.951969943s + processing time: 5.163789979s eCK_key_secrecy (all-traces): verified (134 steps) ============================================================================== diff --git a/case-studies-regression/csf12/STS_MAC_analyzed.spthy b/case-studies-regression/csf12/STS_MAC_analyzed.spthy index 319eaeea0..12970e2a5 100644 --- a/case-studies-regression/csf12/STS_MAC_analyzed.spthy +++ b/case-studies-regression/csf12/STS_MAC_analyzed.spthy @@ -3,8 +3,8 @@ theory STS_MAC begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: KDF/1, fst/1, h/1, mac/2, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: KDF/1, fst/1[destructor], h/1, mac/2, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +12,12 @@ equations: + + + + + + section{* The Station-To-Station Protocol (MAC version) *} rule (modulo E) Register_pk_clone: @@ -304,6 +310,10 @@ solve( !Pk( $I, pk(~ltkI) ) ▶₀ #i1 ) qed qed + + + + /* All well-formedness checks were successful. */ end @@ -319,7 +329,7 @@ analyzing: examples/csf12/STS_MAC.spthy analyzed: examples/csf12/STS_MAC.spthy output: examples/csf12/STS_MAC.spthy.tmp - processing time: 2.391577667s + processing time: 3.102052339s KI_Perfect_Forward_Secrecy_I (all-traces): falsified - found trace (12 steps) KI_Perfect_Forward_Secrecy_R (all-traces): falsified - found trace (12 steps) @@ -331,7 +341,7 @@ summary of summaries: analyzed: examples/csf12/STS_MAC.spthy output: examples/csf12/STS_MAC.spthy.tmp - processing time: 2.391577667s + processing time: 3.102052339s KI_Perfect_Forward_Secrecy_I (all-traces): falsified - found trace (12 steps) KI_Perfect_Forward_Secrecy_R (all-traces): falsified - found trace (12 steps) diff --git a/case-studies-regression/csf12/STS_MAC_fix1_analyzed.spthy b/case-studies-regression/csf12/STS_MAC_fix1_analyzed.spthy index a4d1ac95c..dc5a9f9a7 100644 --- a/case-studies-regression/csf12/STS_MAC_fix1_analyzed.spthy +++ b/case-studies-regression/csf12/STS_MAC_fix1_analyzed.spthy @@ -3,8 +3,8 @@ theory STS_MAC_fix1 begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: KDF/1, fst/1, mac/2, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: KDF/1, fst/1[destructor], mac/2, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +12,10 @@ equations: + + + + section{* The Station-To-Station Protocol (MAC version, fix UKS attack with proof-of-possession of exponent) *} rule (modulo E) Register_pk_normal: @@ -1084,6 +1088,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -1099,7 +1107,7 @@ analyzing: examples/csf12/STS_MAC_fix1.spthy analyzed: examples/csf12/STS_MAC_fix1.spthy output: examples/csf12/STS_MAC_fix1.spthy.tmp - processing time: 6.920124193s + processing time: 9.359572755s KI_Perfect_Forward_Secrecy_I (all-traces): verified (109 steps) KI_Perfect_Forward_Secrecy_R (all-traces): verified (160 steps) @@ -1111,7 +1119,7 @@ summary of summaries: analyzed: examples/csf12/STS_MAC_fix1.spthy output: examples/csf12/STS_MAC_fix1.spthy.tmp - processing time: 6.920124193s + processing time: 9.359572755s KI_Perfect_Forward_Secrecy_I (all-traces): verified (109 steps) KI_Perfect_Forward_Secrecy_R (all-traces): verified (160 steps) diff --git a/case-studies-regression/csf12/STS_MAC_fix2_analyzed.spthy b/case-studies-regression/csf12/STS_MAC_fix2_analyzed.spthy index 42a379cec..d7547d7d8 100644 --- a/case-studies-regression/csf12/STS_MAC_fix2_analyzed.spthy +++ b/case-studies-regression/csf12/STS_MAC_fix2_analyzed.spthy @@ -3,8 +3,8 @@ theory STS_MAC_fix2 begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: KDF/1, fst/1, h/1, mac/2, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: KDF/1, fst/1[destructor], h/1, mac/2, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +12,12 @@ equations: + + + + + + section{* The Station-To-Station Protocol (MAC version, fixed with names and tags) *} rule (modulo E) Register_pk_clone: @@ -406,6 +412,10 @@ next by contradiction /* from formulas */ qed + + + + /* All well-formedness checks were successful. */ end @@ -421,7 +431,7 @@ analyzing: examples/csf12/STS_MAC_fix2.spthy analyzed: examples/csf12/STS_MAC_fix2.spthy output: examples/csf12/STS_MAC_fix2.spthy.tmp - processing time: 1.46338093s + processing time: 1.660694197s KI_Perfect_Forward_Secrecy_I (all-traces): verified (26 steps) KI_Perfect_Forward_Secrecy_R (all-traces): verified (28 steps) @@ -433,7 +443,7 @@ summary of summaries: analyzed: examples/csf12/STS_MAC_fix2.spthy output: examples/csf12/STS_MAC_fix2.spthy.tmp - processing time: 1.46338093s + processing time: 1.660694197s KI_Perfect_Forward_Secrecy_I (all-traces): verified (26 steps) KI_Perfect_Forward_Secrecy_R (all-traces): verified (28 steps) diff --git a/case-studies-regression/csf12/SignedDH_PFS_analyzed.spthy b/case-studies-regression/csf12/SignedDH_PFS_analyzed.spthy index fae27808a..559102561 100644 --- a/case-studies-regression/csf12/SignedDH_PFS_analyzed.spthy +++ b/case-studies-regression/csf12/SignedDH_PFS_analyzed.spthy @@ -3,7 +3,8 @@ theory SignedDH_PFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -13,6 +14,10 @@ equations: section{* The Signed Diffie-Hellman Protocol *} + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --> [ !Ltk( $A, ~ltk ), !Pk( $A, pk(~ltk) ) ] @@ -217,7 +222,7 @@ analyzing: examples/csf12/SignedDH_PFS.spthy analyzed: examples/csf12/SignedDH_PFS.spthy output: examples/csf12/SignedDH_PFS.spthy.tmp - processing time: 0.525832745s + processing time: 0.446675006s Perfect_Forward_Secrecy (all-traces): verified (23 steps) ------------------------------------------------------------------------------ @@ -228,7 +233,7 @@ summary of summaries: analyzed: examples/csf12/SignedDH_PFS.spthy output: examples/csf12/SignedDH_PFS.spthy.tmp - processing time: 0.525832745s + processing time: 0.446675006s Perfect_Forward_Secrecy (all-traces): verified (23 steps) ============================================================================== diff --git a/case-studies-regression/csf12/UM_PFS_analyzed.spthy b/case-studies-regression/csf12/UM_PFS_analyzed.spthy index 4b5ea032c..7238f24c9 100644 --- a/case-studies-regression/csf12/UM_PFS_analyzed.spthy +++ b/case-studies-regression/csf12/UM_PFS_analyzed.spthy @@ -3,11 +3,15 @@ theory UM_PFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* The Unified Model (UM) Key-Exchange Protocol *} rule (modulo E) generate_ltk: @@ -218,7 +222,7 @@ analyzing: examples/csf12/UM_PFS.spthy analyzed: examples/csf12/UM_PFS.spthy output: examples/csf12/UM_PFS.spthy.tmp - processing time: 0.887400567s + processing time: 0.995415822s wPFS_initiator_key (all-traces): falsified - found trace (10 steps) wPFS_responder_key (all-traces): falsified - found trace (10 steps) @@ -230,7 +234,7 @@ summary of summaries: analyzed: examples/csf12/UM_PFS.spthy output: examples/csf12/UM_PFS.spthy.tmp - processing time: 0.887400567s + processing time: 0.995415822s wPFS_initiator_key (all-traces): falsified - found trace (10 steps) wPFS_responder_key (all-traces): falsified - found trace (10 steps) diff --git a/case-studies-regression/csf12/UM_wPFS_analyzed.spthy b/case-studies-regression/csf12/UM_wPFS_analyzed.spthy index 6ec602b09..82cb48654 100644 --- a/case-studies-regression/csf12/UM_wPFS_analyzed.spthy +++ b/case-studies-regression/csf12/UM_wPFS_analyzed.spthy @@ -3,11 +3,15 @@ theory UM_wPFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* The Unified Model (UM) Key-Exchange Protocol *} rule (modulo E) generate_ltk: @@ -417,7 +421,7 @@ analyzing: examples/csf12/UM_wPFS.spthy analyzed: examples/csf12/UM_wPFS.spthy output: examples/csf12/UM_wPFS.spthy.tmp - processing time: 0.906820417s + processing time: 0.910660174s wPFS_initiator_key (all-traces): verified (40 steps) wPFS_responder_key (all-traces): verified (37 steps) @@ -429,7 +433,7 @@ summary of summaries: analyzed: examples/csf12/UM_wPFS.spthy output: examples/csf12/UM_wPFS.spthy.tmp - processing time: 0.906820417s + processing time: 0.910660174s wPFS_initiator_key (all-traces): verified (40 steps) wPFS_responder_key (all-traces): verified (37 steps) diff --git a/case-studies-regression/csf18-xor/CH07_analyzed.spthy b/case-studies-regression/csf18-xor/CH07_analyzed.spthy index e312a1552..53a072b8b 100644 --- a/case-studies-regression/csf18-xor/CH07_analyzed.spthy +++ b/case-studies-regression/csf18-xor/CH07_analyzed.spthy @@ -3,11 +3,16 @@ theory CH07 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, lh/1, pair/2, rh/1, rot/2, snd/1 +functions: fst/1[destructor], h/1, lh/1, pair/2, rh/1, rot/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) Setup: [ Fr( ~k ), Fr( ~id ) ] --> [ !Reader( ~k, ~id ), !Tag( ~k, ~id ) ] @@ -727,6 +732,12 @@ solve( Alive( x, 'Reader' ) @ #i ) qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -742,7 +753,7 @@ analyzing: examples/csf18-xor/CH07.spthy analyzed: examples/csf18-xor/CH07.spthy output: examples/csf18-xor/CH07.spthy.tmp - processing time: 1.930082021s + processing time: 2.599482647s recentalive_tag (all-traces): falsified - found trace (11 steps) recentalive_reader (all-traces): verified (23 steps) noninjectiveagreement_tag (all-traces): verified (25 steps) @@ -757,7 +768,7 @@ summary of summaries: analyzed: examples/csf18-xor/CH07.spthy output: examples/csf18-xor/CH07.spthy.tmp - processing time: 1.930082021s + processing time: 2.599482647s recentalive_tag (all-traces): falsified - found trace (11 steps) recentalive_reader (all-traces): verified (23 steps) noninjectiveagreement_tag (all-traces): verified (25 steps) diff --git a/case-studies-regression/csf18-xor/CRxor_analyzed.spthy b/case-studies-regression/csf18-xor/CRxor_analyzed.spthy index b191752e2..97bc75f5f 100644 --- a/case-studies-regression/csf18-xor/CRxor_analyzed.spthy +++ b/case-studies-regression/csf18-xor/CRxor_analyzed.spthy @@ -3,11 +3,15 @@ theory CRXOR begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) Setup: [ Fr( ~k ) ] --[ OnlyOnce( ) ]-> [ !InitLTK( ~k ), !RespLTK( ~k ) ] @@ -526,7 +530,7 @@ analyzing: examples/csf18-xor/CRxor.spthy analyzed: examples/csf18-xor/CRxor.spthy output: examples/csf18-xor/CRxor.spthy.tmp - processing time: 1.546657979s + processing time: 1.776058886s alive (all-traces): verified (92 steps) recentalive_tag (all-traces): falsified - found trace (11 steps) executable (exists-trace): verified (10 steps) @@ -539,7 +543,7 @@ summary of summaries: analyzed: examples/csf18-xor/CRxor.spthy output: examples/csf18-xor/CRxor.spthy.tmp - processing time: 1.546657979s + processing time: 1.776058886s alive (all-traces): verified (92 steps) recentalive_tag (all-traces): falsified - found trace (11 steps) executable (exists-trace): verified (10 steps) diff --git a/case-studies-regression/csf18-xor/KCL07_analyzed.spthy b/case-studies-regression/csf18-xor/KCL07_analyzed.spthy index 4e61bb47c..01367d6e8 100644 --- a/case-studies-regression/csf18-xor/KCL07_analyzed.spthy +++ b/case-studies-regression/csf18-xor/KCL07_analyzed.spthy @@ -3,11 +3,15 @@ theory KCL07 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) Setup: [ Fr( ~k ), Fr( ~id ) ] --[ OnlyOnce( ) ]-> @@ -486,7 +490,7 @@ analyzing: examples/csf18-xor/KCL07.spthy analyzed: examples/csf18-xor/KCL07.spthy output: examples/csf18-xor/KCL07.spthy.tmp - processing time: 1.902204926s + processing time: 2.428247375s recentalive_tag (all-traces): verified (113 steps) executable (exists-trace): verified (17 steps) @@ -498,7 +502,7 @@ summary of summaries: analyzed: examples/csf18-xor/KCL07.spthy output: examples/csf18-xor/KCL07.spthy.tmp - processing time: 1.902204926s + processing time: 2.428247375s recentalive_tag (all-traces): verified (113 steps) executable (exists-trace): verified (17 steps) diff --git a/case-studies-regression/csf18-xor/LAK06_analyzed.spthy b/case-studies-regression/csf18-xor/LAK06_analyzed.spthy index 6100e1372..43342d923 100644 --- a/case-studies-regression/csf18-xor/LAK06_analyzed.spthy +++ b/case-studies-regression/csf18-xor/LAK06_analyzed.spthy @@ -3,11 +3,15 @@ theory LAK06 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) setup: [ Fr( ~k ) ] --[ OnlyOnce( 'setup' ), Create( ~k ) ]-> @@ -6570,7 +6574,7 @@ analyzing: examples/csf18-xor/LAK06.spthy analyzed: examples/csf18-xor/LAK06.spthy output: examples/csf18-xor/LAK06.spthy.tmp - processing time: 21.597421475s + processing time: 37.366594944s executable (exists-trace): verified (9 steps) helpingSecrecy (all-traces): verified (2 steps) noninjectiveagreementTAG (all-traces): verified (2082 steps) @@ -6584,7 +6588,7 @@ summary of summaries: analyzed: examples/csf18-xor/LAK06.spthy output: examples/csf18-xor/LAK06.spthy.tmp - processing time: 21.597421475s + processing time: 37.366594944s executable (exists-trace): verified (9 steps) helpingSecrecy (all-traces): verified (2 steps) noninjectiveagreementTAG (all-traces): verified (2082 steps) diff --git a/case-studies-regression/csf18-xor/NSLPK3xor_analyzed.spthy b/case-studies-regression/csf18-xor/NSLPK3xor_analyzed.spthy index 78c58d82e..d447b843b 100644 --- a/case-studies-regression/csf18-xor/NSLPK3xor_analyzed.spthy +++ b/case-studies-regression/csf18-xor/NSLPK3xor_analyzed.spthy @@ -3,7 +3,8 @@ theory NSLPK3XOR begin // Function signature and definition of the equational theory E builtins: xor -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -11,6 +12,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltkA ) ] --[ Register( $A ) ]-> @@ -332,7 +337,7 @@ analyzing: examples/csf18-xor/NSLPK3xor.spthy analyzed: examples/csf18-xor/NSLPK3xor.spthy output: examples/csf18-xor/NSLPK3xor.spthy.tmp - processing time: 5.899120107s + processing time: 6.337573554s types (all-traces): falsified - found trace (13 steps) nonce_secrecy (all-traces): falsified - found trace (11 steps) injective_agree (all-traces): falsified - found trace (13 steps) @@ -346,7 +351,7 @@ summary of summaries: analyzed: examples/csf18-xor/NSLPK3xor.spthy output: examples/csf18-xor/NSLPK3xor.spthy.tmp - processing time: 5.899120107s + processing time: 6.337573554s types (all-traces): falsified - found trace (13 steps) nonce_secrecy (all-traces): falsified - found trace (11 steps) injective_agree (all-traces): falsified - found trace (13 steps) diff --git a/case-studies-regression/csf18-xor/chaum_offline_anonymity_analyzed-oracle-chaum.spthy b/case-studies-regression/csf18-xor/chaum_offline_anonymity_analyzed-oracle-chaum.spthy index f4ab857cc..f8a2b6352 100644 --- a/case-studies-regression/csf18-xor/chaum_offline_anonymity_analyzed-oracle-chaum.spthy +++ b/case-studies-regression/csf18-xor/chaum_offline_anonymity_analyzed-oracle-chaum.spthy @@ -3,8 +3,8 @@ theory Chaum_Offline_Anonymity begin // Function signature and definition of the equational theory E builtins: xor -functions: blind/2, checksign/2, fst/1, pair/2, pk/1, sign/2, snd/1, - unblind/2 +functions: blind/2, checksign/2, fst/1[destructor], pair/2, pk/1, sign/2, + snd/1[destructor], unblind/2 equations: checksign(sign(m, k), pk(k)) = m, fst() = x.1, @@ -14,6 +14,8 @@ equations: + + rule (modulo E) Register_Corrupted_Bank_pk: [ Fr( ~ltkB ) ] --[ OnlyOnce( ) ]-> @@ -1480,6 +1482,16 @@ solve( !St_C_1( ~C, ~y, ~r ) ▶₀ #i1 ) qed qed + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -1495,7 +1507,7 @@ analyzing: examples/csf18-xor/chaum_offline_anonymity.spthy analyzed: examples/csf18-xor/chaum_offline_anonymity.spthy output: examples/csf18-xor/chaum_offline_anonymity.spthy.tmp - processing time: 13.852491046s + processing time: 20.879793s coins (all-traces): verified (322 steps) exec (exists-trace): verified (8 steps) anonymity (all-traces): verified (54 steps) @@ -1509,7 +1521,7 @@ summary of summaries: analyzed: examples/csf18-xor/chaum_offline_anonymity.spthy output: examples/csf18-xor/chaum_offline_anonymity.spthy.tmp - processing time: 13.852491046s + processing time: 20.879793s coins (all-traces): verified (322 steps) exec (exists-trace): verified (8 steps) anonymity (all-traces): verified (54 steps) diff --git a/case-studies-regression/csf18-xor/diff-models/CH07-UK1_analyzed-diff.spthy b/case-studies-regression/csf18-xor/diff-models/CH07-UK1_analyzed-diff.spthy index e5b931ff4..3af414d04 100644 --- a/case-studies-regression/csf18-xor/diff-models/CH07-UK1_analyzed-diff.spthy +++ b/case-studies-regression/csf18-xor/diff-models/CH07-UK1_analyzed-diff.spthy @@ -3,7 +3,8 @@ theory CH07_UK1 begin // Function signature and definition of the equational theory E builtins: multiset, xor -functions: fst/1, h/1, lh/1, pair/2, rh/1, rot/2, snd/1 +functions: fst/1[destructor], h/1, lh/1, pair/2, rh/1, rot/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -9215,7 +9216,7 @@ analyzing: examples/csf18-xor/diff-models/CH07-UK1.spthy analyzed: examples/csf18-xor/diff-models/CH07-UK1.spthy output: examples/csf18-xor/diff-models/CH07-UK1.spthy.tmp - processing time: 118.181113416s + processing time: 179.638424363s RHS : executable (exists-trace): verified (5 steps) LHS : executable (exists-trace): verified (5 steps) DiffLemma: Observational_equivalence : verified (3048 steps) @@ -9228,7 +9229,7 @@ summary of summaries: analyzed: examples/csf18-xor/diff-models/CH07-UK1.spthy output: examples/csf18-xor/diff-models/CH07-UK1.spthy.tmp - processing time: 118.181113416s + processing time: 179.638424363s RHS : executable (exists-trace): verified (5 steps) LHS : executable (exists-trace): verified (5 steps) DiffLemma: Observational_equivalence : verified (3048 steps) diff --git a/case-studies-regression/csf18-xor/diff-models/CH07-UK2_analyzed-diff.spthy b/case-studies-regression/csf18-xor/diff-models/CH07-UK2_analyzed-diff.spthy index bf788e5b4..36dc02d84 100644 --- a/case-studies-regression/csf18-xor/diff-models/CH07-UK2_analyzed-diff.spthy +++ b/case-studies-regression/csf18-xor/diff-models/CH07-UK2_analyzed-diff.spthy @@ -3,7 +3,8 @@ theory CH07_UK2 begin // Function signature and definition of the equational theory E builtins: multiset, xor -functions: fst/1, h/1, lh/1, pair/2, rh/1, rot/2, snd/1 +functions: fst/1[destructor], h/1, lh/1, pair/2, rh/1, rot/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -17997,7 +17998,7 @@ analyzing: examples/csf18-xor/diff-models/CH07-UK2.spthy analyzed: examples/csf18-xor/diff-models/CH07-UK2.spthy output: examples/csf18-xor/diff-models/CH07-UK2.spthy.tmp - processing time: 269.199226987s + processing time: 334.441658118s RHS : executable (exists-trace): verified (5 steps) LHS : executable (exists-trace): verified (5 steps) DiffLemma: Observational_equivalence : verified (5973 steps) @@ -18010,7 +18011,7 @@ summary of summaries: analyzed: examples/csf18-xor/diff-models/CH07-UK2.spthy output: examples/csf18-xor/diff-models/CH07-UK2.spthy.tmp - processing time: 269.199226987s + processing time: 334.441658118s RHS : executable (exists-trace): verified (5 steps) LHS : executable (exists-trace): verified (5 steps) DiffLemma: Observational_equivalence : verified (5973 steps) diff --git a/case-studies-regression/csf18-xor/diff-models/CH07-UK3_analyzed-diff-obseqonly.spthy b/case-studies-regression/csf18-xor/diff-models/CH07-UK3_analyzed-diff-obseqonly.spthy index 16b79454a..0564aa0c1 100644 --- a/case-studies-regression/csf18-xor/diff-models/CH07-UK3_analyzed-diff-obseqonly.spthy +++ b/case-studies-regression/csf18-xor/diff-models/CH07-UK3_analyzed-diff-obseqonly.spthy @@ -3,7 +3,8 @@ theory CH07_UK3 begin // Function signature and definition of the equational theory E builtins: multiset, xor -functions: fst/1, h/1, lh/1, pair/2, rh/1, rot/2, snd/1 +functions: fst/1[destructor], h/1, lh/1, pair/2, rh/1, rot/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -264,7 +265,7 @@ analyzing: examples/csf18-xor/diff-models/CH07-UK3.spthy analyzed: examples/csf18-xor/diff-models/CH07-UK3.spthy output: examples/csf18-xor/diff-models/CH07-UK3.spthy.tmp - processing time: 337.087257026s + processing time: 372.043568197s RHS : recentalive_tag (all-traces): analysis incomplete (1 steps) LHS : recentalive_tag (all-traces): analysis incomplete (1 steps) RHS : recentalive_reader (all-traces): analysis incomplete (1 steps) @@ -281,7 +282,7 @@ summary of summaries: analyzed: examples/csf18-xor/diff-models/CH07-UK3.spthy output: examples/csf18-xor/diff-models/CH07-UK3.spthy.tmp - processing time: 337.087257026s + processing time: 372.043568197s RHS : recentalive_tag (all-traces): analysis incomplete (1 steps) LHS : recentalive_tag (all-traces): analysis incomplete (1 steps) RHS : recentalive_reader (all-traces): analysis incomplete (1 steps) diff --git a/case-studies-regression/csf18-xor/diff-models/KCL07-UK2_analyzed-diff.spthy b/case-studies-regression/csf18-xor/diff-models/KCL07-UK2_analyzed-diff.spthy index 41525d216..75daa319d 100644 --- a/case-studies-regression/csf18-xor/diff-models/KCL07-UK2_analyzed-diff.spthy +++ b/case-studies-regression/csf18-xor/diff-models/KCL07-UK2_analyzed-diff.spthy @@ -3,7 +3,7 @@ theory KCL07_UK2 begin // Function signature and definition of the equational theory E builtins: multiset, xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -115,7 +115,7 @@ analyzing: examples/csf18-xor/diff-models/KCL07-UK2.spthy analyzed: examples/csf18-xor/diff-models/KCL07-UK2.spthy output: examples/csf18-xor/diff-models/KCL07-UK2.spthy.tmp - processing time: 217.848145989s + processing time: 254.812917271s DiffLemma: Observational_equivalence : falsified - found trace (15 steps) ------------------------------------------------------------------------------ @@ -126,7 +126,7 @@ summary of summaries: analyzed: examples/csf18-xor/diff-models/KCL07-UK2.spthy output: examples/csf18-xor/diff-models/KCL07-UK2.spthy.tmp - processing time: 217.848145989s + processing time: 254.812917271s DiffLemma: Observational_equivalence : falsified - found trace (15 steps) ============================================================================== diff --git a/case-studies-regression/csf18-xor/diff-models/KCL07-UK3_attack_analyzed-diff-noprove.spthy b/case-studies-regression/csf18-xor/diff-models/KCL07-UK3_attack_analyzed-diff-noprove.spthy index 014215374..0b96a8c97 100644 --- a/case-studies-regression/csf18-xor/diff-models/KCL07-UK3_attack_analyzed-diff-noprove.spthy +++ b/case-studies-regression/csf18-xor/diff-models/KCL07-UK3_attack_analyzed-diff-noprove.spthy @@ -3,7 +3,7 @@ theory KCL07_UK3 begin // Function signature and definition of the equational theory E builtins: multiset, xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -184,7 +184,7 @@ next case Setup step( solve( !KU( r1 ) @ #vk.1 ) ) case c_fst - by sorry + by sorry /* unannotated */ next case c_h by sorry @@ -193,7 +193,7 @@ next by sorry next case c_snd - by sorry + by sorry /* unannotated */ next case c_union by sorry @@ -428,7 +428,7 @@ analyzing: examples/csf18-xor/diff-models/KCL07-UK3_attack.spthy analyzed: examples/csf18-xor/diff-models/KCL07-UK3_attack.spthy output: examples/csf18-xor/diff-models/KCL07-UK3_attack.spthy.tmp - processing time: 1.431777479s + processing time: 2.065979375s RHS : recentalive_tag (all-traces): analysis incomplete (1 steps) LHS : recentalive_tag (all-traces): analysis incomplete (1 steps) RHS : executable (exists-trace): analysis incomplete (1 steps) @@ -443,7 +443,7 @@ summary of summaries: analyzed: examples/csf18-xor/diff-models/KCL07-UK3_attack.spthy output: examples/csf18-xor/diff-models/KCL07-UK3_attack.spthy.tmp - processing time: 1.431777479s + processing time: 2.065979375s RHS : recentalive_tag (all-traces): analysis incomplete (1 steps) LHS : recentalive_tag (all-traces): analysis incomplete (1 steps) RHS : executable (exists-trace): analysis incomplete (1 steps) diff --git a/case-studies-regression/csf18-xor/diff-models/LAK06-UK1_analyzed-diff.spthy b/case-studies-regression/csf18-xor/diff-models/LAK06-UK1_analyzed-diff.spthy index 49048f0a7..b8e206ffb 100644 --- a/case-studies-regression/csf18-xor/diff-models/LAK06-UK1_analyzed-diff.spthy +++ b/case-studies-regression/csf18-xor/diff-models/LAK06-UK1_analyzed-diff.spthy @@ -3,7 +3,7 @@ theory LAK06_UK1 begin // Function signature and definition of the equational theory E builtins: multiset, xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -85330,7 +85330,7 @@ analyzing: examples/csf18-xor/diff-models/LAK06-UK1.spthy analyzed: examples/csf18-xor/diff-models/LAK06-UK1.spthy output: examples/csf18-xor/diff-models/LAK06-UK1.spthy.tmp - processing time: 365.716701813s + processing time: 378.624581105s RHS : executable (exists-trace): falsified - no trace found (5324 steps) LHS : executable (exists-trace): falsified - no trace found (5324 steps) DiffLemma: Observational_equivalence : verified (17784 steps) @@ -85343,7 +85343,7 @@ summary of summaries: analyzed: examples/csf18-xor/diff-models/LAK06-UK1.spthy output: examples/csf18-xor/diff-models/LAK06-UK1.spthy.tmp - processing time: 365.716701813s + processing time: 378.624581105s RHS : executable (exists-trace): falsified - no trace found (5324 steps) LHS : executable (exists-trace): falsified - no trace found (5324 steps) DiffLemma: Observational_equivalence : verified (17784 steps) diff --git a/case-studies-regression/csf19-wrapping/gcm_analyzed-oracle-gcm-wrapping.spthy b/case-studies-regression/csf19-wrapping/gcm_analyzed-oracle-gcm-wrapping.spthy index 8c6fc1472..d2fe42dfd 100644 --- a/case-studies-regression/csf19-wrapping/gcm_analyzed-oracle-gcm-wrapping.spthy +++ b/case-studies-regression/csf19-wrapping/gcm_analyzed-oracle-gcm-wrapping.spthy @@ -3,8 +3,8 @@ theory PKCS11_aead begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, getIV/1, getTag/1, kdf/2, pair/2, sdec/4, sdecSuc/4, - senc/4, snd/1, true/0 +functions: fst/1[destructor], getIV/1, getTag/1, kdf/2, pair/2, sdec/4, + sdecSuc/4, senc/4, snd/1[destructor], true/0 equations: fst() = x.1, getIV(senc(k, iv, t, m)) = iv, @@ -17,6 +17,8 @@ equations: /* looping facts with injective instances: DCtr/2 */ + + restriction UniqueInteger: "∀ n #i #j. ((IsInteger( n ) @ #i) ∧ (IsInteger( n ) @ #j)) ⇒ (#i = #j)" // safety formula @@ -6036,7 +6038,7 @@ next case Encrypt solve( DCtr( d, ctr.1 ) ▶₃ #later ) case Device - by contradiction /* non-injective facts (#vr,#before,#later) */ + by contradiction /* cyclic */ next case Encrypt_case_1 solve( (#vr = #before) ∥ (#before < #vr) ∥ @@ -6048,10 +6050,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_2 @@ -6064,10 +6063,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_3 @@ -6080,10 +6076,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_4 @@ -6096,10 +6089,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_5 @@ -6112,10 +6102,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_6 @@ -6128,871 +6115,638 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_01 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_02 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_03 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_04 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_05 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_06 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_07 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_08 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_09 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_10 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_11 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_12 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_13 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_14 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_15 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_16 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_17 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_18 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_19 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_20 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_21 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_22 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_23 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_24 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_25 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_26 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_27 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_28 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_29 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_30 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_31 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_32 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_33 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + simplify + by contradiction /* from formulas */ + next + case Wrap_case_34 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_35 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_36 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_37 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_38 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_39 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_40 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_41 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_42 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_43 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_44 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_45 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_46 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_47 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_48 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_49 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_50 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_51 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_52 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_53 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_54 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_55 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_56 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_57 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_58 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_59 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_60 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_61 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_62 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_63 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_64 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_65 + simplify + by contradiction /* from formulas */ + qed + next + case Wrap + solve( DCtr( d, ctr.1 ) ▶₃ #later ) + case Device + by contradiction /* cyclic */ + next + case Encrypt_case_1 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_2 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_3 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_4 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_5 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_6 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_01 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_34 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_02 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_35 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_03 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_36 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_04 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_37 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_05 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_38 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_06 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_39 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_07 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_40 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_08 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_41 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_09 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_42 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_10 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_43 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_11 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_44 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_12 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_45 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_13 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_46 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_14 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_47 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_48 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_15 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_49 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_50 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_16 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_51 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_52 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_17 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_53 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_54 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_18 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_55 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_56 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_19 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_57 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_58 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_20 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_59 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_60 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_21 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_61 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_62 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_22 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_63 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_64 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_23 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_65 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed - qed - next - case Wrap - solve( DCtr( d, ctr.1 ) ▶₃ #later ) - case Device - by contradiction /* non-injective facts (#vr,#before,#later) */ next - case Encrypt_case_1 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_24 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_2 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Encrypt_case_3 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_25 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_4 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Encrypt_case_5 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_26 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_6 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_01 + case Wrap_case_27 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7002,13 +6756,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_02 + case Wrap_case_28 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7018,13 +6769,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_03 + case Wrap_case_29 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7034,13 +6782,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_04 + case Wrap_case_30 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7050,13 +6795,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_05 + case Wrap_case_31 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7066,13 +6808,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_06 + case Wrap_case_32 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7082,13 +6821,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_07 + case Wrap_case_33 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7098,13 +6834,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_08 + case Wrap_case_34 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7114,13 +6847,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_09 + case Wrap_case_35 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7130,13 +6860,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_10 + case Wrap_case_36 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7146,13 +6873,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_11 + case Wrap_case_37 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7162,13 +6886,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_12 + case Wrap_case_38 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7178,13 +6899,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_13 + case Wrap_case_39 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7194,13 +6912,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_14 + case Wrap_case_40 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7210,13 +6925,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_15 + case Wrap_case_41 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7226,13 +6938,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_16 + case Wrap_case_42 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7242,13 +6951,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_17 + case Wrap_case_43 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7258,13 +6964,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_18 + case Wrap_case_44 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7274,13 +6977,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_19 + case Wrap_case_45 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7290,13 +6990,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_20 + case Wrap_case_46 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7306,13 +7003,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_21 + case Wrap_case_47 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7322,13 +7016,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_22 + case Wrap_case_48 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7338,13 +7029,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_23 + case Wrap_case_49 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7354,13 +7042,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_24 + case Wrap_case_50 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7370,13 +7055,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_25 + case Wrap_case_51 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7386,13 +7068,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_26 + case Wrap_case_52 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7402,13 +7081,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_27 + case Wrap_case_53 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7418,13 +7094,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_28 + case Wrap_case_54 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7434,13 +7107,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_29 + case Wrap_case_55 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7450,13 +7120,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_30 + case Wrap_case_56 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7466,13 +7133,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_31 + case Wrap_case_57 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7482,13 +7146,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_32 + case Wrap_case_58 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7498,13 +7159,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_33 + case Wrap_case_59 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7514,13 +7172,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_34 + case Wrap_case_60 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7530,13 +7185,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_35 + case Wrap_case_61 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7546,13 +7198,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_36 + case Wrap_case_62 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7562,13 +7211,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_37 + case Wrap_case_63 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7578,13 +7224,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_38 + case Wrap_case_64 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7594,13 +7237,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_39 + case Wrap_case_65 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7610,13 +7250,22 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed + qed + qed + next + case Wrap + solve( DCtrIs( d, c ) @ #before ) + case Device + by contradiction /* from formulas */ + next + case Encrypt + solve( DCtr( d, ctr.1 ) ▶₄ #later ) + case Device + by contradiction /* cyclic */ next - case Wrap_case_40 + case Encrypt_case_1 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7626,13 +7275,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_41 + case Encrypt_case_2 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7642,13 +7288,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_42 + case Encrypt_case_3 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7658,13 +7301,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_43 + case Encrypt_case_4 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7674,13 +7314,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_44 + case Encrypt_case_5 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7690,13 +7327,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_45 + case Encrypt_case_6 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -7706,1297 +7340,298 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_46 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_01 + simplify + by contradiction /* from formulas */ next - case Wrap_case_47 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_02 + simplify + by contradiction /* from formulas */ next - case Wrap_case_48 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_03 + simplify + by contradiction /* from formulas */ next - case Wrap_case_49 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_04 + simplify + by contradiction /* from formulas */ next - case Wrap_case_50 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_05 + simplify + by contradiction /* from formulas */ next - case Wrap_case_51 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_06 + simplify + by contradiction /* from formulas */ next - case Wrap_case_52 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_07 + simplify + by contradiction /* from formulas */ next - case Wrap_case_53 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_08 + simplify + by contradiction /* from formulas */ next - case Wrap_case_54 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_55 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_56 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_57 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_58 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_59 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_60 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_61 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_62 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_63 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_64 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_65 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - qed - qed - next - case Wrap - solve( DCtrIs( d, c ) @ #before ) - case Device - by contradiction /* from formulas */ - next - case Encrypt - solve( DCtr( d, ctr.1 ) ▶₄ #later ) - case Device - by contradiction /* non-injective facts (#vr,#before,#later) */ - next - case Encrypt_case_1 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_2 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_3 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_4 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_5 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_6 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_01 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_02 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_03 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_04 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_05 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_06 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_07 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_08 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_09 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_09 + simplify + by contradiction /* from formulas */ next case Wrap_case_10 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_11 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_12 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_13 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_14 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_15 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_16 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_17 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_18 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_19 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_20 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_21 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_22 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_23 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_24 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_25 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_26 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_27 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_28 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_29 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_30 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_31 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_32 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_33 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_34 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_35 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_36 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_37 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_38 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_39 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_40 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_41 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_42 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_43 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_44 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_45 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_46 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_47 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_48 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_49 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_50 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_51 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_52 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_53 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_54 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_55 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_56 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_57 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_58 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_59 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_60 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_61 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_62 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_63 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_64 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_65 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ qed next case Wrap solve( DCtr( d, ctr.1 ) ▶₄ #later ) case Device - by contradiction /* non-injective facts (#vr,#before,#later) */ + by contradiction /* cyclic */ next case Encrypt_case_1 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_2 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_3 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_4 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_5 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_6 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_01 solve( (#vr = #before) ∥ (#before < #vr) ∥ @@ -9008,10 +7643,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_02 @@ -9024,10 +7656,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_03 @@ -9040,10 +7669,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_04 @@ -9056,10 +7682,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_05 @@ -9072,10 +7695,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_06 @@ -9088,10 +7708,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_07 @@ -9104,10 +7721,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_08 @@ -9120,10 +7734,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_09 @@ -9136,10 +7747,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_10 @@ -9152,10 +7760,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_11 @@ -9168,10 +7773,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_12 @@ -9184,10 +7786,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_13 @@ -9200,10 +7799,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_14 @@ -9216,10 +7812,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_15 @@ -9232,10 +7825,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_16 @@ -9248,10 +7838,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_17 @@ -9264,10 +7851,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_18 @@ -9280,10 +7864,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_19 @@ -9296,10 +7877,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_20 @@ -9312,10 +7890,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_21 @@ -9328,10 +7903,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_22 @@ -9344,10 +7916,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_23 @@ -9360,10 +7929,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_24 @@ -9376,10 +7942,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_25 @@ -9392,10 +7955,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_26 @@ -9408,10 +7968,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_27 @@ -9424,10 +7981,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_28 @@ -9440,10 +7994,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_29 @@ -9456,10 +8007,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_30 @@ -9472,10 +8020,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_31 @@ -9488,10 +8033,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_32 @@ -9504,10 +8046,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_33 @@ -9520,10 +8059,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_34 @@ -9536,10 +8072,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_35 @@ -9552,10 +8085,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_36 @@ -9568,10 +8098,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_37 @@ -9584,10 +8111,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_38 @@ -9600,10 +8124,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_39 @@ -9616,10 +8137,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_40 @@ -9632,10 +8150,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_41 @@ -9648,10 +8163,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_42 @@ -9664,10 +8176,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_43 @@ -9680,10 +8189,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_44 @@ -9696,10 +8202,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_45 @@ -9712,10 +8215,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_46 @@ -9728,10 +8228,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_47 @@ -9744,10 +8241,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_48 @@ -9760,10 +8254,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_49 @@ -9776,10 +8267,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_50 @@ -9792,10 +8280,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_51 @@ -9808,10 +8293,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_52 @@ -9824,10 +8306,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_53 @@ -9840,10 +8319,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_54 @@ -9856,10 +8332,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_55 @@ -9872,10 +8345,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_56 @@ -9888,10 +8358,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_57 @@ -9904,10 +8371,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_58 @@ -9920,10 +8384,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_59 @@ -9936,10 +8397,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_60 @@ -9952,10 +8410,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_61 @@ -9968,10 +8423,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_62 @@ -9984,10 +8436,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_63 @@ -10000,10 +8449,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_64 @@ -10016,10 +8462,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_65 @@ -10032,10 +8475,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed qed qed @@ -12129,6 +10569,20 @@ next qed qed + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -12144,9 +10598,9 @@ analyzing: examples/csf19-wrapping/gcm.spthy analyzed: examples/csf19-wrapping/gcm.spthy output: examples/csf19-wrapping/gcm.spthy.tmp - processing time: 115.533011739s + processing time: 206.301118824s origin (all-traces): verified (1597 steps) - Counter_Monotonicity (all-traces): verified (1302 steps) + Counter_Monotonicity (all-traces): verified (876 steps) IV_Uniqueness (all-traces): verified (8 steps) Key_UsageImpliesInitialization (all-traces): verified (78 steps) Key_IntegrityAndConfidentiality (all-traces): verified (412 steps) @@ -12160,9 +10614,9 @@ summary of summaries: analyzed: examples/csf19-wrapping/gcm.spthy output: examples/csf19-wrapping/gcm.spthy.tmp - processing time: 115.533011739s + processing time: 206.301118824s origin (all-traces): verified (1597 steps) - Counter_Monotonicity (all-traces): verified (1302 steps) + Counter_Monotonicity (all-traces): verified (876 steps) IV_Uniqueness (all-traces): verified (8 steps) Key_UsageImpliesInitialization (all-traces): verified (78 steps) Key_IntegrityAndConfidentiality (all-traces): verified (412 steps) diff --git a/case-studies-regression/csf19-wrapping/siv_analyzed-oracle-siv-wrapping.spthy b/case-studies-regression/csf19-wrapping/siv_analyzed-oracle-siv-wrapping.spthy index cf5eb5c37..28f464155 100644 --- a/case-studies-regression/csf19-wrapping/siv_analyzed-oracle-siv-wrapping.spthy +++ b/case-studies-regression/csf19-wrapping/siv_analyzed-oracle-siv-wrapping.spthy @@ -3,8 +3,8 @@ theory PKCS11_siv begin // Function signature and definition of the equational theory E builtins: multiset -functions: epsilon/0, fst/1, getIV/1, getTag/1, kdf/2, pair/2, sdec/4, - sdecSuc/4, senc/4, snd/1, true/0 +functions: epsilon/0, fst/1[destructor], getIV/1, getTag/1, kdf/2, + pair/2, sdec/4, sdecSuc/4, senc/4, snd/1[destructor], true/0 equations: fst() = x.1, getIV(senc(k, iv, t, m)) = iv, @@ -17,6 +17,8 @@ equations: /* looping facts with injective instances: DCtr/2 */ + + restriction UniqueInteger: "∀ n #i #j. ((IsInteger( n ) @ #i) ∧ (IsInteger( n ) @ #j)) ⇒ (#i = #j)" // safety formula @@ -7865,7 +7867,7 @@ next case Encrypt solve( DCtr( d, ctr.1 ) ▶₃ #later ) case Device - by contradiction /* non-injective facts (#vr,#before,#later) */ + by contradiction /* cyclic */ next case Encrypt_case_1 solve( (#vr = #before) ∥ (#before < #vr) ∥ @@ -7877,10 +7879,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_2 @@ -7893,10 +7892,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_3 @@ -7909,10 +7905,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_4 @@ -7925,10 +7918,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_5 @@ -7941,10 +7931,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Encrypt_case_6 @@ -7957,871 +7944,638 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_01 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_02 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_03 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_04 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_05 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_06 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_07 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_08 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_09 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_10 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_11 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_12 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_13 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_14 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_15 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_16 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_17 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_18 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_19 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_20 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_21 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_22 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_23 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_24 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_25 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_26 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_27 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_28 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_29 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_30 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_31 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_32 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_33 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + simplify + by contradiction /* from formulas */ + next + case Wrap_case_34 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_35 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_36 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_37 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_38 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_39 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_40 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_41 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_42 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_43 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_44 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_45 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_46 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_47 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_48 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_49 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_50 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_51 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_52 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_53 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_54 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_55 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_56 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_57 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_58 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_59 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_60 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_61 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_62 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_63 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_64 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_65 + simplify + by contradiction /* from formulas */ + qed + next + case Wrap + solve( DCtr( d, ctr.1 ) ▶₃ #later ) + case Device + by contradiction /* cyclic */ + next + case Encrypt_case_1 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_2 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_3 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_4 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_5 + simplify + by contradiction /* from formulas */ + next + case Encrypt_case_6 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_01 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_34 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_02 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_35 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_03 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_36 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_04 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_37 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_05 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_38 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_06 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_39 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_07 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_40 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_08 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_41 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_09 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_42 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_10 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_43 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_11 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_44 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_12 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_45 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_13 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by contradiction /* from formulas */ + next + case case_3 + by simplify qed next - case Wrap_case_46 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_14 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_47 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_48 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_15 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_49 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_50 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_16 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_51 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_52 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_17 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_53 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_54 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_18 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_55 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_56 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_19 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_57 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_58 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_20 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_59 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_60 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_21 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_61 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_62 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_22 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_63 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_64 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_23 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_65 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed - qed - next - case Wrap - solve( DCtr( d, ctr.1 ) ▶₃ #later ) - case Device - by contradiction /* non-injective facts (#vr,#before,#later) */ next - case Encrypt_case_1 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_24 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_2 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Encrypt_case_3 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_25 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_4 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Encrypt_case_5 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) + case Wrap_case_26 + solve( (#vr = #before) ∥ (#before < #vr) ∥ + (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_6 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 by contradiction /* from formulas */ next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + case case_3 + by simplify qed next - case Wrap_case_01 + case Wrap_case_27 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8831,13 +8585,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_02 + case Wrap_case_28 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8847,13 +8598,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_03 + case Wrap_case_29 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8863,13 +8611,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_04 + case Wrap_case_30 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8879,13 +8624,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_05 + case Wrap_case_31 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8895,13 +8637,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_06 + case Wrap_case_32 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8911,13 +8650,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_07 + case Wrap_case_33 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8927,13 +8663,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_08 + case Wrap_case_34 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8943,13 +8676,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_09 + case Wrap_case_35 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8959,13 +8689,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_10 + case Wrap_case_36 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8975,13 +8702,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_11 + case Wrap_case_37 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -8991,13 +8715,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_12 + case Wrap_case_38 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9007,13 +8728,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_13 + case Wrap_case_39 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9023,13 +8741,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_14 + case Wrap_case_40 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9039,13 +8754,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_15 + case Wrap_case_41 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9055,13 +8767,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_16 + case Wrap_case_42 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9071,13 +8780,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_17 + case Wrap_case_43 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9087,13 +8793,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_18 + case Wrap_case_44 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9103,13 +8806,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_19 + case Wrap_case_45 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9119,13 +8819,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_20 + case Wrap_case_46 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9135,13 +8832,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_21 + case Wrap_case_47 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9151,13 +8845,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_22 + case Wrap_case_48 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9167,13 +8858,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_23 + case Wrap_case_49 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9183,13 +8871,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_24 + case Wrap_case_50 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9199,13 +8884,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_25 + case Wrap_case_51 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9215,13 +8897,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_26 + case Wrap_case_52 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9231,13 +8910,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_27 + case Wrap_case_53 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9247,13 +8923,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_28 + case Wrap_case_54 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9263,13 +8936,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_29 + case Wrap_case_55 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9279,13 +8949,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_30 + case Wrap_case_56 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9295,13 +8962,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_31 + case Wrap_case_57 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9311,13 +8975,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_32 + case Wrap_case_58 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9327,13 +8988,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_33 + case Wrap_case_59 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9343,13 +9001,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_34 + case Wrap_case_60 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9359,13 +9014,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_35 + case Wrap_case_61 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9375,13 +9027,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_36 + case Wrap_case_62 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9391,13 +9040,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_37 + case Wrap_case_63 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9407,13 +9053,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_38 + case Wrap_case_64 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9423,13 +9066,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_39 + case Wrap_case_65 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9439,13 +9079,22 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed + qed + qed + next + case Wrap + solve( DCtrIs( d, c ) @ #before ) + case Device + by contradiction /* from formulas */ + next + case Encrypt + solve( DCtr( d, ctr.1 ) ▶₄ #later ) + case Device + by contradiction /* cyclic */ next - case Wrap_case_40 + case Encrypt_case_1 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9455,13 +9104,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_41 + case Encrypt_case_2 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9471,13 +9117,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_42 + case Encrypt_case_3 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9487,13 +9130,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_43 + case Encrypt_case_4 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9503,13 +9143,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_44 + case Encrypt_case_5 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9519,13 +9156,10 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_45 + case Encrypt_case_6 solve( (#vr = #before) ∥ (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) case case_1 @@ -9535,1297 +9169,298 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next - case Wrap_case_46 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_01 + simplify + by contradiction /* from formulas */ next - case Wrap_case_47 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_02 + simplify + by contradiction /* from formulas */ next - case Wrap_case_48 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_03 + simplify + by contradiction /* from formulas */ next - case Wrap_case_49 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_04 + simplify + by contradiction /* from formulas */ next - case Wrap_case_50 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_05 + simplify + by contradiction /* from formulas */ next - case Wrap_case_51 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_06 + simplify + by contradiction /* from formulas */ next - case Wrap_case_52 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_07 + simplify + by contradiction /* from formulas */ next - case Wrap_case_53 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_08 + simplify + by contradiction /* from formulas */ next - case Wrap_case_54 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_55 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_56 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_57 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_58 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_59 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_60 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_61 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_62 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_63 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_64 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_65 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - qed - qed - next - case Wrap - solve( DCtrIs( d, c ) @ #before ) - case Device - by contradiction /* from formulas */ - next - case Encrypt - solve( DCtr( d, ctr.1 ) ▶₄ #later ) - case Device - by contradiction /* non-injective facts (#vr,#before,#later) */ - next - case Encrypt_case_1 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_2 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_3 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_4 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_5 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Encrypt_case_6 - solve( (#vr = #before) ∥ (#before < #vr) ∥ - (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_01 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_02 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_03 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_04 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_05 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_06 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_07 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_08 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_09 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + case Wrap_case_09 + simplify + by contradiction /* from formulas */ next case Wrap_case_10 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_11 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_12 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_13 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_14 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_15 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_16 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_17 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_18 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_19 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_20 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_21 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_22 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_23 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_24 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_25 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_26 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_27 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ + next + case Wrap_case_26 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_27 + simplify + by contradiction /* from formulas */ next case Wrap_case_28 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_29 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_30 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_31 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_32 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_33 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_34 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_35 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_36 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_37 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_38 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_39 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_40 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_41 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_42 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_43 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_44 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_45 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_46 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_47 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_48 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_49 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_50 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_51 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_52 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_53 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_54 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_55 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_56 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_57 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed - next - case Wrap_case_58 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ + next + case Wrap_case_57 + simplify + by contradiction /* from formulas */ + next + case Wrap_case_58 + simplify + by contradiction /* from formulas */ next case Wrap_case_59 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_60 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_61 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_62 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_63 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_64 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_65 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ qed next case Wrap solve( DCtr( d, ctr.1 ) ▶₄ #later ) case Device - by contradiction /* non-injective facts (#vr,#before,#later) */ + by contradiction /* cyclic */ next case Encrypt_case_1 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_2 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_3 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_4 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_5 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Encrypt_case_6 - solve( (#before < #vr) ∥ (∃ z. (('1'+ctr) = ('1'+z+ctr.1))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed - qed + simplify + by contradiction /* from formulas */ next case Wrap_case_01 solve( (#vr = #before) ∥ (#before < #vr) ∥ @@ -10837,10 +9472,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_02 @@ -10853,10 +9485,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_03 @@ -10869,10 +9498,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_04 @@ -10885,10 +9511,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_05 @@ -10901,10 +9524,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_06 @@ -10917,10 +9537,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_07 @@ -10933,10 +9550,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_08 @@ -10949,10 +9563,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_09 @@ -10965,10 +9576,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_10 @@ -10981,10 +9589,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_11 @@ -10997,10 +9602,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_12 @@ -11013,10 +9615,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_13 @@ -11029,10 +9628,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_14 @@ -11045,10 +9641,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_15 @@ -11061,10 +9654,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_16 @@ -11077,10 +9667,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_17 @@ -11093,10 +9680,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_18 @@ -11109,10 +9693,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_19 @@ -11125,10 +9706,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_20 @@ -11141,10 +9719,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_21 @@ -11157,10 +9732,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_22 @@ -11173,10 +9745,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_23 @@ -11189,10 +9758,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_24 @@ -11205,10 +9771,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_25 @@ -11221,10 +9784,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_26 @@ -11237,10 +9797,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_27 @@ -11253,10 +9810,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_28 @@ -11269,10 +9823,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_29 @@ -11285,10 +9836,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_30 @@ -11301,10 +9849,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_31 @@ -11317,10 +9862,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_32 @@ -11333,10 +9875,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_33 @@ -11349,10 +9888,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_34 @@ -11365,10 +9901,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_35 @@ -11381,10 +9914,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_36 @@ -11397,10 +9927,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_37 @@ -11413,10 +9940,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_38 @@ -11429,10 +9953,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_39 @@ -11445,10 +9966,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_40 @@ -11461,10 +9979,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_41 @@ -11477,10 +9992,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_42 @@ -11493,10 +10005,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_43 @@ -11509,10 +10018,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_44 @@ -11525,10 +10031,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_45 @@ -11541,10 +10044,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_46 @@ -11557,10 +10057,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_47 @@ -11573,10 +10070,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_48 @@ -11589,10 +10083,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_49 @@ -11605,10 +10096,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_50 @@ -11621,10 +10109,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_51 @@ -11637,10 +10122,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_52 @@ -11653,10 +10135,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_53 @@ -11669,10 +10148,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_54 @@ -11685,10 +10161,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_55 @@ -11701,10 +10174,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_56 @@ -11717,10 +10187,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_57 @@ -11733,10 +10200,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_58 @@ -11749,10 +10213,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_59 @@ -11765,10 +10226,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_60 @@ -11781,10 +10239,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_61 @@ -11797,10 +10252,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_62 @@ -11813,10 +10265,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_63 @@ -11829,10 +10278,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_64 @@ -11845,10 +10291,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed next case Wrap_case_65 @@ -11861,10 +10304,7 @@ next by contradiction /* from formulas */ next case case_3 - solve( (#vr < #before) ∥ (∃ z.1. (('1'+ctr) = ('1'+ctr+z+z.1))) ) - case case_1 - by contradiction /* non-injective facts (#vr,#before,#later) */ - qed + by simplify qed qed qed @@ -14027,6 +12467,22 @@ next qed qed + + + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -14042,9 +12498,9 @@ analyzing: examples/csf19-wrapping/siv.spthy analyzed: examples/csf19-wrapping/siv.spthy output: examples/csf19-wrapping/siv.spthy.tmp - processing time: 145.184156312s + processing time: 264.035822692s origin (all-traces): verified (2087 steps) - Counter_Monotonicity (all-traces): verified (1302 steps) + Counter_Monotonicity (all-traces): verified (876 steps) IV_Uniqueness (all-traces): verified (8 steps) Key_UsageImpliesInitialization (all-traces): verified (86 steps) Key_IntegrityAndConfidentiality (all-traces): verified (427 steps) @@ -14058,9 +12514,9 @@ summary of summaries: analyzed: examples/csf19-wrapping/siv.spthy output: examples/csf19-wrapping/siv.spthy.tmp - processing time: 145.184156312s + processing time: 264.035822692s origin (all-traces): verified (2087 steps) - Counter_Monotonicity (all-traces): verified (1302 steps) + Counter_Monotonicity (all-traces): verified (876 steps) IV_Uniqueness (all-traces): verified (8 steps) Key_UsageImpliesInitialization (all-traces): verified (86 steps) Key_IntegrityAndConfidentiality (all-traces): verified (427 steps) diff --git a/case-studies-regression/fast-tests/Tutorial_analyzed.spthy b/case-studies-regression/fast-tests/Tutorial_analyzed.spthy index bd6a979e2..af0991be6 100644 --- a/case-studies-regression/fast-tests/Tutorial_analyzed.spthy +++ b/case-studies-regression/fast-tests/Tutorial_analyzed.spthy @@ -2,7 +2,8 @@ theory Tutorial begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: adec/2, aenc/2, fst/1[destructor], h/1, pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(m, pk(k)), k) = m, fst() = x.1, @@ -222,6 +223,14 @@ solve( Client_1( S, k ) ▶₀ #i ) qed qed + + + + + + + + /* All well-formedness checks were successful. */ end @@ -237,7 +246,7 @@ analyzing: examples/Tutorial.spthy analyzed: examples/Tutorial.spthy output: examples/Tutorial.spthy.tmp - processing time: 0.189741067s + processing time: 0.293417705s Client_session_key_secrecy (all-traces): verified (5 steps) Client_auth (all-traces): verified (11 steps) Client_auth_injective (all-traces): verified (15 steps) @@ -251,7 +260,7 @@ summary of summaries: analyzed: examples/Tutorial.spthy output: examples/Tutorial.spthy.tmp - processing time: 0.189741067s + processing time: 0.293417705s Client_session_key_secrecy (all-traces): verified (5 steps) Client_auth (all-traces): verified (11 steps) Client_auth_injective (all-traces): verified (15 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/Chen_Kudla_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/Chen_Kudla_analyzed.spthy index cc0c3c285..ff3ed3234 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/Chen_Kudla_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/Chen_Kudla_analyzed.spthy @@ -3,11 +3,13 @@ theory Chen_Kudla begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, h/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* A variant of the Chen-Kudla protocol that uses ordered concatenation instead addition of points *} @@ -2574,6 +2576,12 @@ next qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -2589,7 +2597,7 @@ analyzing: examples/ake/bilinear/Chen_Kudla.spthy analyzed: examples/ake/bilinear/Chen_Kudla.spthy output: examples/ake/bilinear/Chen_Kudla.spthy.tmp - processing time: 51.6544997s + processing time: 52.982135687s key_agreement_reachable (exists-trace): verified (13 steps) key_secrecy_ephemeral_no_WPFS (all-traces): verified (679 steps) @@ -2601,7 +2609,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Chen_Kudla.spthy output: examples/ake/bilinear/Chen_Kudla.spthy.tmp - processing time: 51.6544997s + processing time: 52.982135687s key_agreement_reachable (exists-trace): verified (13 steps) key_secrecy_ephemeral_no_WPFS (all-traces): verified (679 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/Chen_Kudla_eCK_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/Chen_Kudla_eCK_analyzed.spthy index 7f91b9e63..6049d4884 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/Chen_Kudla_eCK_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/Chen_Kudla_eCK_analyzed.spthy @@ -3,11 +3,13 @@ theory Chen_Kudla begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, h/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* A variant of the Chen-Kudla protocol that uses ordered concatenation instead addition of points *} @@ -503,6 +505,12 @@ solve( (∃ matching #i3 #i4 sid. qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -518,7 +526,7 @@ analyzing: examples/ake/bilinear/Chen_Kudla_eCK.spthy analyzed: examples/ake/bilinear/Chen_Kudla_eCK.spthy output: examples/ake/bilinear/Chen_Kudla_eCK.spthy.tmp - processing time: 42.316162309s + processing time: 43.427065948s key_secrecy_eCK_like (all-traces): falsified - found trace (24 steps) ------------------------------------------------------------------------------ @@ -529,7 +537,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Chen_Kudla_eCK.spthy output: examples/ake/bilinear/Chen_Kudla_eCK.spthy.tmp - processing time: 42.316162309s + processing time: 43.427065948s key_secrecy_eCK_like (all-traces): falsified - found trace (24 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/ake/bilinear/Joux_EphkRev_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/Joux_EphkRev_analyzed.spthy index b0aeb7abf..4d443d1fc 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/Joux_EphkRev_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/Joux_EphkRev_analyzed.spthy @@ -3,7 +3,8 @@ theory Joux_EphkRev begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing, multiset -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -13,6 +14,12 @@ equations: section{* The Joux Protocol using Signatures*} + + + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --> @@ -1040,7 +1047,7 @@ analyzing: examples/ake/bilinear/Joux_EphkRev.spthy analyzed: examples/ake/bilinear/Joux_EphkRev.spthy output: examples/ake/bilinear/Joux_EphkRev.spthy.tmp - processing time: 22.293137574s + processing time: 26.269805134s session_key_establish (exists-trace): verified (28 steps) Session_Key_Secrecy_PFS (all-traces): falsified - found trace (14 steps) @@ -1052,7 +1059,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Joux_EphkRev.spthy output: examples/ake/bilinear/Joux_EphkRev.spthy.tmp - processing time: 22.293137574s + processing time: 26.269805134s session_key_establish (exists-trace): verified (28 steps) Session_Key_Secrecy_PFS (all-traces): falsified - found trace (14 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/Joux_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/Joux_analyzed.spthy index 9d6bb1f26..344b8241f 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/Joux_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/Joux_analyzed.spthy @@ -3,7 +3,8 @@ theory Joux begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing, multiset -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -13,6 +14,12 @@ equations: section{* The Joux Protocol using Signatures*} + + + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --> @@ -1056,7 +1063,7 @@ analyzing: examples/ake/bilinear/Joux.spthy analyzed: examples/ake/bilinear/Joux.spthy output: examples/ake/bilinear/Joux.spthy.tmp - processing time: 21.334473135s + processing time: 23.877478744s session_key_establish (exists-trace): verified (28 steps) Session_Key_Secrecy_PFS (all-traces): verified (22 steps) @@ -1068,7 +1075,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Joux.spthy output: examples/ake/bilinear/Joux.spthy.tmp - processing time: 21.334473135s + processing time: 23.877478744s session_key_establish (exists-trace): verified (28 steps) Session_Key_Secrecy_PFS (all-traces): verified (22 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/RYY_PFS_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/RYY_PFS_analyzed.spthy index 0e56387be..c4dc40f0e 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/RYY_PFS_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/RYY_PFS_analyzed.spthy @@ -3,11 +3,13 @@ theory RYY begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* RYY : UM-like identity based key exchange protocol *} rule (modulo E) KGC_Setup: @@ -382,6 +384,10 @@ solve( (∃ matching #i3 role2. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -397,7 +403,7 @@ analyzing: examples/ake/bilinear/RYY_PFS.spthy analyzed: examples/ake/bilinear/RYY_PFS.spthy output: examples/ake/bilinear/RYY_PFS.spthy.tmp - processing time: 7.191254138s + processing time: 9.393607319s key_agreement_reachable (exists-trace): verified (11 steps) key_secrecy_PFS (all-traces): falsified - found trace (12 steps) @@ -409,7 +415,7 @@ summary of summaries: analyzed: examples/ake/bilinear/RYY_PFS.spthy output: examples/ake/bilinear/RYY_PFS.spthy.tmp - processing time: 7.191254138s + processing time: 9.393607319s key_agreement_reachable (exists-trace): verified (11 steps) key_secrecy_PFS (all-traces): falsified - found trace (12 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/RYY_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/RYY_analyzed.spthy index 7ef06172d..00e8d2d06 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/RYY_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/RYY_analyzed.spthy @@ -3,11 +3,13 @@ theory RYY begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* RYY : UM-like identity based key exchange protocol *} rule (modulo E) KGC_Setup: @@ -512,6 +514,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -527,7 +533,7 @@ analyzing: examples/ake/bilinear/RYY.spthy analyzed: examples/ake/bilinear/RYY.spthy output: examples/ake/bilinear/RYY.spthy.tmp - processing time: 6.680151457s + processing time: 8.571853065s key_agreement_reachable (exists-trace): verified (11 steps) key_secrecy_WPFS (all-traces): verified (53 steps) @@ -539,7 +545,7 @@ summary of summaries: analyzed: examples/ake/bilinear/RYY.spthy output: examples/ake/bilinear/RYY.spthy.tmp - processing time: 6.680151457s + processing time: 8.571853065s key_agreement_reachable (exists-trace): verified (11 steps) key_secrecy_WPFS (all-traces): verified (53 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/Scott_EphkRev_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/Scott_EphkRev_analyzed.spthy index c1b817188..9feca4cf7 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/Scott_EphkRev_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/Scott_EphkRev_analyzed.spthy @@ -3,11 +3,13 @@ theory Scott begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* Scott: MTI-C0 like identity based key exchange protocol *} rule (modulo E) KGC_Setup: @@ -292,6 +294,10 @@ solve( (∃ matching #i3 #i4 sid. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -307,7 +313,7 @@ analyzing: examples/ake/bilinear/Scott_EphkRev.spthy analyzed: examples/ake/bilinear/Scott_EphkRev.spthy output: examples/ake/bilinear/Scott_EphkRev.spthy.tmp - processing time: 20.723710023s + processing time: 25.610843176s key_agreement_reachable (exists-trace): verified (12 steps) key_secrecy (all-traces): falsified - found trace (15 steps) @@ -319,7 +325,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Scott_EphkRev.spthy output: examples/ake/bilinear/Scott_EphkRev.spthy.tmp - processing time: 20.723710023s + processing time: 25.610843176s key_agreement_reachable (exists-trace): verified (12 steps) key_secrecy (all-traces): falsified - found trace (15 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/Scott_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/Scott_analyzed.spthy index 8fc84525b..afe25e346 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/Scott_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/Scott_analyzed.spthy @@ -3,11 +3,13 @@ theory Scott begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing -functions: fst/1, hp/1, kdf/1, pair/2, snd/1 +functions: fst/1[destructor], hp/1, kdf/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* Scott: MTI-C0 like identity based key exchange protocol *} rule (modulo E) KGC_Setup: @@ -1799,6 +1801,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -1814,7 +1820,7 @@ analyzing: examples/ake/bilinear/Scott.spthy analyzed: examples/ake/bilinear/Scott.spthy output: examples/ake/bilinear/Scott.spthy.tmp - processing time: 21.595820781s + processing time: 18.944845174s key_agreement_reachable (exists-trace): verified (10 steps) key_secrecy (all-traces): verified (518 steps) @@ -1826,7 +1832,7 @@ summary of summaries: analyzed: examples/ake/bilinear/Scott.spthy output: examples/ake/bilinear/Scott.spthy.tmp - processing time: 21.595820781s + processing time: 18.944845174s key_agreement_reachable (exists-trace): verified (10 steps) key_secrecy (all-traces): verified (518 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/TAK1_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/TAK1_analyzed.spthy index 0d61783ab..12f1b140d 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/TAK1_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/TAK1_analyzed.spthy @@ -3,13 +3,18 @@ theory TAK1 begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing, multiset -functions: fst/1, h/1, kdf/1, pair/2, snd/1, tag/1 +functions: fst/1[destructor], h/1, kdf/1, pair/2, snd/1[destructor], + tag/1 equations: fst() = x.1, snd() = x.2 section{* The TAK1 Protocol. *} + + + + rule (modulo E) Register_pk: [ Fr( ~ea ) ] --> @@ -2635,6 +2640,12 @@ next qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -2650,7 +2661,7 @@ analyzing: examples/ake/bilinear/TAK1.spthy analyzed: examples/ake/bilinear/TAK1.spthy output: examples/ake/bilinear/TAK1.spthy.tmp - processing time: 47.444157046s + processing time: 55.340826137s session_key_establish (exists-trace): verified (17 steps) Session_Key_Secrecy (all-traces): verified (725 steps) @@ -2662,7 +2673,7 @@ summary of summaries: analyzed: examples/ake/bilinear/TAK1.spthy output: examples/ake/bilinear/TAK1.spthy.tmp - processing time: 47.444157046s + processing time: 55.340826137s session_key_establish (exists-trace): verified (17 steps) Session_Key_Secrecy (all-traces): verified (725 steps) diff --git a/case-studies-regression/fast-tests/ake/bilinear/TAK1_eCK_like_analyzed.spthy b/case-studies-regression/fast-tests/ake/bilinear/TAK1_eCK_like_analyzed.spthy index 201eaa63b..48d086ff2 100644 --- a/case-studies-regression/fast-tests/ake/bilinear/TAK1_eCK_like_analyzed.spthy +++ b/case-studies-regression/fast-tests/ake/bilinear/TAK1_eCK_like_analyzed.spthy @@ -3,13 +3,18 @@ theory TAK1 begin // Function signature and definition of the equational theory E builtins: diffie-hellman, bilinear-pairing, multiset -functions: fst/1, h/1, kdf/1, pair/2, snd/1, tag/1 +functions: fst/1[destructor], h/1, kdf/1, pair/2, snd/1[destructor], + tag/1 equations: fst() = x.1, snd() = x.2 section{* The TAK1 Protocol. *} + + + + rule (modulo E) Register_pk: [ Fr( ~ea ) ] --> @@ -513,6 +518,12 @@ solve( ((∃ #k spartner. (Origin( spartner, XC ) @ #k)) ∧ qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -528,7 +539,7 @@ analyzing: examples/ake/bilinear/TAK1_eCK_like.spthy analyzed: examples/ake/bilinear/TAK1_eCK_like.spthy output: examples/ake/bilinear/TAK1_eCK_like.spthy.tmp - processing time: 76.405940611s + processing time: 76.998296726s session_key_establish (exists-trace): verified (17 steps) Session_Key_Secrecy (all-traces): falsified - found trace (21 steps) @@ -540,7 +551,7 @@ summary of summaries: analyzed: examples/ake/bilinear/TAK1_eCK_like.spthy output: examples/ake/bilinear/TAK1_eCK_like.spthy.tmp - processing time: 76.405940611s + processing time: 76.998296726s session_key_establish (exists-trace): verified (17 steps) Session_Key_Secrecy (all-traces): falsified - found trace (21 steps) diff --git a/case-studies-regression/fast-tests/cav13/DH_example_analyzed.spthy b/case-studies-regression/fast-tests/cav13/DH_example_analyzed.spthy index 890ea3da6..ac0f7fd0d 100644 --- a/case-studies-regression/fast-tests/cav13/DH_example_analyzed.spthy +++ b/case-studies-regression/fast-tests/cav13/DH_example_analyzed.spthy @@ -3,11 +3,14 @@ theory ex1 begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, g/0, mac/2, pair/2, shk/0 [private], snd/1 +functions: fst/1[destructor], g/0, mac/2, pair/2, + shk/0[private,destructor], snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + rule (modulo E) Step1: [ Fr( ~tid ), Fr( ~x ) ] --> @@ -117,6 +120,12 @@ solve( Step1( tid, A, B, ~x ) ▶₀ #i ) qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -132,7 +141,7 @@ analyzing: examples/cav13/DH_example.spthy analyzed: examples/cav13/DH_example.spthy output: examples/cav13/DH_example.spthy.tmp - processing time: 0.214104745s + processing time: 0.281971466s Accept_Secret (all-traces): verified (9 steps) Accept_Secret_Counter (all-traces): falsified - found trace (7 steps) @@ -144,7 +153,7 @@ summary of summaries: analyzed: examples/cav13/DH_example.spthy output: examples/cav13/DH_example.spthy.tmp - processing time: 0.214104745s + processing time: 0.281971466s Accept_Secret (all-traces): verified (9 steps) Accept_Secret_Counter (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/fast-tests/ccs15/Attack_TPM_Envelope_analyzed-diff-noprove.spthy b/case-studies-regression/fast-tests/ccs15/Attack_TPM_Envelope_analyzed-diff-noprove.spthy index a0b0f59b9..35fea6d94 100644 --- a/case-studies-regression/fast-tests/ccs15/Attack_TPM_Envelope_analyzed-diff-noprove.spthy +++ b/case-studies-regression/fast-tests/ccs15/Attack_TPM_Envelope_analyzed-diff-noprove.spthy @@ -2,8 +2,8 @@ theory TPM_Envelope begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2, aenc/2, fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3 equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -405,7 +405,7 @@ analyzing: examples/ccs15/Attack_TPM_Envelope.spthy analyzed: examples/ccs15/Attack_TPM_Envelope.spthy output: examples/ccs15/Attack_TPM_Envelope.spthy.tmp - processing time: 0.411577854s + processing time: 0.620680073s RHS : types (all-traces): analysis incomplete (1 steps) LHS : types (all-traces): analysis incomplete (1 steps) RHS : PCR_Write_charn (all-traces): analysis incomplete (1 steps) @@ -424,7 +424,7 @@ summary of summaries: analyzed: examples/ccs15/Attack_TPM_Envelope.spthy output: examples/ccs15/Attack_TPM_Envelope.spthy.tmp - processing time: 0.411577854s + processing time: 0.620680073s RHS : types (all-traces): analysis incomplete (1 steps) LHS : types (all-traces): analysis incomplete (1 steps) RHS : PCR_Write_charn (all-traces): analysis incomplete (1 steps) diff --git a/case-studies-regression/fast-tests/ccs15/DDH_analyzed-diff.spthy b/case-studies-regression/fast-tests/ccs15/DDH_analyzed-diff.spthy index ca6a11bbc..7befa3157 100644 --- a/case-studies-regression/fast-tests/ccs15/DDH_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/ccs15/DDH_analyzed-diff.spthy @@ -3,7 +3,7 @@ theory DDH begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, g/0, pair/2, snd/1 +functions: fst/1[destructor], g/0, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -7566,7 +7566,7 @@ analyzing: examples/ccs15/DDH.spthy analyzed: examples/ccs15/DDH.spthy output: examples/ccs15/DDH.spthy.tmp - processing time: 8.983504485s + processing time: 14.023246448s DiffLemma: Observational_equivalence : verified (2522 steps) ------------------------------------------------------------------------------ @@ -7577,7 +7577,7 @@ summary of summaries: analyzed: examples/ccs15/DDH.spthy output: examples/ccs15/DDH.spthy.tmp - processing time: 8.983504485s + processing time: 14.023246448s DiffLemma: Observational_equivalence : verified (2522 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/ccs15/probEnc_analyzed-diff.spthy b/case-studies-regression/fast-tests/ccs15/probEnc_analyzed-diff.spthy index 2409c7610..96524b563 100644 --- a/case-studies-regression/fast-tests/ccs15/probEnc_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/ccs15/probEnc_analyzed-diff.spthy @@ -2,7 +2,8 @@ theory probEnc begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pdec/2, penc/3, pk/1, snd/1 +functions: fst/1[destructor], pair/2, pdec/2, penc/3, pk/1, + snd/1[destructor] equations: fst() = x.1, pdec(penc(m, pk(k), r), k) = m, @@ -230,7 +231,7 @@ analyzing: examples/ccs15/probEnc.spthy analyzed: examples/ccs15/probEnc.spthy output: examples/ccs15/probEnc.spthy.tmp - processing time: 0.291321969s + processing time: 0.51629814s DiffLemma: Observational_equivalence : verified (75 steps) ------------------------------------------------------------------------------ @@ -241,7 +242,7 @@ summary of summaries: analyzed: examples/ccs15/probEnc.spthy output: examples/ccs15/probEnc.spthy.tmp - processing time: 0.291321969s + processing time: 0.51629814s DiffLemma: Observational_equivalence : verified (75 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/ccs15/rfid-feldhofer_analyzed-diff.spthy b/case-studies-regression/fast-tests/ccs15/rfid-feldhofer_analyzed-diff.spthy index 8d8390742..0b9dd813a 100644 --- a/case-studies-regression/fast-tests/ccs15/rfid-feldhofer_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/ccs15/rfid-feldhofer_analyzed-diff.spthy @@ -2,7 +2,8 @@ theory RFID_Feldhofer begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -1503,7 +1504,7 @@ analyzing: examples/ccs15/rfid-feldhofer.spthy analyzed: examples/ccs15/rfid-feldhofer.spthy output: examples/ccs15/rfid-feldhofer.spthy.tmp - processing time: 2.911915674s + processing time: 7.099450797s RHS : types (all-traces): verified (26 steps) LHS : types (all-traces): verified (26 steps) RHS : executable (exists-trace): verified (6 steps) @@ -1522,7 +1523,7 @@ summary of summaries: analyzed: examples/ccs15/rfid-feldhofer.spthy output: examples/ccs15/rfid-feldhofer.spthy.tmp - processing time: 2.911915674s + processing time: 7.099450797s RHS : types (all-traces): verified (26 steps) LHS : types (all-traces): verified (26 steps) RHS : executable (exists-trace): verified (6 steps) diff --git a/case-studies-regression/fast-tests/classic/NSLPK3_analyzed.spthy b/case-studies-regression/fast-tests/classic/NSLPK3_analyzed.spthy index 0726462eb..7521d2620 100644 --- a/case-studies-regression/fast-tests/classic/NSLPK3_analyzed.spthy +++ b/case-studies-regression/fast-tests/classic/NSLPK3_analyzed.spthy @@ -2,7 +2,8 @@ theory NSLPK3 begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Register_pk: [ Fr( ~ltkA ) ] --> @@ -723,7 +726,7 @@ analyzing: examples/classic/NSLPK3.spthy analyzed: examples/classic/NSLPK3.spthy output: examples/classic/NSLPK3.spthy.tmp - processing time: 2.406548862s + processing time: 3.003013822s types (all-traces): verified (33 steps) nonce_secrecy (all-traces): verified (54 steps) injective_agree (all-traces): verified (92 steps) @@ -737,7 +740,7 @@ summary of summaries: analyzed: examples/classic/NSLPK3.spthy output: examples/classic/NSLPK3.spthy.tmp - processing time: 2.406548862s + processing time: 3.003013822s types (all-traces): verified (33 steps) nonce_secrecy (all-traces): verified (54 steps) injective_agree (all-traces): verified (92 steps) diff --git a/case-studies-regression/fast-tests/classic/NSLPK3_untagged_analyzed.spthy b/case-studies-regression/fast-tests/classic/NSLPK3_untagged_analyzed.spthy index 1ecc8c69c..8c15977f5 100644 --- a/case-studies-regression/fast-tests/classic/NSLPK3_untagged_analyzed.spthy +++ b/case-studies-regression/fast-tests/classic/NSLPK3_untagged_analyzed.spthy @@ -2,7 +2,8 @@ theory NSLPK3_untagged begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Register_pk: [ Fr( ~ltkA ) ] --> @@ -707,7 +710,7 @@ analyzing: examples/classic/NSLPK3_untagged.spthy analyzed: examples/classic/NSLPK3_untagged.spthy output: examples/classic/NSLPK3_untagged.spthy.tmp - processing time: 3.787601128s + processing time: 4.650244205s types (all-traces): verified (37 steps) nonce_secrecy (all-traces): verified (133 steps) session_key_setup_possible (exists-trace): verified (9 steps) @@ -720,7 +723,7 @@ summary of summaries: analyzed: examples/classic/NSLPK3_untagged.spthy output: examples/classic/NSLPK3_untagged.spthy.tmp - processing time: 3.787601128s + processing time: 4.650244205s types (all-traces): verified (37 steps) nonce_secrecy (all-traces): verified (133 steps) session_key_setup_possible (exists-trace): verified (9 steps) diff --git a/case-studies-regression/fast-tests/classic/NSPK3_analyzed.spthy b/case-studies-regression/fast-tests/classic/NSPK3_analyzed.spthy index c917d3fcd..248f536c5 100644 --- a/case-studies-regression/fast-tests/classic/NSPK3_analyzed.spthy +++ b/case-studies-regression/fast-tests/classic/NSPK3_analyzed.spthy @@ -2,7 +2,8 @@ theory NSPK3 begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Register_pk: [ Fr( ~ltkA ) ] --> @@ -369,7 +372,7 @@ analyzing: examples/classic/NSPK3.spthy analyzed: examples/classic/NSPK3.spthy output: examples/classic/NSPK3.spthy.tmp - processing time: 2.556193041s + processing time: 3.461436852s types (all-traces): verified (33 steps) nonce_secrecy (all-traces): falsified - found trace (16 steps) injective_agree (all-traces): falsified - found trace (14 steps) @@ -383,7 +386,7 @@ summary of summaries: analyzed: examples/classic/NSPK3.spthy output: examples/classic/NSPK3.spthy.tmp - processing time: 2.556193041s + processing time: 3.461436852s types (all-traces): verified (33 steps) nonce_secrecy (all-traces): falsified - found trace (16 steps) injective_agree (all-traces): falsified - found trace (14 steps) diff --git a/case-studies-regression/fast-tests/classic/TLS_Handshake_analyzed.spthy b/case-studies-regression/fast-tests/classic/TLS_Handshake_analyzed.spthy index 965ce19c2..6ccaf0b73 100644 --- a/case-studies-regression/fast-tests/classic/TLS_Handshake_analyzed.spthy +++ b/case-studies-regression/fast-tests/classic/TLS_Handshake_analyzed.spthy @@ -2,8 +2,9 @@ theory TLS_Handshake begin // Function signature and definition of the equational theory E -functions: PRF/1, adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sdec/2, - senc/2, sign/2, snd/1, true/0, verify/3 +functions: PRF/1, adec/2[destructor], aenc/2, fst/1[destructor], h/1, + pair/2, pk/1, sdec/2[destructor], senc/2, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -13,6 +14,14 @@ equations: + + + + + + + + section{* TLS Handshake *} text{* @@ -727,6 +736,8 @@ solve( SessionKeys( S, C, keyS, keyC ) @ #k ) qed qed + + /* All well-formedness checks were successful. */ end @@ -742,7 +753,7 @@ analyzing: examples/classic/TLS_Handshake.spthy analyzed: examples/classic/TLS_Handshake.spthy output: examples/classic/TLS_Handshake.spthy.tmp - processing time: 4.576183765s + processing time: 6.431475568s session_key_secrecy (all-traces): verified (95 steps) injective_agree (all-traces): verified (44 steps) session_key_setup_possible (exists-trace): verified (11 steps) @@ -755,7 +766,7 @@ summary of summaries: analyzed: examples/classic/TLS_Handshake.spthy output: examples/classic/TLS_Handshake.spthy.tmp - processing time: 4.576183765s + processing time: 6.431475568s session_key_secrecy (all-traces): verified (95 steps) injective_agree (all-traces): verified (44 steps) session_key_setup_possible (exists-trace): verified (11 steps) diff --git a/case-studies-regression/fast-tests/csf12/DH2_original_analyzed.spthy b/case-studies-regression/fast-tests/csf12/DH2_original_analyzed.spthy index 7c0b3fdb1..f747f94ea 100644 --- a/case-studies-regression/fast-tests/csf12/DH2_original_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/DH2_original_analyzed.spthy @@ -3,11 +3,16 @@ theory DH2_original begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: KDF/1, MAC/2, fst/1, h/1, pair/2, snd/1 +functions: KDF/1, MAC/2, fst/1[destructor], h/1, pair/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* DH2 *} rule (modulo E) Register_pk: @@ -1807,6 +1812,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -1822,7 +1831,7 @@ analyzing: examples/csf12/DH2_original.spthy analyzed: examples/csf12/DH2_original.spthy output: examples/csf12/DH2_original.spthy.tmp - processing time: 25.543409523s + processing time: 28.958524296s KAS_key_secrecy (all-traces): verified (501 steps) ------------------------------------------------------------------------------ @@ -1833,7 +1842,7 @@ summary of summaries: analyzed: examples/csf12/DH2_original.spthy output: examples/csf12/DH2_original.spthy.tmp - processing time: 25.543409523s + processing time: 28.958524296s KAS_key_secrecy (all-traces): verified (501 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/csf12/JKL_TS1_2004_KI_analyzed.spthy b/case-studies-regression/fast-tests/csf12/JKL_TS1_2004_KI_analyzed.spthy index 59322560c..9c07b15b8 100644 --- a/case-studies-regression/fast-tests/csf12/JKL_TS1_2004_KI_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/JKL_TS1_2004_KI_analyzed.spthy @@ -3,11 +3,15 @@ theory JKL_TS1_2004_KI begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* Jeong, Katz, Lee : TS1 (2004) *} rule (modulo E) generate_ltk: @@ -177,7 +181,7 @@ analyzing: examples/csf12/JKL_TS1_2004_KI.spthy analyzed: examples/csf12/JKL_TS1_2004_KI.spthy output: examples/csf12/JKL_TS1_2004_KI.spthy.tmp - processing time: 0.290325068s + processing time: 0.396346338s JKL2008_1_initiator_key (all-traces): falsified - found trace (7 steps) JKL2008_1_responder_key (all-traces): falsified - found trace (7 steps) @@ -189,7 +193,7 @@ summary of summaries: analyzed: examples/csf12/JKL_TS1_2004_KI.spthy output: examples/csf12/JKL_TS1_2004_KI.spthy.tmp - processing time: 0.290325068s + processing time: 0.396346338s JKL2008_1_initiator_key (all-traces): falsified - found trace (7 steps) JKL2008_1_responder_key (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/fast-tests/csf12/JKL_TS1_2008_KI_analyzed.spthy b/case-studies-regression/fast-tests/csf12/JKL_TS1_2008_KI_analyzed.spthy index 2d7c341b6..dd740d540 100644 --- a/case-studies-regression/fast-tests/csf12/JKL_TS1_2008_KI_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/JKL_TS1_2008_KI_analyzed.spthy @@ -3,11 +3,15 @@ theory JKL_TS1_2008_KI begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* Jeong, Katz, Lee : TS1 (2008) *} rule (modulo E) generate_ltk: @@ -222,7 +226,7 @@ analyzing: examples/csf12/JKL_TS1_2008_KI.spthy analyzed: examples/csf12/JKL_TS1_2008_KI.spthy output: examples/csf12/JKL_TS1_2008_KI.spthy.tmp - processing time: 0.305653868s + processing time: 0.399113232s JKL2008_1_initiator_key (all-traces): verified (15 steps) JKL2008_1_responder_key (all-traces): verified (15 steps) @@ -234,7 +238,7 @@ summary of summaries: analyzed: examples/csf12/JKL_TS1_2008_KI.spthy output: examples/csf12/JKL_TS1_2008_KI.spthy.tmp - processing time: 0.305653868s + processing time: 0.399113232s JKL2008_1_initiator_key (all-traces): verified (15 steps) JKL2008_1_responder_key (all-traces): verified (15 steps) diff --git a/case-studies-regression/fast-tests/csf12/JKL_TS2_2004_KI_wPFS_analyzed.spthy b/case-studies-regression/fast-tests/csf12/JKL_TS2_2004_KI_wPFS_analyzed.spthy index f8e4d5bcb..22681cdbe 100644 --- a/case-studies-regression/fast-tests/csf12/JKL_TS2_2004_KI_wPFS_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/JKL_TS2_2004_KI_wPFS_analyzed.spthy @@ -3,11 +3,15 @@ theory JKL_TS2_2004_KI_wPFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* Jeong, Katz, Lee : TS2 (2004) *} rule (modulo E) generate_ltk: @@ -252,7 +256,7 @@ analyzing: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy analyzed: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy output: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy.tmp - processing time: 0.453423323s + processing time: 0.668900891s JKL2008_2_initiator_key (all-traces): falsified - found trace (7 steps) JKL2008_2_responder_key (all-traces): falsified - found trace (7 steps) @@ -264,7 +268,7 @@ summary of summaries: analyzed: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy output: examples/csf12/JKL_TS2_2004_KI_wPFS.spthy.tmp - processing time: 0.453423323s + processing time: 0.668900891s JKL2008_2_initiator_key (all-traces): falsified - found trace (7 steps) JKL2008_2_responder_key (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/fast-tests/csf12/JKL_TS2_2008_KI_wPFS_analyzed.spthy b/case-studies-regression/fast-tests/csf12/JKL_TS2_2008_KI_wPFS_analyzed.spthy index 908a14cc9..e3ea66f53 100644 --- a/case-studies-regression/fast-tests/csf12/JKL_TS2_2008_KI_wPFS_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/JKL_TS2_2008_KI_wPFS_analyzed.spthy @@ -3,11 +3,15 @@ theory JKL_TS2_2008_KI_wPFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* Jeong, Katz, Lee : TS2 (2008) *} rule (modulo E) generate_ltk: @@ -446,7 +450,7 @@ analyzing: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy analyzed: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy output: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy.tmp - processing time: 1.17256352s + processing time: 1.372535303s JKL2008_2_initiator_key (all-traces): verified (40 steps) JKL2008_2_responder_key (all-traces): verified (37 steps) @@ -458,7 +462,7 @@ summary of summaries: analyzed: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy output: examples/csf12/JKL_TS2_2008_KI_wPFS.spthy.tmp - processing time: 1.17256352s + processing time: 1.372535303s JKL2008_2_initiator_key (all-traces): verified (40 steps) JKL2008_2_responder_key (all-traces): verified (37 steps) diff --git a/case-studies-regression/fast-tests/csf12/KAS1_analyzed.spthy b/case-studies-regression/fast-tests/csf12/KAS1_analyzed.spthy index 2c5ca691c..e72cc0b7c 100644 --- a/case-studies-regression/fast-tests/csf12/KAS1_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/KAS1_analyzed.spthy @@ -2,7 +2,8 @@ theory KAS1 begin // Function signature and definition of the equational theory E -functions: KDF/1, MAC/2, adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: KDF/1, MAC/2, adec/2[destructor], aenc/2, fst/1[destructor], + h/1, pair/2, pk/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,10 @@ equations: + + + + section{* KAS1 *} rule (modulo E) Register_pk: @@ -244,6 +249,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -259,7 +268,7 @@ analyzing: examples/csf12/KAS1.spthy analyzed: examples/csf12/KAS1.spthy output: examples/csf12/KAS1.spthy.tmp - processing time: 0.639177838s + processing time: 1.022611639s KAS1_key_secrecy (all-traces): verified (38 steps) ------------------------------------------------------------------------------ @@ -270,7 +279,7 @@ summary of summaries: analyzed: examples/csf12/KAS1.spthy output: examples/csf12/KAS1.spthy.tmp - processing time: 0.639177838s + processing time: 1.022611639s KAS1_key_secrecy (all-traces): verified (38 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/csf12/KAS2_eCK_analyzed.spthy b/case-studies-regression/fast-tests/csf12/KAS2_eCK_analyzed.spthy index 5bf7e3211..912dc1e92 100644 --- a/case-studies-regression/fast-tests/csf12/KAS2_eCK_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/KAS2_eCK_analyzed.spthy @@ -2,7 +2,8 @@ theory KAS2_eCK begin // Function signature and definition of the equational theory E -functions: KDF/1, MAC/2, adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: KDF/1, MAC/2, adec/2[destructor], aenc/2, fst/1[destructor], + h/1, pair/2, pk/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,10 @@ equations: + + + + section{* KAS2 *} rule (modulo E) Register_pk: @@ -228,6 +233,10 @@ solve( (∃ ss #i4 #i5 C D ms. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -243,7 +252,7 @@ analyzing: examples/csf12/KAS2_eCK.spthy analyzed: examples/csf12/KAS2_eCK.spthy output: examples/csf12/KAS2_eCK.spthy.tmp - processing time: 3.763868279s + processing time: 4.729995843s eCK_key_secrecy (all-traces): falsified - found trace (16 steps) ------------------------------------------------------------------------------ @@ -254,7 +263,7 @@ summary of summaries: analyzed: examples/csf12/KAS2_eCK.spthy output: examples/csf12/KAS2_eCK.spthy.tmp - processing time: 3.763868279s + processing time: 4.729995843s eCK_key_secrecy (all-traces): falsified - found trace (16 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/csf12/KAS2_original_analyzed.spthy b/case-studies-regression/fast-tests/csf12/KAS2_original_analyzed.spthy index 361d3900a..d895cf8a5 100644 --- a/case-studies-regression/fast-tests/csf12/KAS2_original_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/KAS2_original_analyzed.spthy @@ -2,7 +2,8 @@ theory KAS2_original begin // Function signature and definition of the equational theory E -functions: KDF/1, MAC/2, adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: KDF/1, MAC/2, adec/2[destructor], aenc/2, fst/1[destructor], + h/1, pair/2, pk/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,10 @@ equations: + + + + section{* KAS2 *} rule (modulo E) Register_pk: @@ -329,24 +334,12 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m1 ) @ #vk.16 ) case Ephk_reveal - solve( !KU( adec(aenc(~m2, pk(~ltkA)), ~lkI) ) @ #vk.18 ) - case c_adec - solve( !KU( ~lkI ) @ #vk.19 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m2, pk(~ltkA)), ~lkI) ) @ #vk.18 ) next case Init_1 solve( !KU( ~lkR ) @ #vk.19 ) case Ltk_reveal - solve( !KU( adec(aenc(~m2, pk(~ltkA)), ~lkI) ) @ #vk.19 ) - case c_adec - solve( !KU( ~lkI ) @ #vk.20 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m2, pk(~ltkA)), ~lkI) ) @ #vk.19 ) qed qed qed @@ -367,24 +360,12 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m1 ) @ #vk.16 ) case Ephk_reveal - solve( !KU( adec(aenc(~m2, pk(~ltkA.1)), ~lkI) ) @ #vk.18 ) - case c_adec - solve( !KU( ~lkI ) @ #vk.19 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m2, pk(~ltkA.1)), ~lkI) ) @ #vk.18 ) next case Init_1 solve( !KU( ~ltkA ) @ #vk.19 ) case Ltk_reveal - solve( !KU( adec(aenc(~m2, pk(~ltkA.1)), ~lkI) ) @ #vk.19 ) - case c_adec - solve( !KU( ~lkI ) @ #vk.20 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m2, pk(~ltkA.1)), ~lkI) ) @ #vk.19 ) qed qed qed @@ -520,24 +501,12 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.14 ) case Ephk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.14 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.15 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.14 ) next case Resp_1 solve( !KU( ~ltkA.1 ) @ #vk.15 ) case Ltk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.15 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.16 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed - qed + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.15 ) qed qed qed @@ -572,24 +541,68 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.18 ) case Ephk_reveal - solve( !KU( adec(, ~lkR) - ) @ #vk.18 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.19 ) - case Ltk_reveal - by contradiction /* from formulas */ + solve( !KU( MAC(KDF(<~m1, z, $I, $R, aenc(~m1, pk(~ltkA)), + aenc(z, pk(~lkI))>), + <'Resp', $R, $I, aenc(z, pk(~lkI)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.9 ) + case Resp_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.18 ) + next + case c_MAC + solve( !KU( aenc(z, pk(~lkI)) ) @ #vk.11 ) + case Init_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.22 ) + next + case Resp_1 + solve( splitEqs(6) ) + case split_case_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.22 ) + next + case split_case_2 + by solve( !KU( adec(, ~lkR) + ) @ #vk.22 ) + qed + next + case c_aenc + by solve( !KU( adec(, ~lkR) + ) @ #vk.22 ) qed qed next case Resp_1 solve( !KU( ~ltkA.1 ) @ #vk.19 ) case Ltk_reveal - solve( !KU( adec(, ~lkR) - ) @ #vk.19 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.20 ) - case Ltk_reveal - by contradiction /* from formulas */ + solve( !KU( MAC(KDF(<~m1, z, $I, $R, aenc(~m1, pk(~ltkA)), + aenc(z, pk(~lkI))>), + <'Resp', $R, $I, aenc(z, pk(~lkI)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.13 ) + case Resp_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.19 ) + next + case c_MAC + solve( !KU( aenc(z, pk(~lkI)) ) @ #vk.14 ) + case Init_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.23 ) + next + case Resp_1 + solve( splitEqs(6) ) + case split_case_1 + by solve( !KU( adec(, ~lkR) + ) @ #vk.23 ) + next + case split_case_2 + by solve( !KU( adec(, ~lkR) + ) @ #vk.23 ) + qed + next + case c_aenc + by solve( !KU( adec(, ~lkR) + ) @ #vk.23 ) qed qed qed @@ -612,23 +625,23 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.18 ) case Ephk_reveal - solve( !KU( adec(, ~lkR) ) @ #vk.18 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.19 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, adec(c2, ~lkI), $I, $R, aenc(~m1, pk(~ltkA)), + c2>), + <'Resp', $R, $I, c2, aenc(~m1, pk(~ltkA))>) + ) @ #vk.9 ) + case c_MAC + by solve( !KU( adec(, ~lkR) ) @ #vk.21 ) qed next case Resp_1 solve( !KU( ~ltkA.1 ) @ #vk.19 ) case Ltk_reveal - solve( !KU( adec(, ~lkR) ) @ #vk.19 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.20 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, adec(c2, ~lkI), $I, $R, aenc(~m1, pk(~ltkA)), + c2>), + <'Resp', $R, $I, c2, aenc(~m1, pk(~ltkA))>) + ) @ #vk.13 ) + case c_MAC + by solve( !KU( adec(, ~lkR) ) @ #vk.22 ) qed qed qed @@ -749,23 +762,23 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.16 ) case Ephk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.16 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.17 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, ~m2, $I, $R, aenc(~m1, pk(~ltkA)), + aenc(~m2, pk(~lkI))>), + <'Resp', $R, $I, aenc(~m2, pk(~lkI)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.9 ) + case c_MAC + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.19 ) qed next case Resp_1 solve( !KU( ~lkI ) @ #vk.17 ) case Ltk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.17 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.18 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, ~m2, $I, $R, aenc(~m1, pk(~ltkA)), + aenc(~m2, pk(~lkI))>), + <'Resp', $R, $I, aenc(~m2, pk(~lkI)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.12 ) + case c_MAC + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.20 ) qed qed qed @@ -787,23 +800,23 @@ solve( (∃ ss #i4 #i5 C D ms. case c_KDF solve( !KU( ~m2 ) @ #vk.16 ) case Ephk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.16 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.17 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, adec(aenc(~m2, pk(~ltkA.1)), ~lkI), $I, $R, + aenc(~m1, pk(~ltkA)), aenc(~m2, pk(~ltkA.1))>), + <'Resp', $R, $I, aenc(~m2, pk(~ltkA.1)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.9 ) + case c_MAC + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.19 ) qed next case Resp_1 solve( !KU( ~ltkA.1 ) @ #vk.17 ) case Ltk_reveal - solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.17 ) - case c_adec - solve( !KU( ~lkR ) @ #vk.18 ) - case Ltk_reveal - by contradiction /* from formulas */ - qed + solve( !KU( MAC(KDF(<~m1, adec(aenc(~m2, pk(~ltkA.1)), ~lkI), $I, $R, + aenc(~m1, pk(~ltkA)), aenc(~m2, pk(~ltkA.1))>), + <'Resp', $R, $I, aenc(~m2, pk(~ltkA.1)), aenc(~m1, pk(~ltkA))>) + ) @ #vk.12 ) + case c_MAC + by solve( !KU( adec(aenc(~m1, pk(~ltkA)), ~lkR) ) @ #vk.20 ) qed qed qed @@ -1030,6 +1043,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -1045,8 +1062,8 @@ analyzing: examples/csf12/KAS2_original.spthy analyzed: examples/csf12/KAS2_original.spthy output: examples/csf12/KAS2_original.spthy.tmp - processing time: 7.676910325s - KAS_key_secrecy (all-traces): verified (254 steps) + processing time: 9.157377801s + KAS_key_secrecy (all-traces): verified (246 steps) ------------------------------------------------------------------------------ @@ -1056,8 +1073,8 @@ summary of summaries: analyzed: examples/csf12/KAS2_original.spthy output: examples/csf12/KAS2_original.spthy.tmp - processing time: 7.676910325s - KAS_key_secrecy (all-traces): verified (254 steps) + processing time: 9.157377801s + KAS_key_secrecy (all-traces): verified (246 steps) ============================================================================== */ diff --git a/case-studies-regression/fast-tests/csf12/KEA_plus_KI_KCI_analyzed.spthy b/case-studies-regression/fast-tests/csf12/KEA_plus_KI_KCI_analyzed.spthy index 6d9167eec..c1b4345bf 100644 --- a/case-studies-regression/fast-tests/csf12/KEA_plus_KI_KCI_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/KEA_plus_KI_KCI_analyzed.spthy @@ -3,11 +3,15 @@ theory KEA_plus_KI_KCI begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* KEA+ *} rule (modulo E) generate_ltk: @@ -288,7 +292,7 @@ analyzing: examples/csf12/KEA_plus_KI_KCI.spthy analyzed: examples/csf12/KEA_plus_KI_KCI.spthy output: examples/csf12/KEA_plus_KI_KCI.spthy.tmp - processing time: 0.507479378s + processing time: 0.590799974s keaplus_initiator_key (all-traces): verified (13 steps) keaplus_responder_key (all-traces): verified (13 steps) @@ -300,7 +304,7 @@ summary of summaries: analyzed: examples/csf12/KEA_plus_KI_KCI.spthy output: examples/csf12/KEA_plus_KI_KCI.spthy.tmp - processing time: 0.507479378s + processing time: 0.590799974s keaplus_initiator_key (all-traces): verified (13 steps) keaplus_responder_key (all-traces): verified (13 steps) diff --git a/case-studies-regression/fast-tests/csf12/KEA_plus_KI_KCI_wPFS_analyzed.spthy b/case-studies-regression/fast-tests/csf12/KEA_plus_KI_KCI_wPFS_analyzed.spthy index a990a4cf7..e7bd09f05 100644 --- a/case-studies-regression/fast-tests/csf12/KEA_plus_KI_KCI_wPFS_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/KEA_plus_KI_KCI_wPFS_analyzed.spthy @@ -3,11 +3,15 @@ theory KEA_plus_KI_KCI_wPFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* KEA+ *} rule (modulo E) generate_ltk: @@ -284,7 +288,7 @@ analyzing: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy analyzed: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy output: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy.tmp - processing time: 1.120229786s + processing time: 1.378937856s keaplus_initiator_key (all-traces): falsified - found trace (11 steps) keaplus_responder_key (all-traces): falsified - found trace (11 steps) @@ -296,7 +300,7 @@ summary of summaries: analyzed: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy output: examples/csf12/KEA_plus_KI_KCI_wPFS.spthy.tmp - processing time: 1.120229786s + processing time: 1.378937856s keaplus_initiator_key (all-traces): falsified - found trace (11 steps) keaplus_responder_key (all-traces): falsified - found trace (11 steps) diff --git a/case-studies-regression/fast-tests/csf12/NAXOS_eCK_PFS_analyzed.spthy b/case-studies-regression/fast-tests/csf12/NAXOS_eCK_PFS_analyzed.spthy index f8b087f29..f4b1629b9 100644 --- a/case-studies-regression/fast-tests/csf12/NAXOS_eCK_PFS_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/NAXOS_eCK_PFS_analyzed.spthy @@ -3,11 +3,13 @@ theory NAXOS_eCK_PFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) generate_ltk: @@ -345,6 +347,10 @@ solve( (∃ MatchingSession #i3 #i4 ms. qed qed + + + + /* All well-formedness checks were successful. */ end @@ -360,7 +366,7 @@ analyzing: examples/csf12/NAXOS_eCK_PFS.spthy analyzed: examples/csf12/NAXOS_eCK_PFS.spthy output: examples/csf12/NAXOS_eCK_PFS.spthy.tmp - processing time: 3.928163058s + processing time: 5.756405421s eCK_PFS_key_secrecy (all-traces): falsified - found trace (13 steps) ------------------------------------------------------------------------------ @@ -371,7 +377,7 @@ summary of summaries: analyzed: examples/csf12/NAXOS_eCK_PFS.spthy output: examples/csf12/NAXOS_eCK_PFS.spthy.tmp - processing time: 3.928163058s + processing time: 5.756405421s eCK_PFS_key_secrecy (all-traces): falsified - found trace (13 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/csf12/NAXOS_eCK_analyzed.spthy b/case-studies-regression/fast-tests/csf12/NAXOS_eCK_analyzed.spthy index ab28d736c..d57d7aaeb 100644 --- a/case-studies-regression/fast-tests/csf12/NAXOS_eCK_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/NAXOS_eCK_analyzed.spthy @@ -3,11 +3,13 @@ theory NAXOS_eCK begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) generate_ltk: @@ -719,6 +721,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -734,7 +740,7 @@ analyzing: examples/csf12/NAXOS_eCK.spthy analyzed: examples/csf12/NAXOS_eCK.spthy output: examples/csf12/NAXOS_eCK.spthy.tmp - processing time: 4.49880265s + processing time: 6.004839056s eCK_key_secrecy (all-traces): verified (134 steps) ------------------------------------------------------------------------------ @@ -745,7 +751,7 @@ summary of summaries: analyzed: examples/csf12/NAXOS_eCK.spthy output: examples/csf12/NAXOS_eCK.spthy.tmp - processing time: 4.49880265s + processing time: 6.004839056s eCK_key_secrecy (all-traces): verified (134 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/csf12/STS_MAC_analyzed.spthy b/case-studies-regression/fast-tests/csf12/STS_MAC_analyzed.spthy index 7e0ef0303..4ec653358 100644 --- a/case-studies-regression/fast-tests/csf12/STS_MAC_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/STS_MAC_analyzed.spthy @@ -3,8 +3,8 @@ theory STS_MAC begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: KDF/1, fst/1, h/1, mac/2, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: KDF/1, fst/1[destructor], h/1, mac/2, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +12,12 @@ equations: + + + + + + section{* The Station-To-Station Protocol (MAC version) *} rule (modulo E) Register_pk_clone: @@ -304,6 +310,10 @@ solve( !Pk( $I, pk(~ltkI) ) ▶₀ #i1 ) qed qed + + + + /* All well-formedness checks were successful. */ end @@ -319,7 +329,7 @@ analyzing: examples/csf12/STS_MAC.spthy analyzed: examples/csf12/STS_MAC.spthy output: examples/csf12/STS_MAC.spthy.tmp - processing time: 3.210273434s + processing time: 4.209746553s KI_Perfect_Forward_Secrecy_I (all-traces): falsified - found trace (12 steps) KI_Perfect_Forward_Secrecy_R (all-traces): falsified - found trace (12 steps) @@ -331,7 +341,7 @@ summary of summaries: analyzed: examples/csf12/STS_MAC.spthy output: examples/csf12/STS_MAC.spthy.tmp - processing time: 3.210273434s + processing time: 4.209746553s KI_Perfect_Forward_Secrecy_I (all-traces): falsified - found trace (12 steps) KI_Perfect_Forward_Secrecy_R (all-traces): falsified - found trace (12 steps) diff --git a/case-studies-regression/fast-tests/csf12/STS_MAC_fix1_analyzed.spthy b/case-studies-regression/fast-tests/csf12/STS_MAC_fix1_analyzed.spthy index aafc7709c..5760acc74 100644 --- a/case-studies-regression/fast-tests/csf12/STS_MAC_fix1_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/STS_MAC_fix1_analyzed.spthy @@ -3,8 +3,8 @@ theory STS_MAC_fix1 begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: KDF/1, fst/1, mac/2, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: KDF/1, fst/1[destructor], mac/2, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +12,10 @@ equations: + + + + section{* The Station-To-Station Protocol (MAC version, fix UKS attack with proof-of-possession of exponent) *} rule (modulo E) Register_pk_normal: @@ -1084,6 +1088,10 @@ next qed qed + + + + /* All well-formedness checks were successful. */ end @@ -1099,7 +1107,7 @@ analyzing: examples/csf12/STS_MAC_fix1.spthy analyzed: examples/csf12/STS_MAC_fix1.spthy output: examples/csf12/STS_MAC_fix1.spthy.tmp - processing time: 8.506194543s + processing time: 11.076624686s KI_Perfect_Forward_Secrecy_I (all-traces): verified (109 steps) KI_Perfect_Forward_Secrecy_R (all-traces): verified (160 steps) @@ -1111,7 +1119,7 @@ summary of summaries: analyzed: examples/csf12/STS_MAC_fix1.spthy output: examples/csf12/STS_MAC_fix1.spthy.tmp - processing time: 8.506194543s + processing time: 11.076624686s KI_Perfect_Forward_Secrecy_I (all-traces): verified (109 steps) KI_Perfect_Forward_Secrecy_R (all-traces): verified (160 steps) diff --git a/case-studies-regression/fast-tests/csf12/STS_MAC_fix2_analyzed.spthy b/case-studies-regression/fast-tests/csf12/STS_MAC_fix2_analyzed.spthy index f4674c58a..8acb0fc12 100644 --- a/case-studies-regression/fast-tests/csf12/STS_MAC_fix2_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/STS_MAC_fix2_analyzed.spthy @@ -3,8 +3,8 @@ theory STS_MAC_fix2 begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: KDF/1, fst/1, h/1, mac/2, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: KDF/1, fst/1[destructor], h/1, mac/2, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +12,12 @@ equations: + + + + + + section{* The Station-To-Station Protocol (MAC version, fixed with names and tags) *} rule (modulo E) Register_pk_clone: @@ -406,6 +412,10 @@ next by contradiction /* from formulas */ qed + + + + /* All well-formedness checks were successful. */ end @@ -421,7 +431,7 @@ analyzing: examples/csf12/STS_MAC_fix2.spthy analyzed: examples/csf12/STS_MAC_fix2.spthy output: examples/csf12/STS_MAC_fix2.spthy.tmp - processing time: 1.680249106s + processing time: 1.820202776s KI_Perfect_Forward_Secrecy_I (all-traces): verified (26 steps) KI_Perfect_Forward_Secrecy_R (all-traces): verified (28 steps) @@ -433,7 +443,7 @@ summary of summaries: analyzed: examples/csf12/STS_MAC_fix2.spthy output: examples/csf12/STS_MAC_fix2.spthy.tmp - processing time: 1.680249106s + processing time: 1.820202776s KI_Perfect_Forward_Secrecy_I (all-traces): verified (26 steps) KI_Perfect_Forward_Secrecy_R (all-traces): verified (28 steps) diff --git a/case-studies-regression/fast-tests/csf12/SignedDH_PFS_analyzed.spthy b/case-studies-regression/fast-tests/csf12/SignedDH_PFS_analyzed.spthy index 8065c682f..685883170 100644 --- a/case-studies-regression/fast-tests/csf12/SignedDH_PFS_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/SignedDH_PFS_analyzed.spthy @@ -3,7 +3,8 @@ theory SignedDH_PFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -13,6 +14,10 @@ equations: section{* The Signed Diffie-Hellman Protocol *} + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --> [ !Ltk( $A, ~ltk ), !Pk( $A, pk(~ltk) ) ] @@ -217,7 +222,7 @@ analyzing: examples/csf12/SignedDH_PFS.spthy analyzed: examples/csf12/SignedDH_PFS.spthy output: examples/csf12/SignedDH_PFS.spthy.tmp - processing time: 0.537088015s + processing time: 0.568179352s Perfect_Forward_Secrecy (all-traces): verified (23 steps) ------------------------------------------------------------------------------ @@ -228,7 +233,7 @@ summary of summaries: analyzed: examples/csf12/SignedDH_PFS.spthy output: examples/csf12/SignedDH_PFS.spthy.tmp - processing time: 0.537088015s + processing time: 0.568179352s Perfect_Forward_Secrecy (all-traces): verified (23 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/csf12/UM_PFS_analyzed.spthy b/case-studies-regression/fast-tests/csf12/UM_PFS_analyzed.spthy index e3adceb1a..7231cd814 100644 --- a/case-studies-regression/fast-tests/csf12/UM_PFS_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/UM_PFS_analyzed.spthy @@ -3,11 +3,15 @@ theory UM_PFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* The Unified Model (UM) Key-Exchange Protocol *} rule (modulo E) generate_ltk: @@ -218,7 +222,7 @@ analyzing: examples/csf12/UM_PFS.spthy analyzed: examples/csf12/UM_PFS.spthy output: examples/csf12/UM_PFS.spthy.tmp - processing time: 0.866323389s + processing time: 0.921337941s wPFS_initiator_key (all-traces): falsified - found trace (10 steps) wPFS_responder_key (all-traces): falsified - found trace (10 steps) @@ -230,7 +234,7 @@ summary of summaries: analyzed: examples/csf12/UM_PFS.spthy output: examples/csf12/UM_PFS.spthy.tmp - processing time: 0.866323389s + processing time: 0.921337941s wPFS_initiator_key (all-traces): falsified - found trace (10 steps) wPFS_responder_key (all-traces): falsified - found trace (10 steps) diff --git a/case-studies-regression/fast-tests/csf12/UM_wPFS_analyzed.spthy b/case-studies-regression/fast-tests/csf12/UM_wPFS_analyzed.spthy index ffb425b38..6237b949b 100644 --- a/case-studies-regression/fast-tests/csf12/UM_wPFS_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf12/UM_wPFS_analyzed.spthy @@ -3,11 +3,15 @@ theory UM_wPFS begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + section{* The Unified Model (UM) Key-Exchange Protocol *} rule (modulo E) generate_ltk: @@ -417,7 +421,7 @@ analyzing: examples/csf12/UM_wPFS.spthy analyzed: examples/csf12/UM_wPFS.spthy output: examples/csf12/UM_wPFS.spthy.tmp - processing time: 0.920472842s + processing time: 1.122311948s wPFS_initiator_key (all-traces): verified (40 steps) wPFS_responder_key (all-traces): verified (37 steps) @@ -429,7 +433,7 @@ summary of summaries: analyzed: examples/csf12/UM_wPFS.spthy output: examples/csf12/UM_wPFS.spthy.tmp - processing time: 0.920472842s + processing time: 1.122311948s wPFS_initiator_key (all-traces): verified (40 steps) wPFS_responder_key (all-traces): verified (37 steps) diff --git a/case-studies-regression/fast-tests/csf18-xor/CH07_analyzed.spthy b/case-studies-regression/fast-tests/csf18-xor/CH07_analyzed.spthy index 40c77ecfc..32fef2b60 100644 --- a/case-studies-regression/fast-tests/csf18-xor/CH07_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf18-xor/CH07_analyzed.spthy @@ -3,11 +3,16 @@ theory CH07 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, lh/1, pair/2, rh/1, rot/2, snd/1 +functions: fst/1[destructor], h/1, lh/1, pair/2, rh/1, rot/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) Setup: [ Fr( ~k ), Fr( ~id ) ] --> [ !Reader( ~k, ~id ), !Tag( ~k, ~id ) ] @@ -727,6 +732,12 @@ solve( Alive( x, 'Reader' ) @ #i ) qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -742,7 +753,7 @@ analyzing: examples/csf18-xor/CH07.spthy analyzed: examples/csf18-xor/CH07.spthy output: examples/csf18-xor/CH07.spthy.tmp - processing time: 1.561655312s + processing time: 2.077908854s recentalive_tag (all-traces): falsified - found trace (11 steps) recentalive_reader (all-traces): verified (23 steps) noninjectiveagreement_tag (all-traces): verified (25 steps) @@ -757,7 +768,7 @@ summary of summaries: analyzed: examples/csf18-xor/CH07.spthy output: examples/csf18-xor/CH07.spthy.tmp - processing time: 1.561655312s + processing time: 2.077908854s recentalive_tag (all-traces): falsified - found trace (11 steps) recentalive_reader (all-traces): verified (23 steps) noninjectiveagreement_tag (all-traces): verified (25 steps) diff --git a/case-studies-regression/fast-tests/csf18-xor/CRxor_analyzed.spthy b/case-studies-regression/fast-tests/csf18-xor/CRxor_analyzed.spthy index 81a5c498e..01d2a9ba8 100644 --- a/case-studies-regression/fast-tests/csf18-xor/CRxor_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf18-xor/CRxor_analyzed.spthy @@ -3,11 +3,15 @@ theory CRXOR begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) Setup: [ Fr( ~k ) ] --[ OnlyOnce( ) ]-> [ !InitLTK( ~k ), !RespLTK( ~k ) ] @@ -526,7 +530,7 @@ analyzing: examples/csf18-xor/CRxor.spthy analyzed: examples/csf18-xor/CRxor.spthy output: examples/csf18-xor/CRxor.spthy.tmp - processing time: 1.327716397s + processing time: 1.558663582s alive (all-traces): verified (92 steps) recentalive_tag (all-traces): falsified - found trace (11 steps) executable (exists-trace): verified (10 steps) @@ -539,7 +543,7 @@ summary of summaries: analyzed: examples/csf18-xor/CRxor.spthy output: examples/csf18-xor/CRxor.spthy.tmp - processing time: 1.327716397s + processing time: 1.558663582s alive (all-traces): verified (92 steps) recentalive_tag (all-traces): falsified - found trace (11 steps) executable (exists-trace): verified (10 steps) diff --git a/case-studies-regression/fast-tests/csf18-xor/KCL07_analyzed.spthy b/case-studies-regression/fast-tests/csf18-xor/KCL07_analyzed.spthy index a924330eb..aec9ca501 100644 --- a/case-studies-regression/fast-tests/csf18-xor/KCL07_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf18-xor/KCL07_analyzed.spthy @@ -3,11 +3,15 @@ theory KCL07 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) Setup: [ Fr( ~k ), Fr( ~id ) ] --[ OnlyOnce( ) ]-> @@ -486,7 +490,7 @@ analyzing: examples/csf18-xor/KCL07.spthy analyzed: examples/csf18-xor/KCL07.spthy output: examples/csf18-xor/KCL07.spthy.tmp - processing time: 1.67703227s + processing time: 2.346477232s recentalive_tag (all-traces): verified (113 steps) executable (exists-trace): verified (17 steps) @@ -498,7 +502,7 @@ summary of summaries: analyzed: examples/csf18-xor/KCL07.spthy output: examples/csf18-xor/KCL07.spthy.tmp - processing time: 1.67703227s + processing time: 2.346477232s recentalive_tag (all-traces): verified (113 steps) executable (exists-trace): verified (17 steps) diff --git a/case-studies-regression/fast-tests/csf18-xor/LAK06_analyzed.spthy b/case-studies-regression/fast-tests/csf18-xor/LAK06_analyzed.spthy index 98f208fd7..792c69faa 100644 --- a/case-studies-regression/fast-tests/csf18-xor/LAK06_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf18-xor/LAK06_analyzed.spthy @@ -3,11 +3,15 @@ theory LAK06 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + + + rule (modulo E) setup: [ Fr( ~k ) ] --[ OnlyOnce( 'setup' ), Create( ~k ) ]-> @@ -6570,7 +6574,7 @@ analyzing: examples/csf18-xor/LAK06.spthy analyzed: examples/csf18-xor/LAK06.spthy output: examples/csf18-xor/LAK06.spthy.tmp - processing time: 14.519592288s + processing time: 18.63525065s executable (exists-trace): verified (9 steps) helpingSecrecy (all-traces): verified (2 steps) noninjectiveagreementTAG (all-traces): verified (2082 steps) @@ -6584,7 +6588,7 @@ summary of summaries: analyzed: examples/csf18-xor/LAK06.spthy output: examples/csf18-xor/LAK06.spthy.tmp - processing time: 14.519592288s + processing time: 18.63525065s executable (exists-trace): verified (9 steps) helpingSecrecy (all-traces): verified (2 steps) noninjectiveagreementTAG (all-traces): verified (2082 steps) diff --git a/case-studies-regression/fast-tests/csf18-xor/NSLPK3xor_analyzed.spthy b/case-studies-regression/fast-tests/csf18-xor/NSLPK3xor_analyzed.spthy index 159aa222a..1917d53d6 100644 --- a/case-studies-regression/fast-tests/csf18-xor/NSLPK3xor_analyzed.spthy +++ b/case-studies-regression/fast-tests/csf18-xor/NSLPK3xor_analyzed.spthy @@ -3,7 +3,8 @@ theory NSLPK3XOR begin // Function signature and definition of the equational theory E builtins: xor -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -11,6 +12,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltkA ) ] --[ Register( $A ) ]-> @@ -332,7 +337,7 @@ analyzing: examples/csf18-xor/NSLPK3xor.spthy analyzed: examples/csf18-xor/NSLPK3xor.spthy output: examples/csf18-xor/NSLPK3xor.spthy.tmp - processing time: 5.0578712s + processing time: 6.099362385s types (all-traces): falsified - found trace (13 steps) nonce_secrecy (all-traces): falsified - found trace (11 steps) injective_agree (all-traces): falsified - found trace (13 steps) @@ -346,7 +351,7 @@ summary of summaries: analyzed: examples/csf18-xor/NSLPK3xor.spthy output: examples/csf18-xor/NSLPK3xor.spthy.tmp - processing time: 5.0578712s + processing time: 6.099362385s types (all-traces): falsified - found trace (13 steps) nonce_secrecy (all-traces): falsified - found trace (11 steps) injective_agree (all-traces): falsified - found trace (13 steps) diff --git a/case-studies-regression/fast-tests/csf18-xor/diff-models/CH07-UK3_analyzed-diff-obseqonly.spthy b/case-studies-regression/fast-tests/csf18-xor/diff-models/CH07-UK3_analyzed-diff-obseqonly.spthy index f97364523..0c70acacd 100644 --- a/case-studies-regression/fast-tests/csf18-xor/diff-models/CH07-UK3_analyzed-diff-obseqonly.spthy +++ b/case-studies-regression/fast-tests/csf18-xor/diff-models/CH07-UK3_analyzed-diff-obseqonly.spthy @@ -3,7 +3,8 @@ theory CH07_UK3 begin // Function signature and definition of the equational theory E builtins: multiset, xor -functions: fst/1, h/1, lh/1, pair/2, rh/1, rot/2, snd/1 +functions: fst/1[destructor], h/1, lh/1, pair/2, rh/1, rot/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -264,7 +265,7 @@ analyzing: examples/csf18-xor/diff-models/CH07-UK3.spthy analyzed: examples/csf18-xor/diff-models/CH07-UK3.spthy output: examples/csf18-xor/diff-models/CH07-UK3.spthy.tmp - processing time: 215.493751057s + processing time: 221.187728865s RHS : recentalive_tag (all-traces): analysis incomplete (1 steps) LHS : recentalive_tag (all-traces): analysis incomplete (1 steps) RHS : recentalive_reader (all-traces): analysis incomplete (1 steps) @@ -281,7 +282,7 @@ summary of summaries: analyzed: examples/csf18-xor/diff-models/CH07-UK3.spthy output: examples/csf18-xor/diff-models/CH07-UK3.spthy.tmp - processing time: 215.493751057s + processing time: 221.187728865s RHS : recentalive_tag (all-traces): analysis incomplete (1 steps) LHS : recentalive_tag (all-traces): analysis incomplete (1 steps) RHS : recentalive_reader (all-traces): analysis incomplete (1 steps) diff --git a/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest1_analyzed-diff.spthy b/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest1_analyzed-diff.spthy index 7223f8dd7..3c172c1a2 100644 --- a/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest1_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest1_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory AxiomDiffTest1 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -39,7 +39,7 @@ analyzing: examples/features/equivalence/AxiomDiffTest1.spthy analyzed: examples/features/equivalence/AxiomDiffTest1.spthy output: examples/features/equivalence/AxiomDiffTest1.spthy.tmp - processing time: 0.07555184s + processing time: 0.243179625s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ------------------------------------------------------------------------------ @@ -50,7 +50,7 @@ summary of summaries: analyzed: examples/features/equivalence/AxiomDiffTest1.spthy output: examples/features/equivalence/AxiomDiffTest1.spthy.tmp - processing time: 0.07555184s + processing time: 0.243179625s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest2_analyzed-diff.spthy b/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest2_analyzed-diff.spthy index 654ce3e87..7e1e17e3f 100644 --- a/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest2_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest2_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory AxiomDiffTest2 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -49,7 +49,7 @@ analyzing: examples/features/equivalence/AxiomDiffTest2.spthy analyzed: examples/features/equivalence/AxiomDiffTest2.spthy output: examples/features/equivalence/AxiomDiffTest2.spthy.tmp - processing time: 0.11055822s + processing time: 0.27241248s DiffLemma: Observational_equivalence : falsified - found trace (5 steps) ------------------------------------------------------------------------------ @@ -60,7 +60,7 @@ summary of summaries: analyzed: examples/features/equivalence/AxiomDiffTest2.spthy output: examples/features/equivalence/AxiomDiffTest2.spthy.tmp - processing time: 0.11055822s + processing time: 0.27241248s DiffLemma: Observational_equivalence : falsified - found trace (5 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest3_analyzed-diff.spthy b/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest3_analyzed-diff.spthy index a1c2c7350..7ad18a913 100644 --- a/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest3_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest3_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory AxiomDiffTest3 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -39,7 +39,7 @@ analyzing: examples/features/equivalence/AxiomDiffTest3.spthy analyzed: examples/features/equivalence/AxiomDiffTest3.spthy output: examples/features/equivalence/AxiomDiffTest3.spthy.tmp - processing time: 0.083232718s + processing time: 0.186790733s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ------------------------------------------------------------------------------ @@ -50,7 +50,7 @@ summary of summaries: analyzed: examples/features/equivalence/AxiomDiffTest3.spthy output: examples/features/equivalence/AxiomDiffTest3.spthy.tmp - processing time: 0.083232718s + processing time: 0.186790733s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest4_analyzed-diff.spthy b/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest4_analyzed-diff.spthy index 0470972cf..3a1eadc41 100644 --- a/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest4_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/features/equivalence/AxiomDiffTest4_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory AxiomDiffTest4 begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -39,7 +39,7 @@ analyzing: examples/features/equivalence/AxiomDiffTest4.spthy analyzed: examples/features/equivalence/AxiomDiffTest4.spthy output: examples/features/equivalence/AxiomDiffTest4.spthy.tmp - processing time: 0.066422402s + processing time: 0.204373657s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ------------------------------------------------------------------------------ @@ -50,7 +50,7 @@ summary of summaries: analyzed: examples/features/equivalence/AxiomDiffTest4.spthy output: examples/features/equivalence/AxiomDiffTest4.spthy.tmp - processing time: 0.066422402s + processing time: 0.204373657s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/features/equivalence/N5N6DiffTest_analyzed-diff.spthy b/case-studies-regression/fast-tests/features/equivalence/N5N6DiffTest_analyzed-diff.spthy index d4edc7f2e..3ff2e6416 100644 --- a/case-studies-regression/fast-tests/features/equivalence/N5N6DiffTest_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/features/equivalence/N5N6DiffTest_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory N5N6DiffTest begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -47,7 +47,7 @@ analyzing: examples/features/equivalence/N5N6DiffTest.spthy analyzed: examples/features/equivalence/N5N6DiffTest.spthy output: examples/features/equivalence/N5N6DiffTest.spthy.tmp - processing time: 0.111530656s + processing time: 0.22659775s DiffLemma: Observational_equivalence : falsified - found trace (8 steps) ------------------------------------------------------------------------------ @@ -58,7 +58,7 @@ summary of summaries: analyzed: examples/features/equivalence/N5N6DiffTest.spthy output: examples/features/equivalence/N5N6DiffTest.spthy.tmp - processing time: 0.111530656s + processing time: 0.22659775s DiffLemma: Observational_equivalence : falsified - found trace (8 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/features/injectivity/injectivity_analyzed.spthy b/case-studies-regression/fast-tests/features/injectivity/injectivity_analyzed.spthy index 36b5256dc..0b8d511a6 100644 --- a/case-studies-regression/fast-tests/features/injectivity/injectivity_analyzed.spthy +++ b/case-studies-regression/fast-tests/features/injectivity/injectivity_analyzed.spthy @@ -2,7 +2,7 @@ theory injectivity begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -49,16 +49,16 @@ next case Copy solve( Inj( ~i.1 ) ▶₀ #k ) case Copy - by contradiction /* non-injective facts (#vr.1,#j,#k) */ + by contradiction /* cyclic */ next case Init - by contradiction /* non-injective facts (#i,#j,#k) */ + by contradiction /* cyclic */ qed next case Init solve( Inj( ~i.1 ) ▶₀ #k ) case Copy - by contradiction /* non-injective facts (#i,#vr,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -78,7 +78,7 @@ analyzing: examples/features//injectivity/injectivity.spthy analyzed: examples/features//injectivity/injectivity.spthy output: examples/features//injectivity/injectivity.spthy.tmp - processing time: 0.077110214s + processing time: 0.023936838s injectivity_check (all-traces): verified (9 steps) ------------------------------------------------------------------------------ @@ -89,7 +89,7 @@ summary of summaries: analyzed: examples/features//injectivity/injectivity.spthy output: examples/features//injectivity/injectivity.spthy.tmp - processing time: 0.077110214s + processing time: 0.023936838s injectivity_check (all-traces): verified (9 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/features/multiset/counter_analyzed.spthy b/case-studies-regression/fast-tests/features/multiset/counter_analyzed.spthy index 1aeed4e60..2dd825560 100644 --- a/case-studies-regression/fast-tests/features/multiset/counter_analyzed.spthy +++ b/case-studies-regression/fast-tests/features/multiset/counter_analyzed.spthy @@ -3,7 +3,8 @@ theory counter begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, h/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -13,6 +14,12 @@ equations: /* looping facts with injective instances: Counter/2 */ + + + + + + rule (modulo E) Create: [ Fr( ~s ) ] --[ Start( ~s ) ]-> [ Counter( ~s, '1' ) ] @@ -266,7 +273,7 @@ next case case_2 solve( Counter( ~s, '1' ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#j.1,#i,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -277,7 +284,7 @@ next case case_2 solve( Counter( ~s, '1' ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#j.1,#i,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -285,19 +292,10 @@ next case Inc_case_2 solve( Counter( ~s, y ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#j.1,#i,#j) */ + by contradiction /* cyclic */ next case Inc - solve( (#i < #vr.1) ∥ (∃ z. ((x+z) = ('1'+'1'+x))) ) - case case_2 - solve( (#vr < #vr.1) ∥ (∃ z. ((x+z) = ('1'+x))) ) - case case_2 - solve( (#vr.1 < #i) ∥ (∃ z. (('1'+'1'+x+z) = x)) ) - case case_1 - by contradiction /* non-injective facts (#vr.1,#i,#j) */ - qed - qed - qed + by simplify qed next case Inc_case_3 @@ -311,19 +309,10 @@ next case case_1 solve( Counter( ~s, y ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#j.1,#i,#j) */ + by contradiction /* cyclic */ next case Inc - solve( (#i < #vr.1) ∥ (∃ z. ((z+x.1) = ('1'+'1'+x+x.1))) ) - case case_2 - solve( (#vr < #vr.1) ∥ (∃ z. ((x+z) = ('1'+x+x.1))) ) - case case_2 - solve( (#vr.1 < #i) ∥ (∃ z. (('1'+'1'+x+z+x.1) = x)) ) - case case_1 - by contradiction /* non-injective facts (#vr.1,#i,#j) */ - qed - qed - qed + by simplify qed qed qed @@ -345,16 +334,7 @@ next case case_2 solve( Counter( ~s, ('1'+x) ) ▶₀ #j ) case Inc - solve( (#i < #vr.1) ∥ (∃ z.1. ((x+z.1) = ('1'+'1'+x+z))) ) - case case_2 - solve( (#vr < #vr.1) ∥ (∃ z.1. ((x+z.1) = ('1'+x+z))) ) - case case_2 - solve( (#vr.1 < #i) ∥ (∃ z.1. (('1'+'1'+x+z+z.1) = x)) ) - case case_1 - by contradiction /* non-injective facts (#vr.1,#i,#j) */ - qed - qed - qed + by simplify qed qed qed @@ -366,16 +346,7 @@ next case case_2 solve( Counter( ~s, ('1'+x) ) ▶₀ #j ) case Inc - solve( (#i < #vr.1) ∥ (∃ z. ((x+z) = ('1'+'1'+x))) ) - case case_2 - solve( (#vr < #vr.1) ∥ (∃ z. ((x+z) = ('1'+x))) ) - case case_2 - solve( (#vr.1 < #i) ∥ (∃ z. (('1'+'1'+x+z) = x)) ) - case case_1 - by contradiction /* non-injective facts (#vr.1,#i,#j) */ - qed - qed - qed + by simplify qed qed qed @@ -400,13 +371,7 @@ next case case_1 solve( Counter( ~s, ('1'+x) ) ▶₀ #j ) case Inc - solve( (#i < #vr.1) ∥ (∃ z. ((x+z) = ('1'+x))) ) - case case_2 - solve( (#vr.1 = #vr) ∥ (#vr < #vr.1) ∥ (∃ z. ((x+z) = x)) ) - case case_1 - by contradiction /* cyclic */ - qed - qed + by simplify qed qed qed @@ -456,42 +421,37 @@ next by solve( Counter( ~s, h(y) ) ▶₀ #vr ) next case case_2 - by contradiction /* from formulas */ + by contradiction /* cyclic */ qed qed qed qed next case Inc_case_2 - solve( (¬(#vr < #vr.1)) ∥ (∃ z. ((z+h(y)) = (x+h(y)))) ) - case case_2 - solve( (¬(#vr.1 < #vr)) ∥ (∃ z. ((x+z+h(y)) = h(y))) ) - case case_1 - solve( (#vr.1 < #j) ∥ (∃ z. ((y+z) = (x+h(y)))) ) - case case_1 - solve( (∃ z. (('1'+x+z+h(y)) = (x+h(y)))) ∥ - (∃ z. ((x+z+h(y)) = ('1'+x+h(y)))) ) - case case_2 - solve( (∃ z. ((x+z+h(y)) = h(y))) ∥ (∃ z. ((z+h(y)) = (x+h(y)))) ) - case case_2 - solve( (∃ z. ((x+z+h(y)) = ('1'+x+h(y)))) ∥ - (∃ z. (('1'+x+z+h(y)) = (x+h(y)))) ) - case case_1 - solve( (∃ z. ((z+h(y)) = (x+h(y)))) ∥ (∃ z. ((x+z+h(y)) = h(y))) ) - case case_1 - by solve( Counter( ~s, h(y) ) ▶₀ #vr ) - qed - qed + simplify + solve( (#vr.1 < #j) ∥ (∃ z. ((y+z) = (x+h(y)))) ) + case case_1 + solve( (∃ z. (('1'+x+z+h(y)) = (x+h(y)))) ∥ + (∃ z. ((x+z+h(y)) = ('1'+x+h(y)))) ) + case case_2 + solve( (∃ z. ((x+z+h(y)) = h(y))) ∥ (∃ z. ((z+h(y)) = (x+h(y)))) ) + case case_2 + solve( (∃ z. ((x+z+h(y)) = ('1'+x+h(y)))) ∥ + (∃ z. (('1'+x+z+h(y)) = (x+h(y)))) ) + case case_1 + solve( (∃ z. ((z+h(y)) = (x+h(y)))) ∥ (∃ z. ((x+z+h(y)) = h(y))) ) + case case_1 + by solve( Counter( ~s, h(y) ) ▶₀ #vr ) qed qed - next - case case_2_case_1 - by contradiction /* from formulas */ - next - case case_2_case_2 - by contradiction /* from formulas */ qed qed + next + case case_2_case_1 + by contradiction /* from formulas */ + next + case case_2_case_2 + by contradiction /* from formulas */ qed qed qed @@ -521,11 +481,11 @@ analyzing: examples/features//multiset/counter.spthy analyzed: examples/features//multiset/counter.spthy output: examples/features//multiset/counter.spthy.tmp - processing time: 1.90058374s + processing time: 1.685029557s counters_linear_order (all-traces): verified (50 steps) counter_start (all-traces): verified (8 steps) - counter_increases (all-traces): verified (58 steps) - lesser_senc_secret (all-traces): verified (26 steps) + counter_increases (all-traces): verified (44 steps) + lesser_senc_secret (all-traces): verified (25 steps) ------------------------------------------------------------------------------ @@ -535,11 +495,11 @@ summary of summaries: analyzed: examples/features//multiset/counter.spthy output: examples/features//multiset/counter.spthy.tmp - processing time: 1.90058374s + processing time: 1.685029557s counters_linear_order (all-traces): verified (50 steps) counter_start (all-traces): verified (8 steps) - counter_increases (all-traces): verified (58 steps) - lesser_senc_secret (all-traces): verified (26 steps) + counter_increases (all-traces): verified (44 steps) + lesser_senc_secret (all-traces): verified (25 steps) ============================================================================== */ diff --git a/case-studies-regression/fast-tests/features/private_function_symbols/NAXOS_eCK_PFS_private_analyzed.spthy b/case-studies-regression/fast-tests/features/private_function_symbols/NAXOS_eCK_PFS_private_analyzed.spthy index f7a51fea9..19e5e9bf0 100644 --- a/case-studies-regression/fast-tests/features/private_function_symbols/NAXOS_eCK_PFS_private_analyzed.spthy +++ b/case-studies-regression/fast-tests/features/private_function_symbols/NAXOS_eCK_PFS_private_analyzed.spthy @@ -3,11 +3,14 @@ theory NAXOS_eCK begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, sk/1 [private], snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, + sk/1[private,destructor], snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) Init_1: @@ -336,6 +339,12 @@ solve( (∃ matchingSession #i3 matchingRole. qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -351,7 +360,7 @@ analyzing: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spt analyzed: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spthy output: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spthy.tmp - processing time: 2.598879364s + processing time: 3.998966131s eCK_PFS_key_secrecy (all-traces): falsified - found trace (14 steps) ------------------------------------------------------------------------------ @@ -362,7 +371,7 @@ summary of summaries: analyzed: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spthy output: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spthy.tmp - processing time: 2.598879364s + processing time: 3.998966131s eCK_PFS_key_secrecy (all-traces): falsified - found trace (14 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/features/private_function_symbols/NAXOS_eCK_private_analyzed.spthy b/case-studies-regression/fast-tests/features/private_function_symbols/NAXOS_eCK_private_analyzed.spthy index 39c9f2578..7f9431fff 100644 --- a/case-studies-regression/fast-tests/features/private_function_symbols/NAXOS_eCK_private_analyzed.spthy +++ b/case-studies-regression/fast-tests/features/private_function_symbols/NAXOS_eCK_private_analyzed.spthy @@ -3,11 +3,14 @@ theory NAXOS_eCK begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, sk/1 [private], snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, + sk/1[private,destructor], snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) Init_1: @@ -575,6 +578,12 @@ next qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -590,7 +599,7 @@ analyzing: examples/features//private_function_symbols/NAXOS_eCK_private.spthy analyzed: examples/features//private_function_symbols/NAXOS_eCK_private.spthy output: examples/features//private_function_symbols/NAXOS_eCK_private.spthy.tmp - processing time: 2.267940118s + processing time: 3.526877598s eCK_key_secrecy (all-traces): verified (89 steps) ------------------------------------------------------------------------------ @@ -601,7 +610,7 @@ summary of summaries: analyzed: examples/features//private_function_symbols/NAXOS_eCK_private.spthy output: examples/features//private_function_symbols/NAXOS_eCK_private.spthy.tmp - processing time: 2.267940118s + processing time: 3.526877598s eCK_key_secrecy (all-traces): verified (89 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/loops/JCS12_Typing_Example_analyzed.spthy b/case-studies-regression/fast-tests/loops/JCS12_Typing_Example_analyzed.spthy index bb7c84f5e..04233c71d 100644 --- a/case-studies-regression/fast-tests/loops/JCS12_Typing_Example_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/JCS12_Typing_Example_analyzed.spthy @@ -2,7 +2,8 @@ theory JCS12_Typing_Example begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --> [ !Ltk( $A, ~ltk ), !Pk( $A, pk(~ltk) ) ] @@ -282,7 +287,7 @@ analyzing: examples/loops/JCS12_Typing_Example.spthy analyzed: examples/loops/JCS12_Typing_Example.spthy output: examples/loops/JCS12_Typing_Example.spthy.tmp - processing time: 0.243025553s + processing time: 0.20621475s typing_assertion (all-traces): verified (16 steps) Client_session_key_secrecy_raw (all-traces): verified (8 steps) Client_session_key_secrecy (all-traces): verified (4 steps) @@ -296,7 +301,7 @@ summary of summaries: analyzed: examples/loops/JCS12_Typing_Example.spthy output: examples/loops/JCS12_Typing_Example.spthy.tmp - processing time: 0.243025553s + processing time: 0.20621475s typing_assertion (all-traces): verified (16 steps) Client_session_key_secrecy_raw (all-traces): verified (8 steps) Client_session_key_secrecy (all-traces): verified (4 steps) diff --git a/case-studies-regression/fast-tests/loops/Minimal_Create_Use_Destroy_analyzed.spthy b/case-studies-regression/fast-tests/loops/Minimal_Create_Use_Destroy_analyzed.spthy index 1be92c2e1..ba4f43664 100644 --- a/case-studies-regression/fast-tests/loops/Minimal_Create_Use_Destroy_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/Minimal_Create_Use_Destroy_analyzed.spthy @@ -2,7 +2,7 @@ theory Minimal_Create_Use_Destroy begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -114,16 +114,16 @@ next case Create solve( Object( ~n ) ▶₀ #i ) case Use - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed next case Use solve( Object( ~n ) ▶₀ #i ) case Create - by contradiction /* non-injective facts (#i.1,#j,#i) */ + by contradiction /* cyclic */ next case Use - by contradiction /* non-injective facts (#vr.1,#j,#i) */ + by contradiction /* cyclic */ qed qed next @@ -135,10 +135,10 @@ next case case_1 solve( Object( ~n ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#i.1,#i,#j) */ + by contradiction /* cyclic */ next case Use - by contradiction /* non-injective facts (#vr,#i,#j) */ + by contradiction /* cyclic */ qed next case case_2 @@ -154,16 +154,16 @@ next by contradiction /* cyclic */ next case Use - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed next case Use solve( Object( ~n ) ▶₀ #i ) case Create - by contradiction /* non-injective facts (#i.1,#j,#i) */ + by contradiction /* cyclic */ next case Use - by contradiction /* non-injective facts (#vr.1,#j,#i) */ + by contradiction /* cyclic */ qed qed qed @@ -186,7 +186,7 @@ analyzing: examples/loops/Minimal_Create_Use_Destroy.spthy analyzed: examples/loops/Minimal_Create_Use_Destroy.spthy output: examples/loops/Minimal_Create_Use_Destroy.spthy.tmp - processing time: 0.162819238s + processing time: 0.110316025s Use_charn (all-traces): verified (8 steps) Destroy_charn (all-traces): verified (28 steps) @@ -198,7 +198,7 @@ summary of summaries: analyzed: examples/loops/Minimal_Create_Use_Destroy.spthy output: examples/loops/Minimal_Create_Use_Destroy.spthy.tmp - processing time: 0.162819238s + processing time: 0.110316025s Use_charn (all-traces): verified (8 steps) Destroy_charn (all-traces): verified (28 steps) diff --git a/case-studies-regression/fast-tests/loops/Minimal_Crypto_API_analyzed.spthy b/case-studies-regression/fast-tests/loops/Minimal_Crypto_API_analyzed.spthy index 1263dba0b..96e471241 100644 --- a/case-studies-regression/fast-tests/loops/Minimal_Crypto_API_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/Minimal_Crypto_API_analyzed.spthy @@ -2,7 +2,8 @@ theory Minimal_Crypto_API begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) NewKey: [ Fr( ~h ), Fr( ~k ) ] --[ NewKey( ~h, ~k ) ]-> @@ -80,7 +83,7 @@ analyzing: examples/loops/Minimal_Crypto_API.spthy analyzed: examples/loops/Minimal_Crypto_API.spthy output: examples/loops/Minimal_Crypto_API.spthy.tmp - processing time: 0.094925262s + processing time: 0.038355849s NewKey_invariant (all-traces): verified (8 steps) NewKey_secrecy (all-traces): verified (2 steps) @@ -92,7 +95,7 @@ summary of summaries: analyzed: examples/loops/Minimal_Crypto_API.spthy output: examples/loops/Minimal_Crypto_API.spthy.tmp - processing time: 0.094925262s + processing time: 0.038355849s NewKey_invariant (all-traces): verified (8 steps) NewKey_secrecy (all-traces): verified (2 steps) diff --git a/case-studies-regression/fast-tests/loops/Minimal_KeyRenegotiation_analyzed.spthy b/case-studies-regression/fast-tests/loops/Minimal_KeyRenegotiation_analyzed.spthy index fac634784..d84ed41d5 100644 --- a/case-studies-regression/fast-tests/loops/Minimal_KeyRenegotiation_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/Minimal_KeyRenegotiation_analyzed.spthy @@ -2,7 +2,8 @@ theory KeyRenegotiation_Minimal begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -12,6 +13,8 @@ equations: /* looping facts with injective instances: Sender/1 */ + + rule (modulo E) Setup: [ Fr( ~k ) ] --> [ Sender( ~k ), Receiver( ~k ) ] @@ -138,7 +141,7 @@ analyzing: examples/loops/Minimal_KeyRenegotiation.spthy analyzed: examples/loops/Minimal_KeyRenegotiation.spthy output: examples/loops/Minimal_KeyRenegotiation.spthy.tmp - processing time: 0.110861783s + processing time: 0.071918046s Secret_reachable (exists-trace): verified (5 steps) secrecy (all-traces): verified (23 steps) @@ -150,7 +153,7 @@ summary of summaries: analyzed: examples/loops/Minimal_KeyRenegotiation.spthy output: examples/loops/Minimal_KeyRenegotiation.spthy.tmp - processing time: 0.110861783s + processing time: 0.071918046s Secret_reachable (exists-trace): verified (5 steps) secrecy (all-traces): verified (23 steps) diff --git a/case-studies-regression/fast-tests/loops/Minimal_Loop_Example_analyzed.spthy b/case-studies-regression/fast-tests/loops/Minimal_Loop_Example_analyzed.spthy index 122336223..8fbc99c00 100644 --- a/case-studies-regression/fast-tests/loops/Minimal_Loop_Example_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/Minimal_Loop_Example_analyzed.spthy @@ -2,7 +2,7 @@ theory Minimal_Loop_Example begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -86,16 +86,16 @@ next case Loop solve( A( ~n ) ▶₀ #i ) case Loop - by contradiction /* non-injective facts (#vr.1,#j,#i) */ + by contradiction /* cyclic */ next case Start - by contradiction /* non-injective facts (#i.1,#j,#i) */ + by contradiction /* cyclic */ qed next case Start solve( A( ~n ) ▶₀ #i ) case Loop - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed qed qed @@ -113,16 +113,16 @@ solve( (#i < #j) ∥ (#j < #i) ) case Loop solve( A( ~n ) ▶₀ #j ) case Loop - by contradiction /* non-injective facts (#vr.1,#i,#j) */ + by contradiction /* cyclic */ next case Start - by contradiction /* non-injective facts (#i.1,#i,#j) */ + by contradiction /* cyclic */ qed next case Start solve( A( ~n ) ▶₀ #j ) case Loop - by contradiction /* non-injective facts (#vr,#vr.1,#i) */ + by contradiction /* cyclic */ next case Start by contradiction /* cyclic */ @@ -132,10 +132,10 @@ next case case_2 solve( A( x ) ▶₀ #i ) case Loop - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ next case Start - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed qed @@ -166,7 +166,7 @@ analyzing: examples/loops/Minimal_Loop_Example.spthy analyzed: examples/loops/Minimal_Loop_Example.spthy output: examples/loops/Minimal_Loop_Example.spthy.tmp - processing time: 0.089144476s + processing time: 0.040462244s Start_before_Loop (all-traces): verified (8 steps) Start_before_Stop (all-traces): verified (4 steps) Loop_before_Stop (all-traces): verified (9 steps) @@ -181,7 +181,7 @@ summary of summaries: analyzed: examples/loops/Minimal_Loop_Example.spthy output: examples/loops/Minimal_Loop_Example.spthy.tmp - processing time: 0.089144476s + processing time: 0.040462244s Start_before_Loop (all-traces): verified (8 steps) Start_before_Stop (all-traces): verified (4 steps) Loop_before_Stop (all-traces): verified (9 steps) diff --git a/case-studies-regression/fast-tests/loops/Minimal_Typing_Example_analyzed.spthy b/case-studies-regression/fast-tests/loops/Minimal_Typing_Example_analyzed.spthy index 458206f31..2a947fbc6 100644 --- a/case-studies-regression/fast-tests/loops/Minimal_Typing_Example_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/Minimal_Typing_Example_analyzed.spthy @@ -2,7 +2,8 @@ theory Minimal_Typing_Example begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,10 @@ equations: + + + + rule (modulo E) Setup_Key: [ Fr( ~k ) ] --> [ !Key( ~k ) ] @@ -154,7 +159,7 @@ analyzing: examples/loops/Minimal_Typing_Example.spthy analyzed: examples/loops/Minimal_Typing_Example.spthy output: examples/loops/Minimal_Typing_Example.spthy.tmp - processing time: 0.164903079s + processing time: 0.114951591s sources_assertion (all-traces): verified (13 steps) Responder_secrecy (all-traces): verified (8 steps) Public_part_public (exists-trace): verified (5 steps) @@ -167,7 +172,7 @@ summary of summaries: analyzed: examples/loops/Minimal_Typing_Example.spthy output: examples/loops/Minimal_Typing_Example.spthy.tmp - processing time: 0.164903079s + processing time: 0.114951591s sources_assertion (all-traces): verified (13 steps) Responder_secrecy (all-traces): verified (8 steps) Public_part_public (exists-trace): verified (5 steps) diff --git a/case-studies-regression/fast-tests/loops/RFID_Simple_analyzed.spthy b/case-studies-regression/fast-tests/loops/RFID_Simple_analyzed.spthy index e64840381..e7dc5456d 100644 --- a/case-studies-regression/fast-tests/loops/RFID_Simple_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/RFID_Simple_analyzed.spthy @@ -2,7 +2,8 @@ theory RFID_Simple begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +13,8 @@ equations: /* looping facts with injective instances: Device_Alice/1 */ + + rule (modulo E) GenKey: [ Fr( ~sk ) ] --[ Device_Key( ~sk ) ]-> @@ -388,16 +391,16 @@ next case Alice solve( Device_Alice( ~sk ) ▶₀ #i ) case Alice - by contradiction /* non-injective facts (#vr.2,#j,#i) */ + by contradiction /* cyclic */ next case GenKey - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed next case GenKey solve( Device_Alice( ~sk ) ▶₀ #i ) case Alice - by contradiction /* non-injective facts (#vr,#vr.1,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -440,16 +443,16 @@ next case Alice solve( Device_Alice( ~sk ) ▶₀ #i ) case Alice - by contradiction /* non-injective facts (#vr.2,#j,#i) */ + by contradiction /* cyclic */ next case GenKey - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed next case GenKey solve( Device_Alice( ~sk ) ▶₀ #i ) case Alice - by contradiction /* non-injective facts (#vr,#vr.1,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -519,7 +522,7 @@ analyzing: examples/loops/RFID_Simple.spthy analyzed: examples/loops/RFID_Simple.spthy output: examples/loops/RFID_Simple.spthy.tmp - processing time: 0.521523331s + processing time: 0.68943632s types (all-traces): verified (86 steps) Device_ToBob (all-traces): verified (12 steps) Device_Init_Use_Set (all-traces): verified (18 steps) @@ -533,7 +536,7 @@ summary of summaries: analyzed: examples/loops/RFID_Simple.spthy output: examples/loops/RFID_Simple.spthy.tmp - processing time: 0.521523331s + processing time: 0.68943632s types (all-traces): verified (86 steps) Device_ToBob (all-traces): verified (12 steps) Device_Init_Use_Set (all-traces): verified (18 steps) diff --git a/case-studies-regression/fast-tests/loops/TESLA_Scheme1_analyzed.spthy b/case-studies-regression/fast-tests/loops/TESLA_Scheme1_analyzed.spthy index fcf0b9638..da1bc1447 100644 --- a/case-studies-regression/fast-tests/loops/TESLA_Scheme1_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/TESLA_Scheme1_analyzed.spthy @@ -2,8 +2,8 @@ theory TESLA_Scheme1 begin // Function signature and definition of the equational theory E -functions: MAC/2, f/1, fst/1, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: MAC/2, f/1, fst/1[destructor], pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -11,6 +11,8 @@ equations: + + rule (modulo E) Generate_Keypair: [ Fr( ~ltk ) ] --> @@ -768,6 +770,10 @@ induction qed qed + + + + /* All well-formedness checks were successful. */ end @@ -783,7 +789,7 @@ analyzing: examples/loops/TESLA_Scheme1.spthy analyzed: examples/loops/TESLA_Scheme1.spthy output: examples/loops/TESLA_Scheme1.spthy.tmp - processing time: 4.520967526s + processing time: 7.457912808s authentic (all-traces): verified (158 steps) authentic_reachable (exists-trace): verified (13 steps) @@ -795,7 +801,7 @@ summary of summaries: analyzed: examples/loops/TESLA_Scheme1.spthy output: examples/loops/TESLA_Scheme1.spthy.tmp - processing time: 4.520967526s + processing time: 7.457912808s authentic (all-traces): verified (158 steps) authentic_reachable (exists-trace): verified (13 steps) diff --git a/case-studies-regression/fast-tests/loops/Typing_and_Destructors_analyzed.spthy b/case-studies-regression/fast-tests/loops/Typing_and_Destructors_analyzed.spthy index 28c3f5852..8bacdc013 100644 --- a/case-studies-regression/fast-tests/loops/Typing_and_Destructors_analyzed.spthy +++ b/case-studies-regression/fast-tests/loops/Typing_and_Destructors_analyzed.spthy @@ -2,7 +2,8 @@ theory Typing_and_Destructors begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,10 @@ equations: + + + + rule (modulo E) Setup_Key: [ Fr( ~k ) ] --[ IsKey( ~k ) ]-> [ !Key( ~k ) ] @@ -197,16 +202,7 @@ solve( !Key( key ) ▶₀ #i ) case Setup_Key solve( splitEqs(0) ) case split_case_1 - solve( !KU( fst(sdec(msg, ~k)) ) @ #vk.1 ) - case c_fst - solve( !KU( sdec(msg, ~k) ) @ #vk.2 ) - case c_sdec - solve( !KU( ~k ) @ #vk.3 ) - case Reveal_Key - by contradiction /* from formulas */ - qed - qed - qed + by solve( !KU( fst(sdec(msg, ~k)) ) @ #vk.1 ) next case split_case_2 solve( !KU( senc(, ~k) ) @ #vk ) @@ -288,12 +284,20 @@ analyzing: examples/loops/Typing_and_Destructors.spthy analyzed: examples/loops/Typing_and_Destructors.spthy output: examples/loops/Typing_and_Destructors.spthy.tmp - processing time: 0.278622435s + processing time: 0.200697145s WARNING: 1 wellformedness check failed! The analysis results might be wrong! + Formula terms: + lemma `type_assertion' uses terms of the wrong form: `snd(Bound 1)', + `snd(sdec(Bound 3,Bound 2))' + + The only allowed terms are public names and bound node and message + variables. If you encounter free message variables, then you might have + forgotten a #-prefix. Sort prefixes can only be dropped where this is + unambiguous. Moreover, reducible function symbols are disallowed. type_assertion (all-traces): verified (27 steps) - Responder_secrecy (all-traces): verified (17 steps) + Responder_secrecy (all-traces): verified (14 steps) Public_part_public (exists-trace): verified (5 steps) ------------------------------------------------------------------------------ @@ -304,12 +308,20 @@ summary of summaries: analyzed: examples/loops/Typing_and_Destructors.spthy output: examples/loops/Typing_and_Destructors.spthy.tmp - processing time: 0.278622435s + processing time: 0.200697145s WARNING: 1 wellformedness check failed! The analysis results might be wrong! + Formula terms: + lemma `type_assertion' uses terms of the wrong form: `snd(Bound 1)', + `snd(sdec(Bound 3,Bound 2))' + + The only allowed terms are public names and bound node and message + variables. If you encounter free message variables, then you might have + forgotten a #-prefix. Sort prefixes can only be dropped where this is + unambiguous. Moreover, reducible function symbols are disallowed. type_assertion (all-traces): verified (27 steps) - Responder_secrecy (all-traces): verified (17 steps) + Responder_secrecy (all-traces): verified (14 steps) Public_part_public (exists-trace): verified (5 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/post17/chaum_unforgeability_analyzed.spthy b/case-studies-regression/fast-tests/post17/chaum_unforgeability_analyzed.spthy index da8e5458b..476f6e037 100644 --- a/case-studies-regression/fast-tests/post17/chaum_unforgeability_analyzed.spthy +++ b/case-studies-regression/fast-tests/post17/chaum_unforgeability_analyzed.spthy @@ -2,8 +2,8 @@ theory Chaum_Unforgeability begin // Function signature and definition of the equational theory E -functions: blind/2, checksign/2, fst/1, pair/2, pk/1, sign/2, snd/1, - unblind/2 +functions: blind/2, checksign/2, fst/1[destructor], pair/2, pk/1, sign/2, + snd/1[destructor], unblind/2 equations: checksign(sign(m, k), pk(k)) = m, fst() = x.1, @@ -115,6 +115,16 @@ solve( Private_Ch( x ) ▶₀ #j ) qed qed + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -130,7 +140,7 @@ analyzing: examples/post17/chaum_unforgeability.spthy analyzed: examples/post17/chaum_unforgeability.spthy output: examples/post17/chaum_unforgeability.spthy.tmp - processing time: 0.15312925s + processing time: 0.124207306s exec (exists-trace): verified (6 steps) unforgeability (all-traces): verified (10 steps) @@ -142,7 +152,7 @@ summary of summaries: analyzed: examples/post17/chaum_unforgeability.spthy output: examples/post17/chaum_unforgeability.spthy.tmp - processing time: 0.15312925s + processing time: 0.124207306s exec (exists-trace): verified (6 steps) unforgeability (all-traces): verified (10 steps) diff --git a/case-studies-regression/fast-tests/post17/denning_sacco_symmetric_cbc_analyzed.spthy b/case-studies-regression/fast-tests/post17/denning_sacco_symmetric_cbc_analyzed.spthy index 83312ebab..4cae851e2 100644 --- a/case-studies-regression/fast-tests/post17/denning_sacco_symmetric_cbc_analyzed.spthy +++ b/case-studies-regression/fast-tests/post17/denning_sacco_symmetric_cbc_analyzed.spthy @@ -2,7 +2,8 @@ theory dsscbc begin // Function signature and definition of the equational theory E -functions: dec/2, enc/2, fst/1, pair/2, prefix/1, snd/1 +functions: dec/2, enc/2, fst/1[destructor], pair/2, prefix/1, + snd/1[destructor] equations: dec(enc(M, k), k) = M, fst() = x.1, @@ -114,6 +115,12 @@ solve( !SharedKeyWithServer( $B, kbs ) ▶₁ #i ) qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -129,7 +136,7 @@ analyzing: examples/post17/denning_sacco_symmetric_cbc.spthy analyzed: examples/post17/denning_sacco_symmetric_cbc.spthy output: examples/post17/denning_sacco_symmetric_cbc.spthy.tmp - processing time: 0.346752662s + processing time: 0.32278501s executable (exists-trace): verified (8 steps) sessionsmatch (all-traces): falsified - found trace (4 steps) @@ -141,7 +148,7 @@ summary of summaries: analyzed: examples/post17/denning_sacco_symmetric_cbc.spthy output: examples/post17/denning_sacco_symmetric_cbc.spthy.tmp - processing time: 0.346752662s + processing time: 0.32278501s executable (exists-trace): verified (8 steps) sessionsmatch (all-traces): falsified - found trace (4 steps) diff --git a/case-studies-regression/fast-tests/post17/foo_eligibility_analyzed.spthy b/case-studies-regression/fast-tests/post17/foo_eligibility_analyzed.spthy index d4affcd27..d13460307 100644 --- a/case-studies-regression/fast-tests/post17/foo_eligibility_analyzed.spthy +++ b/case-studies-regression/fast-tests/post17/foo_eligibility_analyzed.spthy @@ -2,8 +2,8 @@ theory FOO_Eligibility begin // Function signature and definition of the equational theory E -functions: blind/2, checksign/2, commit/2, fst/1, open/2, pair/2, pk/1, - sign/2, snd/1, unblind/2 +functions: blind/2, checksign/2, commit/2, fst/1[destructor], open/2, + pair/2, pk/1, sign/2, snd/1[destructor], unblind/2 equations: checksign(sign(m, k), pk(k)) = m, fst() = x.1, @@ -312,6 +312,20 @@ solve( St_C_1( A, commit(vote, r) ) ▶₁ #j ) qed qed + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -327,7 +341,7 @@ analyzing: examples/post17/foo_eligibility.spthy analyzed: examples/post17/foo_eligibility.spthy output: examples/post17/foo_eligibility.spthy.tmp - processing time: 1.310817018s + processing time: 1.735064526s types (all-traces): verified (44 steps) exec (exists-trace): verified (9 steps) eligibility (all-traces): verified (11 steps) @@ -340,7 +354,7 @@ summary of summaries: analyzed: examples/post17/foo_eligibility.spthy output: examples/post17/foo_eligibility.spthy.tmp - processing time: 1.310817018s + processing time: 1.735064526s types (all-traces): verified (44 steps) exec (exists-trace): verified (9 steps) eligibility (all-traces): verified (11 steps) diff --git a/case-studies-regression/fast-tests/post17/needham_schroeder_symmetric_cbc_analyzed.spthy b/case-studies-regression/fast-tests/post17/needham_schroeder_symmetric_cbc_analyzed.spthy index 6c58a337d..617ed7bfd 100644 --- a/case-studies-regression/fast-tests/post17/needham_schroeder_symmetric_cbc_analyzed.spthy +++ b/case-studies-regression/fast-tests/post17/needham_schroeder_symmetric_cbc_analyzed.spthy @@ -2,7 +2,8 @@ theory nsscbc begin // Function signature and definition of the equational theory E -functions: dec/2, enc/2, fst/1, pair/2, prefix/1, snd/1, succ/1 +functions: dec/2, enc/2, fst/1[destructor], pair/2, prefix/1, + snd/1[destructor], succ/1 equations: dec(enc(M, k), k) = M, fst() = x.1, @@ -110,6 +111,14 @@ solve( ResponderWaitConfirm( $B, $A, ~k, ~nb ) ▶₀ #i ) qed qed + + + + + + + + /* All well-formedness checks were successful. */ end @@ -125,7 +134,7 @@ analyzing: examples/post17/needham_schroeder_symmetric_cbc.spthy analyzed: examples/post17/needham_schroeder_symmetric_cbc.spthy output: examples/post17/needham_schroeder_symmetric_cbc.spthy.tmp - processing time: 11.740786572s + processing time: 15.507675527s secrecy (all-traces): falsified - found trace (8 steps) ------------------------------------------------------------------------------ @@ -136,7 +145,7 @@ summary of summaries: analyzed: examples/post17/needham_schroeder_symmetric_cbc.spthy output: examples/post17/needham_schroeder_symmetric_cbc.spthy.tmp - processing time: 11.740786572s + processing time: 15.507675527s secrecy (all-traces): falsified - found trace (8 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/post17/okamoto_eligibility_analyzed.spthy b/case-studies-regression/fast-tests/post17/okamoto_eligibility_analyzed.spthy index 29328b3b8..e1b4e3bd5 100644 --- a/case-studies-regression/fast-tests/post17/okamoto_eligibility_analyzed.spthy +++ b/case-studies-regression/fast-tests/post17/okamoto_eligibility_analyzed.spthy @@ -2,8 +2,8 @@ theory Okamoto_Eligibilty begin // Function signature and definition of the equational theory E -functions: blind/2, checksign/2, f/4, fst/1, open/2, pair/2, pk/1, - sign/2, snd/1, tdcommit/3, unblind/2 +functions: blind/2, checksign/2, f/4, fst/1[destructor], open/2, pair/2, + pk/1, sign/2, snd/1[destructor], tdcommit/3, unblind/2 equations: checksign(sign(m, sk), pk(sk)) = m, f(m1, f(m, r, td, m1), td, m2) = f(m, r, td, m2), @@ -199,6 +199,22 @@ solve( P_Ch_Timeliness( $vote, ~r, x ) ▶₀ #j ) qed qed + + + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -214,7 +230,7 @@ analyzing: examples/post17/okamoto_eligibility.spthy analyzed: examples/post17/okamoto_eligibility.spthy output: examples/post17/okamoto_eligibility.spthy.tmp - processing time: 0.772112092s + processing time: 0.826635176s types (all-traces): verified (23 steps) exec (exists-trace): verified (6 steps) eligibility (all-traces): verified (5 steps) @@ -227,7 +243,7 @@ summary of summaries: analyzed: examples/post17/okamoto_eligibility.spthy output: examples/post17/okamoto_eligibility.spthy.tmp - processing time: 0.772112092s + processing time: 0.826635176s types (all-traces): verified (23 steps) exec (exists-trace): verified (6 steps) eligibility (all-traces): verified (5 steps) diff --git a/case-studies-regression/fast-tests/regression/diff/issue198-1_analyzed-diff.spthy b/case-studies-regression/fast-tests/regression/diff/issue198-1_analyzed-diff.spthy index 38f3c8899..c54fa92d2 100644 --- a/case-studies-regression/fast-tests/regression/diff/issue198-1_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/regression/diff/issue198-1_analyzed-diff.spthy @@ -3,7 +3,7 @@ theory issue198_1 begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -287,7 +287,7 @@ analyzing: examples/regression/diff/issue198-1.spthy analyzed: examples/regression/diff/issue198-1.spthy output: examples/regression/diff/issue198-1.spthy.tmp - processing time: 0.60829746s + processing time: 0.953121894s DiffLemma: Observational_equivalence : analysis incomplete (84 steps) ------------------------------------------------------------------------------ @@ -298,7 +298,7 @@ summary of summaries: analyzed: examples/regression/diff/issue198-1.spthy output: examples/regression/diff/issue198-1.spthy.tmp - processing time: 0.60829746s + processing time: 0.953121894s DiffLemma: Observational_equivalence : analysis incomplete (84 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/regression/diff/issue198-2_analyzed-diff.spthy b/case-studies-regression/fast-tests/regression/diff/issue198-2_analyzed-diff.spthy index 6d0417973..7f42f5ceb 100644 --- a/case-studies-regression/fast-tests/regression/diff/issue198-2_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/regression/diff/issue198-2_analyzed-diff.spthy @@ -3,7 +3,7 @@ theory issue198_2 begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -287,7 +287,7 @@ analyzing: examples/regression/diff/issue198-2.spthy analyzed: examples/regression/diff/issue198-2.spthy output: examples/regression/diff/issue198-2.spthy.tmp - processing time: 0.591705304s + processing time: 0.92261959s DiffLemma: Observational_equivalence : analysis incomplete (84 steps) ------------------------------------------------------------------------------ @@ -298,7 +298,7 @@ summary of summaries: analyzed: examples/regression/diff/issue198-2.spthy output: examples/regression/diff/issue198-2.spthy.tmp - processing time: 0.591705304s + processing time: 0.92261959s DiffLemma: Observational_equivalence : analysis incomplete (84 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/regression/diff/issue223_analyzed-diff.spthy b/case-studies-regression/fast-tests/regression/diff/issue223_analyzed-diff.spthy index d487310a6..1ee540f8d 100644 --- a/case-studies-regression/fast-tests/regression/diff/issue223_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/regression/diff/issue223_analyzed-diff.spthy @@ -2,7 +2,8 @@ theory issue223 begin // Function signature and definition of the equational theory E -functions: commit/3, fake/4, fst/1, open/3, pair/2, pk/1, snd/1 +functions: commit/3, fake/4, fst/1[destructor], open/3, pair/2, pk/1, + snd/1[destructor] equations: commit(ni2, fake(ni1, r, sk, ni2), pk(sk)) = commit(ni1, r, pk(sk)), fake(ni2, fake(ni1, r, sk, ni2), sk, ni3) = fake(ni1, r, sk, ni3), @@ -3246,7 +3247,7 @@ analyzing: examples/regression/diff/issue223.spthy analyzed: examples/regression/diff/issue223.spthy output: examples/regression/diff/issue223.spthy.tmp - processing time: 4.787789089s + processing time: 10.014423177s DiffLemma: Observational_equivalence : verified (1082 steps) ------------------------------------------------------------------------------ @@ -3257,7 +3258,7 @@ summary of summaries: analyzed: examples/regression/diff/issue223.spthy output: examples/regression/diff/issue223.spthy.tmp - processing time: 4.787789089s + processing time: 10.014423177s DiffLemma: Observational_equivalence : verified (1082 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/regression/diff/issue324_analyzed-diff.spthy b/case-studies-regression/fast-tests/regression/diff/issue324_analyzed-diff.spthy index 15eba8c46..2e8d51554 100644 --- a/case-studies-regression/fast-tests/regression/diff/issue324_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/regression/diff/issue324_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory Issue324 begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -150,7 +150,7 @@ analyzing: examples/regression/diff/issue324.spthy analyzed: examples/regression/diff/issue324.spthy output: examples/regression/diff/issue324.spthy.tmp - processing time: 0.169316597s + processing time: 0.279880059s DiffLemma: Observational_equivalence : analysis incomplete (47 steps) ------------------------------------------------------------------------------ @@ -161,7 +161,7 @@ summary of summaries: analyzed: examples/regression/diff/issue324.spthy output: examples/regression/diff/issue324.spthy.tmp - processing time: 0.169316597s + processing time: 0.279880059s DiffLemma: Observational_equivalence : analysis incomplete (47 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/regression/diff/issue331_analyzed-diff.spthy b/case-studies-regression/fast-tests/regression/diff/issue331_analyzed-diff.spthy index 02d79759d..e373c71f3 100644 --- a/case-studies-regression/fast-tests/regression/diff/issue331_analyzed-diff.spthy +++ b/case-studies-regression/fast-tests/regression/diff/issue331_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory Issue331 begin // Function signature and definition of the equational theory E -functions: fst/1, g/2, pair/2, snd/1 +functions: fst/1[destructor], g/2, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -126,7 +126,7 @@ analyzing: examples/regression/diff/issue331.spthy analyzed: examples/regression/diff/issue331.spthy output: examples/regression/diff/issue331.spthy.tmp - processing time: 0.142310771s + processing time: 0.23827286s DiffLemma: Observational_equivalence : verified (37 steps) ------------------------------------------------------------------------------ @@ -137,7 +137,7 @@ summary of summaries: analyzed: examples/regression/diff/issue331.spthy output: examples/regression/diff/issue331.spthy.tmp - processing time: 0.142310771s + processing time: 0.23827286s DiffLemma: Observational_equivalence : verified (37 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/regression/trace/seqdfsneeded_analyzed-seqdfs.spthy b/case-studies-regression/fast-tests/regression/trace/seqdfsneeded_analyzed-seqdfs.spthy index 5a607f6c1..56f04ff08 100644 --- a/case-studies-regression/fast-tests/regression/trace/seqdfsneeded_analyzed-seqdfs.spthy +++ b/case-studies-regression/fast-tests/regression/trace/seqdfsneeded_analyzed-seqdfs.spthy @@ -2,7 +2,7 @@ theory seqdfsneeded begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -132,6 +132,8 @@ rule (modulo E) amplify_decoy_case3: // loop breaker: [0] /* has exactly the trivial AC variant */ + + /* All well-formedness checks were successful. */ end @@ -147,7 +149,7 @@ analyzing: examples/regression/trace/seqdfsneeded.spthy analyzed: examples/regression/trace/seqdfsneeded.spthy output: examples/regression/trace/seqdfsneeded.spthy.tmp - processing time: 0.259640213s + processing time: 0.241769075s slow (exists-trace): verified (24 steps) ------------------------------------------------------------------------------ @@ -158,7 +160,7 @@ summary of summaries: analyzed: examples/regression/trace/seqdfsneeded.spthy output: examples/regression/trace/seqdfsneeded.spthy.tmp - processing time: 0.259640213s + processing time: 0.241769075s slow (exists-trace): verified (24 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/related_work/AIF_Moedersheim_CCS10/Keyserver_analyzed.spthy b/case-studies-regression/fast-tests/related_work/AIF_Moedersheim_CCS10/Keyserver_analyzed.spthy index 8cc4ea384..61781c745 100644 --- a/case-studies-regression/fast-tests/related_work/AIF_Moedersheim_CCS10/Keyserver_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/AIF_Moedersheim_CCS10/Keyserver_analyzed.spthy @@ -2,7 +2,8 @@ theory Keyserver begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) SetupServerKey: [ Fr( ~sk ) ] --> @@ -146,7 +149,7 @@ analyzing: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy analyzed: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy output: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy.tmp - processing time: 0.103222135s + processing time: 0.061994159s Knows_Honest_Key_imp_Revoked (all-traces): verified (6 steps) ------------------------------------------------------------------------------ @@ -157,7 +160,7 @@ summary of summaries: analyzed: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy output: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy.tmp - processing time: 0.103222135s + processing time: 0.061994159s Knows_Honest_Key_imp_Revoked (all-traces): verified (6 steps) ============================================================================== diff --git a/case-studies-regression/fast-tests/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing_analyzed.spthy b/case-studies-regression/fast-tests/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing_analyzed.spthy index 2bbda2ae6..947b9f6ae 100644 --- a/case-studies-regression/fast-tests/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing_analyzed.spthy @@ -2,8 +2,8 @@ theory StatVerif_GM_Contract_Signing begin // Function signature and definition of the equational theory E -functions: check_getmsg/2, checkpcs/5, convertpcs/2, fst/1, pair/2, - pcs/3, pk/1, sign/2, snd/1, true/0 +functions: check_getmsg/2, checkpcs/5, convertpcs/2, fst/1[destructor], + pair/2, pcs/3, pk/1, sign/2, snd/1[destructor], true/0 equations: check_getmsg(pk(xsk), sign(xsk, xm)) = xm, checkpcs(xc, pk(xsk), ypk, zpk, pcs(sign(xsk, xc), ypk, zpk)) = true, @@ -376,6 +376,20 @@ solve( !TTP( skT ) ▶₁ #i ) qed qed + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -391,7 +405,7 @@ analyzing: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signi analyzed: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing.spthy output: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing.spthy.tmp - processing time: 0.561764407s + processing time: 0.572410166s aborted_and_resolved_exclusive (all-traces): verified (7 steps) aborted_contract_reachable (exists-trace): verified (8 steps) resolved1_contract_reachable (exists-trace): verified (9 steps) @@ -405,7 +419,7 @@ summary of summaries: analyzed: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing.spthy output: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing.spthy.tmp - processing time: 0.561764407s + processing time: 0.572410166s aborted_and_resolved_exclusive (all-traces): verified (7 steps) aborted_contract_reachable (exists-trace): verified (8 steps) resolved1_contract_reachable (exists-trace): verified (9 steps) diff --git a/case-studies-regression/fast-tests/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device_analyzed.spthy b/case-studies-regression/fast-tests/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device_analyzed.spthy index 11baa57b9..79e90b1fa 100644 --- a/case-studies-regression/fast-tests/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device_analyzed.spthy @@ -2,7 +2,8 @@ theory StatVerif_Security_Device begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) NewDevice: [ Fr( ~sk ) ] --> @@ -283,7 +286,7 @@ analyzing: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.s analyzed: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.spthy output: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.spthy.tmp - processing time: 0.347202344s + processing time: 0.449477827s types (all-traces): verified (32 steps) reachability_left (exists-trace): verified (5 steps) reachability_right (exists-trace): verified (5 steps) @@ -297,7 +300,7 @@ summary of summaries: analyzed: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.spthy output: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.spthy.tmp - processing time: 0.347202344s + processing time: 0.449477827s types (all-traces): verified (32 steps) reachability_left (exists-trace): verified (5 steps) reachability_right (exists-trace): verified (5 steps) diff --git a/case-studies-regression/fast-tests/related_work/TPM_DKRS_CSF11/Envelope_analyzed.spthy b/case-studies-regression/fast-tests/related_work/TPM_DKRS_CSF11/Envelope_analyzed.spthy index e8cd666e5..08cec2091 100644 --- a/case-studies-regression/fast-tests/related_work/TPM_DKRS_CSF11/Envelope_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/TPM_DKRS_CSF11/Envelope_analyzed.spthy @@ -2,8 +2,8 @@ theory TPM_Envelope begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +12,12 @@ equations: + + + + + + rule (modulo E) PCR_Init: [ Fr( ~aik ) ] --[ PCR_Init( ), PCR_Write( 'pcr0' ) ]-> @@ -6140,7 +6146,7 @@ analyzing: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy analyzed: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy output: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy.tmp - processing time: 31.257989787s + processing time: 34.486873643s types (all-traces): verified (13 steps) PCR_Write_charn (all-traces): verified (60 steps) Secret_and_Denied_exclusive (all-traces): verified (1799 steps) @@ -6153,7 +6159,7 @@ summary of summaries: analyzed: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy output: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy.tmp - processing time: 31.257989787s + processing time: 34.486873643s types (all-traces): verified (13 steps) PCR_Write_charn (all-traces): verified (60 steps) Secret_and_Denied_exclusive (all-traces): verified (1799 steps) diff --git a/case-studies-regression/fast-tests/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets_analyzed.spthy b/case-studies-regression/fast-tests/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets_analyzed.spthy index 8b2c5a506..8dab3871d 100644 --- a/case-studies-regression/fast-tests/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets_analyzed.spthy @@ -2,8 +2,8 @@ theory TPM_Exclusive_Secrets begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +12,12 @@ equations: + + + + + + rule (modulo E) PCR_Init: [ Fr( ~aik ) ] --[ PCR_Init( 'pcr0', ~aik ), UniqueInit( ) ]-> @@ -613,7 +619,7 @@ analyzing: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy analyzed: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy output: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy.tmp - processing time: 2.572051433s + processing time: 3.395295302s types (all-traces): verified (16 steps) Unbind_PCR_charn (all-traces): verified (26 steps) exclusive_secrets (all-traces): verified (96 steps) @@ -628,7 +634,7 @@ summary of summaries: analyzed: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy output: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy.tmp - processing time: 2.572051433s + processing time: 3.395295302s types (all-traces): verified (16 steps) Unbind_PCR_charn (all-traces): verified (26 steps) exclusive_secrets (all-traces): verified (96 steps) diff --git a/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_analyzed.spthy b/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_analyzed.spthy index 6c25c10ea..a89bfb995 100644 --- a/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_analyzed.spthy @@ -2,7 +2,8 @@ theory Yubikey begin // Function signature and definition of the equational theory E -functions: S/1, fst/1, myzero/0, pair/2, sdec/2, senc/2, snd/1 +functions: S/1, fst/1[destructor], myzero/0, pair/2, sdec/2[destructor], + senc/2, snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -14,6 +15,8 @@ equations: section{* The Yubikey-Protocol *} + + rule (modulo E) InitSucc: [ In( myzero ), In( S(myzero) ) ] --[ Theory( ), IsSucc( myzero, S(myzero) ), IsZero( myzero ) ]-> @@ -202,7 +205,7 @@ next (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ (#t1 < #vr.1) ∥ (#vr.1 = #t1) ) case case_1 - by contradiction /* non-injective facts (#vr,#vr.1,#t1) */ + by contradiction /* cyclic */ next case case_2 solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) @@ -255,7 +258,7 @@ next (∃ #t3. (IsSmaller( S(otc), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ (#t1 < #vr.1) ∥ (#vr.1 = #t1) ) case case_1 - by contradiction /* non-injective facts (#vr,#vr.1,#t1) */ + by contradiction /* cyclic */ next case case_2 solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) @@ -344,7 +347,7 @@ next (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ (#t1 < #vr.1) ∥ (#vr.1 = #t1) ) case case_1 - by contradiction /* non-injective facts (#vr,#vr.1,#t1) */ + by contradiction /* cyclic */ next case case_2 solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) @@ -397,7 +400,7 @@ next (∃ #t3. (IsSmaller( S(y), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ (#t1 < #vr.1) ∥ (#vr.1 = #t1) ) case case_1 - by contradiction /* non-injective facts (#vr,#vr.1,#t1) */ + by contradiction /* cyclic */ next case case_2 solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) @@ -488,18 +491,11 @@ next by sorry /* unannotated */ next case BuyANewYubikey - by contradiction /* non-injective facts (#vr.1,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 - solve( ((#vr.4 < #t1) ∧ - (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ - (#t1 < #vr.4) ) - case case_1 - by contradiction /* non-injective facts (#vr.4,#t1,#t2) */ - next - case case_2 - by contradiction /* from formulas */ - qed + simplify + by contradiction /* from formulas */ next case Server_ReceiveOTP_NewSession_case_2 solve( ((#vr.4 < #t1) ∧ @@ -646,50 +642,43 @@ next by sorry /* unannotated */ next case BuyANewYubikey - by contradiction /* non-injective facts (#vr.1,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 - solve( ((#vr.4 < #t1) ∧ - (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ - (#t1 < #vr.4) ) - case case_1 - by contradiction /* non-injective facts (#vr.4,#t1,#t2) */ - next - case case_2 - solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) - case BuyANewYubikey - solve( !Smaller( S(otc), tc1 ) ▶₃ #t1 ) - case SimpleSmaller - solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) - case BuyANewYubikey - solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) - case SimpleSmaller - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - by contradiction /* from formulas */ - qed + simplify + solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) + case BuyANewYubikey + solve( !Smaller( S(otc), tc1 ) ▶₃ #t1 ) + case SimpleSmaller + solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) + case BuyANewYubikey + solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) + case SimpleSmaller + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + by contradiction /* from formulas */ qed - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) - case BuyANewYubikey - solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) - case SimpleSmaller - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - by contradiction /* from formulas */ - qed + qed + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) + case BuyANewYubikey + solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) + case SimpleSmaller + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + by contradiction /* from formulas */ qed qed qed @@ -912,18 +901,11 @@ next by sorry /* unannotated */ next case BuyANewYubikey - by contradiction /* non-injective facts (#vr.1,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 - solve( ((#vr.4 < #t1) ∧ - (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ - (#t1 < #vr.4) ) - case case_1 - by contradiction /* non-injective facts (#vr.4,#t1,#t2) */ - next - case case_2 - by contradiction /* from formulas */ - qed + simplify + by contradiction /* from formulas */ next case Server_ReceiveOTP_NewSession_case_2 solve( ((#vr.4 < #t1) ∧ @@ -1070,50 +1052,43 @@ next by sorry /* unannotated */ next case BuyANewYubikey - by contradiction /* non-injective facts (#vr.1,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 - solve( ((#vr.4 < #t1) ∧ - (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ - (#t1 < #vr.4) ) - case case_1 - by contradiction /* non-injective facts (#vr.4,#t1,#t2) */ - next - case case_2 - solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) - case BuyANewYubikey - solve( !Smaller( S(y), tc1 ) ▶₃ #t1 ) - case SimpleSmaller - solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) - case BuyANewYubikey - solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) - case SimpleSmaller - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - by contradiction /* from formulas */ - qed + simplify + solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) + case BuyANewYubikey + solve( !Smaller( S(y), tc1 ) ▶₃ #t1 ) + case SimpleSmaller + solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) + case BuyANewYubikey + solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) + case SimpleSmaller + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + by contradiction /* from formulas */ qed - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) - case BuyANewYubikey - solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) - case SimpleSmaller - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - by contradiction /* from formulas */ - qed + qed + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) + case BuyANewYubikey + solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) + case SimpleSmaller + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + by contradiction /* from formulas */ qed qed qed @@ -3780,6 +3755,10 @@ next by contradiction /* from formulas */ qed + + + + /* All well-formedness checks were successful. */ end @@ -3795,9 +3774,9 @@ analyzing: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy.tmp - processing time: 13.366438753s + processing time: 17.171069702s Login_reachable (exists-trace): verified (12 steps) - slightly_weaker_invariant (all-traces): verified (1145 steps) + slightly_weaker_invariant (all-traces): verified (1141 steps) no_replay (all-traces): verified (4 steps) injective_correspondance (all-traces): verified (23 steps) Login_invalidates_smaller_counters (all-traces): verified (4 steps) @@ -3810,9 +3789,9 @@ summary of summaries: analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy.tmp - processing time: 13.366438753s + processing time: 17.171069702s Login_reachable (exists-trace): verified (12 steps) - slightly_weaker_invariant (all-traces): verified (1145 steps) + slightly_weaker_invariant (all-traces): verified (1141 steps) no_replay (all-traces): verified (4 steps) injective_correspondance (all-traces): verified (23 steps) Login_invalidates_smaller_counters (all-traces): verified (4 steps) diff --git a/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_analyzed.spthy b/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_analyzed.spthy index 5b501626b..7cbe0eba6 100644 --- a/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_analyzed.spthy @@ -2,9 +2,9 @@ theory YubikeyHSM begin // Function signature and definition of the equational theory E -functions: S/1, demac/2, dexor1/2, dexor2/2, fst/1, keystream/2, - keystream_kh/1, keystream_n/1, mac/2, myzero/0, pair/2, sdec/2, senc/2, - snd/1, xorc/2 +functions: S/1, demac/2, dexor1/2, dexor2/2, fst/1[destructor], + keystream/2, keystream_kh/1, keystream_n/1, mac/2, myzero/0, pair/2, + sdec/2[destructor], senc/2, snd/1[destructor], xorc/2 equations: demac(mac(m, k), k) = m, dexor1(xorc(a, b), a) = b, @@ -21,6 +21,8 @@ equations: section{* The Yubikey-Protocol with a YubiHSM *} + + rule (modulo E) InitSucc: [ In( myzero ), In( S(myzero) ) ] --[ Theory( ), IsSucc( myzero, S(myzero) ), IsZero( myzero ) ]-> @@ -7499,6 +7501,26 @@ next qed qed qed + + + + + + + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ @@ -7515,7 +7537,7 @@ analyzing: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy.tmp - processing time: 27.555096434s + processing time: 29.99126863s adv_can_guess_counter (all-traces): verified (24 steps) otp_decode_does_not_help_adv_use_induction (all-traces): verified (275 steps) neither_k_nor_k2_are_ever_leaked_inv (all-traces): verified (185 steps) @@ -7529,7 +7551,7 @@ summary of summaries: analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy.tmp - processing time: 27.555096434s + processing time: 29.99126863s adv_can_guess_counter (all-traces): verified (24 steps) otp_decode_does_not_help_adv_use_induction (all-traces): verified (275 steps) neither_k_nor_k2_are_ever_leaked_inv (all-traces): verified (185 steps) diff --git a/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset_analyzed.spthy b/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset_analyzed.spthy index c631d465b..e598f3b20 100644 --- a/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset_analyzed.spthy @@ -3,9 +3,9 @@ theory YubikeyHSMmultiset begin // Function signature and definition of the equational theory E builtins: multiset -functions: demac/2, dexor1/2, dexor2/2, fst/1, keystream/2, - keystream_kh/1, keystream_n/1, mac/2, pair/2, sdec/2, senc/2, snd/1, - xorc/2 +functions: demac/2, dexor1/2, dexor2/2, fst/1[destructor], keystream/2, + keystream_kh/1, keystream_n/1, mac/2, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor], xorc/2 equations: demac(mac(m, k), k) = m, dexor1(xorc(a, b), a) = b, @@ -22,6 +22,10 @@ equations: section{* The Yubikey-Protocol with a YubiHSM *} + + + + rule (modulo E) isendHSM: [ In( x ) ] --[ HSMWrite( x ) ]-> [ InHSM( x ) ] @@ -553,7 +557,7 @@ next case case_2 solve( S_Counter( pid, otc2 ) ▶₃ #t2 ) case BuyANewYubikey - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 solve( (∀ pid otc1 tc1 otc2 tc2 #t1 #t2. @@ -571,79 +575,79 @@ next solve( ((#vr < #t1) ∧ (∃ z.3. ((otc1+z) = (otc+z.2+z.3)))) ∥ (#t1 < #vr) ∥ (#vr = #t1) ) case case_1_case_01 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_02 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_03 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_04 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_05 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_06 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_07 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_08 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_09 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_10 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_11 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_12 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_13 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_14 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_15 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_16 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_17 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_18 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_19 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_20 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_21 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_22 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_23 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_24 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_25 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_2_case_01 by contradiction /* from formulas */ @@ -744,79 +748,79 @@ next solve( ((#vr < #t1) ∧ (∃ z.3. ((otc1+z) = (otc+z.2+z.3)))) ∥ (#t1 < #vr) ∥ (#vr = #t1) ) case case_1_case_01 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_02 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_03 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_04 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_05 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_06 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_07 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_08 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_09 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_10 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_11 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_12 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_13 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_14 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_15 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_16 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_17 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_18 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_19 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_20 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_21 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_22 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_23 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_24 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_25 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_2_case_01 by contradiction /* from formulas */ @@ -1206,6 +1210,22 @@ solve( (#t1 = #t2) ∥ (#t2 < #t1) ) qed qed + + + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -1221,7 +1241,7 @@ analyzing: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multise analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset.spthy.tmp - processing time: 7.241005265s + processing time: 6.550213065s transitivity (all-traces): verified (2 steps) otp_decode_does_not_help_adv_use_induction (all-traces): verified (72 steps) neither_k_nor_k2_are_ever_leaked_inv (all-traces): verified (27 steps) @@ -1238,7 +1258,7 @@ summary of summaries: analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset.spthy.tmp - processing time: 7.241005265s + processing time: 6.550213065s transitivity (all-traces): verified (2 steps) otp_decode_does_not_help_adv_use_induction (all-traces): verified (72 steps) neither_k_nor_k2_are_ever_leaked_inv (all-traces): verified (27 steps) diff --git a/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_multiset_analyzed.spthy b/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_multiset_analyzed.spthy index b5ad23e4b..561ef786f 100644 --- a/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_multiset_analyzed.spthy +++ b/case-studies-regression/fast-tests/related_work/YubiSecure_KS_STM12/Yubikey_multiset_analyzed.spthy @@ -3,7 +3,8 @@ theory YubikeyMultisets begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -15,6 +16,10 @@ equations: section{* The Yubikey-Protocol *} + + + + rule (modulo E) BuyANewYubikey: [ Fr( ~k ), Fr( ~pid ), Fr( ~sid ) ] --[ Protocol( ), Init( ~pid, ~k ), ExtendedInit( ~pid, ~sid, ~k ) ]-> @@ -176,22 +181,22 @@ next solve( ((#vr.7 < #t1) ∧ (∃ z.2. ((otc+z.1+z.2) = ('1'+z)))) ∥ (#t1 < #vr.7) ∥ (#vr.7 = #t1) ) case case_1_case_1 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_2 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_3 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_4 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_5 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_6 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_2_case_01 by contradiction /* from formulas */ @@ -251,805 +256,805 @@ next case Yubikey_PressButton solve( Server( ~pid, ~sid, otc2 ) ▶₀ #t2 ) case BuyANewYubikey - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession solve( ((#vr.11 < #t1) ∧ (∃ z.3. ((otc.1+z.2+z.3) = (otc+z+z.1)))) ∥ (#t1 < #vr.11) ∥ (#vr.11 = #t1) ) case case_1_case_001 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_002 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_003 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_004 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_005 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_006 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_007 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_008 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_009 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_010 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_011 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_012 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_013 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_014 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_015 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_016 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_017 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_018 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_019 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_020 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_021 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_022 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_023 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_024 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_025 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_026 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_027 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_028 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_029 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_030 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_031 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_032 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_033 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_034 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_035 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_036 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_037 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_038 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_039 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_040 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_041 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_042 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_043 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_044 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_045 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_046 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_047 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_048 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_049 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_050 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_051 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_052 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_053 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_054 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_055 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_056 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_057 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_058 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_059 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_060 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_061 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_062 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_063 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_064 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_065 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_066 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_067 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_068 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_069 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_070 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_071 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_072 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_073 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_074 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_075 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_076 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_077 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_078 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_079 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_080 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_081 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_082 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_083 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_084 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_085 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_086 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_087 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_088 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_089 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_090 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_091 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_092 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_093 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_094 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_095 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_096 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_097 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_098 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_099 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_100 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_101 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_102 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_103 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_104 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_105 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_106 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_107 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_108 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_109 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_110 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_111 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_112 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_113 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_114 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_115 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_116 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_117 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_118 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_119 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_120 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_121 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_122 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_123 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_124 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_125 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_126 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_127 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_128 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_129 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_130 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_131 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_132 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_133 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_134 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_135 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_136 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_137 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_138 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_139 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_140 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_141 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_142 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_143 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_144 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_145 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_146 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_147 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_148 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_149 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_150 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_151 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_152 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_153 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_154 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_155 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_156 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_157 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_158 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_159 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_160 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_161 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_162 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_163 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_164 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_165 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_166 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_167 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_168 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_169 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_170 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_171 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_172 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_173 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_174 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_175 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_176 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_177 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_178 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_179 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_180 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_181 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_182 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_183 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_184 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_185 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_186 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_187 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_188 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_189 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_190 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_191 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_192 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_193 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_194 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_195 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_196 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_197 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_198 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_199 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_200 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_201 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_202 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_203 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_204 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_205 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_206 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_207 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_208 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_209 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_210 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_211 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_212 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_213 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_214 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_215 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_216 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_217 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_218 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_219 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_220 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_221 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_222 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_223 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_224 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_225 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_226 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_227 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_228 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_229 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_230 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_231 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_232 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_233 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_234 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_235 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_236 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_237 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_238 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_239 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_240 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_241 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_242 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_243 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_244 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_245 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_246 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_247 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_248 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_249 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_250 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_251 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_252 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_253 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_254 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_255 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_256 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_257 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_258 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_259 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_260 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_261 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_262 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_263 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_264 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_265 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_2_case_01 by contradiction /* from formulas */ @@ -1502,7 +1507,7 @@ analyzing: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy.tmp - processing time: 18.107798218s + processing time: 23.272680924s transitivity (all-traces): verified (2 steps) Login_reachable (exists-trace): verified (8 steps) slightly_weaker_invariant (all-traces): verified (420 steps) @@ -1518,7 +1523,7 @@ summary of summaries: analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy.tmp - processing time: 18.107798218s + processing time: 23.272680924s transitivity (all-traces): verified (2 steps) Login_reachable (exists-trace): verified (8 steps) slightly_weaker_invariant (all-traces): verified (420 steps) diff --git a/case-studies-regression/features/auto-sources/spore/AS_Concrete_RPC_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/AS_Concrete_RPC_analyzed-auto-sources.spthy index 114d4caed..ecfca1584 100644 --- a/case-studies-regression/features/auto-sources/spore/AS_Concrete_RPC_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/AS_Concrete_RPC_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory BanConcreteAndrewSecureRPC begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pred/1, sdec/2, senc/2, snd/1, succ/1 +functions: fst/1[destructor], pair/2, pred/1, sdec/2[destructor], senc/2, + snd/1[destructor], succ/1 equations: fst() = x.1, pred(succ(x)) = x, @@ -11,6 +12,8 @@ equations: + + rule (modulo E) Create_Key: [ Fr( ~sk ) ] --[ Secret( $A, $B, ~sk ) ]-> @@ -451,6 +454,10 @@ solve( StateB( $A, $B, ~sk, na, ~kabp ) ▶₀ #i ) qed qed + + + + /* All well-formedness checks were successful. */ end @@ -466,7 +473,7 @@ analyzing: examples/features/auto-sources/spore/AS_Concrete_RPC.spthy analyzed: examples/features/auto-sources/spore/AS_Concrete_RPC.spthy output: examples/features/auto-sources/spore/AS_Concrete_RPC.spthy.tmp - processing time: 23.589006094s + processing time: 27.543285445s secrecy (all-traces): verified (65 steps) injectiveagreement_A (all-traces): falsified - found trace (6 steps) injectiveagreement_B (all-traces): falsified - found trace (7 steps) @@ -482,7 +489,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/AS_Concrete_RPC.spthy output: examples/features/auto-sources/spore/AS_Concrete_RPC.spthy.tmp - processing time: 23.589006094s + processing time: 27.543285445s secrecy (all-traces): verified (65 steps) injectiveagreement_A (all-traces): falsified - found trace (6 steps) injectiveagreement_B (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/features/auto-sources/spore/AS_Modified_RPC_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/AS_Modified_RPC_analyzed-auto-sources.spthy index d1f9c42cf..17014dbce 100644 --- a/case-studies-regression/features/auto-sources/spore/AS_Modified_RPC_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/AS_Modified_RPC_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory ModifiedAndrewSecureRPC begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pred/1, sdec/2, senc/2, snd/1, succ/1 +functions: fst/1[destructor], pair/2, pred/1, sdec/2[destructor], senc/2, + snd/1[destructor], succ/1 equations: fst() = x.1, pred(succ(x)) = x, @@ -11,6 +12,8 @@ equations: + + rule (modulo E) Create_Key: [ Fr( ~sk ) ] --[ Secret( $A, $B, ~sk ) ]-> @@ -855,6 +858,10 @@ solve( StateB( $A, $B, ~sk, xna, ~nb ) ▶₀ #i ) qed qed + + + + /* All well-formedness checks were successful. */ lemma AUTO_typing [sources]: @@ -1820,7 +1827,7 @@ analyzing: examples/features/auto-sources/spore/AS_Modified_RPC.spthy analyzed: examples/features/auto-sources/spore/AS_Modified_RPC.spthy output: examples/features/auto-sources/spore/AS_Modified_RPC.spthy.tmp - processing time: 214.910524506s + processing time: 258.149614179s secrecy (all-traces): verified (187 steps) injectiveagreement_A (all-traces): falsified - found trace (9 steps) injectiveagreement_B (all-traces): falsified - found trace (7 steps) @@ -1837,7 +1844,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/AS_Modified_RPC.spthy output: examples/features/auto-sources/spore/AS_Modified_RPC.spthy.tmp - processing time: 214.910524506s + processing time: 258.149614179s secrecy (all-traces): verified (187 steps) injectiveagreement_A (all-traces): falsified - found trace (9 steps) injectiveagreement_B (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/features/auto-sources/spore/AS_RPC_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/AS_RPC_analyzed-auto-sources.spthy index 347af8715..dc9e9295f 100644 --- a/case-studies-regression/features/auto-sources/spore/AS_RPC_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/AS_RPC_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory AndrewSecureRPC begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pred/1, sdec/2, senc/2, snd/1, succ/1 +functions: fst/1[destructor], pair/2, pred/1, sdec/2[destructor], senc/2, + snd/1[destructor], succ/1 equations: fst() = x.1, pred(succ(x)) = x, @@ -11,6 +12,8 @@ equations: + + rule (modulo E) Create_Key: [ Fr( ~sk ) ] --[ Secret( $A, $B, ~sk ) ]-> @@ -882,6 +885,10 @@ solve( StateB( $A, $B, ~sk, xna, ~nb ) ▶₀ #i ) qed qed + + + + /* All well-formedness checks were successful. */ lemma AUTO_typing [sources]: @@ -1535,7 +1542,7 @@ analyzing: examples/features/auto-sources/spore/AS_RPC.spthy analyzed: examples/features/auto-sources/spore/AS_RPC.spthy output: examples/features/auto-sources/spore/AS_RPC.spthy.tmp - processing time: 75.190301747s + processing time: 104.08537812s secrecy (all-traces): verified (187 steps) injectiveagreement_A (all-traces): falsified - found trace (16 steps) injectiveagreement_B (all-traces): falsified - found trace (7 steps) @@ -1552,7 +1559,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/AS_RPC.spthy output: examples/features/auto-sources/spore/AS_RPC.spthy.tmp - processing time: 75.190301747s + processing time: 104.08537812s secrecy (all-traces): verified (187 steps) injectiveagreement_A (all-traces): falsified - found trace (16 steps) injectiveagreement_B (all-traces): falsified - found trace (7 steps) diff --git a/case-studies-regression/features/auto-sources/spore/CCITT_X509_1_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/CCITT_X509_1_analyzed-auto-sources.spthy index 95aa8c445..727e6a471 100644 --- a/case-studies-regression/features/auto-sources/spore/CCITT_X509_1_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/CCITT_X509_1_analyzed-auto-sources.spthy @@ -2,8 +2,8 @@ theory CcittX509_1 begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +12,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --[ Register( $X, ~ltk ) ]-> @@ -261,6 +265,8 @@ solve( !Pk( $B, pkB ) ▶₀ #i ) qed qed + + /* All well-formedness checks were successful. */ end @@ -276,7 +282,7 @@ analyzing: examples/features/auto-sources/spore/CCITT_X509_1.spthy analyzed: examples/features/auto-sources/spore/CCITT_X509_1.spthy output: examples/features/auto-sources/spore/CCITT_X509_1.spthy.tmp - processing time: 2.553924914s + processing time: 3.281590302s Secrecy (all-traces): verified (15 steps) injectiveagreement_B (all-traces): falsified - found trace (14 steps) agreement_B (all-traces): verified (7 steps) @@ -290,7 +296,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/CCITT_X509_1.spthy output: examples/features/auto-sources/spore/CCITT_X509_1.spthy.tmp - processing time: 2.553924914s + processing time: 3.281590302s Secrecy (all-traces): verified (15 steps) injectiveagreement_B (all-traces): falsified - found trace (14 steps) agreement_B (all-traces): verified (7 steps) diff --git a/case-studies-regression/features/auto-sources/spore/CCITT_X509_1c_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/CCITT_X509_1c_analyzed-auto-sources.spthy index 309ef3d27..0a1c16425 100644 --- a/case-studies-regression/features/auto-sources/spore/CCITT_X509_1c_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/CCITT_X509_1c_analyzed-auto-sources.spthy @@ -2,8 +2,8 @@ theory CcittX509_1c begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +12,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --[ Register( $X, ~ltk ) ]-> @@ -284,6 +288,8 @@ solve( !Pk( $B, pkB ) ▶₀ #i ) qed qed + + /* All well-formedness checks were successful. */ end @@ -299,7 +305,7 @@ analyzing: examples/features/auto-sources/spore/CCITT_X509_1c.spthy analyzed: examples/features/auto-sources/spore/CCITT_X509_1c.spthy output: examples/features/auto-sources/spore/CCITT_X509_1c.spthy.tmp - processing time: 3.243642075s + processing time: 4.022774903s Secrecy (all-traces): verified (15 steps) injectiveagreement_B (all-traces): falsified - found trace (14 steps) agreement_B (all-traces): verified (7 steps) @@ -313,7 +319,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/CCITT_X509_1c.spthy output: examples/features/auto-sources/spore/CCITT_X509_1c.spthy.tmp - processing time: 3.243642075s + processing time: 4.022774903s Secrecy (all-traces): verified (15 steps) injectiveagreement_B (all-traces): falsified - found trace (14 steps) agreement_B (all-traces): verified (7 steps) diff --git a/case-studies-regression/features/auto-sources/spore/CCITT_X509_3_BAN_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/CCITT_X509_3_BAN_analyzed-auto-sources.spthy index c048c162b..1d36479f1 100644 --- a/case-studies-regression/features/auto-sources/spore/CCITT_X509_3_BAN_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/CCITT_X509_3_BAN_analyzed-auto-sources.spthy @@ -2,8 +2,8 @@ theory CcittX509_3_BAN begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +12,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --[ Register( $X, ~ltk ) ]-> @@ -516,6 +520,8 @@ solve( !Pk( $B, pk(~ltkB) ) ▶₀ #i ) qed qed + + /* All well-formedness checks were successful. */ end @@ -531,7 +537,7 @@ analyzing: examples/features/auto-sources/spore/CCITT_X509_3_BAN.spthy analyzed: examples/features/auto-sources/spore/CCITT_X509_3_BAN.spthy output: examples/features/auto-sources/spore/CCITT_X509_3_BAN.spthy.tmp - processing time: 10.371940715s + processing time: 11.189523286s Secrecy (all-traces): verified (24 steps) injectiveagreement_B (all-traces): falsified - found trace (13 steps) agreement_B (all-traces): verified (7 steps) @@ -547,7 +553,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/CCITT_X509_3_BAN.spthy output: examples/features/auto-sources/spore/CCITT_X509_3_BAN.spthy.tmp - processing time: 10.371940715s + processing time: 11.189523286s Secrecy (all-traces): verified (24 steps) injectiveagreement_B (all-traces): falsified - found trace (13 steps) agreement_B (all-traces): verified (7 steps) diff --git a/case-studies-regression/features/auto-sources/spore/CCITT_X509_3_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/CCITT_X509_3_analyzed-auto-sources.spthy index 8b6f91958..9452ee1ff 100644 --- a/case-studies-regression/features/auto-sources/spore/CCITT_X509_3_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/CCITT_X509_3_analyzed-auto-sources.spthy @@ -2,8 +2,8 @@ theory CcittX509_3 begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +12,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --[ Register( $X, ~ltk ) ]-> @@ -557,6 +561,8 @@ solve( !Pk( $B, pk(~ltkB) ) ▶₀ #i ) qed qed + + /* All well-formedness checks were successful. */ end @@ -572,7 +578,7 @@ analyzing: examples/features/auto-sources/spore/CCITT_X509_3.spthy analyzed: examples/features/auto-sources/spore/CCITT_X509_3.spthy output: examples/features/auto-sources/spore/CCITT_X509_3.spthy.tmp - processing time: 328.256236161s + processing time: 364.350629446s Secrecy (all-traces): falsified - found trace (16 steps) injectiveagreement_B (all-traces): falsified - found trace (14 steps) agreement_B (all-traces): falsified - found trace (16 steps) @@ -588,7 +594,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/CCITT_X509_3.spthy output: examples/features/auto-sources/spore/CCITT_X509_3.spthy.tmp - processing time: 328.256236161s + processing time: 364.350629446s Secrecy (all-traces): falsified - found trace (16 steps) injectiveagreement_B (all-traces): falsified - found trace (14 steps) agreement_B (all-traces): falsified - found trace (16 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Denning-Sacco-SK-Lowe_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Denning-Sacco-SK-Lowe_analyzed-auto-sources.spthy index 89d73ad4c..8f4b7ae2a 100644 --- a/case-studies-regression/features/auto-sources/spore/Denning-Sacco-SK-Lowe_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Denning-Sacco-SK-Lowe_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory Denning_Sacco_Lowe_SK begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,10 @@ equations: + + + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !LongtermKey( ~kxs, $X ) ] @@ -709,7 +714,7 @@ analyzing: examples/features/auto-sources/spore/Denning-Sacco-SK-Lowe.spthy analyzed: examples/features/auto-sources/spore/Denning-Sacco-SK-Lowe.spthy output: examples/features/auto-sources/spore/Denning-Sacco-SK-Lowe.spthy.tmp - processing time: 5.260207603s + processing time: 7.48200313s executability (exists-trace): verified (9 steps) secrecy (all-traces): verified (38 steps) noninjectiveagreement_B (all-traces): verified (28 steps) @@ -726,7 +731,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Denning-Sacco-SK-Lowe.spthy output: examples/features/auto-sources/spore/Denning-Sacco-SK-Lowe.spthy.tmp - processing time: 5.260207603s + processing time: 7.48200313s executability (exists-trace): verified (9 steps) secrecy (all-traces): verified (38 steps) noninjectiveagreement_B (all-traces): verified (28 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Denning-Sacco-SK_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Denning-Sacco-SK_analyzed-auto-sources.spthy index 25abbd34d..14efa7988 100644 --- a/case-studies-regression/features/auto-sources/spore/Denning-Sacco-SK_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Denning-Sacco-SK_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory Denning_Sacco_SK begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !LongtermKey( ~kxs, $X ) ] @@ -386,7 +389,7 @@ analyzing: examples/features/auto-sources/spore/Denning-Sacco-SK.spthy analyzed: examples/features/auto-sources/spore/Denning-Sacco-SK.spthy output: examples/features/auto-sources/spore/Denning-Sacco-SK.spthy.tmp - processing time: 1.527555811s + processing time: 3.474958853s executability (exists-trace): verified (7 steps) secrecy (all-traces): verified (27 steps) noninjectiveagreement_B (all-traces): verified (8 steps) @@ -401,7 +404,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Denning-Sacco-SK.spthy output: examples/features/auto-sources/spore/Denning-Sacco-SK.spthy.tmp - processing time: 1.527555811s + processing time: 3.474958853s executability (exists-trace): verified (7 steps) secrecy (all-traces): verified (27 steps) noninjectiveagreement_B (all-traces): verified (8 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Lowe_AS_Concrete_RPC_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Lowe_AS_Concrete_RPC_analyzed-auto-sources.spthy index 4c4f0eda8..22cc06235 100644 --- a/case-studies-regression/features/auto-sources/spore/Lowe_AS_Concrete_RPC_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Lowe_AS_Concrete_RPC_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory LoweBanConcreteAndrewSecureRPC begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pred/1, sdec/2, senc/2, snd/1, succ/1 +functions: fst/1[destructor], pair/2, pred/1, sdec/2[destructor], senc/2, + snd/1[destructor], succ/1 equations: fst() = x.1, pred(succ(x)) = x, @@ -11,6 +12,8 @@ equations: + + rule (modulo E) Create_Key: [ Fr( ~sk ) ] --[ Secret( $A, $B, ~sk ) ]-> @@ -5006,6 +5009,10 @@ solve( StateB( $A, $B, ~sk, na, ~kabp ) ▶₀ #i ) qed qed + + + + /* All well-formedness checks were successful. */ end @@ -5021,7 +5028,7 @@ analyzing: examples/features/auto-sources/spore/Lowe_AS_Concrete_RPC.spthy analyzed: examples/features/auto-sources/spore/Lowe_AS_Concrete_RPC.spthy output: examples/features/auto-sources/spore/Lowe_AS_Concrete_RPC.spthy.tmp - processing time: 59.833228623s + processing time: 99.21864457s secrecy (all-traces): verified (65 steps) injectiveagreement_A (all-traces): verified (348 steps) injectiveagreement_B (all-traces): verified (968 steps) @@ -5037,7 +5044,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Lowe_AS_Concrete_RPC.spthy output: examples/features/auto-sources/spore/Lowe_AS_Concrete_RPC.spthy.tmp - processing time: 59.833228623s + processing time: 99.21864457s secrecy (all-traces): verified (65 steps) injectiveagreement_A (all-traces): verified (348 steps) injectiveagreement_B (all-traces): verified (968 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Nssk_amended_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Nssk_amended_analyzed-auto-sources.spthy index 88a4ae418..10e28f99f 100644 --- a/case-studies-regression/features/auto-sources/spore/Nssk_amended_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Nssk_amended_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory Nssk_amended begin // Function signature and definition of the equational theory E -functions: dec/1, fst/1, inc/1, pair/2, sdec/2, senc/2, snd/1 +functions: dec/1, fst/1[destructor], inc/1, pair/2, sdec/2[destructor], + senc/2, snd/1[destructor] equations: fst() = x.1, inc(dec(x)) = x, @@ -11,6 +12,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !LongtermKey( ~kxs, $X ) ] @@ -852,6 +855,10 @@ solve( StateA3( $A, $B, ~kas, ~na, mb, kab, mb2 ) ▶₀ #i ) qed qed + + + + /* All well-formedness checks were successful. */ lemma AUTO_typing [sources]: @@ -1657,7 +1664,7 @@ analyzing: examples/features/auto-sources/spore/Nssk_amended.spthy analyzed: examples/features/auto-sources/spore/Nssk_amended.spthy output: examples/features/auto-sources/spore/Nssk_amended.spthy.tmp - processing time: 13.613445539s + processing time: 19.510202226s executability (exists-trace): verified (14 steps) Secrecy (all-traces): verified (10 steps) injectiveagreement_B (all-traces): verified (31 steps) @@ -1674,7 +1681,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Nssk_amended.spthy output: examples/features/auto-sources/spore/Nssk_amended.spthy.tmp - processing time: 13.613445539s + processing time: 19.510202226s executability (exists-trace): verified (14 steps) Secrecy (all-traces): verified (10 steps) injectiveagreement_B (all-traces): verified (31 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Nssk_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Nssk_analyzed-auto-sources.spthy index 046169d1b..af96e8873 100644 --- a/case-studies-regression/features/auto-sources/spore/Nssk_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Nssk_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory Nssk begin // Function signature and definition of the equational theory E -functions: dec/1, fst/1, inc/1, pair/2, sdec/2, senc/2, snd/1 +functions: dec/1, fst/1[destructor], inc/1, pair/2, sdec/2[destructor], + senc/2, snd/1[destructor] equations: fst() = x.1, inc(dec(x)) = x, @@ -11,6 +12,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !LongtermKey( ~kxs, $X ) ] @@ -740,6 +743,10 @@ solve( StateA2( $A, $B, ~kas, ~na, kab, mb ) ▶₀ #i ) qed qed + + + + /* All well-formedness checks were successful. */ lemma AUTO_typing [sources]: @@ -1065,7 +1072,7 @@ analyzing: examples/features/auto-sources/spore/Nssk.spthy analyzed: examples/features/auto-sources/spore/Nssk.spthy output: examples/features/auto-sources/spore/Nssk.spthy.tmp - processing time: 6.609113314s + processing time: 12.342635866s executability (exists-trace): verified (12 steps) Secrecy (all-traces): verified (34 steps) injectiveagreement_B (all-traces): verified (31 steps) @@ -1082,7 +1089,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Nssk.spthy output: examples/features/auto-sources/spore/Nssk.spthy.tmp - processing time: 6.609113314s + processing time: 12.342635866s executability (exists-trace): verified (12 steps) Secrecy (all-traces): verified (34 steps) injectiveagreement_B (all-traces): verified (31 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Otway-Rees_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Otway-Rees_analyzed-auto-sources.spthy index ce27ae97c..008919cb3 100644 --- a/case-studies-regression/features/auto-sources/spore/Otway-Rees_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Otway-Rees_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory Otway_Rees begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !LongtermKey( ~kxs, $X ) ] @@ -3368,7 +3371,7 @@ analyzing: examples/features/auto-sources/spore/Otway-Rees.spthy analyzed: examples/features/auto-sources/spore/Otway-Rees.spthy output: examples/features/auto-sources/spore/Otway-Rees.spthy.tmp - processing time: 22.748711375s + processing time: 29.546522114s Secrecy (all-traces): verified (40 steps) injectiveagreement_B (all-traces): verified (50 steps) agreement_B (all-traces): verified (16 steps) @@ -3387,7 +3390,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Otway-Rees.spthy output: examples/features/auto-sources/spore/Otway-Rees.spthy.tmp - processing time: 22.748711375s + processing time: 29.546522114s Secrecy (all-traces): verified (40 steps) injectiveagreement_B (all-traces): verified (50 steps) agreement_B (all-traces): verified (16 steps) diff --git a/case-studies-regression/features/auto-sources/spore/SpliceAS_2_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/SpliceAS_2_analyzed-auto-sources.spthy index 338367404..1923260fc 100644 --- a/case-studies-regression/features/auto-sources/spore/SpliceAS_2_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/SpliceAS_2_analyzed-auto-sources.spthy @@ -2,8 +2,8 @@ theory SpliceAS_2 begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, dec/1, fst/1, inc/1, pair/2, pk/1, sign/2, - snd/1, true/0, verify/3 +functions: adec/2[destructor], aenc/2, dec/1, fst/1[destructor], inc/1, + pair/2, pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, dec(inc(x)) = x, @@ -13,6 +13,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --[ Register( $U, ~ltk ), OnlyOnce( $U ) ]-> @@ -590,6 +594,10 @@ solve( StateC2( $C, AS, $S, ~ltkC, ~n1, ~n2, ~t, ~l, pkS ) ▶₁ #i ) qed qed + + + + /* All well-formedness checks were successful. */ lemma AUTO_typing [sources]: @@ -782,7 +790,7 @@ analyzing: examples/features/auto-sources/spore/SpliceAS_2.spthy analyzed: examples/features/auto-sources/spore/SpliceAS_2.spthy output: examples/features/auto-sources/spore/SpliceAS_2.spthy.tmp - processing time: 13.839365199s + processing time: 17.166558031s executability (exists-trace): verified (21 steps) Secrecy (all-traces): falsified - found trace (16 steps) injectiveagreement_B (all-traces): falsified - found trace (22 steps) @@ -799,7 +807,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/SpliceAS_2.spthy output: examples/features/auto-sources/spore/SpliceAS_2.spthy.tmp - processing time: 13.839365199s + processing time: 17.166558031s executability (exists-trace): verified (21 steps) Secrecy (all-traces): falsified - found trace (16 steps) injectiveagreement_B (all-traces): falsified - found trace (22 steps) diff --git a/case-studies-regression/features/auto-sources/spore/SpliceAS_3_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/SpliceAS_3_analyzed-auto-sources.spthy index 34cb2c853..0d527518e 100644 --- a/case-studies-regression/features/auto-sources/spore/SpliceAS_3_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/SpliceAS_3_analyzed-auto-sources.spthy @@ -2,8 +2,8 @@ theory SpliceAS_3 begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, dec/1, fst/1, inc/1, pair/2, pk/1, sign/2, - snd/1, true/0, verify/3 +functions: adec/2[destructor], aenc/2, dec/1, fst/1[destructor], inc/1, + pair/2, pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, dec(inc(x)) = x, @@ -13,6 +13,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --[ Register( $U, ~ltk ), OnlyOnce( $U ) ]-> @@ -927,6 +931,10 @@ solve( StateC2( $C, AS, $S, ~ltkC, ~n1, ~n2, ~t, ~l, pkS ) ▶₁ #i ) qed qed + + + + /* All well-formedness checks were successful. */ lemma AUTO_typing [sources]: @@ -1123,7 +1131,7 @@ analyzing: examples/features/auto-sources/spore/SpliceAS_3.spthy analyzed: examples/features/auto-sources/spore/SpliceAS_3.spthy output: examples/features/auto-sources/spore/SpliceAS_3.spthy.tmp - processing time: 13.773681173s + processing time: 16.425283551s executability (exists-trace): verified (21 steps) Secrecy (all-traces): verified (39 steps) injectiveagreement_B (all-traces): falsified - found trace (22 steps) @@ -1140,7 +1148,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/SpliceAS_3.spthy output: examples/features/auto-sources/spore/SpliceAS_3.spthy.tmp - processing time: 13.773681173s + processing time: 16.425283551s executability (exists-trace): verified (21 steps) Secrecy (all-traces): verified (39 steps) injectiveagreement_B (all-traces): falsified - found trace (22 steps) diff --git a/case-studies-regression/features/auto-sources/spore/SpliceAS_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/SpliceAS_analyzed-auto-sources.spthy index 5967b81b1..9287d85fc 100644 --- a/case-studies-regression/features/auto-sources/spore/SpliceAS_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/SpliceAS_analyzed-auto-sources.spthy @@ -2,8 +2,8 @@ theory SpliceAS begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, dec/1, fst/1, inc/1, pair/2, pk/1, sign/2, - snd/1, true/0, verify/3 +functions: adec/2[destructor], aenc/2, dec/1, fst/1[destructor], inc/1, + pair/2, pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, dec(inc(x)) = x, @@ -13,6 +13,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --[ Register( $U, ~ltk ), OnlyOnce( $U ) ]-> @@ -543,6 +547,10 @@ solve( StateC2( $C, AS, $S, ~ltkC, ~n1, ~n2, ~t, ~l, pkS ) ▶₁ #i ) qed qed + + + + /* All well-formedness checks were successful. */ lemma AUTO_typing [sources]: @@ -735,7 +743,7 @@ analyzing: examples/features/auto-sources/spore/SpliceAS.spthy analyzed: examples/features/auto-sources/spore/SpliceAS.spthy output: examples/features/auto-sources/spore/SpliceAS.spthy.tmp - processing time: 10.802245527s + processing time: 16.604032011s executability (exists-trace): verified (21 steps) Secrecy (all-traces): falsified - found trace (11 steps) injectiveagreement_B (all-traces): falsified - found trace (15 steps) @@ -752,7 +760,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/SpliceAS.spthy output: examples/features/auto-sources/spore/SpliceAS.spthy.tmp - processing time: 10.802245527s + processing time: 16.604032011s executability (exists-trace): verified (21 steps) Secrecy (all-traces): falsified - found trace (11 steps) injectiveagreement_B (all-traces): falsified - found trace (15 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe_analyzed-auto-sources.spthy index cba98bd05..44e8ba881 100644 --- a/case-studies-regression/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory WmFrogLowe begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pred/1, sdec/2, senc/2, snd/1, succ/1 +functions: fst/1[destructor], pair/2, pred/1, sdec/2[destructor], senc/2, + snd/1[destructor], succ/1 equations: fst() = x.1, pred(succ(x)) = x, @@ -11,6 +12,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !Ltk( ~kxs, $X ) ] @@ -997,6 +1000,10 @@ solve( !Ltk( ~kas, $A ) ▶₀ #i ) qed qed + + + + /* All well-formedness checks were successful. */ lemma AUTO_typing [sources]: @@ -1168,7 +1175,7 @@ analyzing: examples/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe.spthy analyzed: examples/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe.spthy output: examples/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe.spthy.tmp - processing time: 7.339260404s + processing time: 9.191718805s executability (exists-trace): verified (16 steps) Secrecy (all-traces): verified (30 steps) injectiveagreement_B (all-traces): verified (102 steps) @@ -1187,7 +1194,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe.spthy output: examples/features/auto-sources/spore/Wide_Mouthed_Frog_Lowe.spthy.tmp - processing time: 7.339260404s + processing time: 9.191718805s executability (exists-trace): verified (16 steps) Secrecy (all-traces): verified (30 steps) injectiveagreement_B (all-traces): verified (102 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Wide_Mouthed_Frog_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Wide_Mouthed_Frog_analyzed-auto-sources.spthy index bc769c2f1..1ac1c9b72 100644 --- a/case-studies-regression/features/auto-sources/spore/Wide_Mouthed_Frog_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Wide_Mouthed_Frog_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory WmFrog begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !Ltk( ~kxs, $X ) ] @@ -446,7 +449,7 @@ analyzing: examples/features/auto-sources/spore/Wide_Mouthed_Frog.spthy analyzed: examples/features/auto-sources/spore/Wide_Mouthed_Frog.spthy output: examples/features/auto-sources/spore/Wide_Mouthed_Frog.spthy.tmp - processing time: 1.55230587s + processing time: 1.817345967s executability (exists-trace): verified (9 steps) Secrecy (all-traces): verified (30 steps) injectiveagreement_B (all-traces): falsified - found trace (9 steps) @@ -463,7 +466,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Wide_Mouthed_Frog.spthy output: examples/features/auto-sources/spore/Wide_Mouthed_Frog.spthy.tmp - processing time: 1.55230587s + processing time: 1.817345967s executability (exists-trace): verified (9 steps) Secrecy (all-traces): verified (30 steps) injectiveagreement_B (all-traces): falsified - found trace (9 steps) diff --git a/case-studies-regression/features/auto-sources/spore/WooLam_Pi_f_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/WooLam_Pi_f_analyzed-auto-sources.spthy index ba273457d..b8f6231e5 100644 --- a/case-studies-regression/features/auto-sources/spore/WooLam_Pi_f_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/WooLam_Pi_f_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory WooLamPi_f begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !Ltk( ~kxs, $X ) ] @@ -562,7 +565,7 @@ analyzing: examples/features/auto-sources/spore/WooLam_Pi_f.spthy analyzed: examples/features/auto-sources/spore/WooLam_Pi_f.spthy output: examples/features/auto-sources/spore/WooLam_Pi_f.spthy.tmp - processing time: 1.611339897s + processing time: 2.208744232s executability (exists-trace): verified (10 steps) Secrecy (all-traces): verified (10 steps) injectiveagreement_B (all-traces): verified (17 steps) @@ -577,7 +580,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/WooLam_Pi_f.spthy output: examples/features/auto-sources/spore/WooLam_Pi_f.spthy.tmp - processing time: 1.611339897s + processing time: 2.208744232s executability (exists-trace): verified (10 steps) Secrecy (all-traces): verified (10 steps) injectiveagreement_B (all-traces): verified (17 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Yahalom-Lowe_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Yahalom-Lowe_analyzed-auto-sources.spthy index a794c4bf9..109e82e78 100644 --- a/case-studies-regression/features/auto-sources/spore/Yahalom-Lowe_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Yahalom-Lowe_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory YahalomLowe begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !LongtermKey( ~kxs, $X ) ] @@ -1061,7 +1064,7 @@ analyzing: examples/features/auto-sources/spore/Yahalom-Lowe.spthy analyzed: examples/features/auto-sources/spore/Yahalom-Lowe.spthy output: examples/features/auto-sources/spore/Yahalom-Lowe.spthy.tmp - processing time: 4.58083829s + processing time: 7.985186781s executability (exists-trace): verified (14 steps) secrecy (all-traces): verified (22 steps) noninjectiveagreement_B (all-traces): verified (33 steps) @@ -1078,7 +1081,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Yahalom-Lowe.spthy output: examples/features/auto-sources/spore/Yahalom-Lowe.spthy.tmp - processing time: 4.58083829s + processing time: 7.985186781s executability (exists-trace): verified (14 steps) secrecy (all-traces): verified (22 steps) noninjectiveagreement_B (all-traces): verified (33 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Yahalom_BAN_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Yahalom_BAN_analyzed-auto-sources.spthy index b95d66529..f7dc8f850 100644 --- a/case-studies-regression/features/auto-sources/spore/Yahalom_BAN_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Yahalom_BAN_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory Yahalom_BAN begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !LongtermKey( ~kxs, $X ) ] @@ -385,7 +388,7 @@ analyzing: examples/features/auto-sources/spore/Yahalom_BAN.spthy analyzed: examples/features/auto-sources/spore/Yahalom_BAN.spthy output: examples/features/auto-sources/spore/Yahalom_BAN.spthy.tmp - processing time: 1.949930733s + processing time: 3.30881322s executability (exists-trace): verified (15 steps) secrecy (all-traces): verified (22 steps) noninjectiveagreement_B (all-traces): falsified - found trace (10 steps) @@ -400,7 +403,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Yahalom_BAN.spthy output: examples/features/auto-sources/spore/Yahalom_BAN.spthy.tmp - processing time: 1.949930733s + processing time: 3.30881322s executability (exists-trace): verified (15 steps) secrecy (all-traces): verified (22 steps) noninjectiveagreement_B (all-traces): falsified - found trace (10 steps) diff --git a/case-studies-regression/features/auto-sources/spore/Yahalom_analyzed-auto-sources.spthy b/case-studies-regression/features/auto-sources/spore/Yahalom_analyzed-auto-sources.spthy index 22f496266..b5c33039a 100644 --- a/case-studies-regression/features/auto-sources/spore/Yahalom_analyzed-auto-sources.spthy +++ b/case-studies-regression/features/auto-sources/spore/Yahalom_analyzed-auto-sources.spthy @@ -2,7 +2,8 @@ theory Yahalom begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) Init: [ Fr( ~kxs ) ] --[ KeyGen( $X ) ]-> [ !LongtermKey( ~kxs, $X ) ] @@ -1166,7 +1169,7 @@ analyzing: examples/features/auto-sources/spore/Yahalom.spthy analyzed: examples/features/auto-sources/spore/Yahalom.spthy output: examples/features/auto-sources/spore/Yahalom.spthy.tmp - processing time: 5.302992162s + processing time: 10.573164574s executability (exists-trace): verified (14 steps) secrecy (all-traces): verified (22 steps) noninjectiveagreement_B (all-traces): verified (51 steps) @@ -1183,7 +1186,7 @@ summary of summaries: analyzed: examples/features/auto-sources/spore/Yahalom.spthy output: examples/features/auto-sources/spore/Yahalom.spthy.tmp - processing time: 5.302992162s + processing time: 10.573164574s executability (exists-trace): verified (14 steps) secrecy (all-traces): verified (22 steps) noninjectiveagreement_B (all-traces): verified (51 steps) diff --git a/case-studies-regression/features/equivalence/AxiomDiffTest1_analyzed-diff.spthy b/case-studies-regression/features/equivalence/AxiomDiffTest1_analyzed-diff.spthy index 9d228fa56..6a4af38f1 100644 --- a/case-studies-regression/features/equivalence/AxiomDiffTest1_analyzed-diff.spthy +++ b/case-studies-regression/features/equivalence/AxiomDiffTest1_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory AxiomDiffTest1 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -39,7 +39,7 @@ analyzing: examples/features/equivalence/AxiomDiffTest1.spthy analyzed: examples/features/equivalence/AxiomDiffTest1.spthy output: examples/features/equivalence/AxiomDiffTest1.spthy.tmp - processing time: 0.110995827s + processing time: 0.170019887s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ------------------------------------------------------------------------------ @@ -50,7 +50,7 @@ summary of summaries: analyzed: examples/features/equivalence/AxiomDiffTest1.spthy output: examples/features/equivalence/AxiomDiffTest1.spthy.tmp - processing time: 0.110995827s + processing time: 0.170019887s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ============================================================================== diff --git a/case-studies-regression/features/equivalence/AxiomDiffTest2_analyzed-diff.spthy b/case-studies-regression/features/equivalence/AxiomDiffTest2_analyzed-diff.spthy index fd593e15c..29c8973c5 100644 --- a/case-studies-regression/features/equivalence/AxiomDiffTest2_analyzed-diff.spthy +++ b/case-studies-regression/features/equivalence/AxiomDiffTest2_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory AxiomDiffTest2 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -49,7 +49,7 @@ analyzing: examples/features/equivalence/AxiomDiffTest2.spthy analyzed: examples/features/equivalence/AxiomDiffTest2.spthy output: examples/features/equivalence/AxiomDiffTest2.spthy.tmp - processing time: 0.101687357s + processing time: 0.175466232s DiffLemma: Observational_equivalence : falsified - found trace (5 steps) ------------------------------------------------------------------------------ @@ -60,7 +60,7 @@ summary of summaries: analyzed: examples/features/equivalence/AxiomDiffTest2.spthy output: examples/features/equivalence/AxiomDiffTest2.spthy.tmp - processing time: 0.101687357s + processing time: 0.175466232s DiffLemma: Observational_equivalence : falsified - found trace (5 steps) ============================================================================== diff --git a/case-studies-regression/features/equivalence/AxiomDiffTest3_analyzed-diff.spthy b/case-studies-regression/features/equivalence/AxiomDiffTest3_analyzed-diff.spthy index 8e9cf73c9..302e94629 100644 --- a/case-studies-regression/features/equivalence/AxiomDiffTest3_analyzed-diff.spthy +++ b/case-studies-regression/features/equivalence/AxiomDiffTest3_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory AxiomDiffTest3 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -39,7 +39,7 @@ analyzing: examples/features/equivalence/AxiomDiffTest3.spthy analyzed: examples/features/equivalence/AxiomDiffTest3.spthy output: examples/features/equivalence/AxiomDiffTest3.spthy.tmp - processing time: 0.105914723s + processing time: 0.136129999s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ------------------------------------------------------------------------------ @@ -50,7 +50,7 @@ summary of summaries: analyzed: examples/features/equivalence/AxiomDiffTest3.spthy output: examples/features/equivalence/AxiomDiffTest3.spthy.tmp - processing time: 0.105914723s + processing time: 0.136129999s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ============================================================================== diff --git a/case-studies-regression/features/equivalence/AxiomDiffTest4_analyzed-diff.spthy b/case-studies-regression/features/equivalence/AxiomDiffTest4_analyzed-diff.spthy index 89f1cbba3..aa7cf8855 100644 --- a/case-studies-regression/features/equivalence/AxiomDiffTest4_analyzed-diff.spthy +++ b/case-studies-regression/features/equivalence/AxiomDiffTest4_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory AxiomDiffTest4 begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -39,7 +39,7 @@ analyzing: examples/features/equivalence/AxiomDiffTest4.spthy analyzed: examples/features/equivalence/AxiomDiffTest4.spthy output: examples/features/equivalence/AxiomDiffTest4.spthy.tmp - processing time: 0.104304077s + processing time: 0.218947501s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ------------------------------------------------------------------------------ @@ -50,7 +50,7 @@ summary of summaries: analyzed: examples/features/equivalence/AxiomDiffTest4.spthy output: examples/features/equivalence/AxiomDiffTest4.spthy.tmp - processing time: 0.104304077s + processing time: 0.218947501s DiffLemma: Observational_equivalence : falsified - found trace (4 steps) ============================================================================== diff --git a/case-studies-regression/features/equivalence/N5N6DiffTest_analyzed-diff.spthy b/case-studies-regression/features/equivalence/N5N6DiffTest_analyzed-diff.spthy index c88509c7e..eebb772fc 100644 --- a/case-studies-regression/features/equivalence/N5N6DiffTest_analyzed-diff.spthy +++ b/case-studies-regression/features/equivalence/N5N6DiffTest_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory N5N6DiffTest begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -47,7 +47,7 @@ analyzing: examples/features/equivalence/N5N6DiffTest.spthy analyzed: examples/features/equivalence/N5N6DiffTest.spthy output: examples/features/equivalence/N5N6DiffTest.spthy.tmp - processing time: 0.103726068s + processing time: 0.20371758s DiffLemma: Observational_equivalence : falsified - found trace (8 steps) ------------------------------------------------------------------------------ @@ -58,7 +58,7 @@ summary of summaries: analyzed: examples/features/equivalence/N5N6DiffTest.spthy output: examples/features/equivalence/N5N6DiffTest.spthy.tmp - processing time: 0.103726068s + processing time: 0.20371758s DiffLemma: Observational_equivalence : falsified - found trace (8 steps) ============================================================================== diff --git a/case-studies-regression/features/injectivity/injectivity_analyzed.spthy b/case-studies-regression/features/injectivity/injectivity_analyzed.spthy index 3112ad832..8148dc74f 100644 --- a/case-studies-regression/features/injectivity/injectivity_analyzed.spthy +++ b/case-studies-regression/features/injectivity/injectivity_analyzed.spthy @@ -2,7 +2,7 @@ theory injectivity begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -49,16 +49,16 @@ next case Copy solve( Inj( ~i.1 ) ▶₀ #k ) case Copy - by contradiction /* non-injective facts (#vr.1,#j,#k) */ + by contradiction /* cyclic */ next case Init - by contradiction /* non-injective facts (#i,#j,#k) */ + by contradiction /* cyclic */ qed next case Init solve( Inj( ~i.1 ) ▶₀ #k ) case Copy - by contradiction /* non-injective facts (#i,#vr,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -78,7 +78,7 @@ analyzing: examples/features//injectivity/injectivity.spthy analyzed: examples/features//injectivity/injectivity.spthy output: examples/features//injectivity/injectivity.spthy.tmp - processing time: 0.086946904s + processing time: 0.029280069s injectivity_check (all-traces): verified (9 steps) ------------------------------------------------------------------------------ @@ -89,7 +89,7 @@ summary of summaries: analyzed: examples/features//injectivity/injectivity.spthy output: examples/features//injectivity/injectivity.spthy.tmp - processing time: 0.086946904s + processing time: 0.029280069s injectivity_check (all-traces): verified (9 steps) ============================================================================== diff --git a/case-studies-regression/features/multiset/counter_analyzed.spthy b/case-studies-regression/features/multiset/counter_analyzed.spthy index 7ff87f494..c2e851f6b 100644 --- a/case-studies-regression/features/multiset/counter_analyzed.spthy +++ b/case-studies-regression/features/multiset/counter_analyzed.spthy @@ -3,7 +3,8 @@ theory counter begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, h/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -13,6 +14,12 @@ equations: /* looping facts with injective instances: Counter/2 */ + + + + + + rule (modulo E) Create: [ Fr( ~s ) ] --[ Start( ~s ) ]-> [ Counter( ~s, '1' ) ] @@ -266,7 +273,7 @@ next case case_2 solve( Counter( ~s, '1' ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#j.1,#i,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -277,7 +284,7 @@ next case case_2 solve( Counter( ~s, '1' ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#j.1,#i,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -285,19 +292,10 @@ next case Inc_case_2 solve( Counter( ~s, y ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#j.1,#i,#j) */ + by contradiction /* cyclic */ next case Inc - solve( (#i < #vr.1) ∥ (∃ z. ((x+z) = ('1'+'1'+x))) ) - case case_2 - solve( (#vr < #vr.1) ∥ (∃ z. ((x+z) = ('1'+x))) ) - case case_2 - solve( (#vr.1 < #i) ∥ (∃ z. (('1'+'1'+x+z) = x)) ) - case case_1 - by contradiction /* non-injective facts (#vr.1,#i,#j) */ - qed - qed - qed + by simplify qed next case Inc_case_3 @@ -311,19 +309,10 @@ next case case_1 solve( Counter( ~s, y ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#j.1,#i,#j) */ + by contradiction /* cyclic */ next case Inc - solve( (#i < #vr.1) ∥ (∃ z. ((z+x.1) = ('1'+'1'+x+x.1))) ) - case case_2 - solve( (#vr < #vr.1) ∥ (∃ z. ((x+z) = ('1'+x+x.1))) ) - case case_2 - solve( (#vr.1 < #i) ∥ (∃ z. (('1'+'1'+x+z+x.1) = x)) ) - case case_1 - by contradiction /* non-injective facts (#vr.1,#i,#j) */ - qed - qed - qed + by simplify qed qed qed @@ -345,16 +334,7 @@ next case case_2 solve( Counter( ~s, ('1'+x) ) ▶₀ #j ) case Inc - solve( (#i < #vr.1) ∥ (∃ z.1. ((x+z.1) = ('1'+'1'+x+z))) ) - case case_2 - solve( (#vr < #vr.1) ∥ (∃ z.1. ((x+z.1) = ('1'+x+z))) ) - case case_2 - solve( (#vr.1 < #i) ∥ (∃ z.1. (('1'+'1'+x+z+z.1) = x)) ) - case case_1 - by contradiction /* non-injective facts (#vr.1,#i,#j) */ - qed - qed - qed + by simplify qed qed qed @@ -366,16 +346,7 @@ next case case_2 solve( Counter( ~s, ('1'+x) ) ▶₀ #j ) case Inc - solve( (#i < #vr.1) ∥ (∃ z. ((x+z) = ('1'+'1'+x))) ) - case case_2 - solve( (#vr < #vr.1) ∥ (∃ z. ((x+z) = ('1'+x))) ) - case case_2 - solve( (#vr.1 < #i) ∥ (∃ z. (('1'+'1'+x+z) = x)) ) - case case_1 - by contradiction /* non-injective facts (#vr.1,#i,#j) */ - qed - qed - qed + by simplify qed qed qed @@ -400,13 +371,7 @@ next case case_1 solve( Counter( ~s, ('1'+x) ) ▶₀ #j ) case Inc - solve( (#i < #vr.1) ∥ (∃ z. ((x+z) = ('1'+x))) ) - case case_2 - solve( (#vr.1 = #vr) ∥ (#vr < #vr.1) ∥ (∃ z. ((x+z) = x)) ) - case case_1 - by contradiction /* cyclic */ - qed - qed + by simplify qed qed qed @@ -456,42 +421,37 @@ next by solve( Counter( ~s, h(y) ) ▶₀ #vr ) next case case_2 - by contradiction /* from formulas */ + by contradiction /* cyclic */ qed qed qed qed next case Inc_case_2 - solve( (¬(#vr < #vr.1)) ∥ (∃ z. ((z+h(y)) = (x+h(y)))) ) - case case_2 - solve( (¬(#vr.1 < #vr)) ∥ (∃ z. ((x+z+h(y)) = h(y))) ) - case case_1 - solve( (#vr.1 < #j) ∥ (∃ z. ((y+z) = (x+h(y)))) ) - case case_1 - solve( (∃ z. (('1'+x+z+h(y)) = (x+h(y)))) ∥ - (∃ z. ((x+z+h(y)) = ('1'+x+h(y)))) ) - case case_2 - solve( (∃ z. ((x+z+h(y)) = h(y))) ∥ (∃ z. ((z+h(y)) = (x+h(y)))) ) - case case_2 - solve( (∃ z. ((x+z+h(y)) = ('1'+x+h(y)))) ∥ - (∃ z. (('1'+x+z+h(y)) = (x+h(y)))) ) - case case_1 - solve( (∃ z. ((z+h(y)) = (x+h(y)))) ∥ (∃ z. ((x+z+h(y)) = h(y))) ) - case case_1 - by solve( Counter( ~s, h(y) ) ▶₀ #vr ) - qed - qed + simplify + solve( (#vr.1 < #j) ∥ (∃ z. ((y+z) = (x+h(y)))) ) + case case_1 + solve( (∃ z. (('1'+x+z+h(y)) = (x+h(y)))) ∥ + (∃ z. ((x+z+h(y)) = ('1'+x+h(y)))) ) + case case_2 + solve( (∃ z. ((x+z+h(y)) = h(y))) ∥ (∃ z. ((z+h(y)) = (x+h(y)))) ) + case case_2 + solve( (∃ z. ((x+z+h(y)) = ('1'+x+h(y)))) ∥ + (∃ z. (('1'+x+z+h(y)) = (x+h(y)))) ) + case case_1 + solve( (∃ z. ((z+h(y)) = (x+h(y)))) ∥ (∃ z. ((x+z+h(y)) = h(y))) ) + case case_1 + by solve( Counter( ~s, h(y) ) ▶₀ #vr ) qed qed - next - case case_2_case_1 - by contradiction /* from formulas */ - next - case case_2_case_2 - by contradiction /* from formulas */ qed qed + next + case case_2_case_1 + by contradiction /* from formulas */ + next + case case_2_case_2 + by contradiction /* from formulas */ qed qed qed @@ -521,11 +481,11 @@ analyzing: examples/features//multiset/counter.spthy analyzed: examples/features//multiset/counter.spthy output: examples/features//multiset/counter.spthy.tmp - processing time: 1.894650482s + processing time: 1.353344609s counters_linear_order (all-traces): verified (50 steps) counter_start (all-traces): verified (8 steps) - counter_increases (all-traces): verified (58 steps) - lesser_senc_secret (all-traces): verified (26 steps) + counter_increases (all-traces): verified (44 steps) + lesser_senc_secret (all-traces): verified (25 steps) ------------------------------------------------------------------------------ @@ -535,11 +495,11 @@ summary of summaries: analyzed: examples/features//multiset/counter.spthy output: examples/features//multiset/counter.spthy.tmp - processing time: 1.894650482s + processing time: 1.353344609s counters_linear_order (all-traces): verified (50 steps) counter_start (all-traces): verified (8 steps) - counter_increases (all-traces): verified (58 steps) - lesser_senc_secret (all-traces): verified (26 steps) + counter_increases (all-traces): verified (44 steps) + lesser_senc_secret (all-traces): verified (25 steps) ============================================================================== */ diff --git a/case-studies-regression/features/private_function_symbols/NAXOS_eCK_PFS_private_analyzed.spthy b/case-studies-regression/features/private_function_symbols/NAXOS_eCK_PFS_private_analyzed.spthy index 530a02892..97e5e5584 100644 --- a/case-studies-regression/features/private_function_symbols/NAXOS_eCK_PFS_private_analyzed.spthy +++ b/case-studies-regression/features/private_function_symbols/NAXOS_eCK_PFS_private_analyzed.spthy @@ -3,11 +3,14 @@ theory NAXOS_eCK begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, sk/1 [private], snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, + sk/1[private,destructor], snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) Init_1: @@ -336,6 +339,12 @@ solve( (∃ matchingSession #i3 matchingRole. qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -351,7 +360,7 @@ analyzing: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spt analyzed: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spthy output: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spthy.tmp - processing time: 2.31902246s + processing time: 3.256204438s eCK_PFS_key_secrecy (all-traces): falsified - found trace (14 steps) ------------------------------------------------------------------------------ @@ -362,7 +371,7 @@ summary of summaries: analyzed: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spthy output: examples/features//private_function_symbols/NAXOS_eCK_PFS_private.spthy.tmp - processing time: 2.31902246s + processing time: 3.256204438s eCK_PFS_key_secrecy (all-traces): falsified - found trace (14 steps) ============================================================================== diff --git a/case-studies-regression/features/private_function_symbols/NAXOS_eCK_private_analyzed.spthy b/case-studies-regression/features/private_function_symbols/NAXOS_eCK_private_analyzed.spthy index 2c27cfb89..a4f8c63ce 100644 --- a/case-studies-regression/features/private_function_symbols/NAXOS_eCK_private_analyzed.spthy +++ b/case-studies-regression/features/private_function_symbols/NAXOS_eCK_private_analyzed.spthy @@ -3,11 +3,14 @@ theory NAXOS_eCK begin // Function signature and definition of the equational theory E builtins: diffie-hellman -functions: fst/1, h1/1, h2/1, pair/2, sk/1 [private], snd/1 +functions: fst/1[destructor], h1/1, h2/1, pair/2, + sk/1[private,destructor], snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + section{* NAXOS *} rule (modulo E) Init_1: @@ -575,6 +578,12 @@ next qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -590,7 +599,7 @@ analyzing: examples/features//private_function_symbols/NAXOS_eCK_private.spthy analyzed: examples/features//private_function_symbols/NAXOS_eCK_private.spthy output: examples/features//private_function_symbols/NAXOS_eCK_private.spthy.tmp - processing time: 2.161726738s + processing time: 2.603591207s eCK_key_secrecy (all-traces): verified (89 steps) ------------------------------------------------------------------------------ @@ -601,7 +610,7 @@ summary of summaries: analyzed: examples/features//private_function_symbols/NAXOS_eCK_private.spthy output: examples/features//private_function_symbols/NAXOS_eCK_private.spthy.tmp - processing time: 2.161726738s + processing time: 2.603591207s eCK_key_secrecy (all-traces): verified (89 steps) ============================================================================== diff --git a/case-studies-regression/features/xor/basicfunctionality/xor-basic_analyzed.spthy b/case-studies-regression/features/xor/basicfunctionality/xor-basic_analyzed.spthy index 546573787..4e480c4b9 100644 --- a/case-studies-regression/features/xor/basicfunctionality/xor-basic_analyzed.spthy +++ b/case-studies-regression/features/xor/basicfunctionality/xor-basic_analyzed.spthy @@ -3,11 +3,13 @@ theory xorbasic begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + rule (modulo E) testsend: [ Fr( ~x ), Fr( ~y ), Fr( ~a ), Fr( ~b ) ] --[ OnlyOnce( ), Secret( (~x⊕~y) ) ]-> @@ -207,7 +209,7 @@ analyzing: examples/features/xor/basicfunctionality/xor-basic.spthy analyzed: examples/features/xor/basicfunctionality/xor-basic.spthy output: examples/features/xor/basicfunctionality/xor-basic.spthy.tmp - processing time: 1.703883915s + processing time: 2.39003941s secrecybroken (all-traces): falsified - found trace (19 steps) ------------------------------------------------------------------------------ @@ -218,7 +220,7 @@ summary of summaries: analyzed: examples/features/xor/basicfunctionality/xor-basic.spthy output: examples/features/xor/basicfunctionality/xor-basic.spthy.tmp - processing time: 1.703883915s + processing time: 2.39003941s secrecybroken (all-traces): falsified - found trace (19 steps) ============================================================================== diff --git a/case-studies-regression/features/xor/basicfunctionality/xor0_analyzed.spthy b/case-studies-regression/features/xor/basicfunctionality/xor0_analyzed.spthy index 03f54570d..757ce088c 100644 --- a/case-studies-regression/features/xor/basicfunctionality/xor0_analyzed.spthy +++ b/case-studies-regression/features/xor/basicfunctionality/xor0_analyzed.spthy @@ -3,11 +3,13 @@ theory xor0 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + rule (modulo E) challenge: [ Fr( ~a ), Fr( ~b ) ] --[ Challenge( (~a⊕~b) ) ]-> [ Out( <~a, ~b> ) ] @@ -72,7 +74,7 @@ analyzing: examples/features/xor/basicfunctionality/xor0.spthy analyzed: examples/features/xor/basicfunctionality/xor0.spthy output: examples/features/xor/basicfunctionality/xor0.spthy.tmp - processing time: 0.112611568s + processing time: 0.092042084s crworks (exists-trace): verified (6 steps) ------------------------------------------------------------------------------ @@ -83,7 +85,7 @@ summary of summaries: analyzed: examples/features/xor/basicfunctionality/xor0.spthy output: examples/features/xor/basicfunctionality/xor0.spthy.tmp - processing time: 0.112611568s + processing time: 0.092042084s crworks (exists-trace): verified (6 steps) ============================================================================== diff --git a/case-studies-regression/features/xor/basicfunctionality/xor1_analyzed.spthy b/case-studies-regression/features/xor/basicfunctionality/xor1_analyzed.spthy index 31d5b7b01..5ff7ca1fe 100644 --- a/case-studies-regression/features/xor/basicfunctionality/xor1_analyzed.spthy +++ b/case-studies-regression/features/xor/basicfunctionality/xor1_analyzed.spthy @@ -3,11 +3,13 @@ theory xor1 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + rule (modulo E) testsend: [ Fr( ~x ), Fr( ~y ) ] --[ OnlyOnce( ), Secret( ~x ) ]-> @@ -62,7 +64,7 @@ analyzing: examples/features/xor/basicfunctionality/xor1.spthy analyzed: examples/features/xor/basicfunctionality/xor1.spthy output: examples/features/xor/basicfunctionality/xor1.spthy.tmp - processing time: 0.144391103s + processing time: 0.1109204s secrecybroken (all-traces): falsified - found trace (4 steps) ------------------------------------------------------------------------------ @@ -73,7 +75,7 @@ summary of summaries: analyzed: examples/features/xor/basicfunctionality/xor1.spthy output: examples/features/xor/basicfunctionality/xor1.spthy.tmp - processing time: 0.144391103s + processing time: 0.1109204s secrecybroken (all-traces): falsified - found trace (4 steps) ============================================================================== diff --git a/case-studies-regression/features/xor/basicfunctionality/xor2_analyzed.spthy b/case-studies-regression/features/xor/basicfunctionality/xor2_analyzed.spthy index 367343960..0e5bbd959 100644 --- a/case-studies-regression/features/xor/basicfunctionality/xor2_analyzed.spthy +++ b/case-studies-regression/features/xor/basicfunctionality/xor2_analyzed.spthy @@ -3,11 +3,13 @@ theory xor2 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + rule (modulo E) testsend: [ Fr( ~x ), Fr( ~y ), Fr( ~z ) ] --[ OnlyOnce( ), Secret( ~x ) ]-> @@ -81,7 +83,7 @@ analyzing: examples/features/xor/basicfunctionality/xor2.spthy analyzed: examples/features/xor/basicfunctionality/xor2.spthy output: examples/features/xor/basicfunctionality/xor2.spthy.tmp - processing time: 0.227988277s + processing time: 0.255224747s secrecybroken (all-traces): falsified - found trace (5 steps) ------------------------------------------------------------------------------ @@ -92,7 +94,7 @@ summary of summaries: analyzed: examples/features/xor/basicfunctionality/xor2.spthy output: examples/features/xor/basicfunctionality/xor2.spthy.tmp - processing time: 0.227988277s + processing time: 0.255224747s secrecybroken (all-traces): falsified - found trace (5 steps) ============================================================================== diff --git a/case-studies-regression/features/xor/basicfunctionality/xor3_analyzed.spthy b/case-studies-regression/features/xor/basicfunctionality/xor3_analyzed.spthy index 049fe4b8b..40185494a 100644 --- a/case-studies-regression/features/xor/basicfunctionality/xor3_analyzed.spthy +++ b/case-studies-regression/features/xor/basicfunctionality/xor3_analyzed.spthy @@ -3,11 +3,13 @@ theory xor3 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + rule (modulo E) testsend: [ Fr( ~a ), Fr( ~b ), Fr( ~c ) ] --[ OnlyOnce( ), Secret( (~a⊕~b) ) ]-> @@ -113,7 +115,7 @@ analyzing: examples/features/xor/basicfunctionality/xor3.spthy analyzed: examples/features/xor/basicfunctionality/xor3.spthy output: examples/features/xor/basicfunctionality/xor3.spthy.tmp - processing time: 0.413382863s + processing time: 0.347144208s secrecybroken (all-traces): falsified - found trace (12 steps) ------------------------------------------------------------------------------ @@ -124,7 +126,7 @@ summary of summaries: analyzed: examples/features/xor/basicfunctionality/xor3.spthy output: examples/features/xor/basicfunctionality/xor3.spthy.tmp - processing time: 0.413382863s + processing time: 0.347144208s secrecybroken (all-traces): falsified - found trace (12 steps) ============================================================================== diff --git a/case-studies-regression/features/xor/basicfunctionality/xor4_analyzed.spthy b/case-studies-regression/features/xor/basicfunctionality/xor4_analyzed.spthy index d4fd1290e..efc9ba35d 100644 --- a/case-studies-regression/features/xor/basicfunctionality/xor4_analyzed.spthy +++ b/case-studies-regression/features/xor/basicfunctionality/xor4_analyzed.spthy @@ -3,11 +3,13 @@ theory xor4 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 + + rule (modulo E) testsend: [ Fr( ~a ), Fr( ~b ), Fr( ~c ), Fr( ~d ), Fr( ~e ) ] --[ OnlyOnce( ), Secret( ~a ) ]-> @@ -235,7 +237,7 @@ analyzing: examples/features/xor/basicfunctionality/xor4.spthy analyzed: examples/features/xor/basicfunctionality/xor4.spthy output: examples/features/xor/basicfunctionality/xor4.spthy.tmp - processing time: 1.849239867s + processing time: 2.814537468s secrecybroken (all-traces): falsified - found trace (11 steps) ------------------------------------------------------------------------------ @@ -246,7 +248,7 @@ summary of summaries: analyzed: examples/features/xor/basicfunctionality/xor4.spthy output: examples/features/xor/basicfunctionality/xor4.spthy.tmp - processing time: 1.849239867s + processing time: 2.814537468s secrecybroken (all-traces): falsified - found trace (11 steps) ============================================================================== diff --git a/case-studies-regression/loops/JCS12_Typing_Example_analyzed.spthy b/case-studies-regression/loops/JCS12_Typing_Example_analyzed.spthy index 1fdd61be8..864e59af5 100644 --- a/case-studies-regression/loops/JCS12_Typing_Example_analyzed.spthy +++ b/case-studies-regression/loops/JCS12_Typing_Example_analyzed.spthy @@ -2,7 +2,8 @@ theory JCS12_Typing_Example begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,10 @@ equations: + + + + rule (modulo E) Register_pk: [ Fr( ~ltk ) ] --> [ !Ltk( $A, ~ltk ), !Pk( $A, pk(~ltk) ) ] @@ -282,7 +287,7 @@ analyzing: examples/loops/JCS12_Typing_Example.spthy analyzed: examples/loops/JCS12_Typing_Example.spthy output: examples/loops/JCS12_Typing_Example.spthy.tmp - processing time: 0.216299756s + processing time: 0.217781505s typing_assertion (all-traces): verified (16 steps) Client_session_key_secrecy_raw (all-traces): verified (8 steps) Client_session_key_secrecy (all-traces): verified (4 steps) @@ -296,7 +301,7 @@ summary of summaries: analyzed: examples/loops/JCS12_Typing_Example.spthy output: examples/loops/JCS12_Typing_Example.spthy.tmp - processing time: 0.216299756s + processing time: 0.217781505s typing_assertion (all-traces): verified (16 steps) Client_session_key_secrecy_raw (all-traces): verified (8 steps) Client_session_key_secrecy (all-traces): verified (4 steps) diff --git a/case-studies-regression/loops/Minimal_Create_Use_Destroy_analyzed.spthy b/case-studies-regression/loops/Minimal_Create_Use_Destroy_analyzed.spthy index 5d79da75f..9072bea34 100644 --- a/case-studies-regression/loops/Minimal_Create_Use_Destroy_analyzed.spthy +++ b/case-studies-regression/loops/Minimal_Create_Use_Destroy_analyzed.spthy @@ -2,7 +2,7 @@ theory Minimal_Create_Use_Destroy begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -114,16 +114,16 @@ next case Create solve( Object( ~n ) ▶₀ #i ) case Use - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed next case Use solve( Object( ~n ) ▶₀ #i ) case Create - by contradiction /* non-injective facts (#i.1,#j,#i) */ + by contradiction /* cyclic */ next case Use - by contradiction /* non-injective facts (#vr.1,#j,#i) */ + by contradiction /* cyclic */ qed qed next @@ -135,10 +135,10 @@ next case case_1 solve( Object( ~n ) ▶₀ #j ) case Create - by contradiction /* non-injective facts (#i.1,#i,#j) */ + by contradiction /* cyclic */ next case Use - by contradiction /* non-injective facts (#vr,#i,#j) */ + by contradiction /* cyclic */ qed next case case_2 @@ -154,16 +154,16 @@ next by contradiction /* cyclic */ next case Use - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed next case Use solve( Object( ~n ) ▶₀ #i ) case Create - by contradiction /* non-injective facts (#i.1,#j,#i) */ + by contradiction /* cyclic */ next case Use - by contradiction /* non-injective facts (#vr.1,#j,#i) */ + by contradiction /* cyclic */ qed qed qed @@ -186,7 +186,7 @@ analyzing: examples/loops/Minimal_Create_Use_Destroy.spthy analyzed: examples/loops/Minimal_Create_Use_Destroy.spthy output: examples/loops/Minimal_Create_Use_Destroy.spthy.tmp - processing time: 0.126773837s + processing time: 0.133110937s Use_charn (all-traces): verified (8 steps) Destroy_charn (all-traces): verified (28 steps) @@ -198,7 +198,7 @@ summary of summaries: analyzed: examples/loops/Minimal_Create_Use_Destroy.spthy output: examples/loops/Minimal_Create_Use_Destroy.spthy.tmp - processing time: 0.126773837s + processing time: 0.133110937s Use_charn (all-traces): verified (8 steps) Destroy_charn (all-traces): verified (28 steps) diff --git a/case-studies-regression/loops/Minimal_Crypto_API_analyzed.spthy b/case-studies-regression/loops/Minimal_Crypto_API_analyzed.spthy index cb9db2ea2..b8a0b8442 100644 --- a/case-studies-regression/loops/Minimal_Crypto_API_analyzed.spthy +++ b/case-studies-regression/loops/Minimal_Crypto_API_analyzed.spthy @@ -2,7 +2,8 @@ theory Minimal_Crypto_API begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) NewKey: [ Fr( ~h ), Fr( ~k ) ] --[ NewKey( ~h, ~k ) ]-> @@ -80,7 +83,7 @@ analyzing: examples/loops/Minimal_Crypto_API.spthy analyzed: examples/loops/Minimal_Crypto_API.spthy output: examples/loops/Minimal_Crypto_API.spthy.tmp - processing time: 0.094897627s + processing time: 0.043853826s NewKey_invariant (all-traces): verified (8 steps) NewKey_secrecy (all-traces): verified (2 steps) @@ -92,7 +95,7 @@ summary of summaries: analyzed: examples/loops/Minimal_Crypto_API.spthy output: examples/loops/Minimal_Crypto_API.spthy.tmp - processing time: 0.094897627s + processing time: 0.043853826s NewKey_invariant (all-traces): verified (8 steps) NewKey_secrecy (all-traces): verified (2 steps) diff --git a/case-studies-regression/loops/Minimal_KeyRenegotiation_analyzed.spthy b/case-studies-regression/loops/Minimal_KeyRenegotiation_analyzed.spthy index 504f67a35..43f574fbb 100644 --- a/case-studies-regression/loops/Minimal_KeyRenegotiation_analyzed.spthy +++ b/case-studies-regression/loops/Minimal_KeyRenegotiation_analyzed.spthy @@ -2,7 +2,8 @@ theory KeyRenegotiation_Minimal begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -12,6 +13,8 @@ equations: /* looping facts with injective instances: Sender/1 */ + + rule (modulo E) Setup: [ Fr( ~k ) ] --> [ Sender( ~k ), Receiver( ~k ) ] @@ -138,7 +141,7 @@ analyzing: examples/loops/Minimal_KeyRenegotiation.spthy analyzed: examples/loops/Minimal_KeyRenegotiation.spthy output: examples/loops/Minimal_KeyRenegotiation.spthy.tmp - processing time: 0.092874406s + processing time: 0.058210616s Secret_reachable (exists-trace): verified (5 steps) secrecy (all-traces): verified (23 steps) @@ -150,7 +153,7 @@ summary of summaries: analyzed: examples/loops/Minimal_KeyRenegotiation.spthy output: examples/loops/Minimal_KeyRenegotiation.spthy.tmp - processing time: 0.092874406s + processing time: 0.058210616s Secret_reachable (exists-trace): verified (5 steps) secrecy (all-traces): verified (23 steps) diff --git a/case-studies-regression/loops/Minimal_Loop_Example_analyzed.spthy b/case-studies-regression/loops/Minimal_Loop_Example_analyzed.spthy index 7b672a29f..979ae008b 100644 --- a/case-studies-regression/loops/Minimal_Loop_Example_analyzed.spthy +++ b/case-studies-regression/loops/Minimal_Loop_Example_analyzed.spthy @@ -2,7 +2,7 @@ theory Minimal_Loop_Example begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -86,16 +86,16 @@ next case Loop solve( A( ~n ) ▶₀ #i ) case Loop - by contradiction /* non-injective facts (#vr.1,#j,#i) */ + by contradiction /* cyclic */ next case Start - by contradiction /* non-injective facts (#i.1,#j,#i) */ + by contradiction /* cyclic */ qed next case Start solve( A( ~n ) ▶₀ #i ) case Loop - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed qed qed @@ -113,16 +113,16 @@ solve( (#i < #j) ∥ (#j < #i) ) case Loop solve( A( ~n ) ▶₀ #j ) case Loop - by contradiction /* non-injective facts (#vr.1,#i,#j) */ + by contradiction /* cyclic */ next case Start - by contradiction /* non-injective facts (#i.1,#i,#j) */ + by contradiction /* cyclic */ qed next case Start solve( A( ~n ) ▶₀ #j ) case Loop - by contradiction /* non-injective facts (#vr,#vr.1,#i) */ + by contradiction /* cyclic */ next case Start by contradiction /* cyclic */ @@ -132,10 +132,10 @@ next case case_2 solve( A( x ) ▶₀ #i ) case Loop - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ next case Start - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed qed @@ -166,7 +166,7 @@ analyzing: examples/loops/Minimal_Loop_Example.spthy analyzed: examples/loops/Minimal_Loop_Example.spthy output: examples/loops/Minimal_Loop_Example.spthy.tmp - processing time: 0.097179541s + processing time: 0.03833018s Start_before_Loop (all-traces): verified (8 steps) Start_before_Stop (all-traces): verified (4 steps) Loop_before_Stop (all-traces): verified (9 steps) @@ -181,7 +181,7 @@ summary of summaries: analyzed: examples/loops/Minimal_Loop_Example.spthy output: examples/loops/Minimal_Loop_Example.spthy.tmp - processing time: 0.097179541s + processing time: 0.03833018s Start_before_Loop (all-traces): verified (8 steps) Start_before_Stop (all-traces): verified (4 steps) Loop_before_Stop (all-traces): verified (9 steps) diff --git a/case-studies-regression/loops/Minimal_Typing_Example_analyzed.spthy b/case-studies-regression/loops/Minimal_Typing_Example_analyzed.spthy index cbba6b381..502d067e9 100644 --- a/case-studies-regression/loops/Minimal_Typing_Example_analyzed.spthy +++ b/case-studies-regression/loops/Minimal_Typing_Example_analyzed.spthy @@ -2,7 +2,8 @@ theory Minimal_Typing_Example begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,10 @@ equations: + + + + rule (modulo E) Setup_Key: [ Fr( ~k ) ] --> [ !Key( ~k ) ] @@ -154,7 +159,7 @@ analyzing: examples/loops/Minimal_Typing_Example.spthy analyzed: examples/loops/Minimal_Typing_Example.spthy output: examples/loops/Minimal_Typing_Example.spthy.tmp - processing time: 0.144187206s + processing time: 0.099804827s sources_assertion (all-traces): verified (13 steps) Responder_secrecy (all-traces): verified (8 steps) Public_part_public (exists-trace): verified (5 steps) @@ -167,7 +172,7 @@ summary of summaries: analyzed: examples/loops/Minimal_Typing_Example.spthy output: examples/loops/Minimal_Typing_Example.spthy.tmp - processing time: 0.144187206s + processing time: 0.099804827s sources_assertion (all-traces): verified (13 steps) Responder_secrecy (all-traces): verified (8 steps) Public_part_public (exists-trace): verified (5 steps) diff --git a/case-studies-regression/loops/RFID_Simple_analyzed.spthy b/case-studies-regression/loops/RFID_Simple_analyzed.spthy index 3e5ce2534..981f5fdf7 100644 --- a/case-studies-regression/loops/RFID_Simple_analyzed.spthy +++ b/case-studies-regression/loops/RFID_Simple_analyzed.spthy @@ -2,7 +2,8 @@ theory RFID_Simple begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +13,8 @@ equations: /* looping facts with injective instances: Device_Alice/1 */ + + rule (modulo E) GenKey: [ Fr( ~sk ) ] --[ Device_Key( ~sk ) ]-> @@ -388,16 +391,16 @@ next case Alice solve( Device_Alice( ~sk ) ▶₀ #i ) case Alice - by contradiction /* non-injective facts (#vr.2,#j,#i) */ + by contradiction /* cyclic */ next case GenKey - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed next case GenKey solve( Device_Alice( ~sk ) ▶₀ #i ) case Alice - by contradiction /* non-injective facts (#vr,#vr.1,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -440,16 +443,16 @@ next case Alice solve( Device_Alice( ~sk ) ▶₀ #i ) case Alice - by contradiction /* non-injective facts (#vr.2,#j,#i) */ + by contradiction /* cyclic */ next case GenKey - by contradiction /* non-injective facts (#vr,#j,#i) */ + by contradiction /* cyclic */ qed next case GenKey solve( Device_Alice( ~sk ) ▶₀ #i ) case Alice - by contradiction /* non-injective facts (#vr,#vr.1,#j) */ + by contradiction /* cyclic */ qed qed qed @@ -519,7 +522,7 @@ analyzing: examples/loops/RFID_Simple.spthy analyzed: examples/loops/RFID_Simple.spthy output: examples/loops/RFID_Simple.spthy.tmp - processing time: 0.500045487s + processing time: 0.617392087s types (all-traces): verified (86 steps) Device_ToBob (all-traces): verified (12 steps) Device_Init_Use_Set (all-traces): verified (18 steps) @@ -533,7 +536,7 @@ summary of summaries: analyzed: examples/loops/RFID_Simple.spthy output: examples/loops/RFID_Simple.spthy.tmp - processing time: 0.500045487s + processing time: 0.617392087s types (all-traces): verified (86 steps) Device_ToBob (all-traces): verified (12 steps) Device_Init_Use_Set (all-traces): verified (18 steps) diff --git a/case-studies-regression/loops/TESLA_Scheme1_analyzed.spthy b/case-studies-regression/loops/TESLA_Scheme1_analyzed.spthy index 9ffe8c98e..fb7ab76b3 100644 --- a/case-studies-regression/loops/TESLA_Scheme1_analyzed.spthy +++ b/case-studies-regression/loops/TESLA_Scheme1_analyzed.spthy @@ -2,8 +2,8 @@ theory TESLA_Scheme1 begin // Function signature and definition of the equational theory E -functions: MAC/2, f/1, fst/1, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: MAC/2, f/1, fst/1[destructor], pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -11,6 +11,8 @@ equations: + + rule (modulo E) Generate_Keypair: [ Fr( ~ltk ) ] --> @@ -768,6 +770,10 @@ induction qed qed + + + + /* All well-formedness checks were successful. */ end @@ -783,7 +789,7 @@ analyzing: examples/loops/TESLA_Scheme1.spthy analyzed: examples/loops/TESLA_Scheme1.spthy output: examples/loops/TESLA_Scheme1.spthy.tmp - processing time: 4.772442187s + processing time: 4.731142501s authentic (all-traces): verified (158 steps) authentic_reachable (exists-trace): verified (13 steps) @@ -795,7 +801,7 @@ summary of summaries: analyzed: examples/loops/TESLA_Scheme1.spthy output: examples/loops/TESLA_Scheme1.spthy.tmp - processing time: 4.772442187s + processing time: 4.731142501s authentic (all-traces): verified (158 steps) authentic_reachable (exists-trace): verified (13 steps) diff --git a/case-studies-regression/loops/Typing_and_Destructors_analyzed.spthy b/case-studies-regression/loops/Typing_and_Destructors_analyzed.spthy index 898d5245e..8525478b8 100644 --- a/case-studies-regression/loops/Typing_and_Destructors_analyzed.spthy +++ b/case-studies-regression/loops/Typing_and_Destructors_analyzed.spthy @@ -2,7 +2,8 @@ theory Typing_and_Destructors begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,10 @@ equations: + + + + rule (modulo E) Setup_Key: [ Fr( ~k ) ] --[ IsKey( ~k ) ]-> [ !Key( ~k ) ] @@ -197,16 +202,7 @@ solve( !Key( key ) ▶₀ #i ) case Setup_Key solve( splitEqs(0) ) case split_case_1 - solve( !KU( fst(sdec(msg, ~k)) ) @ #vk.1 ) - case c_fst - solve( !KU( sdec(msg, ~k) ) @ #vk.2 ) - case c_sdec - solve( !KU( ~k ) @ #vk.3 ) - case Reveal_Key - by contradiction /* from formulas */ - qed - qed - qed + by solve( !KU( fst(sdec(msg, ~k)) ) @ #vk.1 ) next case split_case_2 solve( !KU( senc(, ~k) ) @ #vk ) @@ -288,12 +284,20 @@ analyzing: examples/loops/Typing_and_Destructors.spthy analyzed: examples/loops/Typing_and_Destructors.spthy output: examples/loops/Typing_and_Destructors.spthy.tmp - processing time: 0.251630396s + processing time: 0.19929227s WARNING: 1 wellformedness check failed! The analysis results might be wrong! + Formula terms: + lemma `type_assertion' uses terms of the wrong form: `snd(Bound 1)', + `snd(sdec(Bound 3,Bound 2))' + + The only allowed terms are public names and bound node and message + variables. If you encounter free message variables, then you might have + forgotten a #-prefix. Sort prefixes can only be dropped where this is + unambiguous. Moreover, reducible function symbols are disallowed. type_assertion (all-traces): verified (27 steps) - Responder_secrecy (all-traces): verified (17 steps) + Responder_secrecy (all-traces): verified (14 steps) Public_part_public (exists-trace): verified (5 steps) ------------------------------------------------------------------------------ @@ -304,12 +308,20 @@ summary of summaries: analyzed: examples/loops/Typing_and_Destructors.spthy output: examples/loops/Typing_and_Destructors.spthy.tmp - processing time: 0.251630396s + processing time: 0.19929227s WARNING: 1 wellformedness check failed! The analysis results might be wrong! + Formula terms: + lemma `type_assertion' uses terms of the wrong form: `snd(Bound 1)', + `snd(sdec(Bound 3,Bound 2))' + + The only allowed terms are public names and bound node and message + variables. If you encounter free message variables, then you might have + forgotten a #-prefix. Sort prefixes can only be dropped where this is + unambiguous. Moreover, reducible function symbols are disallowed. type_assertion (all-traces): verified (27 steps) - Responder_secrecy (all-traces): verified (17 steps) + Responder_secrecy (all-traces): verified (14 steps) Public_part_public (exists-trace): verified (5 steps) ============================================================================== diff --git a/case-studies-regression/post17/chaum_anonymity_analyzed-diff.spthy b/case-studies-regression/post17/chaum_anonymity_analyzed-diff.spthy index fe3379007..be8b748fb 100644 --- a/case-studies-regression/post17/chaum_anonymity_analyzed-diff.spthy +++ b/case-studies-regression/post17/chaum_anonymity_analyzed-diff.spthy @@ -2,8 +2,8 @@ theory Chaum_Anonymity begin // Function signature and definition of the equational theory E -functions: blind/2, checksign/2, fst/1, pair/2, pk/1, sign/2, snd/1, - unblind/2 +functions: blind/2, checksign/2, fst/1[destructor], pair/2, pk/1, sign/2, + snd/1[destructor], unblind/2 equations: checksign(sign(m, k), pk(k)) = m, fst() = x.1, @@ -2293,7 +2293,7 @@ analyzing: examples/post17/chaum_anonymity.spthy analyzed: examples/post17/chaum_anonymity.spthy output: examples/post17/chaum_anonymity.spthy.tmp - processing time: 10.759491857s + processing time: 35.577722809s RHS : exec (exists-trace): verified (9 steps) LHS : exec (exists-trace): verified (9 steps) DiffLemma: Observational_equivalence : verified (739 steps) @@ -2306,7 +2306,7 @@ summary of summaries: analyzed: examples/post17/chaum_anonymity.spthy output: examples/post17/chaum_anonymity.spthy.tmp - processing time: 10.759491857s + processing time: 35.577722809s RHS : exec (exists-trace): verified (9 steps) LHS : exec (exists-trace): verified (9 steps) DiffLemma: Observational_equivalence : verified (739 steps) diff --git a/case-studies-regression/post17/chaum_unforgeability_analyzed.spthy b/case-studies-regression/post17/chaum_unforgeability_analyzed.spthy index 8763143fd..c2d91339c 100644 --- a/case-studies-regression/post17/chaum_unforgeability_analyzed.spthy +++ b/case-studies-regression/post17/chaum_unforgeability_analyzed.spthy @@ -2,8 +2,8 @@ theory Chaum_Unforgeability begin // Function signature and definition of the equational theory E -functions: blind/2, checksign/2, fst/1, pair/2, pk/1, sign/2, snd/1, - unblind/2 +functions: blind/2, checksign/2, fst/1[destructor], pair/2, pk/1, sign/2, + snd/1[destructor], unblind/2 equations: checksign(sign(m, k), pk(k)) = m, fst() = x.1, @@ -115,6 +115,16 @@ solve( Private_Ch( x ) ▶₀ #j ) qed qed + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -130,7 +140,7 @@ analyzing: examples/post17/chaum_unforgeability.spthy analyzed: examples/post17/chaum_unforgeability.spthy output: examples/post17/chaum_unforgeability.spthy.tmp - processing time: 0.13873219s + processing time: 0.092324294s exec (exists-trace): verified (6 steps) unforgeability (all-traces): verified (10 steps) @@ -142,7 +152,7 @@ summary of summaries: analyzed: examples/post17/chaum_unforgeability.spthy output: examples/post17/chaum_unforgeability.spthy.tmp - processing time: 0.13873219s + processing time: 0.092324294s exec (exists-trace): verified (6 steps) unforgeability (all-traces): verified (10 steps) diff --git a/case-studies-regression/post17/chaum_untraceability_analyzed-diff.spthy b/case-studies-regression/post17/chaum_untraceability_analyzed-diff.spthy index 18823ea48..e05221d27 100644 --- a/case-studies-regression/post17/chaum_untraceability_analyzed-diff.spthy +++ b/case-studies-regression/post17/chaum_untraceability_analyzed-diff.spthy @@ -2,8 +2,8 @@ theory Chaum_Untraceability begin // Function signature and definition of the equational theory E -functions: blind/2, checksign/2, fst/1, pair/2, pk/1, sign/2, snd/1, - unblind/2 +functions: blind/2, checksign/2, fst/1[destructor], pair/2, pk/1, sign/2, + snd/1[destructor], unblind/2 equations: checksign(sign(m, k), pk(k)) = m, fst() = x.1, @@ -8704,7 +8704,7 @@ analyzing: examples/post17/chaum_untraceability.spthy analyzed: examples/post17/chaum_untraceability.spthy output: examples/post17/chaum_untraceability.spthy.tmp - processing time: 268.791265665s + processing time: 314.82299657s RHS : exec (exists-trace): verified (15 steps) LHS : exec (exists-trace): verified (15 steps) DiffLemma: Observational_equivalence : verified (2863 steps) @@ -8717,7 +8717,7 @@ summary of summaries: analyzed: examples/post17/chaum_untraceability.spthy output: examples/post17/chaum_untraceability.spthy.tmp - processing time: 268.791265665s + processing time: 314.82299657s RHS : exec (exists-trace): verified (15 steps) LHS : exec (exists-trace): verified (15 steps) DiffLemma: Observational_equivalence : verified (2863 steps) diff --git a/case-studies-regression/post17/denning_sacco_symmetric_cbc_analyzed.spthy b/case-studies-regression/post17/denning_sacco_symmetric_cbc_analyzed.spthy index 041d0a616..2f2e961ce 100644 --- a/case-studies-regression/post17/denning_sacco_symmetric_cbc_analyzed.spthy +++ b/case-studies-regression/post17/denning_sacco_symmetric_cbc_analyzed.spthy @@ -2,7 +2,8 @@ theory dsscbc begin // Function signature and definition of the equational theory E -functions: dec/2, enc/2, fst/1, pair/2, prefix/1, snd/1 +functions: dec/2, enc/2, fst/1[destructor], pair/2, prefix/1, + snd/1[destructor] equations: dec(enc(M, k), k) = M, fst() = x.1, @@ -114,6 +115,12 @@ solve( !SharedKeyWithServer( $B, kbs ) ▶₁ #i ) qed qed + + + + + + /* All well-formedness checks were successful. */ end @@ -129,7 +136,7 @@ analyzing: examples/post17/denning_sacco_symmetric_cbc.spthy analyzed: examples/post17/denning_sacco_symmetric_cbc.spthy output: examples/post17/denning_sacco_symmetric_cbc.spthy.tmp - processing time: 0.323118463s + processing time: 0.295976167s executable (exists-trace): verified (8 steps) sessionsmatch (all-traces): falsified - found trace (4 steps) @@ -141,7 +148,7 @@ summary of summaries: analyzed: examples/post17/denning_sacco_symmetric_cbc.spthy output: examples/post17/denning_sacco_symmetric_cbc.spthy.tmp - processing time: 0.323118463s + processing time: 0.295976167s executable (exists-trace): verified (8 steps) sessionsmatch (all-traces): falsified - found trace (4 steps) diff --git a/case-studies-regression/post17/foo_eligibility_analyzed.spthy b/case-studies-regression/post17/foo_eligibility_analyzed.spthy index 2edc1152b..fec7f1e6f 100644 --- a/case-studies-regression/post17/foo_eligibility_analyzed.spthy +++ b/case-studies-regression/post17/foo_eligibility_analyzed.spthy @@ -2,8 +2,8 @@ theory FOO_Eligibility begin // Function signature and definition of the equational theory E -functions: blind/2, checksign/2, commit/2, fst/1, open/2, pair/2, pk/1, - sign/2, snd/1, unblind/2 +functions: blind/2, checksign/2, commit/2, fst/1[destructor], open/2, + pair/2, pk/1, sign/2, snd/1[destructor], unblind/2 equations: checksign(sign(m, k), pk(k)) = m, fst() = x.1, @@ -312,6 +312,20 @@ solve( St_C_1( A, commit(vote, r) ) ▶₁ #j ) qed qed + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -327,7 +341,7 @@ analyzing: examples/post17/foo_eligibility.spthy analyzed: examples/post17/foo_eligibility.spthy output: examples/post17/foo_eligibility.spthy.tmp - processing time: 1.340417019s + processing time: 1.177624371s types (all-traces): verified (44 steps) exec (exists-trace): verified (9 steps) eligibility (all-traces): verified (11 steps) @@ -340,7 +354,7 @@ summary of summaries: analyzed: examples/post17/foo_eligibility.spthy output: examples/post17/foo_eligibility.spthy.tmp - processing time: 1.340417019s + processing time: 1.177624371s types (all-traces): verified (44 steps) exec (exists-trace): verified (9 steps) eligibility (all-traces): verified (11 steps) diff --git a/case-studies-regression/post17/foo_vote_privacy_analyzed-diff.spthy b/case-studies-regression/post17/foo_vote_privacy_analyzed-diff.spthy index cd967bb45..0a8914ca9 100644 --- a/case-studies-regression/post17/foo_vote_privacy_analyzed-diff.spthy +++ b/case-studies-regression/post17/foo_vote_privacy_analyzed-diff.spthy @@ -3,8 +3,8 @@ theory FOO_Vote_Privacy begin // Function signature and definition of the equational theory E builtins: multiset -functions: blind/2, checksign/2, commit/2, fst/1, open/2, pair/2, pk/1, - sign/2, snd/1, unblind/2 +functions: blind/2, checksign/2, commit/2, fst/1[destructor], open/2, + pair/2, pk/1, sign/2, snd/1[destructor], unblind/2 equations: checksign(sign(m, sk), pk(sk)) = m, fst() = x.1, @@ -21899,7 +21899,7 @@ analyzing: examples/post17/foo_vote_privacy.spthy analyzed: examples/post17/foo_vote_privacy.spthy output: examples/post17/foo_vote_privacy.spthy.tmp - processing time: 455.400922753s + processing time: 517.789299278s RHS : exec (exists-trace): verified (12 steps) LHS : exec (exists-trace): verified (12 steps) DiffLemma: Observational_equivalence : verified (7204 steps) @@ -21912,7 +21912,7 @@ summary of summaries: analyzed: examples/post17/foo_vote_privacy.spthy output: examples/post17/foo_vote_privacy.spthy.tmp - processing time: 455.400922753s + processing time: 517.789299278s RHS : exec (exists-trace): verified (12 steps) LHS : exec (exists-trace): verified (12 steps) DiffLemma: Observational_equivalence : verified (7204 steps) diff --git a/case-studies-regression/post17/needham_schroeder_symmetric_cbc_analyzed.spthy b/case-studies-regression/post17/needham_schroeder_symmetric_cbc_analyzed.spthy index a5ac9d9f3..02f147e02 100644 --- a/case-studies-regression/post17/needham_schroeder_symmetric_cbc_analyzed.spthy +++ b/case-studies-regression/post17/needham_schroeder_symmetric_cbc_analyzed.spthy @@ -2,7 +2,8 @@ theory nsscbc begin // Function signature and definition of the equational theory E -functions: dec/2, enc/2, fst/1, pair/2, prefix/1, snd/1, succ/1 +functions: dec/2, enc/2, fst/1[destructor], pair/2, prefix/1, + snd/1[destructor], succ/1 equations: dec(enc(M, k), k) = M, fst() = x.1, @@ -110,6 +111,14 @@ solve( ResponderWaitConfirm( $B, $A, ~k, ~nb ) ▶₀ #i ) qed qed + + + + + + + + /* All well-formedness checks were successful. */ end @@ -125,7 +134,7 @@ analyzing: examples/post17/needham_schroeder_symmetric_cbc.spthy analyzed: examples/post17/needham_schroeder_symmetric_cbc.spthy output: examples/post17/needham_schroeder_symmetric_cbc.spthy.tmp - processing time: 14.346087476s + processing time: 22.479659205s secrecy (all-traces): falsified - found trace (8 steps) ------------------------------------------------------------------------------ @@ -136,7 +145,7 @@ summary of summaries: analyzed: examples/post17/needham_schroeder_symmetric_cbc.spthy output: examples/post17/needham_schroeder_symmetric_cbc.spthy.tmp - processing time: 14.346087476s + processing time: 22.479659205s secrecy (all-traces): falsified - found trace (8 steps) ============================================================================== diff --git a/case-studies-regression/post17/okamoto_eligibility_analyzed.spthy b/case-studies-regression/post17/okamoto_eligibility_analyzed.spthy index 26976e584..97a2c0b0d 100644 --- a/case-studies-regression/post17/okamoto_eligibility_analyzed.spthy +++ b/case-studies-regression/post17/okamoto_eligibility_analyzed.spthy @@ -2,8 +2,8 @@ theory Okamoto_Eligibilty begin // Function signature and definition of the equational theory E -functions: blind/2, checksign/2, f/4, fst/1, open/2, pair/2, pk/1, - sign/2, snd/1, tdcommit/3, unblind/2 +functions: blind/2, checksign/2, f/4, fst/1[destructor], open/2, pair/2, + pk/1, sign/2, snd/1[destructor], tdcommit/3, unblind/2 equations: checksign(sign(m, sk), pk(sk)) = m, f(m1, f(m, r, td, m1), td, m2) = f(m, r, td, m2), @@ -199,6 +199,22 @@ solve( P_Ch_Timeliness( $vote, ~r, x ) ▶₀ #j ) qed qed + + + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -214,7 +230,7 @@ analyzing: examples/post17/okamoto_eligibility.spthy analyzed: examples/post17/okamoto_eligibility.spthy output: examples/post17/okamoto_eligibility.spthy.tmp - processing time: 0.859478256s + processing time: 0.907258753s types (all-traces): verified (23 steps) exec (exists-trace): verified (6 steps) eligibility (all-traces): verified (5 steps) @@ -227,7 +243,7 @@ summary of summaries: analyzed: examples/post17/okamoto_eligibility.spthy output: examples/post17/okamoto_eligibility.spthy.tmp - processing time: 0.859478256s + processing time: 0.907258753s types (all-traces): verified (23 steps) exec (exists-trace): verified (6 steps) eligibility (all-traces): verified (5 steps) diff --git a/case-studies-regression/post17/okamoto_receipt_freeness_analyzed-diff.spthy b/case-studies-regression/post17/okamoto_receipt_freeness_analyzed-diff.spthy index c5621fd61..3dabdb89a 100644 --- a/case-studies-regression/post17/okamoto_receipt_freeness_analyzed-diff.spthy +++ b/case-studies-regression/post17/okamoto_receipt_freeness_analyzed-diff.spthy @@ -3,8 +3,8 @@ theory Okamoto_Receipt_Freeness begin // Function signature and definition of the equational theory E builtins: multiset -functions: blind/2, checksign/2, f/4, fst/1, open/2, pair/2, pk/1, - sign/2, snd/1, tdcommit/3, unblind/2 +functions: blind/2, checksign/2, f/4, fst/1[destructor], open/2, pair/2, + pk/1, sign/2, snd/1[destructor], tdcommit/3, unblind/2 equations: checksign(sign(m, sk), pk(sk)) = m, f(m2, f(m1, r, td, m2), td, m3) = f(m1, r, td, m3), @@ -124215,7 +124215,7 @@ analyzing: examples/post17/okamoto_receipt_freeness.spthy analyzed: examples/post17/okamoto_receipt_freeness.spthy output: examples/post17/okamoto_receipt_freeness.spthy.tmp - processing time: 1847.567784521s + processing time: 1851.664055006s RHS : exec (exists-trace): verified (12 steps) LHS : exec (exists-trace): verified (12 steps) DiffLemma: Observational_equivalence : verified (41172 steps) @@ -124228,7 +124228,7 @@ summary of summaries: analyzed: examples/post17/okamoto_receipt_freeness.spthy output: examples/post17/okamoto_receipt_freeness.spthy.tmp - processing time: 1847.567784521s + processing time: 1851.664055006s RHS : exec (exists-trace): verified (12 steps) LHS : exec (exists-trace): verified (12 steps) DiffLemma: Observational_equivalence : verified (41172 steps) diff --git a/case-studies-regression/post17/okamoto_vote_privacy_analyzed-diff.spthy b/case-studies-regression/post17/okamoto_vote_privacy_analyzed-diff.spthy index bd6901a3c..63f79592b 100644 --- a/case-studies-regression/post17/okamoto_vote_privacy_analyzed-diff.spthy +++ b/case-studies-regression/post17/okamoto_vote_privacy_analyzed-diff.spthy @@ -3,8 +3,8 @@ theory Okamoto_Vote_Privacy begin // Function signature and definition of the equational theory E builtins: multiset -functions: blind/2, checksign/2, f/4, fst/1, open/2, pair/2, pk/1, - sign/2, snd/1, tdcommit/3, unblind/2 +functions: blind/2, checksign/2, f/4, fst/1[destructor], open/2, pair/2, + pk/1, sign/2, snd/1[destructor], tdcommit/3, unblind/2 equations: checksign(sign(m, sk), pk(sk)) = m, f(m1, f(m, r, td, m1), td, m2) = f(m, r, td, m2), @@ -11375,7 +11375,7 @@ analyzing: examples/post17/okamoto_vote_privacy.spthy analyzed: examples/post17/okamoto_vote_privacy.spthy output: examples/post17/okamoto_vote_privacy.spthy.tmp - processing time: 261.223898087s + processing time: 341.792848282s RHS : exec (exists-trace): verified (12 steps) LHS : exec (exists-trace): verified (12 steps) DiffLemma: Observational_equivalence : verified (3701 steps) @@ -11388,7 +11388,7 @@ summary of summaries: analyzed: examples/post17/okamoto_vote_privacy.spthy output: examples/post17/okamoto_vote_privacy.spthy.tmp - processing time: 261.223898087s + processing time: 341.792848282s RHS : exec (exists-trace): verified (12 steps) LHS : exec (exists-trace): verified (12 steps) DiffLemma: Observational_equivalence : verified (3701 steps) diff --git a/case-studies-regression/regression/diff/issue198-1_analyzed-diff.spthy b/case-studies-regression/regression/diff/issue198-1_analyzed-diff.spthy index 7fcb23d89..ea077b692 100644 --- a/case-studies-regression/regression/diff/issue198-1_analyzed-diff.spthy +++ b/case-studies-regression/regression/diff/issue198-1_analyzed-diff.spthy @@ -3,7 +3,7 @@ theory issue198_1 begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -287,7 +287,7 @@ analyzing: examples/regression/diff/issue198-1.spthy analyzed: examples/regression/diff/issue198-1.spthy output: examples/regression/diff/issue198-1.spthy.tmp - processing time: 0.613180433s + processing time: 1.328826029s DiffLemma: Observational_equivalence : analysis incomplete (84 steps) ------------------------------------------------------------------------------ @@ -298,7 +298,7 @@ summary of summaries: analyzed: examples/regression/diff/issue198-1.spthy output: examples/regression/diff/issue198-1.spthy.tmp - processing time: 0.613180433s + processing time: 1.328826029s DiffLemma: Observational_equivalence : analysis incomplete (84 steps) ============================================================================== diff --git a/case-studies-regression/regression/diff/issue198-2_analyzed-diff.spthy b/case-studies-regression/regression/diff/issue198-2_analyzed-diff.spthy index 09551e236..439269de9 100644 --- a/case-studies-regression/regression/diff/issue198-2_analyzed-diff.spthy +++ b/case-studies-regression/regression/diff/issue198-2_analyzed-diff.spthy @@ -3,7 +3,7 @@ theory issue198_2 begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -287,7 +287,7 @@ analyzing: examples/regression/diff/issue198-2.spthy analyzed: examples/regression/diff/issue198-2.spthy output: examples/regression/diff/issue198-2.spthy.tmp - processing time: 0.58965215s + processing time: 1.160144834s DiffLemma: Observational_equivalence : analysis incomplete (84 steps) ------------------------------------------------------------------------------ @@ -298,7 +298,7 @@ summary of summaries: analyzed: examples/regression/diff/issue198-2.spthy output: examples/regression/diff/issue198-2.spthy.tmp - processing time: 0.58965215s + processing time: 1.160144834s DiffLemma: Observational_equivalence : analysis incomplete (84 steps) ============================================================================== diff --git a/case-studies-regression/regression/diff/issue223_analyzed-diff.spthy b/case-studies-regression/regression/diff/issue223_analyzed-diff.spthy index ece77a685..5729d2b0a 100644 --- a/case-studies-regression/regression/diff/issue223_analyzed-diff.spthy +++ b/case-studies-regression/regression/diff/issue223_analyzed-diff.spthy @@ -2,7 +2,8 @@ theory issue223 begin // Function signature and definition of the equational theory E -functions: commit/3, fake/4, fst/1, open/3, pair/2, pk/1, snd/1 +functions: commit/3, fake/4, fst/1[destructor], open/3, pair/2, pk/1, + snd/1[destructor] equations: commit(ni2, fake(ni1, r, sk, ni2), pk(sk)) = commit(ni1, r, pk(sk)), fake(ni2, fake(ni1, r, sk, ni2), sk, ni3) = fake(ni1, r, sk, ni3), @@ -3246,7 +3247,7 @@ analyzing: examples/regression/diff/issue223.spthy analyzed: examples/regression/diff/issue223.spthy output: examples/regression/diff/issue223.spthy.tmp - processing time: 4.892555943s + processing time: 8.343639432s DiffLemma: Observational_equivalence : verified (1082 steps) ------------------------------------------------------------------------------ @@ -3257,7 +3258,7 @@ summary of summaries: analyzed: examples/regression/diff/issue223.spthy output: examples/regression/diff/issue223.spthy.tmp - processing time: 4.892555943s + processing time: 8.343639432s DiffLemma: Observational_equivalence : verified (1082 steps) ============================================================================== diff --git a/case-studies-regression/regression/diff/issue324_analyzed-diff.spthy b/case-studies-regression/regression/diff/issue324_analyzed-diff.spthy index dcfdb5061..82a0d57f1 100644 --- a/case-studies-regression/regression/diff/issue324_analyzed-diff.spthy +++ b/case-studies-regression/regression/diff/issue324_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory Issue324 begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -150,7 +150,7 @@ analyzing: examples/regression/diff/issue324.spthy analyzed: examples/regression/diff/issue324.spthy output: examples/regression/diff/issue324.spthy.tmp - processing time: 0.162790116s + processing time: 0.349644868s DiffLemma: Observational_equivalence : analysis incomplete (47 steps) ------------------------------------------------------------------------------ @@ -161,7 +161,7 @@ summary of summaries: analyzed: examples/regression/diff/issue324.spthy output: examples/regression/diff/issue324.spthy.tmp - processing time: 0.162790116s + processing time: 0.349644868s DiffLemma: Observational_equivalence : analysis incomplete (47 steps) ============================================================================== diff --git a/case-studies-regression/regression/diff/issue331_analyzed-diff.spthy b/case-studies-regression/regression/diff/issue331_analyzed-diff.spthy index c6d8749c4..4cddb5ef9 100644 --- a/case-studies-regression/regression/diff/issue331_analyzed-diff.spthy +++ b/case-studies-regression/regression/diff/issue331_analyzed-diff.spthy @@ -2,7 +2,7 @@ theory Issue331 begin // Function signature and definition of the equational theory E -functions: fst/1, g/2, pair/2, snd/1 +functions: fst/1[destructor], g/2, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -126,7 +126,7 @@ analyzing: examples/regression/diff/issue331.spthy analyzed: examples/regression/diff/issue331.spthy output: examples/regression/diff/issue331.spthy.tmp - processing time: 0.127923275s + processing time: 0.234223253s DiffLemma: Observational_equivalence : verified (37 steps) ------------------------------------------------------------------------------ @@ -137,7 +137,7 @@ summary of summaries: analyzed: examples/regression/diff/issue331.spthy output: examples/regression/diff/issue331.spthy.tmp - processing time: 0.127923275s + processing time: 0.234223253s DiffLemma: Observational_equivalence : verified (37 steps) ============================================================================== diff --git a/case-studies-regression/regression/trace/issue193_analyzed.spthy b/case-studies-regression/regression/trace/issue193_analyzed.spthy index d99adffa6..2de20df90 100644 --- a/case-studies-regression/regression/trace/issue193_analyzed.spthy +++ b/case-studies-regression/regression/trace/issue193_analyzed.spthy @@ -2,8 +2,8 @@ theory RevealingSignatures begin // Function signature and definition of the equational theory E -functions: fst/1, getMessage/1, h/1, h/7, pair/2, pk/1, revealSign/2, - revealVerify/3, snd/1, true/0 +functions: fst/1[destructor], getMessage/1, h/1, h/7, pair/2, pk/1, + revealSign/2, revealVerify/3, snd/1[destructor], true/0 equations: fst() = x.1, getMessage(revealSign(x.1, x.2)) = x.1, @@ -12,6 +12,10 @@ equations: + + + + rule (modulo E) ONE: [ Fr( ~sk ), Fr( ~random ) ] --> @@ -61,6 +65,8 @@ restriction equality: "∀ x y #i. (Equality( x, y ) @ #i) ⇒ (x = y)" // safety formula + + /* All well-formedness checks were successful. */ end @@ -76,7 +82,7 @@ analyzing: examples/regression/trace/issue193.spthy analyzed: examples/regression/trace/issue193.spthy output: examples/regression/trace/issue193.spthy.tmp - processing time: 0.111261397s + processing time: 0.071221552s debug (exists-trace): verified (4 steps) ------------------------------------------------------------------------------ @@ -87,7 +93,7 @@ summary of summaries: analyzed: examples/regression/trace/issue193.spthy output: examples/regression/trace/issue193.spthy.tmp - processing time: 0.111261397s + processing time: 0.071221552s debug (exists-trace): verified (4 steps) ============================================================================== diff --git a/case-studies-regression/regression/trace/issue216_analyzed.spthy b/case-studies-regression/regression/trace/issue216_analyzed.spthy index 7bcfda701..e30ad1e2f 100644 --- a/case-studies-regression/regression/trace/issue216_analyzed.spthy +++ b/case-studies-regression/regression/trace/issue216_analyzed.spthy @@ -2,8 +2,8 @@ theory CTA begin // Function signature and definition of the equational theory E -functions: comb/2, dec/2, enc/2, fst/1, h/1, pair/2, pdec/2, pk/1, - plus/2, snd/1, split/2, transform/1 +functions: comb/2, dec/2, enc/2, fst/1[destructor], h/1, pair/2, pdec/2, + pk/1, plus/2, snd/1[destructor], split/2, transform/1 equations: comb(pdec(c, sk1), pdec(c, sk2)) = dec(c, plus(sk1, sk2)), dec(enc(m, pk(sk)), sk) = m, @@ -4423,6 +4423,24 @@ solve( (∀ #j. (Authenticator( $Auth, enc(n, pk) ) @ #j) ⇒ ¬(#j < #i)) ∥ qed qed + + + + + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -4438,7 +4456,7 @@ analyzing: examples/regression/trace/issue216.spthy analyzed: examples/regression/trace/issue216.spthy output: examples/regression/trace/issue216.spthy.tmp - processing time: 20.295173073s + processing time: 26.482596682s ClientAuth (exists-trace): verified (16 steps) Client_Auth_Both_Responds_Or_Either_Revealed (all-traces): verified (481 steps) Client_Auth_Both_Responds_Or_Both_Revealed_Or_Communication_Compromised (all-traces): verified (882 steps) @@ -4453,7 +4471,7 @@ summary of summaries: analyzed: examples/regression/trace/issue216.spthy output: examples/regression/trace/issue216.spthy.tmp - processing time: 20.295173073s + processing time: 26.482596682s ClientAuth (exists-trace): verified (16 steps) Client_Auth_Both_Responds_Or_Either_Revealed (all-traces): verified (481 steps) Client_Auth_Both_Responds_Or_Both_Revealed_Or_Communication_Compromised (all-traces): verified (882 steps) diff --git a/case-studies-regression/regression/trace/issue310_analyzed.spthy b/case-studies-regression/regression/trace/issue310_analyzed.spthy index a42e0c5ff..41ee9ac82 100644 --- a/case-studies-regression/regression/trace/issue310_analyzed.spthy +++ b/case-studies-regression/regression/trace/issue310_analyzed.spthy @@ -2,7 +2,7 @@ theory parseColors begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -27,7 +27,7 @@ analyzing: examples/regression/trace/issue310.spthy analyzed: examples/regression/trace/issue310.spthy output: examples/regression/trace/issue310.spthy.tmp - processing time: 0.065858957s + processing time: 0.00633036s ------------------------------------------------------------------------------ @@ -38,7 +38,7 @@ summary of summaries: analyzed: examples/regression/trace/issue310.spthy output: examples/regression/trace/issue310.spthy.tmp - processing time: 0.065858957s + processing time: 0.00633036s ============================================================================== diff --git a/case-studies-regression/related_work/AIF_Moedersheim_CCS10/Keyserver_analyzed.spthy b/case-studies-regression/related_work/AIF_Moedersheim_CCS10/Keyserver_analyzed.spthy index daac59ca7..b5cd8d43b 100644 --- a/case-studies-regression/related_work/AIF_Moedersheim_CCS10/Keyserver_analyzed.spthy +++ b/case-studies-regression/related_work/AIF_Moedersheim_CCS10/Keyserver_analyzed.spthy @@ -2,7 +2,8 @@ theory Keyserver begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) SetupServerKey: [ Fr( ~sk ) ] --> @@ -146,7 +149,7 @@ analyzing: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy analyzed: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy output: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy.tmp - processing time: 0.107846356s + processing time: 0.058237036s Knows_Honest_Key_imp_Revoked (all-traces): verified (6 steps) ------------------------------------------------------------------------------ @@ -157,7 +160,7 @@ summary of summaries: analyzed: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy output: examples/related_work/AIF_Moedersheim_CCS10/Keyserver.spthy.tmp - processing time: 0.107846356s + processing time: 0.058237036s Knows_Honest_Key_imp_Revoked (all-traces): verified (6 steps) ============================================================================== diff --git a/case-studies-regression/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing_analyzed.spthy b/case-studies-regression/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing_analyzed.spthy index 8d9887344..7b300fe72 100644 --- a/case-studies-regression/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing_analyzed.spthy +++ b/case-studies-regression/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing_analyzed.spthy @@ -2,8 +2,8 @@ theory StatVerif_GM_Contract_Signing begin // Function signature and definition of the equational theory E -functions: check_getmsg/2, checkpcs/5, convertpcs/2, fst/1, pair/2, - pcs/3, pk/1, sign/2, snd/1, true/0 +functions: check_getmsg/2, checkpcs/5, convertpcs/2, fst/1[destructor], + pair/2, pcs/3, pk/1, sign/2, snd/1[destructor], true/0 equations: check_getmsg(pk(xsk), sign(xsk, xm)) = xm, checkpcs(xc, pk(xsk), ypk, zpk, pcs(sign(xsk, xc), ypk, zpk)) = true, @@ -376,6 +376,20 @@ solve( !TTP( skT ) ▶₁ #i ) qed qed + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -391,7 +405,7 @@ analyzing: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signi analyzed: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing.spthy output: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing.spthy.tmp - processing time: 0.556832061s + processing time: 0.566912329s aborted_and_resolved_exclusive (all-traces): verified (7 steps) aborted_contract_reachable (exists-trace): verified (8 steps) resolved1_contract_reachable (exists-trace): verified (9 steps) @@ -405,7 +419,7 @@ summary of summaries: analyzed: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing.spthy output: examples/related_work/StatVerif_ARR_CSF11/StatVerif_GM_Contract_Signing.spthy.tmp - processing time: 0.556832061s + processing time: 0.566912329s aborted_and_resolved_exclusive (all-traces): verified (7 steps) aborted_contract_reachable (exists-trace): verified (8 steps) resolved1_contract_reachable (exists-trace): verified (9 steps) diff --git a/case-studies-regression/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device_analyzed.spthy b/case-studies-regression/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device_analyzed.spthy index bac9cd5d4..e5ecd08b8 100644 --- a/case-studies-regression/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device_analyzed.spthy +++ b/case-studies-regression/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device_analyzed.spthy @@ -2,7 +2,8 @@ theory StatVerif_Security_Device begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,8 @@ equations: + + rule (modulo E) NewDevice: [ Fr( ~sk ) ] --> @@ -283,7 +286,7 @@ analyzing: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.s analyzed: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.spthy output: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.spthy.tmp - processing time: 0.307022266s + processing time: 0.432554164s types (all-traces): verified (32 steps) reachability_left (exists-trace): verified (5 steps) reachability_right (exists-trace): verified (5 steps) @@ -297,7 +300,7 @@ summary of summaries: analyzed: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.spthy output: examples/related_work/StatVerif_ARR_CSF11/StatVerif_Security_Device.spthy.tmp - processing time: 0.307022266s + processing time: 0.432554164s types (all-traces): verified (32 steps) reachability_left (exists-trace): verified (5 steps) reachability_right (exists-trace): verified (5 steps) diff --git a/case-studies-regression/related_work/TPM_DKRS_CSF11/Envelope_analyzed.spthy b/case-studies-regression/related_work/TPM_DKRS_CSF11/Envelope_analyzed.spthy index 72722639e..9e71be448 100644 --- a/case-studies-regression/related_work/TPM_DKRS_CSF11/Envelope_analyzed.spthy +++ b/case-studies-regression/related_work/TPM_DKRS_CSF11/Envelope_analyzed.spthy @@ -2,8 +2,8 @@ theory TPM_Envelope begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +12,12 @@ equations: + + + + + + rule (modulo E) PCR_Init: [ Fr( ~aik ) ] --[ PCR_Init( ), PCR_Write( 'pcr0' ) ]-> @@ -6140,7 +6146,7 @@ analyzing: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy analyzed: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy output: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy.tmp - processing time: 36.273827228s + processing time: 40.844027965s types (all-traces): verified (13 steps) PCR_Write_charn (all-traces): verified (60 steps) Secret_and_Denied_exclusive (all-traces): verified (1799 steps) @@ -6153,7 +6159,7 @@ summary of summaries: analyzed: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy output: examples/related_work/TPM_DKRS_CSF11/Envelope.spthy.tmp - processing time: 36.273827228s + processing time: 40.844027965s types (all-traces): verified (13 steps) PCR_Write_charn (all-traces): verified (60 steps) Secret_and_Denied_exclusive (all-traces): verified (1799 steps) diff --git a/case-studies-regression/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets_analyzed.spthy b/case-studies-regression/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets_analyzed.spthy index 183615fe2..ddea1428a 100644 --- a/case-studies-regression/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets_analyzed.spthy +++ b/case-studies-regression/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets_analyzed.spthy @@ -2,8 +2,8 @@ theory TPM_Exclusive_Secrets begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, h/1, pair/2, pk/1, sign/2, snd/1, - true/0, verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], h/1, pair/2, + pk/1, sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -12,6 +12,12 @@ equations: + + + + + + rule (modulo E) PCR_Init: [ Fr( ~aik ) ] --[ PCR_Init( 'pcr0', ~aik ), UniqueInit( ) ]-> @@ -613,7 +619,7 @@ analyzing: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy analyzed: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy output: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy.tmp - processing time: 2.400739348s + processing time: 2.880446405s types (all-traces): verified (16 steps) Unbind_PCR_charn (all-traces): verified (26 steps) exclusive_secrets (all-traces): verified (96 steps) @@ -628,7 +634,7 @@ summary of summaries: analyzed: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy output: examples/related_work/TPM_DKRS_CSF11/TPM_Exclusive_Secrets.spthy.tmp - processing time: 2.400739348s + processing time: 2.880446405s types (all-traces): verified (16 steps) Unbind_PCR_charn (all-traces): verified (26 steps) exclusive_secrets (all-traces): verified (96 steps) diff --git a/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_analyzed.spthy b/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_analyzed.spthy index 7b469dc8e..7c011400a 100644 --- a/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_analyzed.spthy +++ b/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_analyzed.spthy @@ -2,7 +2,8 @@ theory Yubikey begin // Function signature and definition of the equational theory E -functions: S/1, fst/1, myzero/0, pair/2, sdec/2, senc/2, snd/1 +functions: S/1, fst/1[destructor], myzero/0, pair/2, sdec/2[destructor], + senc/2, snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -14,6 +15,8 @@ equations: section{* The Yubikey-Protocol *} + + rule (modulo E) InitSucc: [ In( myzero ), In( S(myzero) ) ] --[ Theory( ), IsSucc( myzero, S(myzero) ), IsZero( myzero ) ]-> @@ -202,7 +205,7 @@ next (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ (#t1 < #vr.1) ∥ (#vr.1 = #t1) ) case case_1 - by contradiction /* non-injective facts (#vr,#vr.1,#t1) */ + by contradiction /* cyclic */ next case case_2 solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) @@ -255,7 +258,7 @@ next (∃ #t3. (IsSmaller( S(otc), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ (#t1 < #vr.1) ∥ (#vr.1 = #t1) ) case case_1 - by contradiction /* non-injective facts (#vr,#vr.1,#t1) */ + by contradiction /* cyclic */ next case case_2 solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) @@ -344,7 +347,7 @@ next (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ (#t1 < #vr.1) ∥ (#vr.1 = #t1) ) case case_1 - by contradiction /* non-injective facts (#vr,#vr.1,#t1) */ + by contradiction /* cyclic */ next case case_2 solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) @@ -397,7 +400,7 @@ next (∃ #t3. (IsSmaller( S(y), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ (#t1 < #vr.1) ∥ (#vr.1 = #t1) ) case case_1 - by contradiction /* non-injective facts (#vr,#vr.1,#t1) */ + by contradiction /* cyclic */ next case case_2 solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) @@ -488,18 +491,11 @@ next by sorry /* unannotated */ next case BuyANewYubikey - by contradiction /* non-injective facts (#vr.1,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 - solve( ((#vr.4 < #t1) ∧ - (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ - (#t1 < #vr.4) ) - case case_1 - by contradiction /* non-injective facts (#vr.4,#t1,#t2) */ - next - case case_2 - by contradiction /* from formulas */ - qed + simplify + by contradiction /* from formulas */ next case Server_ReceiveOTP_NewSession_case_2 solve( ((#vr.4 < #t1) ∧ @@ -646,50 +642,43 @@ next by sorry /* unannotated */ next case BuyANewYubikey - by contradiction /* non-injective facts (#vr.1,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 - solve( ((#vr.4 < #t1) ∧ - (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ - (#t1 < #vr.4) ) - case case_1 - by contradiction /* non-injective facts (#vr.4,#t1,#t2) */ - next - case case_2 - solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) - case BuyANewYubikey - solve( !Smaller( S(otc), tc1 ) ▶₃ #t1 ) - case SimpleSmaller - solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) - case BuyANewYubikey - solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) - case SimpleSmaller - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - by contradiction /* from formulas */ - qed + simplify + solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) + case BuyANewYubikey + solve( !Smaller( S(otc), tc1 ) ▶₃ #t1 ) + case SimpleSmaller + solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) + case BuyANewYubikey + solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) + case SimpleSmaller + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + by contradiction /* from formulas */ qed - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) - case BuyANewYubikey - solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) - case SimpleSmaller - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - by contradiction /* from formulas */ - qed + qed + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) + case BuyANewYubikey + solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) + case SimpleSmaller + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + by contradiction /* from formulas */ qed qed qed @@ -912,18 +901,11 @@ next by sorry /* unannotated */ next case BuyANewYubikey - by contradiction /* non-injective facts (#vr.1,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 - solve( ((#vr.4 < #t1) ∧ - (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ - (#t1 < #vr.4) ) - case case_1 - by contradiction /* non-injective facts (#vr.4,#t1,#t2) */ - next - case case_2 - by contradiction /* from formulas */ - qed + simplify + by contradiction /* from formulas */ next case Server_ReceiveOTP_NewSession_case_2 solve( ((#vr.4 < #t1) ∧ @@ -1070,50 +1052,43 @@ next by sorry /* unannotated */ next case BuyANewYubikey - by contradiction /* non-injective facts (#vr.1,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 - solve( ((#vr.4 < #t1) ∧ - (∃ #t3. (IsSmaller( S(myzero), tc1 ) @ #t3) ∧ ¬(last(#t3)))) ∥ - (#t1 < #vr.4) ) - case case_1 - by contradiction /* non-injective facts (#vr.4,#t1,#t2) */ - next - case case_2 - solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) - case BuyANewYubikey - solve( !Smaller( S(y), tc1 ) ▶₃ #t1 ) - case SimpleSmaller - solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) - case BuyANewYubikey - solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) - case SimpleSmaller - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - by contradiction /* from formulas */ - qed + simplify + solve( !SharedKey( ~pid, k ) ▶₂ #t1 ) + case BuyANewYubikey + solve( !Smaller( S(y), tc1 ) ▶₃ #t1 ) + case SimpleSmaller + solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) + case BuyANewYubikey + solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) + case SimpleSmaller + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + by contradiction /* from formulas */ qed - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) - case BuyANewYubikey - solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) - case SimpleSmaller - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_1 - by contradiction /* from formulas */ - next - case ZExtendedSmaller_case_2 - by contradiction /* from formulas */ - qed + qed + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + solve( !SharedKey( ~pid, k.1 ) ▶₂ #t2 ) + case BuyANewYubikey + solve( !Smaller( S(myzero), tc2 ) ▶₃ #t2 ) + case SimpleSmaller + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_1 + by contradiction /* from formulas */ + next + case ZExtendedSmaller_case_2 + by contradiction /* from formulas */ qed qed qed @@ -3780,6 +3755,10 @@ next by contradiction /* from formulas */ qed + + + + /* All well-formedness checks were successful. */ end @@ -3795,9 +3774,9 @@ analyzing: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy.tmp - processing time: 13.011914963s + processing time: 15.349304339s Login_reachable (exists-trace): verified (12 steps) - slightly_weaker_invariant (all-traces): verified (1145 steps) + slightly_weaker_invariant (all-traces): verified (1141 steps) no_replay (all-traces): verified (4 steps) injective_correspondance (all-traces): verified (23 steps) Login_invalidates_smaller_counters (all-traces): verified (4 steps) @@ -3810,9 +3789,9 @@ summary of summaries: analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey.spthy.tmp - processing time: 13.011914963s + processing time: 15.349304339s Login_reachable (exists-trace): verified (12 steps) - slightly_weaker_invariant (all-traces): verified (1145 steps) + slightly_weaker_invariant (all-traces): verified (1141 steps) no_replay (all-traces): verified (4 steps) injective_correspondance (all-traces): verified (23 steps) Login_invalidates_smaller_counters (all-traces): verified (4 steps) diff --git a/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_analyzed.spthy b/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_analyzed.spthy index 7af23c3e7..b47f4b80b 100644 --- a/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_analyzed.spthy +++ b/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_analyzed.spthy @@ -2,9 +2,9 @@ theory YubikeyHSM begin // Function signature and definition of the equational theory E -functions: S/1, demac/2, dexor1/2, dexor2/2, fst/1, keystream/2, - keystream_kh/1, keystream_n/1, mac/2, myzero/0, pair/2, sdec/2, senc/2, - snd/1, xorc/2 +functions: S/1, demac/2, dexor1/2, dexor2/2, fst/1[destructor], + keystream/2, keystream_kh/1, keystream_n/1, mac/2, myzero/0, pair/2, + sdec/2[destructor], senc/2, snd/1[destructor], xorc/2 equations: demac(mac(m, k), k) = m, dexor1(xorc(a, b), a) = b, @@ -21,6 +21,8 @@ equations: section{* The Yubikey-Protocol with a YubiHSM *} + + rule (modulo E) InitSucc: [ In( myzero ), In( S(myzero) ) ] --[ Theory( ), IsSucc( myzero, S(myzero) ), IsZero( myzero ) ]-> @@ -7499,6 +7501,26 @@ next qed qed qed + + + + + + + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ @@ -7515,7 +7537,7 @@ analyzing: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy.tmp - processing time: 26.48113444s + processing time: 36.79725699s adv_can_guess_counter (all-traces): verified (24 steps) otp_decode_does_not_help_adv_use_induction (all-traces): verified (275 steps) neither_k_nor_k2_are_ever_leaked_inv (all-traces): verified (185 steps) @@ -7529,7 +7551,7 @@ summary of summaries: analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM.spthy.tmp - processing time: 26.48113444s + processing time: 36.79725699s adv_can_guess_counter (all-traces): verified (24 steps) otp_decode_does_not_help_adv_use_induction (all-traces): verified (275 steps) neither_k_nor_k2_are_ever_leaked_inv (all-traces): verified (185 steps) diff --git a/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset_analyzed.spthy b/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset_analyzed.spthy index d62df6c39..2cad152a4 100644 --- a/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset_analyzed.spthy +++ b/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset_analyzed.spthy @@ -3,9 +3,9 @@ theory YubikeyHSMmultiset begin // Function signature and definition of the equational theory E builtins: multiset -functions: demac/2, dexor1/2, dexor2/2, fst/1, keystream/2, - keystream_kh/1, keystream_n/1, mac/2, pair/2, sdec/2, senc/2, snd/1, - xorc/2 +functions: demac/2, dexor1/2, dexor2/2, fst/1[destructor], keystream/2, + keystream_kh/1, keystream_n/1, mac/2, pair/2, sdec/2[destructor], senc/2, + snd/1[destructor], xorc/2 equations: demac(mac(m, k), k) = m, dexor1(xorc(a, b), a) = b, @@ -22,6 +22,10 @@ equations: section{* The Yubikey-Protocol with a YubiHSM *} + + + + rule (modulo E) isendHSM: [ In( x ) ] --[ HSMWrite( x ) ]-> [ InHSM( x ) ] @@ -553,7 +557,7 @@ next case case_2 solve( S_Counter( pid, otc2 ) ▶₃ #t2 ) case BuyANewYubikey - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession_case_1 solve( (∀ pid otc1 tc1 otc2 tc2 #t1 #t2. @@ -571,79 +575,79 @@ next solve( ((#vr < #t1) ∧ (∃ z.3. ((otc1+z) = (otc+z.2+z.3)))) ∥ (#t1 < #vr) ∥ (#vr = #t1) ) case case_1_case_01 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_02 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_03 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_04 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_05 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_06 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_07 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_08 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_09 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_10 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_11 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_12 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_13 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_14 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_15 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_16 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_17 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_18 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_19 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_20 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_21 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_22 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_23 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_24 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_25 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_2_case_01 by contradiction /* from formulas */ @@ -744,79 +748,79 @@ next solve( ((#vr < #t1) ∧ (∃ z.3. ((otc1+z) = (otc+z.2+z.3)))) ∥ (#t1 < #vr) ∥ (#vr = #t1) ) case case_1_case_01 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_02 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_03 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_04 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_05 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_06 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_07 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_08 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_09 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_10 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_11 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_12 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_13 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_14 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_15 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_16 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_17 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_18 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_19 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_20 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_21 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_22 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_23 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_24 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_25 - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case case_2_case_01 by contradiction /* from formulas */ @@ -1206,6 +1210,22 @@ solve( (#t1 = #t2) ∥ (#t2 < #t1) ) qed qed + + + + + + + + + + + + + + + + /* All well-formedness checks were successful. */ end @@ -1221,7 +1241,7 @@ analyzing: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multise analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset.spthy.tmp - processing time: 5.152256036s + processing time: 6.31390021s transitivity (all-traces): verified (2 steps) otp_decode_does_not_help_adv_use_induction (all-traces): verified (72 steps) neither_k_nor_k2_are_ever_leaked_inv (all-traces): verified (27 steps) @@ -1238,7 +1258,7 @@ summary of summaries: analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_and_YubiHSM_multiset.spthy.tmp - processing time: 5.152256036s + processing time: 6.31390021s transitivity (all-traces): verified (2 steps) otp_decode_does_not_help_adv_use_induction (all-traces): verified (72 steps) neither_k_nor_k2_are_ever_leaked_inv (all-traces): verified (27 steps) diff --git a/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_multiset_analyzed.spthy b/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_multiset_analyzed.spthy index e3d42d464..2cec7eb63 100644 --- a/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_multiset_analyzed.spthy +++ b/case-studies-regression/related_work/YubiSecure_KS_STM12/Yubikey_multiset_analyzed.spthy @@ -3,7 +3,8 @@ theory YubikeyMultisets begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -15,6 +16,10 @@ equations: section{* The Yubikey-Protocol *} + + + + rule (modulo E) BuyANewYubikey: [ Fr( ~k ), Fr( ~pid ), Fr( ~sid ) ] --[ Protocol( ), Init( ~pid, ~k ), ExtendedInit( ~pid, ~sid, ~k ) ]-> @@ -176,22 +181,22 @@ next solve( ((#vr.7 < #t1) ∧ (∃ z.2. ((otc+z.1+z.2) = ('1'+z)))) ∥ (#t1 < #vr.7) ∥ (#vr.7 = #t1) ) case case_1_case_1 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_2 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_3 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_4 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_5 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_1_case_6 - by contradiction /* non-injective facts (#vr,#vr.7,#t1) */ + by contradiction /* cyclic */ next case case_2_case_01 by contradiction /* from formulas */ @@ -251,805 +256,805 @@ next case Yubikey_PressButton solve( Server( ~pid, ~sid, otc2 ) ▶₀ #t2 ) case BuyANewYubikey - by contradiction /* non-injective facts (#vr,#t1,#t2) */ + by contradiction /* cyclic */ next case Server_ReceiveOTP_NewSession solve( ((#vr.11 < #t1) ∧ (∃ z.3. ((otc.1+z.2+z.3) = (otc+z+z.1)))) ∥ (#t1 < #vr.11) ∥ (#vr.11 = #t1) ) case case_1_case_001 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_002 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_003 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_004 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_005 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_006 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_007 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_008 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_009 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_010 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_011 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_012 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_013 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_014 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_015 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_016 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_017 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_018 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_019 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_020 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_021 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_022 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_023 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_024 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_025 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_026 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_027 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_028 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_029 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_030 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_031 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_032 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_033 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_034 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_035 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_036 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_037 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_038 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_039 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_040 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_041 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_042 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_043 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_044 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_045 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_046 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_047 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_048 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_049 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_050 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_051 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_052 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_053 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_054 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_055 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_056 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_057 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_058 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_059 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_060 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_061 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_062 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_063 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_064 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_065 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_066 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_067 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_068 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_069 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_070 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_071 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_072 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_073 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_074 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_075 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_076 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_077 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_078 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_079 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_080 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_081 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_082 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_083 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_084 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_085 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_086 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_087 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_088 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_089 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_090 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_091 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_092 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_093 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_094 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_095 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_096 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_097 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_098 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_099 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_100 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_101 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_102 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_103 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_104 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_105 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_106 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_107 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_108 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_109 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_110 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_111 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_112 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_113 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_114 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_115 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_116 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_117 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_118 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_119 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_120 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_121 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_122 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_123 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_124 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_125 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_126 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_127 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_128 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_129 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_130 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_131 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_132 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_133 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_134 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_135 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_136 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_137 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_138 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_139 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_140 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_141 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_142 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_143 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_144 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_145 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_146 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_147 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_148 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_149 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_150 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_151 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_152 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_153 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_154 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_155 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_156 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_157 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_158 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_159 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_160 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_161 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_162 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_163 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_164 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_165 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_166 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_167 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_168 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_169 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_170 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_171 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_172 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_173 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_174 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_175 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_176 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_177 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_178 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_179 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_180 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_181 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_182 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_183 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_184 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_185 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_186 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_187 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_188 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_189 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_190 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_191 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_192 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_193 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_194 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_195 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_196 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_197 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_198 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_199 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_200 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_201 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_202 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_203 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_204 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_205 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_206 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_207 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_208 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_209 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_210 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_211 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_212 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_213 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_214 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_215 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_216 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_217 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_218 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_219 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_220 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_221 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_222 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_223 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_224 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_225 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_226 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_227 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_228 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_229 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_230 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_231 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_232 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_233 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_234 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_235 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_236 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_237 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_238 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_239 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_240 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_241 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_242 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_243 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_244 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_245 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_246 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_247 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_248 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_249 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_250 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_251 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_252 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_253 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_254 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_255 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_256 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_257 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_258 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_259 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_260 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_261 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_262 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_263 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_264 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_1_case_265 - by contradiction /* non-injective facts (#vr.11,#t1,#t2) */ + by contradiction /* cyclic */ next case case_2_case_01 by contradiction /* from formulas */ @@ -1502,7 +1507,7 @@ analyzing: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy.tmp - processing time: 21.875310715s + processing time: 21.447285847s transitivity (all-traces): verified (2 steps) Login_reachable (exists-trace): verified (8 steps) slightly_weaker_invariant (all-traces): verified (420 steps) @@ -1518,7 +1523,7 @@ summary of summaries: analyzed: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy output: examples/related_work/YubiSecure_KS_STM12/Yubikey_multiset.spthy.tmp - processing time: 21.875310715s + processing time: 21.447285847s transitivity (all-traces): verified (2 steps) Login_reachable (exists-trace): verified (8 steps) slightly_weaker_invariant (all-traces): verified (420 steps) diff --git a/case-studies-regression/sapic/fast/GJM-contract/contract_analyzed.spthy b/case-studies-regression/sapic/fast/GJM-contract/contract_analyzed.spthy index 10af33a63..f22ae877d 100644 --- a/case-studies-regression/sapic/fast/GJM-contract/contract_analyzed.spthy +++ b/case-studies-regression/sapic/fast/GJM-contract/contract_analyzed.spthy @@ -2,8 +2,9 @@ theory Contract begin // Function signature and definition of the equational theory E -functions: check_getmsg/2, checkpcs/5, convertpcs/2, fakepcs/4, fst/1, - pair/2, pcs/3, pk/1, sign/2, snd/1, true/0, verify/3 +functions: check_getmsg/2, checkpcs/5, convertpcs/2, fakepcs/4, + fst/1[destructor], pair/2, pcs/3, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: check_getmsg(sign(xm, xsk), pk(xsk)) = xm, checkpcs(xc, xpk, pk(ysk), zpk, fakepcs(xpk, ysk, zpk, xc)) = true, @@ -17,6 +18,20 @@ heuristic: p section{* GM Protocol for Contract signing *} + + + + + + + + + + + + + + lemma aborted_and_resolved_exclusive: all-traces "¬(∃ ct #i #j. (AbortCert( ct ) @ #i) ∧ (ResolveCert( ct ) @ #j))" @@ -25,81 +40,87 @@ guarded formula characterizing all counter-examples: "∃ ct #i #j. (AbortCert( ct ) @ #i) ∧ (ResolveCert( ct ) @ #j)" */ simplify -solve( State_111121212111( ct, pk2, sk1, skT ) ▶₀ #i ) - case insignctpkskpksignctpkskpkskskT_0_11112121211 - solve( State_1111212121211( ct, sk1.1, sk2, skT ) ▶₀ #j ) - case insignsignctsksignctskskT_0_111121212121 - solve( !KU( sign(<, sign(, sk1)>, ~n) - ) @ #vk ) +solve( State_111121212111111( signed, signed2, sk1, skT, ct, pk2 + ) ▶₀ #i ) + case ifctpkskpkcheckgetmsgsignedpksk_0_11112121211111 + solve( !Semistate_111121212121( skT ) ▶₀ #j ) + case p_1_111121212 + solve( !KU( sign(, ~n.1) ) @ #vk ) case c_sign - solve( !KU( sign(, ~n.1) ) @ #vk.1 ) + solve( !KU( sign(<, sign(, sk1)>, ~n) + ) @ #vk.1 ) case c_sign - by solve( !KU( ~n ) @ #vk.3 ) + by solve( !KU( ~n.1 ) @ #vk.3 ) next - case outsignconvertpcsskTypcsysigskT_0_1111211111112111 - solve( !KU( pcs(sign(ct, sk1.1), pk(sk2), pk(~n.1)) ) @ #vk.18 ) - case c_pcs - by solve( !KU( ~n ) @ #vk.4 ) - qed - next - case outsignysigconvertpcsskTypcsskT_0_111121211111112111 - solve( !KU( pcs(sign(ct, sk2), pk(sk1.1), pk(~n.1)) ) @ #vk.19 ) - case c_pcs - by solve( !KU( ~n ) @ #vk.4 ) - qed + case unlockct_0_111111111211 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed next - case outsignctpkpkysigskT_0_111111112111 - solve( !KU( sign(, ~n.1) ) @ #vk.1 ) - case c_sign - by solve( !KU( ~n.1 ) @ #vk.12 ) - next - case outsignconvertpcsskTypcsysigskT_0_1111211111112111 - solve( ((#vr.41 < #vr.51) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, ct ) @ #t2) - ∧ - (#vr.41 < #t2) ∧ - (#t2 < #vr.51) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ct ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ct ) @ #t0) - ⇒ - ((#t0 < #vr.41) ∨ (#t0 = #vr.41) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ct ) @ #t0) - ⇒ - ((#t0 < #vr.41) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.51 < #vr.41) ) - case case_1 - by contradiction /* cyclic */ + case unlockct_0_1111211111111211 + solve( !KU( pcs(sign(ct, sk1.1), pk(sk2), pk(~n.1)) ) @ #vk.11 ) + case c_pcs + solve( !KU( sign(<, sign(, sk1)>, ~n) + ) @ #vk.2 ) + case c_sign + by solve( !KU( ~n ) @ #vk.17 ) next - case case_2 - by contradiction /* cyclic */ + case unlockct_0_111111111211 + solve( ((#vr.18 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.2, ct ) @ #t2) + ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.2, ct ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, ct ) @ #t0) + ⇒ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, ct ) @ #t0) + ⇒ + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.29 < #vr.18) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by contradiction /* cyclic */ + qed qed - next - case outsignysigconvertpcsskTypcsskT_0_111121211111112111 - solve( ((#vr.41 < #vr.51) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, ct ) @ #t2) - ∧ - (#vr.41 < #t2) ∧ - (#t2 < #vr.51) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ct ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ct ) @ #t0) - ⇒ - ((#t0 < #vr.41) ∨ (#t0 = #vr.41) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ct ) @ #t0) - ⇒ - ((#t0 < #vr.41) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.51 < #vr.41) ) - case case_1 - by contradiction /* cyclic */ + qed + next + case unlockct_0_111121211111111211 + solve( !KU( pcs(sign(ct, sk2), pk(sk1.1), pk(~n.1)) ) @ #vk.12 ) + case c_pcs + solve( !KU( sign(<, sign(, sk1)>, ~n) + ) @ #vk.2 ) + case c_sign + by solve( !KU( ~n ) @ #vk.17 ) next - case case_2 - by contradiction /* cyclic */ + case unlockct_0_111111111211 + solve( ((#vr.18 < #vr.30) ∧ + (∃ #t2. + (Unlock_2( '2', ~n.2, ct ) @ #t2) + ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.30) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.2, ct ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, ct ) @ #t0) + ⇒ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, ct ) @ #t0) + ⇒ + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.30 < #vr.18) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by contradiction /* cyclic */ + qed qed qed qed @@ -122,11 +143,12 @@ guarded formula characterizing all satisfying traces: (∀ ct #i. (Resolve2( ct ) @ #i) ⇒ ⊥)" */ simplify -solve( State_111121212111( ct, pk2, sk1, skT ) ▶₀ #i ) - case insignctpkskpksignctpkskpkskskT_0_11112121211 +solve( State_111121212111111( signed, signed2, sk1, skT, ct, pk2 + ) ▶₀ #i ) + case ifctpkskpkcheckgetmsgsignedpksk_0_11112121211111 solve( !KU( sign(<, sign(, sk1)>, ~n) ) @ #vk ) - case outsignctpkpkysigskT_0_111111112111 + case unlockct_0_111111111211 solve( !KU( pk(sk1) ) @ #vk.6 ) case c_pk solve( !KU( sign(, sk1) ) @ #vk.9 ) @@ -153,10 +175,10 @@ guarded formula characterizing all satisfying traces: (∀ ct #i. (Resolve2( ct ) @ #i) ⇒ ⊥)" */ simplify -solve( State_1111212121211( ct, sk1, sk2, skT ) ▶₀ #i ) - case insignsignctsksignctskskT_0_111121212121 +solve( !Semistate_111121212121( skT ) ▶₀ #i ) + case p_1_111121212 solve( !KU( sign(, ~n) ) @ #vk ) - case outsignysigconvertpcsskTypcsskT_0_111121211111112111 + case unlockct_0_111121211111111211 solve( !KU( pcs(sign(ct, sk2), pk(sk1), pk(~n)) ) @ #vk.11 ) case c_pcs solve( !KU( pk(sk1) ) @ #vk.7 ) @@ -168,7 +190,7 @@ solve( State_1111212121211( ct, sk1, sk2, skT ) ▶₀ #i ) solve( !KU( sign(ct, sk2) ) @ #vk.12 ) case c_sign solve( !KU( pk(~n) ) @ #vk.13 ) - case outpkskT_0_11 + case p_1_ SOLVED // trace found qed qed @@ -195,10 +217,10 @@ guarded formula characterizing all satisfying traces: (Resolve2( ct1 ) @ #i1) ∧ (Resolve2( ct2 ) @ #i2) ⇒ #i1 = #i2)" */ simplify -solve( State_1111212121211( ct, sk1, sk2, skT ) ▶₀ #i ) - case insignsignctsksignctskskT_0_111121212121 +solve( !Semistate_111121212121( skT ) ▶₀ #i ) + case p_1_111121212 solve( !KU( sign(, ~n) ) @ #vk ) - case outsignconvertpcsskTypcsysigskT_0_1111211111112111 + case unlockct_0_1111211111111211 solve( !KU( pcs(sign(ct, sk1), pk(sk2), pk(~n)) ) @ #vk.10 ) case c_pcs solve( !KU( pk(sk1) ) @ #vk.7 ) @@ -210,7 +232,7 @@ solve( State_1111212121211( ct, sk1, sk2, skT ) ▶₀ #i ) solve( !KU( sign(ct, sk1) ) @ #vk.12 ) case c_sign solve( !KU( pk(~n) ) @ #vk.13 ) - case outpkskT_0_11 + case p_1_ SOLVED // trace found qed qed @@ -221,992 +243,1060 @@ solve( State_1111212121211( ct, sk1, sk2, skT ) ▶₀ #i ) qed qed -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newskT_0_1[color=#ffffff, process="new skT;"]: - [ State_1( ), Fr( skT ) ] --> [ State_11( skT ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) outpkskT_0_11[color=#ffffff, process="out(pk(skT));"]: - [ State_11( skT ) ] --> [ State_111( skT ), Out( pk(skT) ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="!"]: - [ State_111( skT ) ] --> [ !Semistate_1111( skT ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_111[color=#ffffff, process="!"]: - [ !Semistate_1111( skT ) ] --> [ State_1111( skT ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1111[color=#ffffff, process="|"]: - [ State_1111( skT ) ] --> [ State_11111( skT ), State_11112( skT ) ] + + +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) inabortctpkpkysig_0_11111[color=#804046, - process="in(<'abort', ct, pk1, pk2, ysig>);"]: - [ State_11111( skT ), In( <'abort', ct, pk1, pk2, ysig> ) ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( skT.1 ) ] --> - [ State_111111( ct, pk1, pk2, skT, ysig ) ] + [ !Semistate_1111( skT.1 ), Out( pk(skT.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( skT ) ] + --> + [ !Semistate_1111( skT ), Out( pk(skT) ) ] + */ -rule (modulo E) ifcheckgetmsgysigpkctpkpk_0_111111[color=#804046, - process="if check_getmsg(ysig, pk1)="]: - [ State_111111( ct, pk1, pk2, skT, ysig ) ] - --[ Pred_Eq( check_getmsg(ysig, pk1), ) ]-> - [ State_1111111( ct, pk1, pk2, skT, ysig ) ] +rule (modulo E) inabortctpkpkysig_0_111111[color=#804046, + process="in(<'abort', ct.1, pk1.1, pk2.1, ysig.1>);"]: + [ State_111111( skT.1 ), In( <'abort', ct.1, pk1.1, pk2.1, ysig.1> ) ] + --> + [ State_1111111( ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] /* - rule (modulo AC) ifcheckgetmsgysigpkctpkpk_0_111111[color=#804046, - process="if check_getmsg(ysig, pk1)="]: - [ State_111111( ct, pk1, pk2, skT, ysig ) ] - --[ Pred_Eq( z, ) ]-> + rule (modulo AC) inabortctpkpkysig_0_111111[color=#804046, + process="in(<'abort', ct.1, pk1.1, pk2.1, ysig.1>);"]: + [ State_111111( skT ), In( <'abort', ct, pk1, pk2, ysig> ) ] + --> [ State_1111111( ct, pk1, pk2, skT, ysig ) ] - variants (modulo AC) - 1. pk1 = pk1.7 - ysig = ysig.7 - z = check_getmsg(ysig.7, pk1.7) - - 2. pk1 = pk(x.7) - ysig = sign(x.10, x.7) - z = x.10 */ -rule (modulo E) ifcheckgetmsgysigpkctpkpk_1_111111[color=#804046, - process="if check_getmsg(ysig, pk1)="]: - [ State_111111( ct, pk1, pk2, skT, ysig ) ] - --[ Pred_Not_Eq( check_getmsg(ysig, pk1), ) ]-> - [ State_1111112( ct, pk1, pk2, skT, ysig ) ] +rule (modulo E) ifcheckgetmsgysigpkctpkpk_0_1111111[color=#804046, + process="if check_getmsg(ysig.1, pk1.1)="]: + [ State_1111111( ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] + --[ Pred_Eq( check_getmsg(ysig.1, pk1.1), ) ]-> + [ State_11111111( ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] /* - rule (modulo AC) ifcheckgetmsgysigpkctpkpk_1_111111[color=#804046, - process="if check_getmsg(ysig, pk1)="]: - [ State_111111( ct, pk1, pk2, skT, ysig ) ] - --[ Pred_Not_Eq( z, ) ]-> - [ State_1111112( ct, pk1, pk2, skT, ysig ) ] + rule (modulo AC) ifcheckgetmsgysigpkctpkpk_0_1111111[color=#804046, + process="if check_getmsg(ysig.1, pk1.1)="]: + [ State_1111111( ct, pk1, pk2, skT, ysig ) ] + --[ Pred_Eq( z, ) ]-> + [ State_11111111( ct, pk1, pk2, skT, ysig ) ] variants (modulo AC) - 1. pk1 = pk1.7 - ysig = ysig.7 - z = check_getmsg(ysig.7, pk1.7) + 1. pk1 = pk1.8 + ysig = ysig.8 + z = check_getmsg(ysig.8, pk1.8) - 2. pk1 = pk(x.7) - ysig = sign(x.10, x.7) - z = x.10 + 2. pk1 = pk(x.8) + ysig = sign(x.11, x.8) + z = x.11 */ -rule (modulo E) lockct_0_1111111[color=#804046, process="lock ct;"]: - [ State_1111111( ct, pk1, pk2, skT, ysig ), Fr( lock ) ] - --[ Lock_0( '0', lock, ct ), Lock( '0', lock, ct ) ]-> - [ State_11111111( ct, lock, pk1, pk2, skT, ysig ) ] +rule (modulo E) lockct_0_11111111[color=#804046, process="lock ct.1;"]: + [ State_11111111( ct.1, pk1.1, pk2.1, skT.1, ysig.1 ), Fr( lock ) ] + --[ Lock_0( '0', lock, ct.1 ), Lock( '0', lock, ct.1 ) ]-> + [ State_111111111( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupctasstate_0_11111111[color=#804046, - process="lookup ct as state"]: - [ State_11111111( ct, lock, pk1, pk2, skT, ysig ) ] - --[ IsIn( ct, state ) ]-> - [ State_111111111( ct, lock, pk1, pk2, skT, state, ysig ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupctasstate_1_11111111[color=#804046, - process="lookup ct as state"]: - [ State_11111111( ct, lock, pk1, pk2, skT, ysig ) ] - --[ IsNotSet( ct ) ]-> - [ State_111111112( ct, lock, pk1, pk2, skT, ysig ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockct_0_111111111[color=#804046, - process="unlock ct;"]: - [ State_111111111( ct, lock, pk1, pk2, skT, state, ysig ) ] - --[ Unlock_0( '0', lock, ct ), Unlock( '0', lock, ct ) ]-> - [ State_1111111111( ct, lock, pk1, pk2, skT, state, ysig ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111[color=#804046, process="0"]: - [ State_1111111111( ct, lock, pk1, pk2, skT, state, ysig ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertctaborted_0_111111112[color=#804046, - process="insert ct,'aborted';"]: - [ State_111111112( ct, lock, pk1, pk2, skT, ysig ) ] - --[ Insert( ct, 'aborted' ) ]-> - [ State_1111111121( ct, lock, pk1, pk2, skT, ysig ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventAbortct_0_1111111121[color=#804046, - process="event Abort1( ct );"]: - [ State_1111111121( ct, lock, pk1, pk2, skT, ysig ) ] - --[ Abort1( ct ) ]-> - [ State_11111111211( ct, lock, pk1, pk2, skT, ysig ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockct_0_11111111211[color=#804046, - process="unlock ct;"]: - [ State_11111111211( ct, lock, pk1, pk2, skT, ysig ) ] - --[ Unlock_0( '0', lock, ct ), Unlock( '0', lock, ct ) ]-> - [ State_111111112111( ct, lock, pk1, pk2, skT, ysig ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsignctpkpkysigskT_0_111111112111[color=#804046, - process="out(sign(<, ysig>, skT));"]: - [ State_111111112111( ct, lock, pk1, pk2, skT, ysig ) ] - --> - [ - State_1111111121111( ct, lock, pk1, pk2, skT, ysig ), - Out( sign(<, ysig>, skT) ) - ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lockct_0_11111111[color=#804046, process="lock ct.1;"]: + [ State_11111111( ct, pk1, pk2, skT, ysig ), Fr( lock ) ] + --[ Lock_0( '0', lock, ct ), Lock( '0', lock, ct ) ]-> + [ State_111111111( lock, ct, pk1, pk2, skT, ysig ) ] + */ -rule (modulo E) p_0_1111111121111[color=#804046, process="0"]: - [ State_1111111121111( ct, lock, pk1, pk2, skT, ysig ) ] --> [ ] +rule (modulo E) lookupctasstate_0_111111111[color=#804046, + process="lookup ct.1 as state.1"]: + [ State_111111111( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] + --[ IsIn( ct.1, state.1 ) ]-> + [ State_1111111111( lock, ct.1, pk1.1, pk2.1, skT.1, state.1, ysig.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupctasstate_0_111111111[color=#804046, + process="lookup ct.1 as state.1"]: + [ State_111111111( lock, ct, pk1, pk2, skT, ysig ) ] + --[ IsIn( ct, state ) ]-> + [ State_1111111111( lock, ct, pk1, pk2, skT, state, ysig ) ] + */ -rule (modulo E) p_0_1111112[color=#804046, process="0"]: - [ State_1111112( ct, pk1, pk2, skT, ysig ) ] --> [ ] +rule (modulo E) unlockct_0_1111111111[color=#804046, + process="unlock ct.1;"]: + [ State_1111111111( lock, ct.1, pk1.1, pk2.1, skT.1, state.1, ysig.1 ) ] + --[ Unlock_0( '0', lock, ct.1 ), Unlock( '0', lock, ct.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockct_0_1111111111[color=#804046, + process="unlock ct.1;"]: + [ State_1111111111( lock, ct, pk1, pk2, skT, state, ysig ) ] + --[ Unlock_0( '0', lock, ct ), Unlock( '0', lock, ct ) ]-> + [ ] + */ -rule (modulo E) p_0_11112[color=#ffffff, process="!"]: - [ State_11112( skT ) ] --> [ !Semistate_111121( skT ) ] +rule (modulo E) lookupctasstate_1_111111111[color=#804046, + process="lookup ct.1 as state.1"]: + [ State_111111111( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] + --[ IsNotSet( ct.1 ) ]-> + [ State_1111111112( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupctasstate_1_111111111[color=#804046, + process="lookup ct.1 as state.1"]: + [ State_111111111( lock, ct, pk1, pk2, skT, ysig ) ] + --[ IsNotSet( ct ) ]-> + [ State_1111111112( lock, ct, pk1, pk2, skT, ysig ) ] + */ -rule (modulo E) p_1_11112[color=#ffffff, process="!"]: - [ !Semistate_111121( skT ) ] --> [ State_111121( skT ) ] +rule (modulo E) insertctaborted_0_1111111112[color=#804046, + process="insert ct.1,'aborted';"]: + [ State_1111111112( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] + --[ Insert( ct.1, 'aborted' ) ]-> + [ State_11111111121( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertctaborted_0_1111111112[color=#804046, + process="insert ct.1,'aborted';"]: + [ State_1111111112( lock, ct, pk1, pk2, skT, ysig ) ] + --[ Insert( ct, 'aborted' ) ]-> + [ State_11111111121( lock, ct, pk1, pk2, skT, ysig ) ] + */ -rule (modulo E) p_0_111121[color=#ffffff, process="|"]: - [ State_111121( skT ) ] - --> - [ State_1111211( skT ), State_1111212( skT ) ] +rule (modulo E) eventAbortct_0_11111111121[color=#804046, + process="event Abort1( ct.1 );"]: + [ State_11111111121( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] + --[ Abort1( ct.1 ) ]-> + [ State_111111111211( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventAbortct_0_11111111121[color=#804046, + process="event Abort1( ct.1 );"]: + [ State_11111111121( lock, ct, pk1, pk2, skT, ysig ) ] + --[ Abort1( ct ) ]-> + [ State_111111111211( lock, ct, pk1, pk2, skT, ysig ) ] + */ -rule (modulo E) inresolvectpkpkypcsysig_0_1111211[color=#5c8040, - process="in(<'resolve2', ct, pk1, pk2, ypcs1, ysig2>);"]: - [ State_1111211( skT ), In( <'resolve2', ct, pk1, pk2, ypcs1, ysig2> ) ] - --> - [ State_11112111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] +rule (modulo E) unlockct_0_111111111211[color=#804046, + process="unlock ct.1;"]: + [ State_111111111211( lock, ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] + --[ Unlock_0( '0', lock, ct.1 ), Unlock( '0', lock, ct.1 ) ]-> + [ Out( sign(<, ysig.1>, skT.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockct_0_111111111211[color=#804046, + process="unlock ct.1;"]: + [ State_111111111211( lock, ct, pk1, pk2, skT, ysig ) ] + --[ Unlock_0( '0', lock, ct ), Unlock( '0', lock, ct ) ]-> + [ Out( sign(<, ysig>, skT) ) ] + */ -rule (modulo E) ifcheckgetmsgysigpkct_0_11112111[color=#5c8040, - process="if check_getmsg(ysig2, pk2)=ct"]: - [ State_11112111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Eq( check_getmsg(ysig2, pk2), ct ) ]-> - [ State_111121111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] +rule (modulo E) ifcheckgetmsgysigpkctpkpk_1_1111111[color=#804046, + process="if check_getmsg(ysig.1, pk1.1)="]: + [ State_1111111( ct.1, pk1.1, pk2.1, skT.1, ysig.1 ) ] + --[ Pred_Not_Eq( check_getmsg(ysig.1, pk1.1), ) ]-> + [ ] /* - rule (modulo AC) ifcheckgetmsgysigpkct_0_11112111[color=#5c8040, - process="if check_getmsg(ysig2, pk2)=ct"]: - [ State_11112111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Eq( z, ct ) ]-> - [ State_111121111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] + rule (modulo AC) ifcheckgetmsgysigpkctpkpk_1_1111111[color=#804046, + process="if check_getmsg(ysig.1, pk1.1)="]: + [ State_1111111( ct, pk1, pk2, skT, ysig ) ] + --[ Pred_Not_Eq( z, ) ]-> + [ ] variants (modulo AC) - 1. pk2 = pk2.8 - ysig2 = ysig2.8 - z = check_getmsg(ysig2.8, pk2.8) + 1. pk1 = pk1.8 + ysig = ysig.8 + z = check_getmsg(ysig.8, pk1.8) - 2. pk2 = pk(x.8) - ysig2 = sign(x.11, x.8) + 2. pk1 = pk(x.8) + ysig = sign(x.11, x.8) z = x.11 */ -rule (modulo E) ifcheckgetmsgysigpkct_1_11112111[color=#5c8040, - process="if check_getmsg(ysig2, pk2)=ct"]: - [ State_11112111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Not_Eq( check_getmsg(ysig2, pk2), ct ) ]-> - [ State_111121112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] +rule (modulo E) p_1_111[color=#ffffff, process="!"]: + [ !Semistate_1111( skT.1 ) ] + --> + [ !Semistate_111121( skT.1 ), State_111111( skT.1 ) ] /* - rule (modulo AC) ifcheckgetmsgysigpkct_1_11112111[color=#5c8040, - process="if check_getmsg(ysig2, pk2)=ct"]: - [ State_11112111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Not_Eq( z, ct ) ]-> - [ State_111121112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - variants (modulo AC) - 1. pk2 = pk2.8 - ysig2 = ysig2.8 - z = check_getmsg(ysig2.8, pk2.8) - - 2. pk2 = pk(x.8) - ysig2 = sign(x.11, x.8) - z = x.11 + rule (modulo AC) p_1_111[color=#ffffff, process="!"]: + [ !Semistate_1111( skT ) ] + --> + [ !Semistate_111121( skT ), State_111111( skT ) ] */ -rule (modulo E) ifcheckgetmsgconvertpcsskTypcspkct_0_111121111[color=#5c8040, - process="if check_getmsg(convertpcs(skT, ypcs1), pk1)=ct"]: - [ State_111121111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Eq( check_getmsg(convertpcs(skT, ypcs1), pk1), ct ) ]-> - [ State_1111211111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] +rule (modulo E) inresolvectpkpkypcsysig_0_11112111[color=#5c8040, + process="in(<'resolve2', ct.2, pk1.2, pk2.2, ypcs1.1, ysig2.1>);"]: + [ + State_11112111( skT.1 ), + In( <'resolve2', ct.2, pk1.2, pk2.2, ypcs1.1, ysig2.1> ) + ] + --> + [ State_111121111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] /* - rule (modulo AC) ifcheckgetmsgconvertpcsskTypcspkct_0_111121111[color=#5c8040, - process="if check_getmsg(convertpcs(skT, ypcs1), pk1)=ct"]: - [ State_111121111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Eq( z, ct ) ]-> - [ State_1111211111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - variants (modulo AC) - 1. pk1 = pk1.8 - skT = skT.8 - ypcs1 = ypcs1.8 - z = check_getmsg(convertpcs(skT.8, ypcs1.8), pk1.8) - - 2. pk1 = pk1.12 - skT = x.8 - ypcs1 = pcs(sign(x.9, x.10), x.11, pk(x.8)) - z = check_getmsg(sign(x.9, x.10), pk1.12) - - 3. pk1 = pk(x.8) - skT = x.10 - ypcs1 = pcs(sign(x.11, x.8), x.12, pk(x.10)) - z = x.11 + rule (modulo AC) inresolvectpkpkypcsysig_0_11112111[color=#5c8040, + process="in(<'resolve2', ct.2, pk1.2, pk2.2, ypcs1.1, ysig2.1>);"]: + [ State_11112111( skT ), In( <'resolve2', ct, pk1, pk2, ypcs1, ysig2> ) ] + --> + [ State_111121111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] */ -rule (modulo E) ifcheckgetmsgconvertpcsskTypcspkct_1_111121111[color=#5c8040, - process="if check_getmsg(convertpcs(skT, ypcs1), pk1)=ct"]: - [ State_111121111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Not_Eq( check_getmsg(convertpcs(skT, ypcs1), pk1), ct ) ]-> - [ State_1111211112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] +rule (modulo E) ifcheckgetmsgysigpkct_0_111121111[color=#5c8040, + process="if check_getmsg(ysig2.1, pk2.2)=ct.2"]: + [ State_111121111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] + --[ Pred_Eq( check_getmsg(ysig2.1, pk2.2), ct.2 ) ]-> + [ State_1111211111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] /* - rule (modulo AC) ifcheckgetmsgconvertpcsskTypcspkct_1_111121111[color=#5c8040, - process="if check_getmsg(convertpcs(skT, ypcs1), pk1)=ct"]: - [ State_111121111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Not_Eq( z, ct ) ]-> - [ State_1111211112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] + rule (modulo AC) ifcheckgetmsgysigpkct_0_111121111[color=#5c8040, + process="if check_getmsg(ysig2.1, pk2.2)=ct.2"]: + [ State_111121111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] + --[ Pred_Eq( z, ct ) ]-> + [ State_1111211111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] variants (modulo AC) - 1. pk1 = pk1.8 - skT = skT.8 - ypcs1 = ypcs1.8 - z = check_getmsg(convertpcs(skT.8, ypcs1.8), pk1.8) - - 2. pk1 = pk1.12 - skT = x.8 - ypcs1 = pcs(sign(x.9, x.10), x.11, pk(x.8)) - z = check_getmsg(sign(x.9, x.10), pk1.12) + 1. pk2 = pk2.11 + ysig2 = ysig2.10 + z = check_getmsg(ysig2.10, pk2.11) - 3. pk1 = pk(x.8) - skT = x.10 - ypcs1 = pcs(sign(x.11, x.8), x.12, pk(x.10)) - z = x.11 + 2. pk2 = pk(x.11) + ysig2 = sign(x.10, x.11) + z = x.10 */ -rule (modulo E) ifcheckpcsctpkpkpkskTypcstrue_0_1111211111[color=#5c8040, - process="if checkpcs(ct, pk1, pk2, pk(skT), ypcs1)=true"]: - [ State_1111211111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Eq( checkpcs(ct, pk1, pk2, pk(skT), ypcs1), true ) ]-> - [ State_11112111111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] +rule (modulo E) ifcheckgetmsgconvertpcsskTypcspkct_0_1111211111[color=#5c8040, + process="if check_getmsg(convertpcs(skT.1, ypcs1.1), pk1.2)=ct.2"]: + [ State_1111211111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] + --[ Pred_Eq( check_getmsg(convertpcs(skT.1, ypcs1.1), pk1.2), ct.2 ) ]-> + [ State_11112111111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] /* - rule (modulo AC) ifcheckpcsctpkpkpkskTypcstrue_0_1111211111[color=#5c8040, - process="if checkpcs(ct, pk1, pk2, pk(skT), ypcs1)=true"]: - [ State_1111211111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Eq( z, true ) ]-> - [ State_11112111111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] + rule (modulo AC) ifcheckgetmsgconvertpcsskTypcspkct_0_1111211111[color=#5c8040, + process="if check_getmsg(convertpcs(skT.1, ypcs1.1), pk1.2)=ct.2"]: + [ State_1111211111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] + --[ Pred_Eq( z, ct ) ]-> + [ State_11112111111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] variants (modulo AC) - 1. ct = ct.8 - pk1 = pk1.8 - pk2 = pk2.8 - skT = skT.8 - ypcs1 = ypcs1.8 - z = checkpcs(ct.8, pk1.8, pk2.8, pk(skT.8), ypcs1.8) + 1. pk1 = pk1.11 + skT = skT.10 + ypcs1 = ypcs1.10 + z = check_getmsg(convertpcs(skT.10, ypcs1.10), pk1.11) - 2. ct = x.8 - pk1 = x.9 - pk2 = pk(x.10) - skT = x.11 - ypcs1 = fakepcs(x.9, x.10, pk(x.11), x.8) - z = true + 2. pk1 = pk1.15 + skT = x.10 + ypcs1 = pcs(sign(x.11, x.12), x.13, pk(x.10)) + z = check_getmsg(sign(x.11, x.12), pk1.15) - 3. ct = x.8 - pk1 = pk(x.9) - pk2 = x.10 - skT = x.11 - ypcs1 = pcs(sign(x.8, x.9), x.10, pk(x.11)) - z = true + 3. pk1 = pk(x.12) + skT = x.10 + ypcs1 = pcs(sign(x.11, x.12), x.13, pk(x.10)) + z = x.11 */ -rule (modulo E) ifcheckpcsctpkpkpkskTypcstrue_1_1111211111[color=#5c8040, - process="if checkpcs(ct, pk1, pk2, pk(skT), ypcs1)=true"]: - [ State_1111211111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Not_Eq( checkpcs(ct, pk1, pk2, pk(skT), ypcs1), true ) ]-> - [ State_11112111112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] +rule (modulo E) ifcheckpcsctpkpkpkskTypcstrue_0_11112111111[color=#5c8040, + process="if checkpcs(ct.2, pk1.2, pk2.2, pk(skT.1), ypcs1.1)=true"]: + [ State_11112111111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] + --[ Pred_Eq( checkpcs(ct.2, pk1.2, pk2.2, pk(skT.1), ypcs1.1), true ) ]-> + [ State_111121111111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] /* - rule (modulo AC) ifcheckpcsctpkpkpkskTypcstrue_1_1111211111[color=#5c8040, - process="if checkpcs(ct, pk1, pk2, pk(skT), ypcs1)=true"]: - [ State_1111211111( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] - --[ Pred_Not_Eq( z, true ) ]-> - [ State_11112111112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] + rule (modulo AC) ifcheckpcsctpkpkpkskTypcstrue_0_11112111111[color=#5c8040, + process="if checkpcs(ct.2, pk1.2, pk2.2, pk(skT.1), ypcs1.1)=true"]: + [ State_11112111111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] + --[ Pred_Eq( z, true ) ]-> + [ State_111121111111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] variants (modulo AC) - 1. ct = ct.8 - pk1 = pk1.8 - pk2 = pk2.8 - skT = skT.8 - ypcs1 = ypcs1.8 - z = checkpcs(ct.8, pk1.8, pk2.8, pk(skT.8), ypcs1.8) + 1. ct = ct.11 + pk1 = pk1.11 + pk2 = pk2.11 + skT = skT.10 + ypcs1 = ypcs1.10 + z = checkpcs(ct.11, pk1.11, pk2.11, pk(skT.10), ypcs1.10) - 2. ct = x.8 - pk1 = x.9 - pk2 = pk(x.10) - skT = x.11 - ypcs1 = fakepcs(x.9, x.10, pk(x.11), x.8) + 2. ct = x.13 + pk1 = x.11 + pk2 = pk(x.12) + skT = x.10 + ypcs1 = fakepcs(x.11, x.12, pk(x.10), x.13) z = true - 3. ct = x.8 - pk1 = pk(x.9) - pk2 = x.10 - skT = x.11 - ypcs1 = pcs(sign(x.8, x.9), x.10, pk(x.11)) + 3. ct = x.11 + pk1 = pk(x.12) + pk2 = x.13 + skT = x.10 + ypcs1 = pcs(sign(x.11, x.12), x.13, pk(x.10)) z = true */ -rule (modulo E) lockct_0_11112111111[color=#5c8040, process="lock ct;"]: - [ State_11112111111( ct, pk1, pk2, skT, ypcs1, ysig2 ), Fr( lock.1 ) ] - --[ Lock_1( '1', lock.1, ct ), Lock( '1', lock.1, ct ) ]-> - [ State_111121111111( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] +rule (modulo E) lockct_0_111121111111[color=#5c8040, + process="lock ct.2;"]: + [ + State_111121111111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ), + Fr( lock.1 ) + ] + --[ Lock_1( '1', lock.1, ct.2 ), Lock( '1', lock.1, ct.2 ) ]-> + [ + State_1111211111111( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 + ) + ] /* - rule (modulo AC) lockct_0_11112111111[color=#5c8040, process="lock ct;"]: - [ State_11112111111( ct, pk1, pk2, skT, ypcs1, ysig2 ), Fr( lock ) ] + rule (modulo AC) lockct_0_111121111111[color=#5c8040, + process="lock ct.2;"]: + [ State_111121111111( skT, ypcs1, ysig2, ct, pk1, pk2 ), Fr( lock ) ] --[ Lock_1( '1', lock, ct ), Lock( '1', lock, ct ) ]-> - [ State_111121111111( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + [ State_1111211111111( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] */ -rule (modulo E) lookupctasstatus_0_111121111111[color=#5c8040, - process="lookup ct as status"]: - [ State_111121111111( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] - --[ IsIn( ct, status ) ]-> - [ State_1111211111111( ct, pk1, pk2, skT, status, ypcs1, ysig2, lock.1 ) +rule (modulo E) lookupctasstatus_0_1111211111111[color=#5c8040, + process="lookup ct.2 as status.1"]: + [ + State_1111211111111( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 + ) + ] + --[ IsIn( ct.2, status.1 ) ]-> + [ + State_11112111111111( lock.1, skT.1, status.1, ypcs1.1, ysig2.1, ct.2, + pk1.2, pk2.2 + ) ] /* - rule (modulo AC) lookupctasstatus_0_111121111111[color=#5c8040, - process="lookup ct as status"]: - [ State_111121111111( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + rule (modulo AC) lookupctasstatus_0_1111211111111[color=#5c8040, + process="lookup ct.2 as status.1"]: + [ State_1111211111111( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] --[ IsIn( ct, status ) ]-> - [ State_1111211111111( ct, pk1, pk2, skT, status, ypcs1, ysig2, lock ) ] - */ - -rule (modulo E) lookupctasstatus_1_111121111111[color=#5c8040, - process="lookup ct as status"]: - [ State_111121111111( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] - --[ IsNotSet( ct ) ]-> - [ State_1111211111112( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] - - /* - rule (modulo AC) lookupctasstatus_1_111121111111[color=#5c8040, - process="lookup ct as status"]: - [ State_111121111111( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] - --[ IsNotSet( ct ) ]-> - [ State_1111211111112( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + [ State_11112111111111( lock, skT, status, ypcs1, ysig2, ct, pk1, pk2 ) ] */ -rule (modulo E) unlockct_0_1111211111111[color=#5c8040, - process="unlock ct;"]: - [ State_1111211111111( ct, pk1, pk2, skT, status, ypcs1, ysig2, lock.1 ) - ] - --[ Unlock_1( '1', lock.1, ct ), Unlock( '1', lock.1, ct ) ]-> - [ State_11112111111111( ct, pk1, pk2, skT, status, ypcs1, ysig2, lock.1 ) +rule (modulo E) unlockct_0_11112111111111[color=#5c8040, + process="unlock ct.2;"]: + [ + State_11112111111111( lock.1, skT.1, status.1, ypcs1.1, ysig2.1, ct.2, + pk1.2, pk2.2 + ) ] + --[ Unlock_1( '1', lock.1, ct.2 ), Unlock( '1', lock.1, ct.2 ) ]-> + [ ] /* - rule (modulo AC) unlockct_0_1111211111111[color=#5c8040, - process="unlock ct;"]: - [ State_1111211111111( ct, pk1, pk2, skT, status, ypcs1, ysig2, lock ) ] + rule (modulo AC) unlockct_0_11112111111111[color=#5c8040, + process="unlock ct.2;"]: + [ State_11112111111111( lock, skT, status, ypcs1, ysig2, ct, pk1, pk2 ) ] --[ Unlock_1( '1', lock, ct ), Unlock( '1', lock, ct ) ]-> - [ State_11112111111111( ct, pk1, pk2, skT, status, ypcs1, ysig2, lock ) ] + [ ] */ -rule (modulo E) p_0_11112111111111[color=#5c8040, process="0"]: - [ State_11112111111111( ct, pk1, pk2, skT, status, ypcs1, ysig2, lock.1 ) +rule (modulo E) lookupctasstatus_1_1111211111111[color=#5c8040, + process="lookup ct.2 as status.1"]: + [ + State_1111211111111( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 + ) + ] + --[ IsNotSet( ct.2 ) ]-> + [ + State_11112111111112( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 + ) ] - --> - [ ] /* - rule (modulo AC) p_0_11112111111111[color=#5c8040, process="0"]: - [ State_11112111111111( ct, pk1, pk2, skT, status, ypcs1, ysig2, lock ) ] - --> - [ ] + rule (modulo AC) lookupctasstatus_1_1111211111111[color=#5c8040, + process="lookup ct.2 as status.1"]: + [ State_1111211111111( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] + --[ IsNotSet( ct ) ]-> + [ State_11112111111112( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] */ -rule (modulo E) insertctresolved_0_1111211111112[color=#5c8040, - process="insert ct,'resolved2';"]: - [ State_1111211111112( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] - --[ Insert( ct, 'resolved2' ) ]-> - [ State_11112111111121( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] +rule (modulo E) insertctresolved_0_11112111111112[color=#5c8040, + process="insert ct.2,'resolved2';"]: + [ + State_11112111111112( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 + ) + ] + --[ Insert( ct.2, 'resolved2' ) ]-> + [ + State_111121111111121( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, + pk2.2 + ) + ] /* - rule (modulo AC) insertctresolved_0_1111211111112[color=#5c8040, - process="insert ct,'resolved2';"]: - [ State_1111211111112( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + rule (modulo AC) insertctresolved_0_11112111111112[color=#5c8040, + process="insert ct.2,'resolved2';"]: + [ State_11112111111112( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] --[ Insert( ct, 'resolved2' ) ]-> - [ State_11112111111121( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + [ State_111121111111121( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] */ -rule (modulo E) eventResolvect_0_11112111111121[color=#5c8040, - process="event Resolve2( ct );"]: - [ State_11112111111121( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] - --[ Resolve2( ct ) ]-> - [ State_111121111111211( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] +rule (modulo E) eventResolvect_0_111121111111121[color=#5c8040, + process="event Resolve2( ct.2 );"]: + [ + State_111121111111121( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, + pk2.2 + ) + ] + --[ Resolve2( ct.2 ) ]-> + [ + State_1111211111111211( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, + pk2.2 + ) + ] /* - rule (modulo AC) eventResolvect_0_11112111111121[color=#5c8040, - process="event Resolve2( ct );"]: - [ State_11112111111121( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + rule (modulo AC) eventResolvect_0_111121111111121[color=#5c8040, + process="event Resolve2( ct.2 );"]: + [ State_111121111111121( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] --[ Resolve2( ct ) ]-> - [ State_111121111111211( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + [ State_1111211111111211( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] */ -rule (modulo E) unlockct_0_111121111111211[color=#5c8040, - process="unlock ct;"]: - [ State_111121111111211( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] - --[ Unlock_1( '1', lock.1, ct ), Unlock( '1', lock.1, ct ) ]-> - [ State_1111211111112111( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] +rule (modulo E) unlockct_0_1111211111111211[color=#5c8040, + process="unlock ct.2;"]: + [ + State_1111211111111211( lock.1, skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, + pk2.2 + ) + ] + --[ Unlock_1( '1', lock.1, ct.2 ), Unlock( '1', lock.1, ct.2 ) ]-> + [ Out( sign(, skT.1) ) ] /* - rule (modulo AC) unlockct_0_111121111111211[color=#5c8040, - process="unlock ct;"]: - [ State_111121111111211( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + rule (modulo AC) unlockct_0_1111211111111211[color=#5c8040, + process="unlock ct.2;"]: + [ State_1111211111111211( lock, skT, ypcs1, ysig2, ct, pk1, pk2 ) ] --[ Unlock_1( '1', lock, ct ), Unlock( '1', lock, ct ) ]-> - [ State_1111211111112111( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] + [ Out( sign(, skT) ) ] + variants (modulo AC) + 1. skT = skT.12 + ypcs1 = ypcs1.13 + z = convertpcs(skT.12, ypcs1.13) + + 2. skT = skT.15 + ypcs1 = pcs(sign(x.23, x.24), x.25, pk(skT.15)) + z = sign(x.23, x.24) */ -rule (modulo E) outsignconvertpcsskTypcsysigskT_0_1111211111112111[color=#5c8040, - process="out(sign(, skT));"]: - [ State_1111211111112111( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] - --> - [ - State_11112111111121111( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ), - Out( sign(, skT) ) - ] +rule (modulo E) ifcheckpcsctpkpkpkskTypcstrue_1_11112111111[color=#5c8040, + process="if checkpcs(ct.2, pk1.2, pk2.2, pk(skT.1), ypcs1.1)=true"]: + [ State_11112111111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] + --[ Pred_Not_Eq( checkpcs(ct.2, pk1.2, pk2.2, pk(skT.1), ypcs1.1), true ) + ]-> + [ ] /* - rule (modulo AC) outsignconvertpcsskTypcsysigskT_0_1111211111112111[color=#5c8040, - process="out(sign(, skT));"]: - [ State_1111211111112111( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] - --> - [ - State_11112111111121111( ct, pk1, pk2, skT, ypcs1, ysig2, lock ), - Out( sign(, skT) ) - ] + rule (modulo AC) ifcheckpcsctpkpkpkskTypcstrue_1_11112111111[color=#5c8040, + process="if checkpcs(ct.2, pk1.2, pk2.2, pk(skT.1), ypcs1.1)=true"]: + [ State_11112111111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] + --[ Pred_Not_Eq( z, true ) ]-> + [ ] variants (modulo AC) - 1. skT = skT.10 + 1. ct = ct.11 + pk1 = pk1.11 + pk2 = pk2.11 + skT = skT.10 ypcs1 = ypcs1.10 - z = convertpcs(skT.10, ypcs1.10) + z = checkpcs(ct.11, pk1.11, pk2.11, pk(skT.10), ypcs1.10) - 2. skT = x.10 + 2. ct = x.13 + pk1 = x.11 + pk2 = pk(x.12) + skT = x.10 + ypcs1 = fakepcs(x.11, x.12, pk(x.10), x.13) + z = true + + 3. ct = x.11 + pk1 = pk(x.12) + pk2 = x.13 + skT = x.10 ypcs1 = pcs(sign(x.11, x.12), x.13, pk(x.10)) - z = sign(x.11, x.12) + z = true */ -rule (modulo E) p_0_11112111111121111[color=#5c8040, process="0"]: - [ State_11112111111121111( ct, pk1, pk2, skT, ypcs1, ysig2, lock.1 ) ] - --> +rule (modulo E) ifcheckgetmsgconvertpcsskTypcspkct_1_1111211111[color=#5c8040, + process="if check_getmsg(convertpcs(skT.1, ypcs1.1), pk1.2)=ct.2"]: + [ State_1111211111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] + --[ Pred_Not_Eq( check_getmsg(convertpcs(skT.1, ypcs1.1), pk1.2), ct.2 ) + ]-> [ ] /* - rule (modulo AC) p_0_11112111111121111[color=#5c8040, process="0"]: - [ State_11112111111121111( ct, pk1, pk2, skT, ypcs1, ysig2, lock ) ] - --> + rule (modulo AC) ifcheckgetmsgconvertpcsskTypcspkct_1_1111211111[color=#5c8040, + process="if check_getmsg(convertpcs(skT.1, ypcs1.1), pk1.2)=ct.2"]: + [ State_1111211111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] + --[ Pred_Not_Eq( z, ct ) ]-> [ ] + variants (modulo AC) + 1. pk1 = pk1.11 + skT = skT.10 + ypcs1 = ypcs1.10 + z = check_getmsg(convertpcs(skT.10, ypcs1.10), pk1.11) + + 2. pk1 = pk1.15 + skT = x.10 + ypcs1 = pcs(sign(x.11, x.12), x.13, pk(x.10)) + z = check_getmsg(sign(x.11, x.12), pk1.15) + + 3. pk1 = pk(x.12) + skT = x.10 + ypcs1 = pcs(sign(x.11, x.12), x.13, pk(x.10)) + z = x.11 */ -rule (modulo E) p_0_11112111112[color=#5c8040, process="0"]: - [ State_11112111112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111211112[color=#5c8040, process="0"]: - [ State_1111211112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111121112[color=#5c8040, process="0"]: - [ State_111121112( ct, pk1, pk2, skT, ypcs1, ysig2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111212[color=#ffffff, process="!"]: - [ State_1111212( skT ) ] --> [ !Semistate_11112121( skT ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_1111212[color=#ffffff, process="!"]: - [ !Semistate_11112121( skT ) ] --> [ State_11112121( skT ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11112121[color=#ffffff, process="|"]: - [ State_11112121( skT ) ] - --> - [ State_111121211( skT ), State_111121212( skT ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inresolvectpkpkysigypcs_0_111121211[color=#798040, - process="in(<'resolve1', ct, pk1, pk2, ysig1, ypcs2>);"]: - [ State_111121211( skT ), In( <'resolve1', ct, pk1, pk2, ysig1, ypcs2> ) - ] - --> - [ State_1111212111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifcheckgetmsgysigpkct_0_1111212111[color=#798040, - process="if check_getmsg(ysig1, pk1)=ct"]: - [ State_1111212111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Eq( check_getmsg(ysig1, pk1), ct ) ]-> - [ State_11112121111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] +rule (modulo E) ifcheckgetmsgysigpkct_1_111121111[color=#5c8040, + process="if check_getmsg(ysig2.1, pk2.2)=ct.2"]: + [ State_111121111( skT.1, ypcs1.1, ysig2.1, ct.2, pk1.2, pk2.2 ) ] + --[ Pred_Not_Eq( check_getmsg(ysig2.1, pk2.2), ct.2 ) ]-> + [ ] /* - rule (modulo AC) ifcheckgetmsgysigpkct_0_1111212111[color=#798040, - process="if check_getmsg(ysig1, pk1)=ct"]: - [ State_1111212111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Eq( z, ct ) ]-> - [ State_11112121111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] + rule (modulo AC) ifcheckgetmsgysigpkct_1_111121111[color=#5c8040, + process="if check_getmsg(ysig2.1, pk2.2)=ct.2"]: + [ State_111121111( skT, ypcs1, ysig2, ct, pk1, pk2 ) ] + --[ Pred_Not_Eq( z, ct ) ]-> + [ ] variants (modulo AC) - 1. pk1 = pk1.8 - ysig1 = ysig1.8 - z = check_getmsg(ysig1.8, pk1.8) + 1. pk2 = pk2.11 + ysig2 = ysig2.10 + z = check_getmsg(ysig2.10, pk2.11) - 2. pk1 = pk(x.8) - ysig1 = sign(x.12, x.8) - z = x.12 + 2. pk2 = pk(x.11) + ysig2 = sign(x.10, x.11) + z = x.10 */ -rule (modulo E) ifcheckgetmsgysigpkct_1_1111212111[color=#798040, - process="if check_getmsg(ysig1, pk1)=ct"]: - [ State_1111212111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Not_Eq( check_getmsg(ysig1, pk1), ct ) ]-> - [ State_11112121112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] +rule (modulo E) p_1_11112[color=#ffffff, process="!"]: + [ !Semistate_111121( skT.1 ) ] + --> + [ !Semistate_11112121( skT.1 ), State_11112111( skT.1 ) ] /* - rule (modulo AC) ifcheckgetmsgysigpkct_1_1111212111[color=#798040, - process="if check_getmsg(ysig1, pk1)=ct"]: - [ State_1111212111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Not_Eq( z, ct ) ]-> - [ State_11112121112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - variants (modulo AC) - 1. pk1 = pk1.8 - ysig1 = ysig1.8 - z = check_getmsg(ysig1.8, pk1.8) - - 2. pk1 = pk(x.8) - ysig1 = sign(x.12, x.8) - z = x.12 + rule (modulo AC) p_1_11112[color=#ffffff, process="!"]: + [ !Semistate_111121( skT ) ] + --> + [ !Semistate_11112121( skT ), State_11112111( skT ) ] */ -rule (modulo E) ifcheckgetmsgconvertpcsskTypcspkct_0_11112121111[color=#798040, - process="if check_getmsg(convertpcs(skT, ypcs2), pk2)=ct"]: - [ State_11112121111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Eq( check_getmsg(convertpcs(skT, ypcs2), pk2), ct ) ]-> - [ State_111121211111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] +rule (modulo E) inresolvectpkpkysigypcs_0_1111212111[color=#798040, + process="in(<'resolve1', ct.3, pk1.3, pk2.3, ysig1.1, ypcs2.1>);"]: + [ + State_1111212111( skT.1 ), + In( <'resolve1', ct.3, pk1.3, pk2.3, ysig1.1, ypcs2.1> ) + ] + --> + [ State_11112121111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] /* - rule (modulo AC) ifcheckgetmsgconvertpcsskTypcspkct_0_11112121111[color=#798040, - process="if check_getmsg(convertpcs(skT, ypcs2), pk2)=ct"]: - [ State_11112121111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Eq( z, ct ) ]-> - [ State_111121211111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - variants (modulo AC) - 1. pk2 = pk2.8 - skT = skT.8 - ypcs2 = ypcs2.8 - z = check_getmsg(convertpcs(skT.8, ypcs2.8), pk2.8) - - 2. pk2 = pk2.12 - skT = x.8 - ypcs2 = pcs(sign(x.9, x.10), x.11, pk(x.8)) - z = check_getmsg(sign(x.9, x.10), pk2.12) - - 3. pk2 = pk(x.8) - skT = x.9 - ypcs2 = pcs(sign(x.10, x.8), x.11, pk(x.9)) - z = x.10 + rule (modulo AC) inresolvectpkpkysigypcs_0_1111212111[color=#798040, + process="in(<'resolve1', ct.3, pk1.3, pk2.3, ysig1.1, ypcs2.1>);"]: + [ State_1111212111( skT ), In( <'resolve1', ct, pk1, pk2, ysig1, ypcs2> ) + ] + --> + [ State_11112121111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] */ -rule (modulo E) ifcheckgetmsgconvertpcsskTypcspkct_1_11112121111[color=#798040, - process="if check_getmsg(convertpcs(skT, ypcs2), pk2)=ct"]: - [ State_11112121111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Not_Eq( check_getmsg(convertpcs(skT, ypcs2), pk2), ct ) ]-> - [ State_111121211112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] +rule (modulo E) ifcheckgetmsgysigpkct_0_11112121111[color=#798040, + process="if check_getmsg(ysig1.1, pk1.3)=ct.3"]: + [ State_11112121111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] + --[ Pred_Eq( check_getmsg(ysig1.1, pk1.3), ct.3 ) ]-> + [ State_111121211111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] /* - rule (modulo AC) ifcheckgetmsgconvertpcsskTypcspkct_1_11112121111[color=#798040, - process="if check_getmsg(convertpcs(skT, ypcs2), pk2)=ct"]: - [ State_11112121111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Not_Eq( z, ct ) ]-> - [ State_111121211112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] + rule (modulo AC) ifcheckgetmsgysigpkct_0_11112121111[color=#798040, + process="if check_getmsg(ysig1.1, pk1.3)=ct.3"]: + [ State_11112121111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] + --[ Pred_Eq( z, ct ) ]-> + [ State_111121211111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] variants (modulo AC) - 1. pk2 = pk2.8 - skT = skT.8 - ypcs2 = ypcs2.8 - z = check_getmsg(convertpcs(skT.8, ypcs2.8), pk2.8) - - 2. pk2 = pk2.12 - skT = x.8 - ypcs2 = pcs(sign(x.9, x.10), x.11, pk(x.8)) - z = check_getmsg(sign(x.9, x.10), pk2.12) + 1. pk1 = pk1.13 + ysig1 = ysig1.11 + z = check_getmsg(ysig1.11, pk1.13) - 3. pk2 = pk(x.8) - skT = x.9 - ypcs2 = pcs(sign(x.10, x.8), x.11, pk(x.9)) - z = x.10 + 2. pk1 = pk(x.12) + ysig1 = sign(x.11, x.12) + z = x.11 */ -rule (modulo E) ifcheckpcsctpkpkpkskTypcstrue_0_111121211111[color=#798040, - process="if checkpcs(ct, pk2, pk1, pk(skT), ypcs2)=true"]: - [ State_111121211111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Eq( checkpcs(ct, pk2, pk1, pk(skT), ypcs2), true ) ]-> - [ State_1111212111111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] +rule (modulo E) ifcheckgetmsgconvertpcsskTypcspkct_0_111121211111[color=#798040, + process="if check_getmsg(convertpcs(skT.1, ypcs2.1), pk2.3)=ct.3"]: + [ State_111121211111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] + --[ Pred_Eq( check_getmsg(convertpcs(skT.1, ypcs2.1), pk2.3), ct.3 ) ]-> + [ State_1111212111111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] /* - rule (modulo AC) ifcheckpcsctpkpkpkskTypcstrue_0_111121211111[color=#798040, - process="if checkpcs(ct, pk2, pk1, pk(skT), ypcs2)=true"]: - [ State_111121211111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Eq( z, true ) ]-> - [ State_1111212111111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] + rule (modulo AC) ifcheckgetmsgconvertpcsskTypcspkct_0_111121211111[color=#798040, + process="if check_getmsg(convertpcs(skT.1, ypcs2.1), pk2.3)=ct.3"]: + [ State_111121211111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] + --[ Pred_Eq( z, ct ) ]-> + [ State_1111212111111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] variants (modulo AC) - 1. ct = ct.8 - pk1 = pk1.8 - pk2 = pk2.8 - skT = skT.8 - ypcs2 = ypcs2.8 - z = checkpcs(ct.8, pk2.8, pk1.8, pk(skT.8), ypcs2.8) + 1. pk2 = pk2.13 + skT = skT.11 + ypcs2 = ypcs2.11 + z = check_getmsg(convertpcs(skT.11, ypcs2.11), pk2.13) - 2. ct = x.8 - pk1 = x.9 - pk2 = pk(x.10) + 2. pk2 = pk2.17 skT = x.11 - ypcs2 = pcs(sign(x.8, x.10), x.9, pk(x.11)) - z = true + ypcs2 = pcs(sign(x.12, x.13), x.14, pk(x.11)) + z = check_getmsg(sign(x.12, x.13), pk2.17) - 3. ct = x.8 - pk1 = pk(x.9) - pk2 = x.10 + 3. pk2 = pk(x.13) skT = x.11 - ypcs2 = fakepcs(x.10, x.9, pk(x.11), x.8) - z = true + ypcs2 = pcs(sign(x.12, x.13), x.14, pk(x.11)) + z = x.12 */ -rule (modulo E) ifcheckpcsctpkpkpkskTypcstrue_1_111121211111[color=#798040, - process="if checkpcs(ct, pk2, pk1, pk(skT), ypcs2)=true"]: - [ State_111121211111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Not_Eq( checkpcs(ct, pk2, pk1, pk(skT), ypcs2), true ) ]-> - [ State_1111212111112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] +rule (modulo E) ifcheckpcsctpkpkpkskTypcstrue_0_1111212111111[color=#798040, + process="if checkpcs(ct.3, pk2.3, pk1.3, pk(skT.1), ypcs2.1)=true"]: + [ State_1111212111111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] + --[ Pred_Eq( checkpcs(ct.3, pk2.3, pk1.3, pk(skT.1), ypcs2.1), true ) ]-> + [ State_11112121111111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] /* - rule (modulo AC) ifcheckpcsctpkpkpkskTypcstrue_1_111121211111[color=#798040, - process="if checkpcs(ct, pk2, pk1, pk(skT), ypcs2)=true"]: - [ State_111121211111( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] - --[ Pred_Not_Eq( z, true ) ]-> - [ State_1111212111112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] + rule (modulo AC) ifcheckpcsctpkpkpkskTypcstrue_0_1111212111111[color=#798040, + process="if checkpcs(ct.3, pk2.3, pk1.3, pk(skT.1), ypcs2.1)=true"]: + [ State_1111212111111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] + --[ Pred_Eq( z, true ) ]-> + [ State_11112121111111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] variants (modulo AC) - 1. ct = ct.8 - pk1 = pk1.8 - pk2 = pk2.8 - skT = skT.8 - ypcs2 = ypcs2.8 - z = checkpcs(ct.8, pk2.8, pk1.8, pk(skT.8), ypcs2.8) + 1. ct = ct.13 + pk1 = pk1.13 + pk2 = pk2.13 + skT = skT.11 + ypcs2 = ypcs2.11 + z = checkpcs(ct.13, pk2.13, pk1.13, pk(skT.11), ypcs2.11) - 2. ct = x.8 - pk1 = x.9 - pk2 = pk(x.10) + 2. ct = x.14 + pk1 = pk(x.13) + pk2 = x.12 skT = x.11 - ypcs2 = pcs(sign(x.8, x.10), x.9, pk(x.11)) + ypcs2 = fakepcs(x.12, x.13, pk(x.11), x.14) z = true - 3. ct = x.8 - pk1 = pk(x.9) - pk2 = x.10 + 3. ct = x.12 + pk1 = x.14 + pk2 = pk(x.13) skT = x.11 - ypcs2 = fakepcs(x.10, x.9, pk(x.11), x.8) + ypcs2 = pcs(sign(x.12, x.13), x.14, pk(x.11)) z = true */ -rule (modulo E) lockct_0_1111212111111[color=#798040, - process="lock ct;"]: - [ State_1111212111111( ct, pk1, pk2, skT, ypcs2, ysig1 ), Fr( lock.2 ) ] - --[ Lock_2( '2', lock.2, ct ), Lock( '2', lock.2, ct ) ]-> - [ State_11112121111111( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] +rule (modulo E) lockct_0_11112121111111[color=#798040, + process="lock ct.3;"]: + [ + State_11112121111111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ), + Fr( lock.2 ) + ] + --[ Lock_2( '2', lock.2, ct.3 ), Lock( '2', lock.2, ct.3 ) ]-> + [ + State_111121211111111( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) + ] /* - rule (modulo AC) lockct_0_1111212111111[color=#798040, - process="lock ct;"]: - [ State_1111212111111( ct, pk1, pk2, skT, ypcs2, ysig1 ), Fr( lock ) ] + rule (modulo AC) lockct_0_11112121111111[color=#798040, + process="lock ct.3;"]: + [ State_11112121111111( skT, ypcs2, ysig1, ct, pk1, pk2 ), Fr( lock ) ] --[ Lock_2( '2', lock, ct ), Lock( '2', lock, ct ) ]-> - [ State_11112121111111( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] + [ State_111121211111111( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] */ -rule (modulo E) lookupctasstatus_0_11112121111111[color=#798040, - process="lookup ct as status"]: - [ State_11112121111111( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] - --[ IsIn( ct, status ) ]-> +rule (modulo E) lookupctasstatus_0_111121211111111[color=#798040, + process="lookup ct.3 as status.2"]: + [ + State_111121211111111( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) + ] + --[ IsIn( ct.3, status.2 ) ]-> [ - State_111121211111111( ct, pk1, pk2, skT, status, ypcs2, ysig1, lock.2 ) + State_1111212111111111( skT.1, ypcs2.1, ysig1.1, lock.2, status.2, ct.3, + pk1.3, pk2.3 + ) ] /* - rule (modulo AC) lookupctasstatus_0_11112121111111[color=#798040, - process="lookup ct as status"]: - [ State_11112121111111( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] + rule (modulo AC) lookupctasstatus_0_111121211111111[color=#798040, + process="lookup ct.3 as status.2"]: + [ State_111121211111111( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] --[ IsIn( ct, status ) ]-> - [ State_111121211111111( ct, pk1, pk2, skT, status, ypcs2, ysig1, lock ) + [ State_1111212111111111( skT, ypcs2, ysig1, lock, status, ct, pk1, pk2 ) ] */ -rule (modulo E) lookupctasstatus_1_11112121111111[color=#798040, - process="lookup ct as status"]: - [ State_11112121111111( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] - --[ IsNotSet( ct ) ]-> - [ State_111121211111112( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] - - /* - rule (modulo AC) lookupctasstatus_1_11112121111111[color=#798040, - process="lookup ct as status"]: - [ State_11112121111111( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] - --[ IsNotSet( ct ) ]-> - [ State_111121211111112( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] - */ - -rule (modulo E) unlockct_0_111121211111111[color=#798040, - process="unlock ct;"]: - [ - State_111121211111111( ct, pk1, pk2, skT, status, ypcs2, ysig1, lock.2 ) - ] - --[ Unlock_2( '2', lock.2, ct ), Unlock( '2', lock.2, ct ) ]-> +rule (modulo E) unlockct_0_1111212111111111[color=#798040, + process="unlock ct.3;"]: [ - State_1111212111111111( ct, pk1, pk2, skT, status, ypcs2, ysig1, lock.2 ) + State_1111212111111111( skT.1, ypcs2.1, ysig1.1, lock.2, status.2, ct.3, + pk1.3, pk2.3 + ) ] + --[ Unlock_2( '2', lock.2, ct.3 ), Unlock( '2', lock.2, ct.3 ) ]-> + [ ] /* - rule (modulo AC) unlockct_0_111121211111111[color=#798040, - process="unlock ct;"]: - [ State_111121211111111( ct, pk1, pk2, skT, status, ypcs2, ysig1, lock ) + rule (modulo AC) unlockct_0_1111212111111111[color=#798040, + process="unlock ct.3;"]: + [ State_1111212111111111( skT, ypcs2, ysig1, lock, status, ct, pk1, pk2 ) ] --[ Unlock_2( '2', lock, ct ), Unlock( '2', lock, ct ) ]-> - [ State_1111212111111111( ct, pk1, pk2, skT, status, ypcs2, ysig1, lock ) - ] + [ ] */ -rule (modulo E) p_0_1111212111111111[color=#798040, process="0"]: +rule (modulo E) lookupctasstatus_1_111121211111111[color=#798040, + process="lookup ct.3 as status.2"]: [ - State_1111212111111111( ct, pk1, pk2, skT, status, ypcs2, ysig1, lock.2 ) + State_111121211111111( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) + ] + --[ IsNotSet( ct.3 ) ]-> + [ + State_1111212111111112( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) ] - --> - [ ] /* - rule (modulo AC) p_0_1111212111111111[color=#798040, process="0"]: - [ State_1111212111111111( ct, pk1, pk2, skT, status, ypcs2, ysig1, lock ) - ] - --> - [ ] + rule (modulo AC) lookupctasstatus_1_111121211111111[color=#798040, + process="lookup ct.3 as status.2"]: + [ State_111121211111111( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] + --[ IsNotSet( ct ) ]-> + [ State_1111212111111112( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] */ -rule (modulo E) insertctresolved_0_111121211111112[color=#798040, - process="insert ct,'resolved1';"]: - [ State_111121211111112( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] - --[ Insert( ct, 'resolved1' ) ]-> - [ State_1111212111111121( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] +rule (modulo E) insertctresolved_0_1111212111111112[color=#798040, + process="insert ct.3,'resolved1';"]: + [ + State_1111212111111112( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) + ] + --[ Insert( ct.3, 'resolved1' ) ]-> + [ + State_11112121111111121( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) + ] /* - rule (modulo AC) insertctresolved_0_111121211111112[color=#798040, - process="insert ct,'resolved1';"]: - [ State_111121211111112( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] + rule (modulo AC) insertctresolved_0_1111212111111112[color=#798040, + process="insert ct.3,'resolved1';"]: + [ State_1111212111111112( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] --[ Insert( ct, 'resolved1' ) ]-> - [ State_1111212111111121( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] + [ State_11112121111111121( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] */ -rule (modulo E) eventResolvect_0_1111212111111121[color=#798040, - process="event Resolve1( ct );"]: - [ State_1111212111111121( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] - --[ Resolve1( ct ) ]-> - [ State_11112121111111211( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] +rule (modulo E) eventResolvect_0_11112121111111121[color=#798040, + process="event Resolve1( ct.3 );"]: + [ + State_11112121111111121( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) + ] + --[ Resolve1( ct.3 ) ]-> + [ + State_111121211111111211( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) + ] /* - rule (modulo AC) eventResolvect_0_1111212111111121[color=#798040, - process="event Resolve1( ct );"]: - [ State_1111212111111121( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] + rule (modulo AC) eventResolvect_0_11112121111111121[color=#798040, + process="event Resolve1( ct.3 );"]: + [ State_11112121111111121( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] --[ Resolve1( ct ) ]-> - [ State_11112121111111211( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] + [ State_111121211111111211( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] */ -rule (modulo E) unlockct_0_11112121111111211[color=#798040, - process="unlock ct;"]: - [ State_11112121111111211( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] - --[ Unlock_2( '2', lock.2, ct ), Unlock( '2', lock.2, ct ) ]-> - [ State_111121211111112111( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] +rule (modulo E) unlockct_0_111121211111111211[color=#798040, + process="unlock ct.3;"]: + [ + State_111121211111111211( skT.1, ypcs2.1, ysig1.1, lock.2, ct.3, pk1.3, + pk2.3 + ) + ] + --[ Unlock_2( '2', lock.2, ct.3 ), Unlock( '2', lock.2, ct.3 ) ]-> + [ Out( sign(, skT.1) ) ] /* - rule (modulo AC) unlockct_0_11112121111111211[color=#798040, - process="unlock ct;"]: - [ State_11112121111111211( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] + rule (modulo AC) unlockct_0_111121211111111211[color=#798040, + process="unlock ct.3;"]: + [ State_111121211111111211( skT, ypcs2, ysig1, lock, ct, pk1, pk2 ) ] --[ Unlock_2( '2', lock, ct ), Unlock( '2', lock, ct ) ]-> - [ State_111121211111112111( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] + [ Out( sign(, skT) ) ] + variants (modulo AC) + 1. skT = skT.13 + ypcs2 = ypcs2.14 + z = convertpcs(skT.13, ypcs2.14) + + 2. skT = skT.16 + ypcs2 = pcs(sign(x.25, x.26), x.27, pk(skT.16)) + z = sign(x.25, x.26) */ -rule (modulo E) outsignysigconvertpcsskTypcsskT_0_111121211111112111[color=#798040, - process="out(sign(, skT));"]: - [ State_111121211111112111( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] - --> - [ - State_1111212111111121111( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ), - Out( sign(, skT) ) - ] +rule (modulo E) ifcheckpcsctpkpkpkskTypcstrue_1_1111212111111[color=#798040, + process="if checkpcs(ct.3, pk2.3, pk1.3, pk(skT.1), ypcs2.1)=true"]: + [ State_1111212111111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] + --[ Pred_Not_Eq( checkpcs(ct.3, pk2.3, pk1.3, pk(skT.1), ypcs2.1), true ) + ]-> + [ ] /* - rule (modulo AC) outsignysigconvertpcsskTypcsskT_0_111121211111112111[color=#798040, - process="out(sign(, skT));"]: - [ State_111121211111112111( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] - --> - [ - State_1111212111111121111( ct, pk1, pk2, skT, ypcs2, ysig1, lock ), - Out( sign(, skT) ) - ] + rule (modulo AC) ifcheckpcsctpkpkpkskTypcstrue_1_1111212111111[color=#798040, + process="if checkpcs(ct.3, pk2.3, pk1.3, pk(skT.1), ypcs2.1)=true"]: + [ State_1111212111111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] + --[ Pred_Not_Eq( z, true ) ]-> + [ ] variants (modulo AC) - 1. skT = skT.11 + 1. ct = ct.13 + pk1 = pk1.13 + pk2 = pk2.13 + skT = skT.11 ypcs2 = ypcs2.11 - z = convertpcs(skT.11, ypcs2.11) + z = checkpcs(ct.13, pk2.13, pk1.13, pk(skT.11), ypcs2.11) - 2. skT = x.11 + 2. ct = x.14 + pk1 = pk(x.13) + pk2 = x.12 + skT = x.11 + ypcs2 = fakepcs(x.12, x.13, pk(x.11), x.14) + z = true + + 3. ct = x.12 + pk1 = x.14 + pk2 = pk(x.13) + skT = x.11 ypcs2 = pcs(sign(x.12, x.13), x.14, pk(x.11)) - z = sign(x.12, x.13) + z = true */ -rule (modulo E) p_0_1111212111111121111[color=#798040, process="0"]: - [ State_1111212111111121111( ct, pk1, pk2, skT, ypcs2, ysig1, lock.2 ) ] - --> +rule (modulo E) ifcheckgetmsgconvertpcsskTypcspkct_1_111121211111[color=#798040, + process="if check_getmsg(convertpcs(skT.1, ypcs2.1), pk2.3)=ct.3"]: + [ State_111121211111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] + --[ Pred_Not_Eq( check_getmsg(convertpcs(skT.1, ypcs2.1), pk2.3), ct.3 ) + ]-> [ ] /* - rule (modulo AC) p_0_1111212111111121111[color=#798040, process="0"]: - [ State_1111212111111121111( ct, pk1, pk2, skT, ypcs2, ysig1, lock ) ] - --> + rule (modulo AC) ifcheckgetmsgconvertpcsskTypcspkct_1_111121211111[color=#798040, + process="if check_getmsg(convertpcs(skT.1, ypcs2.1), pk2.3)=ct.3"]: + [ State_111121211111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] + --[ Pred_Not_Eq( z, ct ) ]-> [ ] + variants (modulo AC) + 1. pk2 = pk2.13 + skT = skT.11 + ypcs2 = ypcs2.11 + z = check_getmsg(convertpcs(skT.11, ypcs2.11), pk2.13) + + 2. pk2 = pk2.17 + skT = x.11 + ypcs2 = pcs(sign(x.12, x.13), x.14, pk(x.11)) + z = check_getmsg(sign(x.12, x.13), pk2.17) + + 3. pk2 = pk(x.13) + skT = x.11 + ypcs2 = pcs(sign(x.12, x.13), x.14, pk(x.11)) + z = x.12 */ -rule (modulo E) p_0_1111212111112[color=#798040, process="0"]: - [ State_1111212111112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111121211112[color=#798040, process="0"]: - [ State_111121211112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11112121112[color=#798040, process="0"]: - [ State_11112121112( ct, pk1, pk2, skT, ypcs2, ysig1 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111121212[color=#ffffff, process="!"]: - [ State_111121212( skT ) ] --> [ !Semistate_1111212121( skT ) ] +rule (modulo E) ifcheckgetmsgysigpkct_1_11112121111[color=#798040, + process="if check_getmsg(ysig1.1, pk1.3)=ct.3"]: + [ State_11112121111( skT.1, ypcs2.1, ysig1.1, ct.3, pk1.3, pk2.3 ) ] + --[ Pred_Not_Eq( check_getmsg(ysig1.1, pk1.3), ct.3 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifcheckgetmsgysigpkct_1_11112121111[color=#798040, + process="if check_getmsg(ysig1.1, pk1.3)=ct.3"]: + [ State_11112121111( skT, ypcs2, ysig1, ct, pk1, pk2 ) ] + --[ Pred_Not_Eq( z, ct ) ]-> + [ ] + variants (modulo AC) + 1. pk1 = pk1.13 + ysig1 = ysig1.11 + z = check_getmsg(ysig1.11, pk1.13) + + 2. pk1 = pk(x.12) + ysig1 = sign(x.11, x.12) + z = x.11 + */ -rule (modulo E) p_1_111121212[color=#ffffff, process="!"]: - [ !Semistate_1111212121( skT ) ] --> [ State_1111212121( skT ) ] +rule (modulo E) p_1_1111212[color=#ffffff, process="!"]: + [ !Semistate_11112121( skT.1 ) ] + --> + [ !Semistate_1111212121( skT.1 ), State_1111212111( skT.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_1111212[color=#ffffff, process="!"]: + [ !Semistate_11112121( skT ) ] + --> + [ !Semistate_1111212121( skT ), State_1111212111( skT ) ] + */ -rule (modulo E) p_0_1111212121[color=#ffffff, process="|"]: - [ State_1111212121( skT ) ] +rule (modulo E) insigned_0_111121212111[color=#804059, + process="in(signed.1);"]: + [ State_111121212111( skT.1 ), In( signed.1 ) ] --> - [ State_11112121211( skT ), State_11112121212( skT ) ] + [ + Let_11112121211111( check_getmsg(signed.1, pk(skT.1)), signed.1, skT.1 ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insigned_0_111121212111[color=#804059, + process="in(signed.1);"]: + [ State_111121212111( skT ), In( signed ) ] + --> + [ Let_11112121211111( z, signed, skT ) ] + variants (modulo AC) + 1. signed + = signed.5 + skT = skT.5 + z = check_getmsg(signed.5, pk(skT.5)) + + 2. signed + = sign(x.5, x.6) + skT = x.6 + z = x.5 + */ -rule (modulo E) insignctpkskpksignctpkskpkskskT_0_11112121211[color=#804059, - process="in(sign(<, sign(, sk1)>, skT));"]: +rule (modulo E) letctpkskpksignedcheckgetmsgsignedpkskT_1_1111212121111[color=#ffffff, + process="let <, signed2.1>=check_getmsg(signed.1, pk(skT.1))"]: [ - State_11112121211( skT ), - In( sign(<, sign(, sk1)>, skT) ) + Let_11112121211111( <, signed2.1>, signed.1, + skT.1 + ) ] --> - [ State_111121212111( ct, pk2, sk1, skT ) ] + [ State_11112121211111( signed.1, signed2.1, sk1.1, skT.1, ct.4, pk2.4 ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letctpkskpksignedcheckgetmsgsignedpkskT_1_1111212121111[color=#ffffff, + process="let <, signed2.1>=check_getmsg(signed.1, pk(skT.1))"]: + [ Let_11112121211111( <, signed2>, signed, skT ) ] + --> + [ State_11112121211111( signed, signed2, sk1, skT, ct, pk2 ) ] + */ -rule (modulo E) eventAbortCertct_0_111121212111[color=#804059, - process="event AbortCert( ct );"]: - [ State_111121212111( ct, pk2, sk1, skT ) ] - --[ AbortCert( ct ) ]-> - [ State_1111212121111( ct, pk2, sk1, skT ) ] +rule (modulo E) ifctpkskpkcheckgetmsgsignedpksk_0_11112121211111[color=#804059, + process="if =check_getmsg(signed2.1, pk(sk1.1))"]: + [ State_11112121211111( signed.1, signed2.1, sk1.1, skT.1, ct.4, pk2.4 ) + ] + --[ + Pred_Eq( , check_getmsg(signed2.1, pk(sk1.1)) ) + ]-> + [ State_111121212111111( signed.1, signed2.1, sk1.1, skT.1, ct.4, pk2.4 ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifctpkskpkcheckgetmsgsignedpksk_0_11112121211111[color=#804059, + process="if =check_getmsg(signed2.1, pk(sk1.1))"]: + [ State_11112121211111( signed, signed2, sk1, skT, ct, pk2 ) ] + --[ Pred_Eq( , z ) ]-> + [ State_111121212111111( signed, signed2, sk1, skT, ct, pk2 ) ] + variants (modulo AC) + 1. signed2 + = signed2.12 + sk1 = sk1.12 + z = check_getmsg(signed2.12, pk(sk1.12)) + + 2. signed2 + = sign(x.12, x.13) + sk1 = x.13 + z = x.12 + */ -rule (modulo E) p_0_1111212121111[color=#804059, process="0"]: - [ State_1111212121111( ct, pk2, sk1, skT ) ] --> [ ] +rule (modulo E) eventAbortCertct_0_111121212111111[color=#804059, + process="event AbortCert( ct.4 );"]: + [ State_111121212111111( signed.1, signed2.1, sk1.1, skT.1, ct.4, pk2.4 ) + ] + --[ AbortCert( ct.4 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventAbortCertct_0_111121212111111[color=#804059, + process="event AbortCert( ct.4 );"]: + [ State_111121212111111( signed, signed2, sk1, skT, ct, pk2 ) ] + --[ AbortCert( ct ) ]-> + [ ] + */ -rule (modulo E) p_0_11112121212[color=#ffffff, process="!"]: - [ State_11112121212( skT ) ] --> [ !Semistate_111121212121( skT ) ] +rule (modulo E) ifctpkskpkcheckgetmsgsignedpksk_1_11112121211111[color=#804059, + process="if =check_getmsg(signed2.1, pk(sk1.1))"]: + [ State_11112121211111( signed.1, signed2.1, sk1.1, skT.1, ct.4, pk2.4 ) + ] + --[ + Pred_Not_Eq( , check_getmsg(signed2.1, pk(sk1.1)) + ) + ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifctpkskpkcheckgetmsgsignedpksk_1_11112121211111[color=#804059, + process="if =check_getmsg(signed2.1, pk(sk1.1))"]: + [ State_11112121211111( signed, signed2, sk1, skT, ct, pk2 ) ] + --[ Pred_Not_Eq( , z ) ]-> + [ ] + variants (modulo AC) + 1. signed2 + = signed2.12 + sk1 = sk1.12 + z = check_getmsg(signed2.12, pk(sk1.12)) + + 2. signed2 + = sign(x.12, x.13) + sk1 = x.13 + z = x.12 + */ -rule (modulo E) p_1_11112121212[color=#ffffff, process="!"]: - [ !Semistate_111121212121( skT ) ] --> [ State_111121212121( skT ) ] +rule (modulo E) p_1_111121212[color=#ffffff, process="!"]: + [ !Semistate_1111212121( skT.1 ) ] + --> + [ !Semistate_111121212121( skT.1 ), State_111121212111( skT.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_111121212[color=#ffffff, process="!"]: + [ !Semistate_1111212121( skT ) ] + --> + [ !Semistate_111121212121( skT ), State_111121212111( skT ) ] + */ -rule (modulo E) insignsignctsksignctskskT_0_111121212121[color=#40805f, - process="in(sign(, skT));"]: +rule (modulo E) p_1_11112121212[color=#ffffff, process="!"]: [ - State_111121212121( skT ), - In( sign(, skT) ) + !Semistate_111121212121( skT.1 ), + In( sign(, skT.1) ) ] - --> - [ State_1111212121211( ct, sk1, sk2, skT ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventResolveCertct_0_1111212121211[color=#40805f, - process="event ResolveCert( ct );"]: - [ State_1111212121211( ct, sk1, sk2, skT ) ] --[ ResolveCert( ct ) ]-> - [ State_11112121212111( ct, sk1, sk2, skT ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11112121212111[color=#40805f, process="0"]: - [ State_11112121212111( ct, sk1, sk2, skT ) ] --> [ ] + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11112121212[color=#ffffff, process="!"]: + [ + !Semistate_111121212121( skT ), + In( sign(, skT) ) + ] + --[ ResolveCert( ct ) ]-> + [ ] + */ restriction set_in: "∀ x y #t3. @@ -1286,7 +1376,7 @@ restriction locking_2: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -1296,8 +1386,8 @@ analyzing: examples/sapic/fast/GJM-contract/contract.spthy analyzed: examples/sapic/fast/GJM-contract/contract.spthy output: examples/sapic/fast/GJM-contract/contract.spthy.tmp - processing time: 19.439569226s - aborted_and_resolved_exclusive (all-traces): verified (18 steps) + processing time: 7.876769792s + aborted_and_resolved_exclusive (all-traces): verified (19 steps) aborted_contract_reachable (exists-trace): verified (6 steps) resolved1_contract_reachable (exists-trace): verified (10 steps) resolved2_contract_reachable (exists-trace): verified (10 steps) @@ -1310,8 +1400,8 @@ summary of summaries: analyzed: examples/sapic/fast/GJM-contract/contract.spthy output: examples/sapic/fast/GJM-contract/contract.spthy.tmp - processing time: 19.439569226s - aborted_and_resolved_exclusive (all-traces): verified (18 steps) + processing time: 7.876769792s + aborted_and_resolved_exclusive (all-traces): verified (19 steps) aborted_contract_reachable (exists-trace): verified (6 steps) resolved1_contract_reachable (exists-trace): verified (10 steps) resolved2_contract_reachable (exists-trace): verified (10 steps) diff --git a/case-studies-regression/sapic/fast/MoedersheimWebService/set-abstr-lookup_analyzed.spthy b/case-studies-regression/sapic/fast/MoedersheimWebService/set-abstr-lookup_analyzed.spthy index 47ca11365..38f76cef3 100644 --- a/case-studies-regression/sapic/fast/MoedersheimWebService/set-abstr-lookup_analyzed.spthy +++ b/case-studies-regression/sapic/fast/MoedersheimWebService/set-abstr-lookup_analyzed.spthy @@ -2,8 +2,8 @@ theory SetAbst begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -14,6 +14,16 @@ heuristic: p section{* The PKI-example *} + + + + + + + + + + lemma Knows_Honest_Key_imp_Revoked: all-traces "∀ sk #i #d. @@ -25,582 +35,455 @@ guarded formula characterizing all counter-examples: */ simplify solve( HonestKey( sk ) @ #i ) - case eventHonestKeynsk_0_1112111111 - solve( State_1112111111( ~nsk, ~sk, pki, user, lock ) ▶₀ #i ) - case lookupUSERuserassk_0_111211111 + case eventHonestKeynsk_0_11121111111 + solve( State_11121111111( ~nsk, pki, lock, user, ~sk ) ▶₀ #i ) + case lookupUSERuserassk_0_1112111111 solve( !KU( ~nsk ) @ #vk ) - case outsk_0_111211111111111111 + case insignconfirmsignrenewuserpknskskpki_0_11121111111111111 by contradiction /* from formulas */ qed qed next - case eventHonestKeysk_0_11111111 - solve( State_11111111( ~sk, lock, pki, user ) ▶₀ #i ) - case lockSERVERuser_0_1111111 + case eventHonestKeysk_0_111111111 + solve( State_111111111( lock, ~sk, pki, user ) ▶₀ #i ) + case innewuser_0_111111 solve( !KU( ~sk ) @ #vk ) - case outsk_0_111211111111111111 + case insignconfirmsignrenewuserpknskskpki_0_11121111111111111 by contradiction /* from formulas */ qed qed next - case eventHonestKeysk_0_11111111111 - solve( State_11111111111( ~sk, lock, pki, user ) ▶₀ #i ) - case insertUSERusersk_0_1111111111 + case eventHonestKeysk_0_111111111111 + solve( State_111111111111( lock, ~sk, pki, user ) ▶₀ #i ) + case insertUSERusersk_0_11111111111 solve( !KU( ~sk ) @ #vk ) - case outsk_0_111211111111111111 + case insignconfirmsignrenewuserpknskskpki_0_11121111111111111 by contradiction /* from formulas */ qed qed qed -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newpki_0_1[color=#ffffff, process="new pki;"]: - [ State_1( ), Fr( pki ) ] --> [ State_11( pki ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="!"]: - [ State_11( pki ) ] --> [ !Semistate_111( pki ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_11[color=#ffffff, process="!"]: - [ !Semistate_111( pki ) ] --> [ State_111( pki ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( pki ) ] --> [ State_1111( pki ), State_1112( pki ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#806040, process="|"]: - [ State_1111( pki ) ] --> [ State_11111( pki ), State_11112( pki ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) innewuser_0_11111[color=#806040, - process="in(<'new', user>);"]: - [ State_11111( pki ), In( <'new', user> ) ] - --> - [ State_111111( pki, user ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) newsk_0_111111[color=#806040, process="new ~sk;"]: - [ State_111111( pki, user ), Fr( ~sk ) ] - --> - [ State_1111111( ~sk, pki, user ) ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( pki.1 ) ] --> [ !Semistate_111( pki.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( pki ) ] --> [ !Semistate_111( pki ) ] + */ -rule (modulo E) lockSERVERuser_0_1111111[color=#806040, - process="lock <'SERVER', user>;"]: - [ State_1111111( ~sk, pki, user ), Fr( lock ) ] +rule (modulo E) innewuser_0_111111[color=#806040, + process="in(<'new', user.1>);"]: + [ State_111111( pki.1 ), In( <'new', user.1> ), Fr( ~sk.1 ), Fr( lock ) ] --[ - Lock_0( '0', lock, <'SERVER', user> ), - Lock( '0', lock, <'SERVER', user> ) + Lock_0( '0', lock, <'SERVER', user.1> ), + Lock( '0', lock, <'SERVER', user.1> ) ]-> - [ State_11111111( ~sk, lock, pki, user ) ] + [ State_111111111( lock, ~sk.1, pki.1, user.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) innewuser_0_111111[color=#806040, + process="in(<'new', user.1>);"]: + [ State_111111( pki ), In( <'new', user> ), Fr( ~sk ), Fr( lock ) ] + --[ + Lock_0( '0', lock, <'SERVER', user> ), + Lock( '0', lock, <'SERVER', user> ) + ]-> + [ State_111111111( lock, ~sk, pki, user ) ] + */ -rule (modulo E) eventHonestKeysk_0_11111111[color=#806040, - process="event HonestKey( ~sk );"]: - [ State_11111111( ~sk, lock, pki, user ) ] - --[ HonestKey( ~sk ) ]-> - [ State_111111111( ~sk, lock, pki, user ) ] +rule (modulo E) eventHonestKeysk_0_111111111[color=#806040, + process="event HonestKey( ~sk.1 );"]: + [ State_111111111( lock, ~sk.1, pki.1, user.1 ) ] + --[ HonestKey( ~sk.1 ) ]-> + [ State_1111111111( lock, ~sk.1, pki.1, user.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventHonestKeysk_0_111111111[color=#806040, + process="event HonestKey( ~sk.1 );"]: + [ State_111111111( lock, ~sk, pki, user ) ] + --[ HonestKey( ~sk ) ]-> + [ State_1111111111( lock, ~sk, pki, user ) ] + */ -rule (modulo E) insertSERVERpkiuserpksk_0_111111111[color=#806040, - process="insert <'SERVER', pki, user>,pk(~sk);"]: - [ State_111111111( ~sk, lock, pki, user ) ] - --[ Insert( <'SERVER', pki, user>, pk(~sk) ) ]-> - [ State_1111111111( ~sk, lock, pki, user ) ] +rule (modulo E) insertSERVERpkiuserpksk_0_1111111111[color=#806040, + process="insert <'SERVER', pki.1, user.1>,pk(~sk.1);"]: + [ State_1111111111( lock, ~sk.1, pki.1, user.1 ) ] + --[ Insert( <'SERVER', pki.1, user.1>, pk(~sk.1) ) ]-> + [ State_11111111111( lock, ~sk.1, pki.1, user.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertSERVERpkiuserpksk_0_1111111111[color=#806040, + process="insert <'SERVER', pki.1, user.1>,pk(~sk.1);"]: + [ State_1111111111( lock, ~sk, pki, user ) ] + --[ Insert( <'SERVER', pki, user>, pk(~sk) ) ]-> + [ State_11111111111( lock, ~sk, pki, user ) ] + */ -rule (modulo E) insertUSERusersk_0_1111111111[color=#806040, - process="insert <'USER', user>,~sk;"]: - [ State_1111111111( ~sk, lock, pki, user ) ] - --[ Insert( <'USER', user>, ~sk ) ]-> - [ State_11111111111( ~sk, lock, pki, user ) ] +rule (modulo E) insertUSERusersk_0_11111111111[color=#806040, + process="insert <'USER', user.1>,~sk.1;"]: + [ State_11111111111( lock, ~sk.1, pki.1, user.1 ) ] + --[ Insert( <'USER', user.1>, ~sk.1 ) ]-> + [ State_111111111111( lock, ~sk.1, pki.1, user.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertUSERusersk_0_11111111111[color=#806040, + process="insert <'USER', user.1>,~sk.1;"]: + [ State_11111111111( lock, ~sk, pki, user ) ] + --[ Insert( <'USER', user>, ~sk ) ]-> + [ State_111111111111( lock, ~sk, pki, user ) ] + */ -rule (modulo E) eventHonestKeysk_0_11111111111[color=#806040, - process="event HonestKey( ~sk );"]: - [ State_11111111111( ~sk, lock, pki, user ) ] - --[ HonestKey( ~sk ) ]-> - [ State_111111111111( ~sk, lock, pki, user ) ] +rule (modulo E) eventHonestKeysk_0_111111111111[color=#806040, + process="event HonestKey( ~sk.1 );"]: + [ State_111111111111( lock, ~sk.1, pki.1, user.1 ) ] + --[ HonestKey( ~sk.1 ) ]-> + [ State_1111111111111( lock, ~sk.1, pki.1, user.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventHonestKeysk_0_111111111111[color=#806040, + process="event HonestKey( ~sk.1 );"]: + [ State_111111111111( lock, ~sk, pki, user ) ] + --[ HonestKey( ~sk ) ]-> + [ State_1111111111111( lock, ~sk, pki, user ) ] + */ -rule (modulo E) unlockSERVERuser_0_111111111111[color=#806040, - process="unlock <'SERVER', user>;"]: - [ State_111111111111( ~sk, lock, pki, user ) ] +rule (modulo E) unlockSERVERuser_0_1111111111111[color=#806040, + process="unlock <'SERVER', user.1>;"]: + [ State_1111111111111( lock, ~sk.1, pki.1, user.1 ) ] --[ - Unlock_0( '0', lock, <'SERVER', user> ), - Unlock( '0', lock, <'SERVER', user> ) + Unlock_0( '0', lock, <'SERVER', user.1> ), + Unlock( '0', lock, <'SERVER', user.1> ) ]-> - [ State_1111111111111( ~sk, lock, pki, user ) ] + [ Out( pk(~sk.1) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) outpksk_0_1111111111111[color=#806040, - process="out(pk(~sk));"]: - [ State_1111111111111( ~sk, lock, pki, user ) ] - --> - [ State_11111111111111( ~sk, lock, pki, user ), Out( pk(~sk) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111111[color=#806040, process="0"]: - [ State_11111111111111( ~sk, lock, pki, user ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inrenewuserpknsk_0_11112[color=#806040, - process="in(<'renew', user, pk(nsk)>);"]: - [ State_11112( pki ), In( <'renew', user, pk(nsk)> ) ] - --> - [ State_111121( nsk, pki, user ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockSERVERuser_0_1111111111111[color=#806040, + process="unlock <'SERVER', user.1>;"]: + [ State_1111111111111( lock, ~sk, pki, user ) ] + --[ + Unlock_0( '0', lock, <'SERVER', user> ), + Unlock( '0', lock, <'SERVER', user> ) + ]-> + [ Out( pk(~sk) ) ] + */ -rule (modulo E) insignrenewuserpknsksk_0_111121[color=#806040, - process="in(sign(<'renew', user, pk(nsk)>, sk));"]: +rule (modulo E) inrenewuserpknsk_0_111112[color=#806040, + process="in(<'renew', =user, pk(=nsk)>);"]: [ - State_111121( nsk, pki, user ), In( sign(<'renew', user, pk(nsk)>, sk) ) + State_111112( pki.1 ), In( <'renew', user, pk(nsk)> ), + In( sign(<'renew', user, pk(nsk)>, sk.2) ), Fr( lock.1 ) ] - --> - [ State_1111211( nsk, pki, sk, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockSERVERuser_0_1111211[color=#806040, - process="lock <'SERVER', user>;"]: - [ State_1111211( nsk, pki, sk, user ), Fr( lock.1 ) ] --[ Lock_1( '1', lock.1, <'SERVER', user> ), Lock( '1', lock.1, <'SERVER', user> ) ]-> - [ State_11112111( nsk, pki, sk, user, lock.1 ) ] + [ State_111112111( nsk, user, lock.1, pki.1, sk.2 ) ] /* - rule (modulo AC) lockSERVERuser_0_1111211[color=#806040, - process="lock <'SERVER', user>;"]: - [ State_1111211( nsk, pki, sk, user ), Fr( lock ) ] + rule (modulo AC) inrenewuserpknsk_0_111112[color=#806040, + process="in(<'renew', =user, pk(=nsk)>);"]: + [ + State_111112( pki ), In( <'renew', user, pk(nsk)> ), + In( sign(<'renew', user, pk(nsk)>, sk) ), Fr( lock ) + ] --[ Lock_1( '1', lock, <'SERVER', user> ), Lock( '1', lock, <'SERVER', user> ) ]-> - [ State_11112111( nsk, pki, sk, user, lock ) ] + [ State_111112111( nsk, user, lock, pki, sk ) ] */ -rule (modulo E) lookupSERVERpkiuseraspksk_0_11112111[color=#806040, - process="lookup <'SERVER', pki, user> as pksk"]: - [ State_11112111( nsk, pki, sk, user, lock.1 ) ] - --[ IsIn( <'SERVER', pki, user>, pksk ) ]-> - [ State_111121111( nsk, pki, pksk, sk, user, lock.1 ) ] +rule (modulo E) lookupSERVERpkiuseraspksk_0_111112111[color=#806040, + process="lookup <'SERVER', pki.1, user> as pksk.1"]: + [ State_111112111( nsk, user, lock.1, pki.1, sk.2 ) ] + --[ IsIn( <'SERVER', pki.1, user>, pksk.1 ) ]-> + [ State_1111121111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] /* - rule (modulo AC) lookupSERVERpkiuseraspksk_0_11112111[color=#806040, - process="lookup <'SERVER', pki, user> as pksk"]: - [ State_11112111( nsk, pki, sk, user, lock ) ] + rule (modulo AC) lookupSERVERpkiuseraspksk_0_111112111[color=#806040, + process="lookup <'SERVER', pki.1, user> as pksk.1"]: + [ State_111112111( nsk, user, lock, pki, sk ) ] --[ IsIn( <'SERVER', pki, user>, pksk ) ]-> - [ State_111121111( nsk, pki, pksk, sk, user, lock ) ] - */ - -rule (modulo E) lookupSERVERpkiuseraspksk_1_11112111[color=#806040, - process="lookup <'SERVER', pki, user> as pksk"]: - [ State_11112111( nsk, pki, sk, user, lock.1 ) ] - --[ IsNotSet( <'SERVER', pki, user> ) ]-> - [ State_111121112( nsk, pki, sk, user, lock.1 ) ] - - /* - rule (modulo AC) lookupSERVERpkiuseraspksk_1_11112111[color=#806040, - process="lookup <'SERVER', pki, user> as pksk"]: - [ State_11112111( nsk, pki, sk, user, lock ) ] - --[ IsNotSet( <'SERVER', pki, user> ) ]-> - [ State_111121112( nsk, pki, sk, user, lock ) ] + [ State_1111121111( nsk, user, lock, pki, pksk, sk ) ] */ -rule (modulo E) ifpkskpksk_0_111121111[color=#806040, - process="if pksk=pk(sk)"]: - [ State_111121111( nsk, pki, pksk, sk, user, lock.1 ) ] - --[ Pred_Eq( pksk, pk(sk) ) ]-> - [ State_1111211111( nsk, pki, pksk, sk, user, lock.1 ) ] +rule (modulo E) ifpkskpksk_0_1111121111[color=#806040, + process="if pksk.1=pk(sk.2)"]: + [ State_1111121111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] + --[ Pred_Eq( pksk.1, pk(sk.2) ) ]-> + [ State_11111211111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] /* - rule (modulo AC) ifpkskpksk_0_111121111[color=#806040, - process="if pksk=pk(sk)"]: - [ State_111121111( nsk, pki, pksk, sk, user, lock ) ] + rule (modulo AC) ifpkskpksk_0_1111121111[color=#806040, + process="if pksk.1=pk(sk.2)"]: + [ State_1111121111( nsk, user, lock, pki, pksk, sk ) ] --[ Pred_Eq( pksk, pk(sk) ) ]-> - [ State_1111211111( nsk, pki, pksk, sk, user, lock ) ] + [ State_11111211111( nsk, user, lock, pki, pksk, sk ) ] */ -rule (modulo E) ifpkskpksk_1_111121111[color=#806040, - process="if pksk=pk(sk)"]: - [ State_111121111( nsk, pki, pksk, sk, user, lock.1 ) ] - --[ Pred_Not_Eq( pksk, pk(sk) ) ]-> - [ State_1111211112( nsk, pki, pksk, sk, user, lock.1 ) ] +rule (modulo E) deleteSERVERpkiuser_0_11111211111[color=#806040, + process="delete <'SERVER', pki.1, user>;"]: + [ State_11111211111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] + --[ Delete( <'SERVER', pki.1, user> ) ]-> + [ State_111112111111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] /* - rule (modulo AC) ifpkskpksk_1_111121111[color=#806040, - process="if pksk=pk(sk)"]: - [ State_111121111( nsk, pki, pksk, sk, user, lock ) ] - --[ Pred_Not_Eq( pksk, pk(sk) ) ]-> - [ State_1111211112( nsk, pki, pksk, sk, user, lock ) ] - */ - -rule (modulo E) deleteSERVERpkiuser_0_1111211111[color=#806040, - process="delete <'SERVER', pki, user>;"]: - [ State_1111211111( nsk, pki, pksk, sk, user, lock.1 ) ] - --[ Delete( <'SERVER', pki, user> ) ]-> - [ State_11112111111( nsk, pki, pksk, sk, user, lock.1 ) ] - - /* - rule (modulo AC) deleteSERVERpkiuser_0_1111211111[color=#806040, - process="delete <'SERVER', pki, user>;"]: - [ State_1111211111( nsk, pki, pksk, sk, user, lock ) ] + rule (modulo AC) deleteSERVERpkiuser_0_11111211111[color=#806040, + process="delete <'SERVER', pki.1, user>;"]: + [ State_11111211111( nsk, user, lock, pki, pksk, sk ) ] --[ Delete( <'SERVER', pki, user> ) ]-> - [ State_11112111111( nsk, pki, pksk, sk, user, lock ) ] + [ State_111112111111( nsk, user, lock, pki, pksk, sk ) ] */ -rule (modulo E) insertSERVERpkiuserpknsk_0_11112111111[color=#806040, - process="insert <'SERVER', pki, user>,pk(nsk);"]: - [ State_11112111111( nsk, pki, pksk, sk, user, lock.1 ) ] - --[ Insert( <'SERVER', pki, user>, pk(nsk) ) ]-> - [ State_111121111111( nsk, pki, pksk, sk, user, lock.1 ) ] +rule (modulo E) insertSERVERpkiuserpknsk_0_111112111111[color=#806040, + process="insert <'SERVER', pki.1, user>,pk(nsk);"]: + [ State_111112111111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] + --[ Insert( <'SERVER', pki.1, user>, pk(nsk) ) ]-> + [ State_1111121111111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] /* - rule (modulo AC) insertSERVERpkiuserpknsk_0_11112111111[color=#806040, - process="insert <'SERVER', pki, user>,pk(nsk);"]: - [ State_11112111111( nsk, pki, pksk, sk, user, lock ) ] + rule (modulo AC) insertSERVERpkiuserpknsk_0_111112111111[color=#806040, + process="insert <'SERVER', pki.1, user>,pk(nsk);"]: + [ State_111112111111( nsk, user, lock, pki, pksk, sk ) ] --[ Insert( <'SERVER', pki, user>, pk(nsk) ) ]-> - [ State_111121111111( nsk, pki, pksk, sk, user, lock ) ] + [ State_1111121111111( nsk, user, lock, pki, pksk, sk ) ] */ -rule (modulo E) unlockSERVERuser_0_111121111111[color=#806040, - process="unlock <'SERVER', user>;"]: - [ State_111121111111( nsk, pki, pksk, sk, user, lock.1 ) ] +rule (modulo E) unlockSERVERuser_0_1111121111111[color=#806040, + process="unlock <'SERVER', user>;"]: + [ State_1111121111111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] --[ Unlock_1( '1', lock.1, <'SERVER', user> ), Unlock( '1', lock.1, <'SERVER', user> ) ]-> - [ State_1111211111111( nsk, pki, pksk, sk, user, lock.1 ) ] + [ Out( sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk.2)>, pki.1) ) ] /* - rule (modulo AC) unlockSERVERuser_0_111121111111[color=#806040, - process="unlock <'SERVER', user>;"]: - [ State_111121111111( nsk, pki, pksk, sk, user, lock ) ] + rule (modulo AC) unlockSERVERuser_0_1111121111111[color=#806040, + process="unlock <'SERVER', user>;"]: + [ State_1111121111111( nsk, user, lock, pki, pksk, sk ) ] --[ Unlock_1( '1', lock, <'SERVER', user> ), Unlock( '1', lock, <'SERVER', user> ) ]-> - [ State_1111211111111( nsk, pki, pksk, sk, user, lock ) ] + [ Out( sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk)>, pki) ) ] */ -rule (modulo E) outsignconfirmsignrenewuserpknskskpki_0_1111211111111[color=#806040, - process="out(sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk)>, pki));"]: - [ State_1111211111111( nsk, pki, pksk, sk, user, lock.1 ) ] - --> - [ - State_11112111111111( nsk, pki, pksk, sk, user, lock.1 ), - Out( sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk)>, pki) ) - ] +rule (modulo E) ifpkskpksk_1_1111121111[color=#806040, + process="if pksk.1=pk(sk.2)"]: + [ State_1111121111( nsk, user, lock.1, pki.1, pksk.1, sk.2 ) ] + --[ Pred_Not_Eq( pksk.1, pk(sk.2) ) ]-> + [ ] /* - rule (modulo AC) outsignconfirmsignrenewuserpknskskpki_0_1111211111111[color=#806040, - process="out(sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk)>, pki));"]: - [ State_1111211111111( nsk, pki, pksk, sk, user, lock ) ] - --> - [ - State_11112111111111( nsk, pki, pksk, sk, user, lock ), - Out( sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk)>, pki) ) - ] + rule (modulo AC) ifpkskpksk_1_1111121111[color=#806040, + process="if pksk.1=pk(sk.2)"]: + [ State_1111121111( nsk, user, lock, pki, pksk, sk ) ] + --[ Pred_Not_Eq( pksk, pk(sk) ) ]-> + [ ] */ -rule (modulo E) p_0_11112111111111[color=#806040, process="0"]: - [ State_11112111111111( nsk, pki, pksk, sk, user, lock.1 ) ] --> [ ] +rule (modulo E) lookupSERVERpkiuseraspksk_1_111112111[color=#806040, + process="lookup <'SERVER', pki.1, user> as pksk.1"]: + [ State_111112111( nsk, user, lock.1, pki.1, sk.2 ) ] + --[ IsNotSet( <'SERVER', pki.1, user> ) ]-> + [ ] /* - rule (modulo AC) p_0_11112111111111[color=#806040, process="0"]: - [ State_11112111111111( nsk, pki, pksk, sk, user, lock ) ] --> [ ] + rule (modulo AC) lookupSERVERpkiuseraspksk_1_111112111[color=#806040, + process="lookup <'SERVER', pki.1, user> as pksk.1"]: + [ State_111112111( nsk, user, lock, pki, sk ) ] + --[ IsNotSet( <'SERVER', pki, user> ) ]-> + [ ] */ -rule (modulo E) p_0_1111211112[color=#806040, process="0"]: - [ State_1111211112( nsk, pki, pksk, sk, user, lock.1 ) ] --> [ ] +rule (modulo E) p_1_11[color=#ffffff, process="!"]: + [ !Semistate_111( pki.1 ) ] + --> + [ State_111111( pki.1 ), State_111112( pki.1 ), State_1112( pki.1 ) ] /* - rule (modulo AC) p_0_1111211112[color=#806040, process="0"]: - [ State_1111211112( nsk, pki, pksk, sk, user, lock ) ] --> [ ] + rule (modulo AC) p_1_11[color=#ffffff, process="!"]: + [ !Semistate_111( pki ) ] + --> + [ State_111111( pki ), State_111112( pki ), State_1112( pki ) ] */ -rule (modulo E) p_0_111121112[color=#806040, process="0"]: - [ State_111121112( nsk, pki, sk, user, lock.1 ) ] --> [ ] +rule (modulo E) newuser_0_1112[color=#ffffff, process="new user.2;"]: + [ State_1112( pki.1 ), Fr( user.2 ) ] + --> + [ !Semistate_1112111( pki.1, user.2 ), Out( user.2 ) ] /* - rule (modulo AC) p_0_111121112[color=#806040, process="0"]: - [ State_111121112( nsk, pki, sk, user, lock ) ] --> [ ] + rule (modulo AC) newuser_0_1112[color=#ffffff, process="new user.2;"]: + [ State_1112( pki ), Fr( user ) ] + --> + [ !Semistate_1112111( pki, user ), Out( user ) ] */ -rule (modulo E) newuser_0_1112[color=#ffffff, process="new user;"]: - [ State_1112( pki ), Fr( user ) ] --> [ State_11121( pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outuser_0_11121[color=#ffffff, process="out(user);"]: - [ State_11121( pki, user ) ] - --> - [ State_111211( pki, user ), Out( user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111211[color=#ffffff, process="!"]: - [ State_111211( pki, user ) ] --> [ !Semistate_1112111( pki, user ) ] - - /* has exactly the trivial AC variant */ - rule (modulo E) p_1_111211[color=#ffffff, process="!"]: - [ !Semistate_1112111( pki, user ) ] --> [ State_1112111( pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newnsk_0_1112111[color=#518040, process="new ~nsk;"]: - [ State_1112111( pki, user ), Fr( ~nsk ) ] - --> - [ State_11121111( ~nsk, pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockUSERuser_0_11121111[color=#518040, - process="lock <'USER', user>;"]: - [ State_11121111( ~nsk, pki, user ), Fr( lock.2 ) ] + [ !Semistate_1112111( pki.1, user.2 ), Fr( ~nsk.1 ), Fr( lock.2 ) ] --[ - Lock_2( '2', lock.2, <'USER', user> ), - Lock( '2', lock.2, <'USER', user> ) + Lock_2( '2', lock.2, <'USER', user.2> ), + Lock( '2', lock.2, <'USER', user.2> ) ]-> - [ State_111211111( ~nsk, pki, user, lock.2 ) ] + [ State_1112111111( ~nsk.1, pki.1, lock.2, user.2 ) ] /* - rule (modulo AC) lockUSERuser_0_11121111[color=#518040, - process="lock <'USER', user>;"]: - [ State_11121111( ~nsk, pki, user ), Fr( lock ) ] + rule (modulo AC) p_1_111211[color=#ffffff, process="!"]: + [ !Semistate_1112111( pki, user ), Fr( ~nsk ), Fr( lock ) ] --[ Lock_2( '2', lock, <'USER', user> ), Lock( '2', lock, <'USER', user> ) ]-> - [ State_111211111( ~nsk, pki, user, lock ) ] + [ State_1112111111( ~nsk, pki, lock, user ) ] */ -rule (modulo E) lookupUSERuserassk_0_111211111[color=#518040, - process="lookup <'USER', user> as ~sk"]: - [ State_111211111( ~nsk, pki, user, lock.2 ) ] - --[ IsIn( <'USER', user>, ~sk ) ]-> - [ State_1112111111( ~nsk, ~sk, pki, user, lock.2 ) ] +rule (modulo E) lookupUSERuserassk_0_1112111111[color=#518040, + process="lookup <'USER', user.2> as ~sk.3"]: + [ State_1112111111( ~nsk.1, pki.1, lock.2, user.2 ) ] + --[ IsIn( <'USER', user.2>, ~sk.3 ) ]-> + [ State_11121111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] /* - rule (modulo AC) lookupUSERuserassk_0_111211111[color=#518040, - process="lookup <'USER', user> as ~sk"]: - [ State_111211111( ~nsk, pki, user, lock ) ] + rule (modulo AC) lookupUSERuserassk_0_1112111111[color=#518040, + process="lookup <'USER', user.2> as ~sk.3"]: + [ State_1112111111( ~nsk, pki, lock, user ) ] --[ IsIn( <'USER', user>, ~sk ) ]-> - [ State_1112111111( ~nsk, ~sk, pki, user, lock ) ] - */ - -rule (modulo E) lookupUSERuserassk_1_111211111[color=#518040, - process="lookup <'USER', user> as ~sk"]: - [ State_111211111( ~nsk, pki, user, lock.2 ) ] - --[ IsNotSet( <'USER', user> ) ]-> - [ State_1112111112( ~nsk, pki, user, lock.2 ) ] - - /* - rule (modulo AC) lookupUSERuserassk_1_111211111[color=#518040, - process="lookup <'USER', user> as ~sk"]: - [ State_111211111( ~nsk, pki, user, lock ) ] - --[ IsNotSet( <'USER', user> ) ]-> - [ State_1112111112( ~nsk, pki, user, lock ) ] + [ State_11121111111( ~nsk, pki, lock, user, ~sk ) ] */ -rule (modulo E) eventHonestKeynsk_0_1112111111[color=#518040, - process="event HonestKey( ~nsk );"]: - [ State_1112111111( ~nsk, ~sk, pki, user, lock.2 ) ] - --[ HonestKey( ~nsk ) ]-> - [ State_11121111111( ~nsk, ~sk, pki, user, lock.2 ) ] +rule (modulo E) eventHonestKeynsk_0_11121111111[color=#518040, + process="event HonestKey( ~nsk.1 );"]: + [ State_11121111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] + --[ HonestKey( ~nsk.1 ) ]-> + [ State_111211111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] /* - rule (modulo AC) eventHonestKeynsk_0_1112111111[color=#518040, - process="event HonestKey( ~nsk );"]: - [ State_1112111111( ~nsk, ~sk, pki, user, lock ) ] + rule (modulo AC) eventHonestKeynsk_0_11121111111[color=#518040, + process="event HonestKey( ~nsk.1 );"]: + [ State_11121111111( ~nsk, pki, lock, user, ~sk ) ] --[ HonestKey( ~nsk ) ]-> - [ State_11121111111( ~nsk, ~sk, pki, user, lock ) ] + [ State_111211111111( ~nsk, pki, lock, user, ~sk ) ] */ -rule (modulo E) deleteUSERuser_0_11121111111[color=#518040, - process="delete <'USER', user>;"]: - [ State_11121111111( ~nsk, ~sk, pki, user, lock.2 ) ] - --[ Delete( <'USER', user> ) ]-> - [ State_111211111111( ~nsk, ~sk, pki, user, lock.2 ) ] +rule (modulo E) deleteUSERuser_0_111211111111[color=#518040, + process="delete <'USER', user.2>;"]: + [ State_111211111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] + --[ Delete( <'USER', user.2> ) ]-> + [ State_1112111111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] /* - rule (modulo AC) deleteUSERuser_0_11121111111[color=#518040, - process="delete <'USER', user>;"]: - [ State_11121111111( ~nsk, ~sk, pki, user, lock ) ] + rule (modulo AC) deleteUSERuser_0_111211111111[color=#518040, + process="delete <'USER', user.2>;"]: + [ State_111211111111( ~nsk, pki, lock, user, ~sk ) ] --[ Delete( <'USER', user> ) ]-> - [ State_111211111111( ~nsk, ~sk, pki, user, lock ) ] + [ State_1112111111111( ~nsk, pki, lock, user, ~sk ) ] */ -rule (modulo E) insertUSERusernsk_0_111211111111[color=#518040, - process="insert <'USER', user>,~nsk;"]: - [ State_111211111111( ~nsk, ~sk, pki, user, lock.2 ) ] - --[ Insert( <'USER', user>, ~nsk ) ]-> - [ State_1112111111111( ~nsk, ~sk, pki, user, lock.2 ) ] +rule (modulo E) insertUSERusernsk_0_1112111111111[color=#518040, + process="insert <'USER', user.2>,~nsk.1;"]: + [ State_1112111111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] + --[ Insert( <'USER', user.2>, ~nsk.1 ) ]-> + [ State_11121111111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] /* - rule (modulo AC) insertUSERusernsk_0_111211111111[color=#518040, - process="insert <'USER', user>,~nsk;"]: - [ State_111211111111( ~nsk, ~sk, pki, user, lock ) ] + rule (modulo AC) insertUSERusernsk_0_1112111111111[color=#518040, + process="insert <'USER', user.2>,~nsk.1;"]: + [ State_1112111111111( ~nsk, pki, lock, user, ~sk ) ] --[ Insert( <'USER', user>, ~nsk ) ]-> - [ State_1112111111111( ~nsk, ~sk, pki, user, lock ) ] + [ State_11121111111111( ~nsk, pki, lock, user, ~sk ) ] */ -rule (modulo E) unlockUSERuser_0_1112111111111[color=#518040, - process="unlock <'USER', user>;"]: - [ State_1112111111111( ~nsk, ~sk, pki, user, lock.2 ) ] +rule (modulo E) unlockUSERuser_0_11121111111111[color=#518040, + process="unlock <'USER', user.2>;"]: + [ State_11121111111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] --[ - Unlock_2( '2', lock.2, <'USER', user> ), - Unlock( '2', lock.2, <'USER', user> ) + Unlock_2( '2', lock.2, <'USER', user.2> ), + Unlock( '2', lock.2, <'USER', user.2> ) ]-> - [ State_11121111111111( ~nsk, ~sk, pki, user, lock.2 ) ] + [ + State_1112111111111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ), + Out( <'renew', user.2, pk(~nsk.1)> ) + ] /* - rule (modulo AC) unlockUSERuser_0_1112111111111[color=#518040, - process="unlock <'USER', user>;"]: - [ State_1112111111111( ~nsk, ~sk, pki, user, lock ) ] + rule (modulo AC) unlockUSERuser_0_11121111111111[color=#518040, + process="unlock <'USER', user.2>;"]: + [ State_11121111111111( ~nsk, pki, lock, user, ~sk ) ] --[ Unlock_2( '2', lock, <'USER', user> ), Unlock( '2', lock, <'USER', user> ) ]-> - [ State_11121111111111( ~nsk, ~sk, pki, user, lock ) ] - */ - -rule (modulo E) outrenewuserpknsk_0_11121111111111[color=#518040, - process="out(<'renew', user, pk(~nsk)>);"]: - [ State_11121111111111( ~nsk, ~sk, pki, user, lock.2 ) ] - --> - [ - State_111211111111111( ~nsk, ~sk, pki, user, lock.2 ), - Out( <'renew', user, pk(~nsk)> ) - ] - - /* - rule (modulo AC) outrenewuserpknsk_0_11121111111111[color=#518040, - process="out(<'renew', user, pk(~nsk)>);"]: - [ State_11121111111111( ~nsk, ~sk, pki, user, lock ) ] - --> [ - State_111211111111111( ~nsk, ~sk, pki, user, lock ), + State_1112111111111111( ~nsk, pki, lock, user, ~sk ), Out( <'renew', user, pk(~nsk)> ) ] */ -rule (modulo E) outsignrenewuserpknsksk_0_111211111111111[color=#518040, - process="out(sign(<'renew', user, pk(~nsk)>, ~sk));"]: - [ State_111211111111111( ~nsk, ~sk, pki, user, lock.2 ) ] +rule (modulo E) outsignrenewuserpknsksk_0_1112111111111111[color=#518040, + process="out(sign(<'renew', user.2, pk(~nsk.1)>, ~sk.3));"]: + [ State_1112111111111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ) ] --> [ - State_1112111111111111( ~nsk, ~sk, pki, user, lock.2 ), - Out( sign(<'renew', user, pk(~nsk)>, ~sk) ) + State_11121111111111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ), + Out( sign(<'renew', user.2, pk(~nsk.1)>, ~sk.3) ) ] /* - rule (modulo AC) outsignrenewuserpknsksk_0_111211111111111[color=#518040, - process="out(sign(<'renew', user, pk(~nsk)>, ~sk));"]: - [ State_111211111111111( ~nsk, ~sk, pki, user, lock ) ] + rule (modulo AC) outsignrenewuserpknsksk_0_1112111111111111[color=#518040, + process="out(sign(<'renew', user.2, pk(~nsk.1)>, ~sk.3));"]: + [ State_1112111111111111( ~nsk, pki, lock, user, ~sk ) ] --> [ - State_1112111111111111( ~nsk, ~sk, pki, user, lock ), + State_11121111111111111( ~nsk, pki, lock, user, ~sk ), Out( sign(<'renew', user, pk(~nsk)>, ~sk) ) ] */ -rule (modulo E) insignconfirmsignrenewuserpknskskpki_0_1112111111111111[color=#518040, - process="in(sign(<'confirm', sign(<'renew', user, pk(~nsk)>, ~sk)>, pki));"]: +rule (modulo E) insignconfirmsignrenewuserpknskskpki_0_11121111111111111[color=#518040, + process="in(sign(<'confirm', sign(<'renew', =user.2, pk(=~nsk.1)>, =~sk.3)>, + =pki.1));"]: [ - State_1112111111111111( ~nsk, ~sk, pki, user, lock.2 ), - In( sign(<'confirm', sign(<'renew', user, pk(~nsk)>, ~sk)>, pki) ) + State_11121111111111111( ~nsk.1, pki.1, lock.2, user.2, ~sk.3 ), + In( sign(<'confirm', sign(<'renew', user.2, pk(~nsk.1)>, ~sk.3)>, pki.1) + ) ] - --> - [ State_11121111111111111( ~nsk, ~sk, pki, user, lock.2 ) ] + --[ Revoked( ~sk.3 ) ]-> + [ Out( ~sk.3 ) ] /* - rule (modulo AC) insignconfirmsignrenewuserpknskskpki_0_1112111111111111[color=#518040, - process="in(sign(<'confirm', sign(<'renew', user, pk(~nsk)>, ~sk)>, pki));"]: + rule (modulo AC) insignconfirmsignrenewuserpknskskpki_0_11121111111111111[color=#518040, + process="in(sign(<'confirm', sign(<'renew', =user.2, pk(=~nsk.1)>, =~sk.3)>, + =pki.1));"]: [ - State_1112111111111111( ~nsk, ~sk, pki, user, lock ), + State_11121111111111111( ~nsk, pki, lock, user, ~sk ), In( sign(<'confirm', sign(<'renew', user, pk(~nsk)>, ~sk)>, pki) ) ] - --> - [ State_11121111111111111( ~nsk, ~sk, pki, user, lock ) ] - */ - -rule (modulo E) eventRevokedsk_0_11121111111111111[color=#518040, - process="event Revoked( ~sk );"]: - [ State_11121111111111111( ~nsk, ~sk, pki, user, lock.2 ) ] - --[ Revoked( ~sk ) ]-> - [ State_111211111111111111( ~nsk, ~sk, pki, user, lock.2 ) ] - - /* - rule (modulo AC) eventRevokedsk_0_11121111111111111[color=#518040, - process="event Revoked( ~sk );"]: - [ State_11121111111111111( ~nsk, ~sk, pki, user, lock ) ] --[ Revoked( ~sk ) ]-> - [ State_111211111111111111( ~nsk, ~sk, pki, user, lock ) ] - */ - -rule (modulo E) outsk_0_111211111111111111[color=#518040, - process="out(~sk);"]: - [ State_111211111111111111( ~nsk, ~sk, pki, user, lock.2 ) ] - --> - [ State_1112111111111111111( ~nsk, ~sk, pki, user, lock.2 ), Out( ~sk ) ] - - /* - rule (modulo AC) outsk_0_111211111111111111[color=#518040, - process="out(~sk);"]: - [ State_111211111111111111( ~nsk, ~sk, pki, user, lock ) ] - --> - [ State_1112111111111111111( ~nsk, ~sk, pki, user, lock ), Out( ~sk ) ] + [ Out( ~sk ) ] */ -rule (modulo E) p_0_1112111111111111111[color=#518040, process="0"]: - [ State_1112111111111111111( ~nsk, ~sk, pki, user, lock.2 ) ] --> [ ] +rule (modulo E) lookupUSERuserassk_1_1112111111[color=#518040, + process="lookup <'USER', user.2> as ~sk.3"]: + [ State_1112111111( ~nsk.1, pki.1, lock.2, user.2 ) ] + --[ IsNotSet( <'USER', user.2> ) ]-> + [ ] /* - rule (modulo AC) p_0_1112111111111111111[color=#518040, process="0"]: - [ State_1112111111111111111( ~nsk, ~sk, pki, user, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_1112111112[color=#518040, process="0"]: - [ State_1112111112( ~nsk, pki, user, lock.2 ) ] --> [ ] - - /* - rule (modulo AC) p_0_1112111112[color=#518040, process="0"]: - [ State_1112111112( ~nsk, pki, user, lock ) ] --> [ ] + rule (modulo AC) lookupUSERuserassk_1_1112111111[color=#518040, + process="lookup <'USER', user.2> as ~sk.3"]: + [ State_1112111111( ~nsk, pki, lock, user ) ] + --[ IsNotSet( <'USER', user> ) ]-> + [ ] */ restriction set_in: @@ -685,7 +568,7 @@ restriction locking_2: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -695,7 +578,7 @@ analyzing: examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy analyzed: examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy output: examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy.tmp - processing time: 1.805381116s + processing time: 0.533477797s Knows_Honest_Key_imp_Revoked (all-traces): verified (11 steps) ------------------------------------------------------------------------------ @@ -706,7 +589,7 @@ summary of summaries: analyzed: examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy output: examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy.tmp - processing time: 1.805381116s + processing time: 0.533477797s Knows_Honest_Key_imp_Revoked (all-traces): verified (11 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/MoedersheimWebService/set-abstr_analyzed.spthy b/case-studies-regression/sapic/fast/MoedersheimWebService/set-abstr_analyzed.spthy index e495ce7f1..d8a0b0c11 100644 --- a/case-studies-regression/sapic/fast/MoedersheimWebService/set-abstr_analyzed.spthy +++ b/case-studies-regression/sapic/fast/MoedersheimWebService/set-abstr_analyzed.spthy @@ -2,8 +2,8 @@ theory SetAbst begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, sign/2, snd/1, true/0, - verify/3 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + sign/2, snd/1[destructor], true/0, verify/3[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -14,6 +14,16 @@ heuristic: s i section{* The PKI-example *} + + + + + + + + + + lemma Knows_Honest_Key_imp_Revoked: all-traces "∀ sk #i #d. @@ -25,261 +35,197 @@ guarded formula characterizing all counter-examples: */ simplify solve( HonestKey( sk ) @ #i ) - case ClientKeyuserskHonestKeynskClientKeyusernsk_0_1112111 - solve( State_1112111( ~nsk, pki, user ) ▶₀ #i ) - case newnsk_0_111211 - solve( !KU( ~nsk ) @ #vk ) - case outsk_0_111211111111 + case innewuser_0_1111111 + solve( State_1111111( pki ) ▶₀ #i ) + case p_1_11 + solve( !KU( ~sk ) @ #vk ) + case insignconfirmsignrenewuserpknskskpki_0_11121111111 by contradiction /* from formulas */ qed qed next - case HonestKeyskServerDBpkiuserpkskClientKeyusersk_0_11111111 - solve( State_11111111( ~sk, pki, user ) ▶₀ #i ) - case newsk_0_1111111 - solve( !KU( ~sk ) @ #vk ) - case outsk_0_111211111111 + case p_1_11121 + solve( !Semistate_111211( pki, user ) ▶₀ #i ) + case newuser_0_1112 + solve( !KU( ~nsk ) @ #vk ) + case insignconfirmsignrenewuserpknskskpki_0_11121111111 by contradiction /* from formulas */ qed qed qed -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newpki_0_1[color=#ffffff, process="new pki;"]: - [ State_1( ), Fr( pki ) ] --> [ State_11( pki ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="!"]: - [ State_11( pki ) ] --> [ !Semistate_111( pki ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_11[color=#ffffff, process="!"]: - [ !Semistate_111( pki ) ] --> [ State_111( pki ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( pki ) ] --> [ State_1111( pki ), State_1112( pki ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1111[color=#806040, process="|"]: - [ State_1111( pki ) ] --> [ State_11111( pki ), State_11112( pki ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11111[color=#806040, process="|"]: - [ State_11111( pki ) ] --> [ State_111111( pki ), State_111112( pki ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) innewuser_0_111111[color=#806040, - process="in(<'new', user>);"]: - [ State_111111( pki ), In( <'new', user> ) ] - --> - [ State_1111111( pki, user ) ] - - /* has exactly the trivial AC variant */ +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( pki.1 ) ] --> [ !Semistate_111( pki.1 ) ] -rule (modulo E) newsk_0_1111111[color=#806040, process="new ~sk;"]: - [ State_1111111( pki, user ), Fr( ~sk ) ] - --> - [ State_11111111( ~sk, pki, user ) ] + /* + rule (modulo AC) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( pki ) ] --> [ !Semistate_111( pki ) ] + */ - /* has exactly the trivial AC variant */ - -rule (modulo E) HonestKeyskServerDBpkiuserpkskClientKeyusersk_0_11111111[color=#806040, - process=" [ ] ---[ HonestKey( ~sk ) ]-> - [ ServerDB( pki, user, pk(~sk) ), ClientKey( user, ~sk ) ];"]: - [ State_11111111( ~sk, pki, user ) ] - --[ HonestKey( ~sk ) ]-> +rule (modulo E) innewuser_0_1111111[color=#806040, + process="in(<'new', user.1>);"]: + [ State_1111111( pki.1 ), In( <'new', user.1> ), Fr( ~sk.1 ) ] + --[ HonestKey( ~sk.1 ) ]-> [ - State_111111111( ~sk, pki, user ), ServerDB( pki, user, pk(~sk) ), - ClientKey( user, ~sk ) + Out( pk(~sk.1) ), ServerDB( pki.1, user.1, pk(~sk.1) ), + ClientKey( user.1, ~sk.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) outpksk_0_111111111[color=#806040, - process="out(pk(~sk));"]: - [ State_111111111( ~sk, pki, user ) ] - --> - [ State_1111111111( ~sk, pki, user ), Out( pk(~sk) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111[color=#806040, process="0"]: - [ State_1111111111( ~sk, pki, user ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inusersk_0_111112[color=#806040, - process="in();"]: - [ State_111112( pki ), In( ) ] - --> - [ State_1111121( pki, sk, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ServerDBpkiuserpksk_0_1111121[color=#806040, - process=" [ ] --> [ ServerDB( pki, user, pk(sk) ) ];"]: - [ State_1111121( pki, sk, user ) ] + /* + rule (modulo AC) innewuser_0_1111111[color=#806040, + process="in(<'new', user.1>);"]: + [ State_1111111( pki ), In( <'new', user> ), Fr( ~sk ) ] + --[ HonestKey( ~sk ) ]-> + [ Out( pk(~sk) ), ServerDB( pki, user, pk(~sk) ), ClientKey( user, ~sk ) + ] + */ + +rule (modulo E) inusersk_0_1111112[color=#806040, + process="in();"]: + [ State_1111112( pki.1 ), In( ) ] --> - [ State_11111211( pki, sk, user ), ServerDB( pki, user, pk(sk) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111211[color=#806040, process="0"]: - [ State_11111211( pki, sk, user ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inrenewuserpknsk_0_11112[color=#806040, - process="in(<'renew', user, pk(nsk)>);"]: - [ State_11112( pki ), In( <'renew', user, pk(nsk)> ) ] - --> - [ State_111121( nsk, pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insignrenewuserpknsksk_0_111121[color=#806040, - process="in(sign(<'renew', user, pk(nsk)>, sk));"]: + [ ServerDB( pki.1, user.2, pk(sk.2) ) ] + + /* + rule (modulo AC) inusersk_0_1111112[color=#806040, + process="in();"]: + [ State_1111112( pki ), In( ) ] + --> + [ ServerDB( pki, user, pk(sk) ) ] + */ + +rule (modulo E) inrenewuserpknsk_0_111112[color=#806040, + process="in(<'renew', user.3, pk(nsk.1)>);"]: [ - State_111121( nsk, pki, user ), In( sign(<'renew', user, pk(nsk)>, sk) ) + State_111112( pki.1 ), In( <'renew', user.3, pk(nsk.1)> ), + In( sign(<'renew', user.3, pk(nsk.1)>, sk.3) ), + ServerDB( pki.1, user.3, pk(sk.3) ) ] --> - [ State_1111211( nsk, pki, sk, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ServerDBpkiuserpkskServerDBpkiuserpknsk_0_1111211[color=#806040, - process=" [ ServerDB( pki, user, pk(sk) ) ] ---> - [ ServerDB( pki, user, pk(nsk) ) ];"]: - [ State_1111211( nsk, pki, sk, user ), ServerDB( pki, user, pk(sk) ) ] - --> - [ State_11112111( nsk, pki, sk, user ), ServerDB( pki, user, pk(nsk) ) ] + [ + Out( sign(<'confirm', sign(<'renew', user.3, pk(nsk.1)>, sk.3)>, pki.1) + ), + ServerDB( pki.1, user.3, pk(nsk.1) ) + ] - // loop breaker: [1] - /* has exactly the trivial AC variant */ + // loop breaker: [3] + /* + rule (modulo AC) inrenewuserpknsk_0_111112[color=#806040, + process="in(<'renew', user.3, pk(nsk.1)>);"]: + [ + State_111112( pki ), In( <'renew', user, pk(nsk)> ), + In( sign(<'renew', user, pk(nsk)>, sk) ), ServerDB( pki, user, pk(sk) ) + ] + --> + [ + Out( sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk)>, pki) ), + ServerDB( pki, user, pk(nsk) ) + ] + // loop breaker: [3] + */ -rule (modulo E) outsignconfirmsignrenewuserpknskskpki_0_11112111[color=#806040, - process="out(sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk)>, pki));"]: - [ State_11112111( nsk, pki, sk, user ) ] +rule (modulo E) p_1_11[color=#ffffff, process="!"]: + [ !Semistate_111( pki.1 ) ] --> [ - State_111121111( nsk, pki, sk, user ), - Out( sign(<'confirm', sign(<'renew', user, pk(nsk)>, sk)>, pki) ) + State_1111111( pki.1 ), State_1111112( pki.1 ), State_111112( pki.1 ), + State_1112( pki.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111121111[color=#806040, process="0"]: - [ State_111121111( nsk, pki, sk, user ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newuser_0_1112[color=#ffffff, process="new user;"]: - [ State_1112( pki ), Fr( user ) ] --> [ State_11121( pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11121[color=#ffffff, process="!"]: - [ State_11121( pki, user ) ] --> [ !Semistate_111211( pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_11121[color=#ffffff, process="!"]: - [ !Semistate_111211( pki, user ) ] --> [ State_111211( pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newnsk_0_111211[color=#518040, process="new ~nsk;"]: - [ State_111211( pki, user ), Fr( ~nsk ) ] + /* + rule (modulo AC) p_1_11[color=#ffffff, process="!"]: + [ !Semistate_111( pki ) ] + --> + [ + State_1111111( pki ), State_1111112( pki ), State_111112( pki ), + State_1112( pki ) + ] + */ + +rule (modulo E) newuser_0_1112[color=#ffffff, process="new user.4;"]: + [ State_1112( pki.1 ), Fr( user.4 ) ] --> - [ State_1112111( ~nsk, pki, user ) ] + [ !Semistate_111211( pki.1, user.4 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) ClientKeyuserskHonestKeynskClientKeyusernsk_0_1112111[color=#518040, - process=" [ ClientKey( user, ~sk ) ] ---[ HonestKey( ~nsk ) ]-> - [ ClientKey( user, ~nsk ) ];"]: - [ State_1112111( ~nsk, pki, user ), ClientKey( user, ~sk ) ] - --[ HonestKey( ~nsk ) ]-> - [ State_11121111( ~nsk, ~sk, pki, user ), ClientKey( user, ~nsk ) ] - - // loop breaker: [1] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newuser_0_1112[color=#ffffff, process="new user.4;"]: + [ State_1112( pki ), Fr( user ) ] --> [ !Semistate_111211( pki, user ) ] + */ -rule (modulo E) outrenewuserpknsk_0_11121111[color=#518040, - process="out(<'renew', user, pk(~nsk)>);"]: - [ State_11121111( ~nsk, ~sk, pki, user ) ] - --> +rule (modulo E) p_1_11121[color=#ffffff, process="!"]: [ - State_111211111( ~nsk, ~sk, pki, user ), Out( <'renew', user, pk(~nsk)> ) + !Semistate_111211( pki.1, user.4 ), Fr( ~nsk.2 ), + ClientKey( user.4, ~sk.4 ) + ] + --[ HonestKey( ~nsk.2 ) ]-> + [ + State_1112111111( pki.1, ~nsk.2, ~sk.4, user.4 ), + Out( <'renew', user.4, pk(~nsk.2)> ), ClientKey( user.4, ~nsk.2 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) outsignrenewuserpknsksk_0_111211111[color=#518040, - process="out(sign(<'renew', user, pk(~nsk)>, ~sk));"]: - [ State_111211111( ~nsk, ~sk, pki, user ) ] + // loop breaker: [2] + /* + rule (modulo AC) p_1_11121[color=#ffffff, process="!"]: + [ !Semistate_111211( pki, user ), Fr( ~nsk ), ClientKey( user, ~sk ) ] + --[ HonestKey( ~nsk ) ]-> + [ + State_1112111111( pki, ~nsk, ~sk, user ), + Out( <'renew', user, pk(~nsk)> ), ClientKey( user, ~nsk ) + ] + // loop breaker: [2] + */ + +rule (modulo E) outsignrenewuserpknsksk_0_1112111111[color=#518040, + process="out(sign(<'renew', user.4, pk(~nsk.2)>, ~sk.4));"]: + [ State_1112111111( pki.1, ~nsk.2, ~sk.4, user.4 ) ] --> [ - State_1112111111( ~nsk, ~sk, pki, user ), - Out( sign(<'renew', user, pk(~nsk)>, ~sk) ) + State_11121111111( pki.1, ~nsk.2, ~sk.4, user.4 ), + Out( sign(<'renew', user.4, pk(~nsk.2)>, ~sk.4) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) insignconfirmsignrenewuserpknskskpki_0_1112111111[color=#518040, - process="in(sign(<'confirm', sign(<'renew', user, pk(~nsk)>, ~sk)>, pki));"]: + /* + rule (modulo AC) outsignrenewuserpknsksk_0_1112111111[color=#518040, + process="out(sign(<'renew', user.4, pk(~nsk.2)>, ~sk.4));"]: + [ State_1112111111( pki, ~nsk, ~sk, user ) ] + --> + [ + State_11121111111( pki, ~nsk, ~sk, user ), + Out( sign(<'renew', user, pk(~nsk)>, ~sk) ) + ] + */ + +rule (modulo E) insignconfirmsignrenewuserpknskskpki_0_11121111111[color=#518040, + process="in(sign(<'confirm', sign(<'renew', =user.4, pk(=~nsk.2)>, =~sk.4)>, + =pki.1));"]: [ - State_1112111111( ~nsk, ~sk, pki, user ), - In( sign(<'confirm', sign(<'renew', user, pk(~nsk)>, ~sk)>, pki) ) + State_11121111111( pki.1, ~nsk.2, ~sk.4, user.4 ), + In( sign(<'confirm', sign(<'renew', user.4, pk(~nsk.2)>, ~sk.4)>, pki.1) + ) ] - --> - [ State_11121111111( ~nsk, ~sk, pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventRevokedsk_0_11121111111[color=#518040, - process="event Revoked( ~sk );"]: - [ State_11121111111( ~nsk, ~sk, pki, user ) ] - --[ Revoked( ~sk ) ]-> - [ State_111211111111( ~nsk, ~sk, pki, user ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsk_0_111211111111[color=#518040, process="out(~sk);"]: - [ State_111211111111( ~nsk, ~sk, pki, user ) ] - --> - [ State_1112111111111( ~nsk, ~sk, pki, user ), Out( ~sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1112111111111[color=#518040, process="0"]: - [ State_1112111111111( ~nsk, ~sk, pki, user ) ] --> [ ] - - /* has exactly the trivial AC variant */ + --[ Revoked( ~sk.4 ) ]-> + [ Out( ~sk.4 ) ] + + /* + rule (modulo AC) insignconfirmsignrenewuserpknskskpki_0_11121111111[color=#518040, + process="in(sign(<'confirm', sign(<'renew', =user.4, pk(=~nsk.2)>, =~sk.4)>, + =pki.1));"]: + [ + State_11121111111( pki, ~nsk, ~sk, user ), + In( sign(<'confirm', sign(<'renew', user, pk(~nsk)>, ~sk)>, pki) ) + ] + --[ Revoked( ~sk ) ]-> + [ Out( ~sk ) ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -290,7 +236,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -300,7 +246,7 @@ analyzing: examples/sapic/fast/MoedersheimWebService/set-abstr.spthy analyzed: examples/sapic/fast/MoedersheimWebService/set-abstr.spthy output: examples/sapic/fast/MoedersheimWebService/set-abstr.spthy.tmp - processing time: 0.685982294s + processing time: 0.152690867s Knows_Honest_Key_imp_Revoked (all-traces): verified (8 steps) ------------------------------------------------------------------------------ @@ -311,7 +257,7 @@ summary of summaries: analyzed: examples/sapic/fast/MoedersheimWebService/set-abstr.spthy output: examples/sapic/fast/MoedersheimWebService/set-abstr.spthy.tmp - processing time: 0.685982294s + processing time: 0.152690867s Knows_Honest_Key_imp_Revoked (all-traces): verified (8 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/SCADA/opc_ua_secure_conversation_analyzed.spthy b/case-studies-regression/sapic/fast/SCADA/opc_ua_secure_conversation_analyzed.spthy index 0ac25e4d5..361f64ee0 100644 --- a/case-studies-regression/sapic/fast/SCADA/opc_ua_secure_conversation_analyzed.spthy +++ b/case-studies-regression/sapic/fast/SCADA/opc_ua_secure_conversation_analyzed.spthy @@ -3,8 +3,8 @@ theory OPC_UA_Secure_Communication begin // Function signature and definition of the equational theory E builtins: multiset -functions: fst/1, h/1, mac/2, pair/2, sdec/2, senc/2, snd/1, true/0, - verifyMac/3 +functions: fst/1[destructor], h/1, mac/2, pair/2, sdec/2[destructor], + senc/2, snd/1[destructor], true/0, verifyMac/3 equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -15,6 +15,20 @@ heuristic: p section{* The OPC UA Secure Conversation protocol *} + + + + + + + + + + + + + + restriction A_Counter_Increases: "∀ A B seq1 seq2 #i #j. (((Seq_Sent( A, B, seq1 ) @ #i) ∧ (Seq_Sent( A, B, seq2 ) @ #j)) ∧ @@ -46,190 +60,118 @@ guarded formula characterizing all satisfying traces: "∃ A B m #i. (Recv( A, B, m ) @ #i)" */ simplify -solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, - A, B, kEnc, kSign, m, pad, seq, lock +solve( State_111112111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, + SH, A, B, kEnc, kSign, lock, pad, xmac, m, seq ) ▶₀ #i ) - case eventSeqRecvabseq_0_111112111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m.1, pad.1, seq.1, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( !KU( senc(, ~n.3)>, ~n.2) - ) @ #vk.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, ~prog_1111121.1, a, b, ~n.2, ~n.3, lock - ) ▶₁ #j ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.22) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, <~n.1, ~n> ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.22) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.5, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ (#t0 = #t.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.22 < #t.2) ∥ (#t.2 = #vr.22) ) - case case_3 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.1, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc, kSign, lock, m, seq.1 + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.3 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( (∃ #t. (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111, MH.1, SH.1, a, b, kEnc, kSign, lock, pad.1, xmac, + m.1, seq.1 + ) ▶₀ #t.4 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( !KU( senc(, ~n.3)>, ~n.2) + ) @ #vk.4 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, ~prog_11111211.1, a, b, ~n.2, kSign, + lock + ) ▶₁ #j ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.24) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.24) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ (#t0 = #t.3) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.24 < #t.3) ∥ (#t.3 = #vr.24) ) + case case_3 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, ~prog_11111111, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111, MH.1, SH.1, a, b, kEnc, - kSign, m, pad.1, seq.1, lock - ) ▶₀ #t.6 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111, a, - b, kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111111 - solve( State_11111211111( ~prog_1.1, - ~prog_1111121.1, - ~prog_111112111, MH.1, - SH.1, a, b, kEnc, kSign, - m, pad.1, seq.1, lock - ) ▶₀ #t.6 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, b, - kEnc, - kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - SOLVED // trace found - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed + case p_1_1111111 + solve( State_11111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.1, + ~prog_11111111.1, ~prog_1111111111, lock, + a, b, kEnc, kSign, m, seq.1 + ) ▶₀ #t.6 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, + kSign + ) ▶₀ #t.7 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, ~prog_11111111, a, + b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_1_1111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.7 ) + case p_0_11111 + SOLVED // trace found qed qed qed @@ -275,49 +217,60 @@ guarded formula characterizing all counter-examples: (Recv( A, B, m ) @ #i) ∧ ∀ #k. (Sent( A, B, m ) @ #k) ⇒ ¬(#k < #i)" */ simplify -solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, - A, B, kEnc, kSign, m, pad, seq, lock +solve( State_111112111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, + SH, A, B, kEnc, kSign, lock, pad, xmac, m, seq ) ▶₀ #i ) - case eventSeqRecvabseq_0_111112111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m.1, pad.1, seq.1, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( !KU( senc(, ~n.3)>, ~n.2) - ) @ #vk.4 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.6 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction /* from formulas */ + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.3 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( (∃ #t. (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111, MH.1, SH.1, a, b, kEnc, kSign, lock, pad.1, xmac, + m.1, seq.1 + ) ▶₀ #t.4 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( !KU( senc(, ~n.3)>, ~n.2) + ) @ #vk.4 ) + case c_senc + by solve( !KU( ~n.2 ) @ #vk.6 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction /* from formulas */ + qed qed qed qed qed qed qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111, MH.1, SH.1, a, b, kEnc, kSign, lock, pad.1, xmac, + m.1, seq.1 + ) ▶₀ #t.4 ) qed qed qed @@ -344,380 +297,450 @@ guarded formula characterizing all counter-examples: ((¬(#j < #i)) ∨ (∃ A2 B2 #i2. (Recv( A2, B2, t ) @ #i2) ∧ ¬(#i2 = #i)))" */ simplify -solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, - A, B, kEnc, kSign, t, pad, seq, lock +solve( State_111112111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, + SH, A, B, kEnc, kSign, lock, pad, xmac, t, seq ) ▶₀ #i ) - case eventSeqRecvabseq_0_111112111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.3 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m, pad.1, seq.1, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.3 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( !KU( senc(, ~n.3)>, ~n.2) - ) @ #vk.4 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.6 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( (#i2 < #i) ∥ (#i < #i2) ) - case case_1 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, ~prog_1111121.2, a, b, ~n.2, ~n.3, - lock.1 - ) ▶₁ #j ) - case lockba_0_1111121 - solve( ((#vr.2 < #vr.23) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, <~n.1, ~n> ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.23) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.5, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.23 < #vr.2) ∥ (#vr.2 = #vr.23) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.1, kSign.1, lock.1, m, seq.2 + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.4 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( (∃ #t. (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111, MH.1, SH.1, a, b, kEnc, kSign, lock, pad.1, xmac, + m, seq.1 + ) ▶₀ #t.4 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.4 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) + case p_0_11111 + solve( !KU( senc(, ~n.3)>, ~n.2) + ) @ #vk.4 ) + case c_senc + by solve( !KU( ~n.2 ) @ #vk.6 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( (#i2 < #i) ∥ (#i < #i2) ) + case case_1 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j ) + case MessageIDRule + solve( State_111112111( ~prog_1.2, ~prog_11111211.2, a, b, ~n.2, kSign.1, + lock.1 + ) ▶₁ #j ) + case lockba_0_11111211 + solve( ((#vr.3 < #vr.25) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) + ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.25) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) + ⇒ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) + ⇒ + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.25 < #vr.3) ∥ (#vr.3 = #vr.25) ) + case case_1 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a, b, kEnc.1, + kSign.1 ) ▶₀ #t.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.2, ~prog_1111121.3, - ~prog_111112111.2, MH.2, SH.2, a, b, - kEnc.1, kSign.1, m, pad.2, seq.2, lock.1 - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ + case p_1_1111111 + solve( State_11111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, + ~prog_11111111.1, ~prog_1111111111, + lock.1, a, b, kEnc.1, kSign.1, m, seq.2 + ) ▶₀ #t.5 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111.1, MH.1, SH.1, A2, + B2, kEnc, kSign, lock, pad.1, xmac, + ~n.5, seq.1 + ) ▶₀ #i2 ) + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211.2, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, a, b, + kEnc, kSign + ) ▶₀ #t.7 ) + case p_1_1111111 + solve( State_111111( ~prog_1.1, a, b, kEnc, + kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, a, b, kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.1, + a, b, kEnc, kSign + ) ▶₀ #t.9 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111111( ~prog_1.1, + a, b, kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, + a, b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.2, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.2 + ) ▶₀ #t.10 ) + case eventRecvabm_0_111112111111 + by contradiction + /* cyclic */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.2, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.2 + ) ▶₀ #t.10 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* from formulas */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed qed qed qed qed qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.2, kSign.2 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, ~prog_1111111, a, b, kEnc.2, kSign.2 - ) ▶₀ #t.3 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, $SH.3, $pad.3, ~prog_1.3, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.2, kSign.2, lock.1, m.1, seq.3 + next + case case_2 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.2, kSign.2 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, ~prog_11111111, a, b, kEnc.2, + kSign.2 ) ▶₀ #t.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.3, ~prog_1111121.4, - ~prog_111112111.2, MH.3, SH.3, a, b, - kEnc.2, kSign.2, m.1, pad.3, seq.3, - lock.1 - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ + case p_1_1111111 + solve( State_11111111111111( $MH.3, $SH.3, $pad.3, ~prog_1.3, + ~prog_11111111.1, ~prog_1111111111, + lock.1, a, b, kEnc.2, kSign.2, m.1, + seq.3 + ) ▶₀ #t.5 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111.1, MH.1, SH.1, A2, + B2, kEnc, kSign, lock, pad.1, xmac, + ~n.5, seq.1 + ) ▶₀ #i2 ) + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.3, ~prog_11111211.2, a, b, + kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.2, + ~prog_11111211.3, + ~prog_1111121111.3, MH.2, + SH.2, ~n, ~n.1, kEnc, + kSign, ~n.11, pad.2, + xmac, m, seq.2 + ) ▶₀ #t2 ) + qed + qed + qed + qed qed qed qed qed qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.1, kSign.1, lock.1, m, seq.2 + next + case case_3 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a, b, kEnc.1, + kSign.1 ) ▶₀ #t.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.2, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc.1, kSign.1, m, pad.2, seq.2, lock.1 - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - solve( State_1111121111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111.1, MH.1, SH.1, A2, B2, - kEnc, kSign, ~n.4, pad.1, seq.1, lock + case p_1_1111111 + solve( State_11111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, + ~prog_11111111.1, ~prog_1111111111, + lock.1, a, b, kEnc.1, kSign.1, m, seq.2 + ) ▶₀ #t.5 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111.1, MH.1, SH.1, A2, + B2, kEnc, kSign, lock, pad.1, xmac, + ~n.5, seq.1 ) ▶₀ #i2 ) - case eventSeqRecvabseq_0_111112111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, - a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_11111211111( ~prog_1.2, - ~prog_1111121.2, - ~prog_111112111, - MH.2, SH.2, a, b, - kEnc, kSign, m, - pad.2, seq.2, lock - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121, a, - b, kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1.1, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, - a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.2, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, b, - kEnc, - kSign, - m, - pad.2, - seq.2, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( !KU( senc(< - seq.1, - ~n.4, - pad.1, - mac(< - MH.1, - SH.1, - seq.1, - ~n.4, - pad.1 - >, - ~n.9) - >, - ~n.8) - ) @ #vk.12 ) - case c_senc - by solve( !KU( ~n.8 - ) @ #vk.14 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_111111( ~prog_1.1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, a, b, kEnc, + kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.1, + a, b, kEnc, kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1.1, + a, b, kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, + a, b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.1 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.1 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.2, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.2 + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_1_1111121 + solve( State_111111( ~prog_1.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( !KU( senc(< + seq.1, + ~n.5, + pad.1, + mac(< + MH.1, + SH.1, + seq.1, + ~n.5, + pad.1 + >, + ~n.9) + >, + ~n.8) + ) @ #vk.12 ) + case c_senc + by solve( !KU( ~n.8 + ) @ #vk.14 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* cyclic + */ qed qed qed @@ -725,6 +748,23 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed qed qed + next + case case_2 + by solve( State_1111121111( ~prog_1.2, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.2 + ) ▶₀ #t.9 ) qed qed qed @@ -752,351 +792,164 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed qed qed - qed - next - case case_2 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, ~prog_1111121.2, a, b, ~n.2, ~n.3, - lock.1 - ) ▶₁ #j ) - case lockba_0_1111121 - solve( ((#vr.2 < #vr.23) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, <~n.1, ~n> ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.23) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.5, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.23 < #vr.2) ∥ (#vr.2 = #vr.23) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.1, kSign.1, lock.1, m, seq.2 - ) ▶₀ #t.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.2, ~prog_1111121.3, - ~prog_111112111.2, MH.2, SH.2, a, b, - kEnc.1, kSign.1, m, pad.2, seq.2, lock.1 - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.2, kSign.2 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, ~prog_1111111, a, b, kEnc.2, kSign.2 - ) ▶₀ #t.3 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, $SH.3, $pad.3, ~prog_1.3, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.2, kSign.2, lock.1, m.1, seq.3 - ) ▶₀ #t.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.3, ~prog_1111121.4, - ~prog_111112111.2, MH.3, SH.3, a, b, - kEnc.2, kSign.2, m.1, pad.3, seq.3, - lock.1 - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.1, kSign.1, lock.1, m, seq.2 + next + case case_2 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j ) + case MessageIDRule + solve( State_111112111( ~prog_1.2, ~prog_11111211.2, a, b, ~n.2, kSign.1, + lock.1 + ) ▶₁ #j ) + case lockba_0_11111211 + solve( ((#vr.3 < #vr.25) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) + ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.25) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) + ⇒ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) + ⇒ + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.25 < #vr.3) ∥ (#vr.3 = #vr.25) ) + case case_1 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a, b, kEnc.1, + kSign.1 ) ▶₀ #t.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.2, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc.1, kSign.1, m, pad.2, seq.2, lock.1 - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - solve( State_1111121111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111.1, MH.1, SH.1, A2, B2, - kEnc, kSign, ~n.4, pad.1, seq.1, lock + case p_1_1111111 + solve( State_11111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, + ~prog_11111111.1, ~prog_1111111111, + lock.1, a, b, kEnc.1, kSign.1, m, seq.2 + ) ▶₀ #t.5 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111.1, MH.1, SH.1, A2, + B2, kEnc, kSign, lock, pad.1, xmac, + ~n.5, seq.1 ) ▶₀ #i2 ) - case eventSeqRecvabseq_0_111112111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, - a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_11111211111( ~prog_1.2, - ~prog_1111121.2, - ~prog_111112111, - MH.2, SH.2, a, b, - kEnc, kSign, m, - pad.2, seq.2, lock - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121, a, - b, kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1.1, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, - a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.2, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, b, - kEnc, - kSign, - m, - pad.2, - seq.2, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( !KU( senc(< - seq.1, - ~n.4, - pad.1, - mac(< - MH.1, - SH.1, - seq.1, - ~n.4, - pad.1 - >, - ~n.9) - >, - ~n.8) - ) @ #vk.12 ) - case c_senc - by solve( !KU( ~n.8 - ) @ #vk.14 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211.2, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, a, b, + kEnc, kSign + ) ▶₀ #t.7 ) + case p_1_1111111 + solve( State_111111( ~prog_1.1, a, b, kEnc, + kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, a, b, kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.1, + a, b, kEnc, kSign + ) ▶₀ #t.9 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111111( ~prog_1.1, + a, b, kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, + a, b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.2, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.2 + ) ▶₀ #t.10 ) + case eventRecvabm_0_111112111111 + by contradiction + /* cyclic */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.2, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.2 + ) ▶₀ #t.10 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* from formulas */ qed qed qed @@ -1122,20 +975,295 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed qed qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed + next + case case_2 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.2, kSign.2 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, ~prog_11111111, a, b, kEnc.2, + kSign.2 + ) ▶₀ #t.4 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, $SH.3, $pad.3, ~prog_1.3, + ~prog_11111111.1, ~prog_1111111111, + lock.1, a, b, kEnc.2, kSign.2, m.1, + seq.3 + ) ▶₀ #t.5 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111.1, MH.1, SH.1, A2, + B2, kEnc, kSign, lock, pad.1, xmac, + ~n.5, seq.1 + ) ▶₀ #i2 ) + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.3, ~prog_11111211.2, a, b, + kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.2, + ~prog_11111211.3, + ~prog_1111121111.3, MH.2, + SH.2, ~n, ~n.1, kEnc, + kSign, ~n.11, pad.2, + xmac, m, seq.2 + ) ▶₀ #t2 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.4 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, + ~prog_11111111.1, ~prog_1111111111, + lock.1, a, b, kEnc.1, kSign.1, m, seq.2 + ) ▶₀ #t.5 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111.1, MH.1, SH.1, A2, + B2, kEnc, kSign, lock, pad.1, xmac, + ~n.5, seq.1 + ) ▶₀ #i2 ) + case eventSeqRecvabseq_0_11111211111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_111111( ~prog_1.1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, a, b, kEnc, + kSign + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.1, + a, b, kEnc, kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1.1, + a, b, kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, + a, b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.1 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.1 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.2, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.2 + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_1_1111121 + solve( State_111111( ~prog_1.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( State_111112( ~prog_1.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.10 ) + case p_0_11111 + solve( !KU( senc(< + seq.1, + ~n.5, + pad.1, + mac(< + MH.1, + SH.1, + seq.1, + ~n.5, + pad.1 + >, + ~n.9) + >, + ~n.8) + ) @ #vk.12 ) + case c_senc + by solve( !KU( ~n.8 + ) @ #vk.14 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* cyclic + */ + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.2, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.2 + ) ▶₀ #t.9 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111, MH.1, SH.1, a, b, kEnc, kSign, lock, pad.1, xmac, + m, seq.1 + ) ▶₀ #t.4 ) + qed + qed + qed qed qed qed @@ -1156,36 +1284,37 @@ guarded formula characterizing all counter-examples: (∀ #k #l. (Sent( A, B, m ) @ #k) ∧ (Sent( A, B, m2 ) @ #l) ⇒ ¬(#k < #l))" */ simplify -solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, - A, B, kEnc, kSign, m, pad, seq, lock +solve( State_111112111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, + SH, A, B, kEnc, kSign, lock, pad, xmac, m, seq ) ▶₀ #i ) - case eventSeqRecvabseq_0_111112111 - solve( State_1111121111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111.1, - MH.1, SH.1, ~n, ~n.1, kEnc, kSign, m2, pad.1, seq.1, lock + case eventSeqRecvabseq_0_11111211111 + solve( State_111112111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111.1, MH.1, SH.1, ~n, ~n.1, kEnc, kSign, lock, pad.1, xmac, + m2, seq.1 ) ▶₀ #j ) - case eventSeqRecvabseq_0_111112111 - solve( (¬(#vr < #vr.13)) ∥ (∃ dif. (seq.1 = (dif+seq))) ) + case eventSeqRecvabseq_0_11111211111 + solve( (¬(#vr < #vr.15)) ∥ (∃ dif. (seq.1 = (dif+seq))) ) case case_1 - solve( (¬(#vr.13 < #vr)) ∥ (∃ dif. (seq = (dif+seq.1))) ) + solve( (¬(#vr.15 < #vr)) ∥ (∃ dif. (seq = (dif+seq.1))) ) case case_1 - solve( ((#vr.2 < #vr.15) ∧ + solve( ((#vr.3 < #vr.18) ∧ (∃ #t2. (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.15) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.18) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.15 < #vr.2) ∥ (#vr.2 = #vr.15) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.18 < #vr.3) ∥ (#vr.3 = #vr.18) ) case case_1 - solve( (#vr = #vr.13) ∥ (#vr.13 < #vr) ) + solve( (#vr = #vr.15) ∥ (#vr.15 < #vr) ) case case_1 by contradiction /* cyclic */ next @@ -1194,7 +1323,7 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed next case case_2 - solve( (#vr = #vr.13) ∥ (#vr.13 < #vr) ) + solve( (#vr = #vr.15) ∥ (#vr.15 < #vr) ) case case_1 by contradiction /* cyclic */ next @@ -1207,65 +1336,81 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed next case case_2 - solve( ((#vr.2 < #vr.15) ∧ + solve( ((#vr.3 < #vr.18) ∧ (∃ #t2. (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.15) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.18) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.15 < #vr.2) ∥ (#vr.2 = #vr.15) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.18 < #vr.3) ∥ (#vr.3 = #vr.18) ) case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.2, ~prog_1111121.3, ~prog_111112111, - MH.3, SH.3, a, b, kEnc.1, kSign.1, m.2, pad.3, seq.2, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.3 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211.1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.4 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111.2, MH.2, SH.2, ~n, ~n.1, kEnc, kSign, + ~n.4, pad.2, xmac, m.1, seq.1 + ) ▶₀ #t2 ) + qed + qed qed qed qed qed next case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.2, ~prog_1111121.3, ~prog_111112111, - MH.3, SH.3, a, b, kEnc.1, kSign.1, m.2, pad.3, seq.2, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121.1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.2, ~prog_1111121.3, ~prog_111112111.1, - MH.3, SH.3, a, b, kEnc.1, kSign.1, m.2, pad.3, seq.2, lock - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.3 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211.1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.4 ) + case p_1_1111121 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111.2, MH.2, SH.2, ~n, ~n.1, kEnc, kSign, ~n.5, + pad.2, xmac, m.1, seq.1 + ) ▶₀ #t2 ) + case eventRecvabm_0_111112111111_case_1 + by contradiction /* cyclic */ + next + case eventRecvabm_0_111112111111_case_2 + by contradiction /* cyclic */ + next + case eventRecvabm_0_111112111111_case_3 + by contradiction /* cyclic */ + next + case eventRecvabm_0_111112111111_case_4 + by contradiction /* cyclic */ + next + case eventRecvabm_0_111112111111_case_5 + by contradiction /* cyclic */ qed qed qed @@ -1277,473 +1422,988 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed next case case_2 - solve( (¬(#vr.13 < #vr)) ∥ (∃ dif.1. (seq = (dif+seq+dif.1))) ) + solve( (¬(#vr.15 < #vr)) ∥ (∃ dif.1. (seq = (dif+seq+dif.1))) ) case case_1 - solve( ((#vr.2 < #vr.15) ∧ + solve( ((#vr.3 < #vr.18) ∧ (∃ #t2. (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.15) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.18) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.15 < #vr.2) ∥ (#vr.2 = #vr.15) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.18 < #vr.3) ∥ (#vr.3 = #vr.18) ) case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.2, ~prog_1111121.3, ~prog_111112111, - MH.3, SH.3, a, b, kEnc.1, kSign.1, m.2, pad.3, seq.2, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121.1, a, b, kEnc, kSign - ) ▶₀ #t.3 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.1, ~prog_1111121.2, ~prog_111112111.1, - MH.2, SH.2, a, b, kEnc, kSign, m.1, pad.2, seq.1, lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121.1, a, b, kEnc, - kSign + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.3 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211.1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.4 ) + case p_1_1111121 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111.2, MH.2, SH.2, ~n, ~n.1, kEnc, kSign, ~n.4, + pad.2, xmac, m.1, seq.1 + ) ▶₀ #t2 ) + case eventRecvabm_0_111112111111_case_1 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( !KU( senc(, ~n.3)>, - ~n.2) - ) @ #vk.4 ) - case c_senc - solve( !KU( senc(<(dif+seq), m2, pad.1, - mac(, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.11 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, ~prog_1111121.2, - a, b, ~n.2, ~n.3, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.26) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.26) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.4, <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.26 < #t.2) ∥ (#t.2 = #vr.26) ) - case case_1 - solve( ((#t.3 < #vr.26) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, <~n.1, ~n> - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.26) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.26 < #t.3) ∥ (#t.3 = #vr.26) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, a, - b, kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, b, - kEnc, - kSign, - lock, m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, + kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.1 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.1 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( !KU( senc(, + ~n.3) + >, + ~n.2) + ) @ #vk.4 ) + case c_senc + solve( !KU( senc(<(dif+dif), m2, + pad.1, + mac(, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 ) @ #vk.11 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) case MessageIDRule - solve( State_11111211111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, a, - b, kEnc, - kSign, - m.1, - pad.2, - seq.1, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, a, - b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, a, b, - kEnc.1, - kSign.1, - lock, m.2, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.2, - ~prog_1111121.4, - ~prog_111112111.2, - MH.3, - SH.3, a, - b, - kEnc.1, - kSign.1, - m.2, - pad.3, - seq.2, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ + ~n.2, + kSign, + lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.5, + <~n.1, ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.5, + <~n.1, ~n + > + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + by solve( !KU( ~n.2 + ) @ #vk.11 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed qed qed qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, a, - b, kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, b, - kEnc, - kSign, - lock, m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, a, - b, kEnc, - kSign, - m.1, - pad.2, - seq.1, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, ~n.2, + kSign, lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.6, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.6, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111211111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - by solve( !KU( ~n.2 - ) @ #vk.11 ) - qed - qed - qed + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ qed qed qed @@ -1763,533 +2423,7523 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed qed qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( !KU( senc(< + ( + dif+ + dif + ), + m2, + pad.1, + mac(< + MH.1, + SH.1, + ( + dif+ + dif + ), + m2, + pad.1 + >, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 + ) @ #vk.15 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( (¬(#vr.22 < #vr.32)) ∥ + (∃ dif.1. + (( + dif+ + dif + ) = + ( + dif+ + dif.1 + ))) ) + case case_2 + solve( (¬(#vr.32 < #vr.22)) ∥ + (∃ dif.1. + (dif = + ( + dif+ + dif+ + dif.1 + ))) ) + case case_1 + solve( ((#t.6 < #vr.34) ∧ + (∃ #t2. + (Unlock_0( '0', + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t2) + ∧ + (#t.6 < #t2) ∧ + (#t2 < #vr.34) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t0 = + #t.6) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.34 < #t.6) ∥ + (#t.6 = + #vr.34) ) + case case_1 + by contradiction + /* + cyclic + */ + next + case case_2 + solve( MID_Receiver( ~mid_1111111111111.1 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111112111( ~prog_1.2, + ~prog_11111211.2, + a, + b, + ~n.2, + kSign.1, + lock + ) ▶₁ #j.2 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.4, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.4, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = + #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.3) ∥ + (#t.3 = + #vr.36) ) + case case_1 + solve( ((#t.4 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.6, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.6, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = + #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.4) ∥ + (#t.4 = + #vr.36) ) + case case_1 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq + ) ▶₀ #t.5 ) + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq + ) ▶₀ #t.5 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case eventRecvabm_0_111112111111_case_2 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq.1 + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, + kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.1 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.1 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq.1 + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( !KU( senc(, + ~n.3) + >, + ~n.2) + ) @ #vk.4 ) + case c_senc + solve( !KU( senc(<(dif+seq), m2, + pad.1, + mac(, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 ) @ #vk.11 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, + ~n.2, + kSign, + lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.5, + <~n.1, ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.5, + <~n.1, ~n + > + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.2 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq.1 + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + by solve( !KU( ~n.2 + ) @ #vk.11 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.2 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq.1 + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, ~n.2, + kSign, lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.6, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.6, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.2 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.2 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( !KU( senc(< + ( + dif+ + seq + ), + m2, + pad.1, + mac(< + MH.1, + SH.1, + ( + dif+ + seq + ), + m2, + pad.1 + >, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 + ) @ #vk.15 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( (¬(#vr.22 < #vr.32)) ∥ + (∃ dif.1. + (( + dif+ + seq + ) = + ( + seq+ + dif.1 + ))) ) + case case_2 + solve( (¬(#vr.32 < #vr.22)) ∥ + (∃ dif.1. + (seq = + ( + dif+ + seq+ + dif.1 + ))) ) + case case_1 + solve( ((#t.6 < #vr.34) ∧ + (∃ #t2. + (Unlock_0( '0', + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t2) + ∧ + (#t.6 < #t2) ∧ + (#t2 < #vr.34) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t0 = + #t.6) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.34 < #t.6) ∥ + (#t.6 = + #vr.34) ) + case case_1 + by contradiction + /* + cyclic + */ + next + case case_2 + solve( MID_Receiver( ~mid_1111111111111.1 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111112111( ~prog_1.2, + ~prog_11111211.2, + a, + b, + ~n.2, + kSign.1, + lock + ) ▶₁ #j.2 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.4, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.4, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = + #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.3) ∥ + (#t.3 = + #vr.36) ) + case case_1 + solve( ((#t.4 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.6, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.6, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = + #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.4) ∥ + (#t.4 = + #vr.36) ) + case case_1 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.3 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.3 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq.1 + ) ▶₀ #t.5 ) + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq.1 + ) ▶₀ #t.5 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case eventRecvabm_0_111112111111_case_3 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, + kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.1 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.1 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( !KU( senc(<(dif+x), m, pad, + mac(, + ~n.3) + >, + ~n.2) + ) @ #vk.4 ) + case c_senc + solve( !KU( senc(<(dif+dif+x), m2, + pad.1, + mac(, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 ) @ #vk.11 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, + ~n.2, + kSign, + lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.5, + <~n.1, ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.5, + <~n.1, ~n + > + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + by solve( !KU( ~n.2 + ) @ #vk.11 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, ~n.2, + kSign, lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.6, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.6, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( !KU( senc(< + ( + dif+ + dif+ + x + ), + m2, + pad.1, + mac(< + MH.1, + SH.1, + ( + dif+ + dif+ + x + ), + m2, + pad.1 + >, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 + ) @ #vk.17 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( (¬(#vr.22 < #vr.32)) ∥ + (∃ dif.1. + (( + dif+ + dif+ + x + ) = + ( + dif+ + x+ + dif.1 + ))) ) + case case_2 + solve( (¬(#vr.32 < #vr.22)) ∥ + (∃ dif.1. + (( + dif+ + x + ) = + ( + dif+ + dif+ + x+ + dif.1 + ))) ) + case case_1 + solve( ((#t.6 < #vr.34) ∧ + (∃ #t2. + (Unlock_0( '0', + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t2) + ∧ + (#t.6 < #t2) ∧ + (#t2 < #vr.34) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t0 = + #t.6) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.34 < #t.6) ∥ + (#t.6 = + #vr.34) ) + case case_1 + by contradiction + /* + cyclic + */ + next + case case_2 + solve( MID_Receiver( ~mid_1111111111111.1 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111112111( ~prog_1.2, + ~prog_11111211.2, + a, + b, + ~n.2, + kSign.1, + lock + ) ▶₁ #j.2 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.4, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.4, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = + #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.3) ∥ + (#t.3 = + #vr.36) ) + case case_1 + solve( ((#t.4 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.6, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.6, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = + #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.4) ∥ + (#t.4 = + #vr.36) ) + case case_1 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq + ) ▶₀ #t.5 ) + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq + ) ▶₀ #t.5 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case eventRecvabm_0_111112111111_case_4 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq.1 + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, + kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.1 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.1 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq.1 + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( !KU( senc(, + ~n.3) + >, + ~n.2) + ) @ #vk.4 ) + case c_senc + solve( !KU( senc(<(seq+seq+x), m2, + pad.1, + mac(, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 ) @ #vk.11 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, + ~n.2, + kSign, + lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.5, + <~n.1, ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.5, + <~n.1, ~n + > + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.2 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq.1 + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + by solve( !KU( ~n.2 + ) @ #vk.11 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.2 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq.1 + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, ~n.2, + kSign, lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.6, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.6, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.2 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.2 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( !KU( senc(< + ( + seq+ + seq+ + x + ), + m2, + pad.1, + mac(< + MH.1, + SH.1, + ( + seq+ + seq+ + x + ), + m2, + pad.1 + >, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 + ) @ #vk.15 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( (¬(#vr.22 < #vr.32)) ∥ + (∃ dif. + (( + seq+ + seq+ + x + ) = + ( + dif+ + seq + ))) ) + case case_2 + solve( (¬(#vr.32 < #vr.22)) ∥ + (∃ dif. + (seq = + ( + dif+ + seq+ + seq+ + x + ))) ) + case case_1 + solve( ((#t.6 < #vr.34) ∧ + (∃ #t2. + (Unlock_0( '0', + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t2) + ∧ + (#t.6 < #t2) ∧ + (#t2 < #vr.34) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t0 = + #t.6) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.34 < #t.6) ∥ + (#t.6 = + #vr.34) ) + case case_1 + by contradiction + /* + cyclic + */ + next + case case_2 + solve( MID_Receiver( ~mid_1111111111111.1 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111112111( ~prog_1.2, + ~prog_11111211.2, + a, + b, + ~n.2, + kSign.1, + lock + ) ▶₁ #j.2 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.4, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.4, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = + #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.3) ∥ + (#t.3 = + #vr.36) ) + case case_1 + solve( ((#t.4 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.6, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.6, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = + #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.4) ∥ + (#t.4 = + #vr.36) ) + case case_1 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.3 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.3 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq.1 + ) ▶₀ #t.5 ) + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq.1 + ) ▶₀ #t.5 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case eventRecvabm_0_111112111111_case_5 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, + kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.1 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.1 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq + ) ▶₀ #t.5 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, a, b, + kEnc, kSign + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( !KU( senc(<(x+x.1), m, pad, + mac(, + ~n.3) + >, + ~n.2) + ) @ #vk.4 ) + case c_senc + solve( !KU( senc(<(x+x.1+x.1+x.2), + m2, pad.1, + mac(, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 ) @ #vk.11 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) + case MessageIDRule + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, + ~n.2, + kSign, + lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.5, + <~n.1, ~n + > + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.5, + <~n.1, ~n + > + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m.1, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + by solve( !KU( ~n.2 + ) @ #vk.11 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.2, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m.1, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed qed qed qed qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, a, b, - kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, b, - kEnc.1, - kSign.1, - lock, m.2, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.2, - ~prog_1111121.4, - ~prog_111112111.2, - MH.3, - SH.3, a, - b, kEnc.1, - kSign.1, - m.2, - pad.3, - seq.2, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, ~prog_1111121.2, - a, b, ~n.2, ~n.3, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.26) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.26) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.5, <~n.1, ~n> ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.26 < #t.2) ∥ (#t.2 = #vr.26) ) - case case_1 - solve( ((#t.3 < #vr.26) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, <~n.1, ~n> - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.26) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.26 < #t.3) ∥ (#t.3 = #vr.26) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, b, kEnc, - kSign, lock, - m, seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.1 ) case MessageIDRule - solve( State_11111211111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, a, - b, kEnc, - kSign, m, - pad.2, - seq.1, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, a, b, - kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, b, - kEnc.1, - kSign.1, - lock, m.1, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.2, - ~prog_1111121.4, - ~prog_111112111.2, - MH.3, - SH.3, a, - b, kEnc.1, - kSign.1, - m.1, - pad.3, - seq.2, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, a, b, - kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, b, kEnc.1, - kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.2, - ~prog_1111121.4, - ~prog_111112111.2, - MH.3, SH.3, - a, b, - kEnc.1, - kSign.1, - m.1, pad.3, - seq.2, lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, b, kEnc, - kSign, lock, - m, seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111, - MH.2, SH.2, - a, b, kEnc, - kSign, m, - pad.2, - seq.1, lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign + solve( State_111112111( ~prog_1.1, + ~prog_11111211.2, + a, b, ~n.2, + kSign, lock + ) ▶₁ #j.1 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.4, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.3) ∥ + (#t.3 = #vr.29) ) + case case_1 + solve( ((#t.4 < #vr.29) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.6, + <~n.1, ~n> + ) @ #t2) + ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.6, + <~n.1, ~n> + ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t0 = #t.4) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, + <~n.1, ~n> + ) @ #t0) + ⇒ + ((#t0 < #t.4) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.29 < #t.4) ∥ + (#t.4 = #vr.29) ) + case case_1 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111211111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( !KU( senc(< - ( - dif+ - seq - ), - m2, - pad.1, - mac(< - MH.1, - SH.1, - ( - dif+ + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.2, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.9 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.2 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.2 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, seq - ), - m2, - pad.1 - >, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 - ) @ #vk.15 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( (¬(#vr.19 < #vr.29)) ∥ - (∃ dif.1. - (( - dif+ - seq - ) = - ( - seq+ - dif.1 - ))) ) - case case_2 - solve( (¬(#vr.29 < #vr.19)) ∥ - (∃ dif.1. - (seq = - ( - dif+ - seq+ - dif.1 - ))) ) + ) ▶₀ #t.9 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + cyclic + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.2, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq + ) ▶₀ #t.9 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111, + a, b, + kEnc.1, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.3, + ~prog_1111121111.3, + MH.2, + SH.2, + ~n, + ~n.1, + kEnc, + kSign, + ~n.7, + pad.2, + xmac, + m, + seq + ) ▶₀ #t2.1 ) + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, b, + kEnc, + kSign + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, + $SH.2, + $pad.2, + ~prog_1.1, + ~prog_11111111.1, + ~prog_1111111111, + lock, + a, + b, + kEnc, + kSign, + m, + seq + ) ▶₀ #t.7 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, + ~prog_11111111, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( !KU( senc(< + ( + x+ + x.1+ + x.1+ + x.2 + ), + m2, + pad.1, + mac(< + MH.1, + SH.1, + ( + x+ + x.1+ + x.1+ + x.2 + ), + m2, + pad.1 + >, + ~n.3) + >, + ~n.2) + ) @ #vk.9 ) + case c_senc + by solve( !KU( ~n.2 + ) @ #vk.17 ) + next + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( (¬(#vr.22 < #vr.32)) ∥ + (∃ dif. + (( + x+ + x.1+ + x.1+ + x.2 + ) = + ( + dif+ + x+ + x.1 + ))) ) + case case_2 + solve( (¬(#vr.32 < #vr.22)) ∥ + (∃ dif. + (( + x+ + x.1 + ) = + ( + dif+ + x+ + x.1+ + x.1+ + x.2 + ))) ) + case case_1 + solve( ((#t.6 < #vr.34) ∧ + (∃ #t2. + (Unlock_0( '0', + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t2) + ∧ + (#t.6 < #t2) ∧ + (#t2 < #vr.34) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.8, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t0 = + #t.6) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n, + ~n.1 + > + ) @ #t0) + ⇒ + ((#t0 < #t.6) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.34 < #t.6) ∥ + (#t.6 = + #vr.34) ) + case case_1 + by contradiction + /* + cyclic + */ + next + case case_2 + solve( MID_Receiver( ~mid_1111111111111.1 + ) ▶₃ #j.2 ) + case MessageIDRule + solve( State_111112111( ~prog_1.2, + ~prog_11111211.2, + a, + b, + ~n.2, + kSign.1, + lock + ) ▶₁ #j.2 ) + case lockba_0_11111211 + solve( ((#t.3 < #vr.36) ∧ + (∃ #t2. + (Unlock_1( '1', + ~n.4, + < + ~n.1, + ~n + > + ) @ #t2) + ∧ + (#t.3 < #t2) ∧ + (#t2 < #vr.36) ∧ + (∀ #t0 + pp. + (Unlock( pp, + ~n.4, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + #t0 = + #t2) ∧ + (∀ pp + lpp + #t0. + (Lock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t0 = + #t.3) ∨ + (#t2 < #t0))) ∧ + (∀ pp + lpp + #t0. + (Unlock( pp, + lpp, + < + ~n.1, + ~n + > + ) @ #t0) + ⇒ + ((#t0 < #t.3) ∨ + (#t2 < #t0) ∨ + (#t2 = + #t0))))) ∥ + (#vr.36 < #t.3) ∥ + (#t.3 = + #vr.36) ) case case_1 - solve( ((#t.5 < #vr.31) ∧ + solve( ((#t.4 < #vr.36) ∧ (∃ #t2. - (Unlock_0( '0', - ~n.8, + (Unlock_1( '1', + ~n.6, < - ~n, - ~n.1 + ~n.1, + ~n > ) @ #t2) ∧ - (#t.5 < #t2) ∧ - (#t2 < #vr.31) ∧ + (#t.4 < #t2) ∧ + (#t2 < #vr.36) ∧ (∀ #t0 pp. (Unlock( pp, - ~n.8, + ~n.6, < - ~n, - ~n.1 + ~n.1, + ~n > ) @ #t0) ⇒ @@ -2301,14 +9951,14 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, (Lock( pp, lpp, < - ~n, - ~n.1 + ~n.1, + ~n > ) @ #t0) ⇒ - ((#t0 < #t.5) ∨ + ((#t0 < #t.4) ∨ (#t0 = - #t.5) ∨ + #t.4) ∨ (#t2 < #t0))) ∧ (∀ pp lpp @@ -2316,344 +9966,206 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, (Unlock( pp, lpp, < - ~n, - ~n.1 + ~n.1, + ~n > ) @ #t0) ⇒ - ((#t0 < #t.5) ∨ + ((#t0 < #t.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.31 < #t.5) ∥ - (#t.5 = - #vr.31) ) + (#vr.36 < #t.4) ∥ + (#t.4 = + #vr.36) ) case case_1 - by contradiction - /* - cyclic - */ + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed next case case_2 - solve( MID_Receiver( ~mid_111111111111.1 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, - ~prog_1111121.2, - a, - b, - ~n.2, - ~n.3, - lock - ) ▶₁ #j.2 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.33) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.5, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.5, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = - #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.33 < #t.2) ∥ - (#t.2 = - #vr.33) ) - case case_1 - solve( ((#t.3 < #vr.33) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.7, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.7, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = - #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.33 < #t.3) ∥ - (#t.3 = - #vr.33) ) - case case_1 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.3 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.3 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed + qed + qed + qed + next + case case_3 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, + ~prog_11111111.2, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.3, + $SH.3, + $pad.3, + ~prog_1.2, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.1, + kSign.1, + m.1, + seq.1 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ qed qed qed qed qed + next + case case_2 + solve( State_111111( ~prog_1, + a, + b, + kEnc.1, + kSign.1 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, + ~prog_11111111.2, + a, + b, + kEnc.2, + kSign.2 + ) ▶₀ #t.8 ) + case p_1_1111111 + solve( State_11111111111111( $MH.4, + $SH.4, + $pad.4, + ~prog_1.3, + ~prog_11111111.3, + ~prog_1111111111.2, + lock, + a, + b, + kEnc.2, + kSign.2, + m.2, + seq.2 + ) ▶₀ #t.9 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + by contradiction + /* + cyclic + */ + qed + qed + qed + qed qed qed qed @@ -2688,6 +10200,15 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed qed qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, SH.2, a, b, kEnc, + kSign, lock, pad.2, + xmac, m.1, seq + ) ▶₀ #t.5 ) qed qed qed @@ -2695,6 +10216,13 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed qed qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111, MH.2, SH.2, a, b, + kEnc, kSign, lock, pad.2, xmac, m.1, + seq + ) ▶₀ #t.5 ) qed qed qed @@ -2714,31 +10242,24 @@ solve( State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, qed next case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.2, ~prog_1111121.3, ~prog_111112111, - MH.3, SH.3, a, b, kEnc.1, kSign.1, m.2, pad.3, seq.2, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121.1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111211111( ~prog_1.2, ~prog_1111121.3, ~prog_111112111.1, - MH.3, SH.3, a, b, kEnc.1, kSign.1, m.2, pad.3, seq.2, lock - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - by contradiction /* cyclic */ - qed - qed + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.3 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211.1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.4 ) + case p_1_1111121 + by solve( State_1111121111111( ~prog_1.1, ~prog_11111211.2, + ~prog_1111121111.2, MH.2, SH.2, ~n, ~n.1, kEnc, kSign, + ~n.5, pad.2, xmac, m.1, seq.1 + ) ▶₀ #t2 ) qed qed qed @@ -2761,42 +10282,79 @@ guarded formula characterizing all counter-examples: (Sent( A, B, m ) @ #i) ∧ ∀ #k. (Recv( A, B, m ) @ #k) ⇒ ¬(#i < #k)" */ simplify -solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, - kEnc, kSign, lock, m, seq +solve( State_111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, + lock, A, B, kEnc, kSign, m, seq ) ▶₀ #i ) - case newm_0_1111111111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111, a, b, kEnc, kSign - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH, $SH, $pad, ~prog_1.1, ~prog_1111111.1, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq.1 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j ) + case newm_0_11111111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, ~prog_11111111, a, b, kEnc, kSign + ) ▶₀ #t.3 ) + case p_1_1111111 + solve( State_11111111111111( $MH, $SH, $pad, ~prog_1.1, ~prog_11111111.1, + ~prog_1111111111, lock, a, b, kEnc, kSign, m, seq.1 + ) ▶₀ #t.4 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j ) case MessageIDRule - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111211( ~prog_1.1, ~prog_1111121, a, b, ~n.2, ~n.3, lock + solve( State_111111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112111( ~prog_1.1, ~prog_11111211, a, b, ~n.3, kSign, + lock ) ▶₁ #j ) - case lockba_0_1111121 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m, pad.1, seq.1, lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_1111121111 - by contradiction /* from formulas */ + case lockba_0_11111211 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111111( ~prog_1.1, ~prog_11111111, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, ~prog_11111211, a, b, kEnc, kSign + ) ▶₀ #t.5 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( (∃ #t. (ProgressTo_11111211111111( ~prog_1111121111 ) @ #t)) ∥ + (∃ #t. (ProgressTo_11111211112( ~prog_1111121111 ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111, MH.1, SH.1, a, b, kEnc, + kSign, lock, pad.1, xmac, m, seq.1 + ) ▶₀ #t.6 ) + case eventRecvabm_0_111112111111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, ~prog_11111211.1, + ~prog_1111121111, MH.1, SH.1, a, b, kEnc, + kSign, lock, pad.1, xmac, m, seq.1 + ) ▶₀ #t.6 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + qed + qed qed qed qed @@ -2826,36 +10384,36 @@ guarded formula characterizing all counter-examples: (∀ #k #l. (Recv( A, B, m ) @ #k) ∧ (Recv( A, B, m2 ) @ #l) ⇒ ¬(#k < #l))" */ simplify -solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, - kEnc, kSign, lock, m, seq +solve( State_111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, + lock, A, B, kEnc, kSign, m, seq ) ▶₀ #i ) - case newm_0_1111111111 - solve( State_11111111111( ~prog_1.1, ~prog_1111111.1, ~prog_111111111.1, - ~n, ~n.1, kEnc, kSign, lock, m2, seq.1 + case newm_0_11111111111 + solve( State_111111111111( ~prog_1.1, ~prog_11111111.1, + ~prog_1111111111.1, lock, ~n.1, ~n.2, kEnc, kSign, m2, seq.1 ) ▶₀ #j ) - case newm_0_1111111111 - solve( (¬(#vr.1 < #vr.14)) ∥ (∃ dif. (seq.1 = (dif+seq))) ) + case newm_0_11111111111 + solve( (¬(#vr.1 < #vr.15)) ∥ (∃ dif. (seq.1 = (dif+seq))) ) case case_1 - solve( (¬(#vr.14 < #vr.1)) ∥ (∃ dif. (seq = (dif+seq.1))) ) + solve( (¬(#vr.15 < #vr.1)) ∥ (∃ dif. (seq = (dif+seq.1))) ) case case_1 - solve( ((#vr.3 < #vr.16) ∧ + solve( ((#vr.3 < #vr.17) ∧ (∃ #t2. - (Unlock_0( '0', ~n.4, <~n, ~n.1> ) @ #t2) + (Unlock_0( '0', ~n, <~n.1, ~n.2> ) @ #t2) ∧ (#vr.3 < #t2) ∧ - (#t2 < #vr.16) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n, ~n.1> ) @ #t0) ⇒ #t0 = #t2) ∧ + (#t2 < #vr.17) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, <~n.1, ~n.2> ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, <~n, ~n.1> ) @ #t0) + (Lock( pp, lpp, <~n.1, ~n.2> ) @ #t0) ⇒ ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n, ~n.1> ) @ #t0) + (Unlock( pp, lpp, <~n.1, ~n.2> ) @ #t0) ⇒ ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.16 < #vr.3) ∥ (#vr.3 = #vr.16) ) + (#vr.17 < #vr.3) ∥ (#vr.3 = #vr.17) ) case case_1 - solve( (#vr.1 = #vr.14) ∥ (#vr.14 < #vr.1) ) + solve( (#vr.1 = #vr.15) ∥ (#vr.15 < #vr.1) ) case case_1 by contradiction /* cyclic */ next @@ -2864,7 +10422,7 @@ solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, qed next case case_2 - solve( (#vr.1 = #vr.14) ∥ (#vr.14 < #vr.1) ) + solve( (#vr.1 = #vr.15) ∥ (#vr.15 < #vr.1) ) case case_1 by contradiction /* cyclic */ next @@ -2877,35 +10435,35 @@ solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, qed next case case_2 - solve( ((#vr.3 < #vr.16) ∧ + solve( ((#vr.3 < #vr.17) ∧ (∃ #t2. - (Unlock_0( '0', ~n.4, <~n, ~n.1> ) @ #t2) + (Unlock_0( '0', ~n, <~n.1, ~n.2> ) @ #t2) ∧ (#vr.3 < #t2) ∧ - (#t2 < #vr.16) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n, ~n.1> ) @ #t0) ⇒ #t0 = #t2) ∧ + (#t2 < #vr.17) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, <~n.1, ~n.2> ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, <~n, ~n.1> ) @ #t0) + (Lock( pp, lpp, <~n.1, ~n.2> ) @ #t0) ⇒ ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n, ~n.1> ) @ #t0) + (Unlock( pp, lpp, <~n.1, ~n.2> ) @ #t0) ⇒ ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.16 < #vr.3) ∥ (#vr.3 = #vr.16) ) + (#vr.17 < #vr.3) ∥ (#vr.3 = #vr.17) ) case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.3, ~prog_111111111, a, b, kEnc.1, kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.3 ) + case p_1_1111111 + solve( State_11111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, + ~prog_11111111.3, ~prog_1111111111, lock, a, b, kEnc.1, kSign.1, + m.1, seq.2 + ) ▶₀ #t.4 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 by contradiction /* cyclic */ qed qed @@ -2913,33 +10471,33 @@ solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, qed next case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.3, ~prog_111111111, a, b, kEnc.1, kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.3 ) + case p_1_1111111 + solve( State_11111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, + ~prog_11111111.3, ~prog_1111111111, lock, a, b, kEnc.1, kSign.1, + m.1, seq.2 + ) ▶₀ #t.4 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) case MessageIDRule - solve( State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, ~prog_1111111.1, a.1, b.1, kEnc.1, - kSign.1 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.3, - ~prog_1111111.3, ~prog_111111111.1, a.1, b.1, kEnc.1, - kSign.1, lock.1, m.1, seq.2 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 + solve( State_111111( ~prog_1, a.1, b.1, kEnc.1, kSign.2 ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a.1, b.1, kEnc.1, kSign.2 ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, ~prog_11111111.1, a.1, b.1, kEnc.1, + kSign.2 + ) ▶₀ #t.5 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.3, + ~prog_11111111.3, ~prog_1111111111.1, lock.1, a.1, b.1, + kEnc.1, kSign.2, m.1, seq.2 + ) ▶₀ #t.6 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 by contradiction /* cyclic */ qed qed @@ -2954,143 +10512,571 @@ solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, qed next case case_2 - solve( (¬(#vr.14 < #vr.1)) ∥ (∃ dif.1. (seq = (dif+seq+dif.1))) ) + solve( (¬(#vr.15 < #vr.1)) ∥ (∃ dif.1. (seq = (dif+seq+dif.1))) ) case case_1 - solve( ((#vr.3 < #vr.16) ∧ + solve( ((#vr.3 < #vr.17) ∧ (∃ #t2. - (Unlock_0( '0', ~n.4, <~n, ~n.1> ) @ #t2) + (Unlock_0( '0', ~n, <~n.1, ~n.2> ) @ #t2) ∧ (#vr.3 < #t2) ∧ - (#t2 < #vr.16) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n, ~n.1> ) @ #t0) ⇒ #t0 = #t2) ∧ + (#t2 < #vr.17) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, <~n.1, ~n.2> ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, <~n, ~n.1> ) @ #t0) + (Lock( pp, lpp, <~n.1, ~n.2> ) @ #t0) ⇒ ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n, ~n.1> ) @ #t0) + (Unlock( pp, lpp, <~n.1, ~n.2> ) @ #t0) ⇒ ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.16 < #vr.3) ∥ (#vr.3 = #vr.16) ) + (#vr.17 < #vr.3) ∥ (#vr.3 = #vr.17) ) case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.3, ~prog_111111111, a, b, kEnc.1, kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.3 ) + case p_1_1111111 + solve( State_11111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, + ~prog_11111111.3, ~prog_1111111111, lock, a, b, kEnc.1, kSign.1, + m.1, seq.2 + ) ▶₀ #t.4 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) case MessageIDRule - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111.1, a.1, b.1, kEnc, kSign - ) ▶₀ #t.3 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.2, ~prog_111111111.1, a.1, b.1, kEnc, - kSign, lock.1, m, seq.1 - ) ▶₀ #t.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111.1 ) ▶₃ #j.2 ) + solve( State_111111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_111112( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.4 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111.1, a.1, b.1, kEnc, + kSign.1 + ) ▶₀ #t.4 ) + case p_1_1111111 + solve( State_11111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, + ~prog_11111111.2, ~prog_1111111111.1, lock.1, a.1, b.1, + kEnc, kSign.1, m, seq.1 + ) ▶₀ #t.5 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111.1 ) ▶₃ #j.2 ) case MessageIDRule - solve( State_11111( ~prog_1, a.2, b.2, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.2, b.2, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111211( ~prog_1.1, ~prog_1111121, a, b, ~n.2, ~n.3, lock + solve( State_111111( ~prog_1, a.2, b.2, kEnc, kSign.2 ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a.2, b.2, kEnc, kSign.2 ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112111( ~prog_1.1, ~prog_11111211, a, b, ~n.3, kSign, + lock ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a.1, b.1, kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_11111211111( ~prog_1.2, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a.1, b.1, - kEnc, kSign, m, pad.2, seq.1, lock.1 - ) ▶₀ #t.5 ) - case eventRecvabm_0_1111121111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111211( ~prog_1.1, ~prog_1111121.1, a, b, ~n.2, - ~n.3, lock - ) ▶₁ #j.2 ) - case lockba_0_1111121 - solve( ((#vr.19 < #vr.24) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.8, <~n.1, ~n> ) @ #t2) - ∧ - (#vr.19 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.8, <~n.1, ~n> ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.19) ∨ - (#t0 = #vr.19) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.19) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.24 < #vr.19) ∥ (#vr.19 = #vr.24) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign + case lockba_0_11111211 + solve( State_111111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a.1, b.1, kEnc, + kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111111 + solve( State_111111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112111( ~prog_1.1, ~prog_11111211.1, a, b, ~n.3, + kSign, lock + ) ▶₁ #j.2 ) + case lockba_0_11111211 + solve( ((#vr.20 < #vr.23) ∧ + (∃ #t2. + (Unlock_1( '1', ~n.8, <~n.2, ~n.1> ) @ #t2) + ∧ + (#vr.20 < #t2) ∧ + (#t2 < #vr.23) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.8, <~n.2, ~n.1> ) @ #t0) + ⇒ + #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, <~n.2, ~n.1> ) @ #t0) + ⇒ + ((#t0 < #vr.20) ∨ (#t0 = #vr.20) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, <~n.2, ~n.1> ) @ #t0) + ⇒ + ((#t0 < #vr.20) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.23 < #vr.20) ∥ (#vr.20 = #vr.23) ) + case case_1 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111.1, a, + b, kEnc.1, kSign.1 ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111.1, a, - b, kEnc, kSign + case p_1_1111111 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.6 ) - case p_1_111111 - solve( State_11111211111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m, pad.2, seq.1, lock + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.6 ) - case eventRecvabm_0_1111121111 - by contradiction /* from formulas */ + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211, + a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, + kEnc.1, kSign.1 + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.7 ) + case p_1_1111121 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.1, + ~prog_1111121111.1, + MH.1, + SH.1, + ~n.1, + ~n.2, + kEnc, + kSign, + ~n.8, + pad.1, + xmac, m, + seq.1 + ) ▶₀ #t2.1 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.8 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111.1 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111.1 + ) @ #t)) ) + case case_1 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.8 ) + case eventRecvabm_0_111112111111 + by contradiction + /* + from formulas + */ + qed + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111.1, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.8 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by solve( State_1111121111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.8 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed qed qed qed qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 + qed + next + case case_2 + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111.1, a, + b, kEnc.1, kSign.1 ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111.1, a, - b, kEnc.1, kSign.1 + case p_1_1111111 + solve( State_111111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.6 ) - case p_1_111111 - by solve( State_11111211111( ~prog_1.2, - ~prog_1111121.3, - ~prog_111112111.2, - MH.3, SH.3, a, b, - kEnc.1, kSign.1, m.1, - pad.3, seq.2, lock - ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, ~prog_11111211, + a, b, kEnc.1, kSign.1 + ) ▶₀ #t.6 ) + case p_1_1111121 + solve( State_111111( ~prog_1, a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, + kEnc.1, kSign.1 + ) ▶₀ #t.7 ) + case p_0_11111 + solve( State_11111211( ~prog_1.2, + ~prog_11111211.2, + a, b, kEnc.1, + kSign.1 + ) ▶₀ #t.7 ) + case p_1_1111121 + solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.1, + ~prog_1111121111.1, + MH.1, + SH.1, + ~n.1, + ~n.2, + kEnc, + kSign, + ~n.9, + pad.1, + xmac, m, + seq.1 + ) ▶₀ #t2.1 ) + case eventRecvabm_0_111112111111 + solve( State_111111( ~prog_1, a, b, + kEnc, kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, a, + b, kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_11111211( ~prog_1.1, + ~prog_11111211.1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_1_1111121 + solve( State_111111( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( State_111112( ~prog_1, + a, + b, + kEnc, + kSign + ) ▶₀ #t.8 ) + case p_0_11111 + solve( (∃ #t. + (ProgressTo_11111211111111( ~prog_1111121111 + ) @ #t)) ∥ + (∃ #t. + (ProgressTo_11111211112( ~prog_1111121111 + ) @ #t)) ) + case case_1 + by solve( State_1111121111111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.8 ) + next + case case_2 + solve( State_1111121111( ~prog_1.1, + ~prog_11111211.2, + ~prog_1111121111, + MH.2, + SH.2, + a, + b, + kEnc, + kSign, + lock, + pad.2, + xmac, + m, + seq.1 + ) ▶₀ #t.8 ) + case inrMHSHsencseqmpadxmackEnc_0_111112111 + by contradiction + /* + from formulas + */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed qed qed qed @@ -3117,33 +11103,33 @@ solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, qed next case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.3, ~prog_111111111, a, b, kEnc.1, kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) + solve( State_111111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) + case p_0_11111 + solve( State_111112( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) + case p_0_11111 + solve( State_11111111( ~prog_1.2, ~prog_11111111, a, b, kEnc.1, kSign.1 + ) ▶₀ #t.3 ) + case p_1_1111111 + solve( State_11111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, + ~prog_11111111.3, ~prog_1111111111, lock, a, b, kEnc.1, kSign.1, + m.1, seq.2 + ) ▶₀ #t.4 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 + solve( MID_Receiver( ~mid_1111111111111 ) ▶₃ #j.1 ) case MessageIDRule - solve( State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, ~prog_1111111.1, a.1, b.1, kEnc.1, - kSign.1 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.3, - ~prog_1111111.3, ~prog_111111111.1, a.1, b.1, kEnc.1, - kSign.1, lock.1, m.1, seq.2 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 + solve( State_111111( ~prog_1, a.1, b.1, kEnc.1, kSign.2 ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_111112( ~prog_1, a.1, b.1, kEnc.1, kSign.2 ) ▶₀ #t.5 ) + case p_0_11111 + solve( State_11111111( ~prog_1.3, ~prog_11111111.1, a.1, b.1, kEnc.1, + kSign.2 + ) ▶₀ #t.5 ) + case p_1_1111111 + solve( State_11111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.3, + ~prog_11111111.3, ~prog_1111111111.1, lock.1, a.1, b.1, + kEnc.1, kSign.2, m.1, seq.2 + ) ▶₀ #t.6 ) + case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111 by contradiction /* cyclic */ qed qed @@ -3160,6 +11146,14 @@ solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, qed qed + + + + + + + + rule (modulo E) MessageIDRule[color=#ffffff, process="!"]: [ Fr( ~mid_ ) ] --> [ MID_Receiver( ~mid_ ), MID_Sender( ~mid_ ) ] @@ -3182,384 +11176,711 @@ rule (modulo E) p_1_[color=#ffffff, process="!"]: /* has exactly the trivial AC variant */ -rule (modulo E) newa_0_1[color=#ffffff, process="new a;"]: - [ State_1( ~prog_1 ), Fr( a ) ] --> [ State_11( ~prog_1, a ) ] +rule (modulo E) newa_0_1[color=#ffffff, process="new a.1;"]: + [ State_1( ~prog_1 ), Fr( a.1 ) ] --> [ State_11( ~prog_1, a.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newa_0_1[color=#ffffff, process="new a.1;"]: + [ State_1( ~prog_1 ), Fr( a ) ] --> [ State_11( ~prog_1, a ) ] + */ -rule (modulo E) newb_0_11[color=#ffffff, process="new b;"]: - [ State_11( ~prog_1, a ), Fr( b ) ] --> [ State_111( ~prog_1, a, b ) ] +rule (modulo E) newb_0_11[color=#ffffff, process="new b.1;"]: + [ State_11( ~prog_1, a.1 ), Fr( b.1 ) ] + --> + [ State_111( ~prog_1, a.1, b.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newb_0_11[color=#ffffff, process="new b.1;"]: + [ State_11( ~prog_1, a ), Fr( b ) ] --> [ State_111( ~prog_1, a, b ) ] + */ -rule (modulo E) newkSign_0_111[color=#ffffff, process="new kSign;"]: - [ State_111( ~prog_1, a, b ), Fr( kSign ) ] +rule (modulo E) newkSign_0_111[color=#ffffff, process="new kSign.1;"]: + [ State_111( ~prog_1, a.1, b.1 ), Fr( kSign.1 ) ] --> - [ State_1111( ~prog_1, a, b, kSign ) ] + [ State_1111( ~prog_1, a.1, b.1, kSign.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newkSign_0_111[color=#ffffff, process="new kSign.1;"]: + [ State_111( ~prog_1, a, b ), Fr( kSign ) ] + --> + [ State_1111( ~prog_1, a, b, kSign ) ] + */ -rule (modulo E) newkEnc_0_1111[color=#ffffff, process="new kEnc;"]: - [ State_1111( ~prog_1, a, b, kSign ), Fr( kEnc ) ] +rule (modulo E) newkEnc_0_1111[color=#ffffff, process="new kEnc.1;"]: + [ State_1111( ~prog_1, a.1, b.1, kSign.1 ), Fr( kEnc.1 ) ] --> - [ State_11111( ~prog_1, a, b, kEnc, kSign ) ] + [ State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newkEnc_0_1111[color=#ffffff, process="new kEnc.1;"]: + [ State_1111( ~prog_1, a, b, kSign ), Fr( kEnc ) ] + --> + [ State_11111( ~prog_1, a, b, kEnc, kSign ) ] + */ rule (modulo E) p_0_11111[color=#ffffff, process="|"]: - [ State_11111( ~prog_1, a, b, kEnc, kSign ) ] - --[ ProgressTo_111111( ~prog_1 ), ProgressTo_111112( ~prog_1 ) ]-> + [ State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] + --> [ - State_111111( ~prog_1, a, b, kEnc, kSign ), - State_111112( ~prog_1, a, b, kEnc, kSign ) + State_111111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ), + State_111112( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_11111[color=#ffffff, process="|"]: + [ State_11111( ~prog_1, a, b, kEnc, kSign ) ] + --> + [ + State_111111( ~prog_1, a, b, kEnc, kSign ), + State_111112( ~prog_1, a, b, kEnc, kSign ) + ] + */ + +rule (modulo E) A_0_111111[color=#ffffff, process="A()"]: + [ State_111111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] + --[ ProgressTo_1111111( ~prog_1 ) ]-> + [ State_1111111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] + + /* + rule (modulo AC) A_0_111111[color=#ffffff, process="A()"]: + [ State_111111( ~prog_1, a, b, kEnc, kSign ) ] + --[ ProgressTo_1111111( ~prog_1 ) ]-> + [ State_1111111( ~prog_1, a, b, kEnc, kSign ) ] + */ -rule (modulo E) p_0_111111[color=#804046, process="!"]: - [ State_111111( ~prog_1, a, b, kEnc, kSign ) ] +rule (modulo E) p_0_1111111[color=#804046, process="!"]: + [ State_1111111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] --> - [ !Semistate_1111111( ~prog_1, a, b, kEnc, kSign ) ] + [ !Semistate_11111111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_1111111[color=#804046, process="!"]: + [ State_1111111( ~prog_1, a, b, kEnc, kSign ) ] + --> + [ !Semistate_11111111( ~prog_1, a, b, kEnc, kSign ) ] + */ -rule (modulo E) p_1_111111[color=#804046, process="!"]: - [ Fr( ~prog_1111111 ), !Semistate_1111111( ~prog_1, a, b, kEnc, kSign ) ] - --[ ProgressFrom_1111111( ~prog_1111111 ) ]-> - [ State_1111111( ~prog_1, ~prog_1111111, a, b, kEnc, kSign ) ] +rule (modulo E) p_1_1111111[color=#804046, process="!"]: + [ + Fr( ~prog_11111111 ), + !Semistate_11111111( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) + ] + --[ ProgressFrom_11111111( ~prog_11111111 ) ]-> + [ State_11111111( ~prog_1, ~prog_11111111, a.1, b.1, kEnc.1, kSign.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_1111111[color=#804046, process="!"]: + [ Fr( ~prog_11111111 ), !Semistate_11111111( ~prog_1, a, b, kEnc, kSign ) + ] + --[ ProgressFrom_11111111( ~prog_11111111 ) ]-> + [ State_11111111( ~prog_1, ~prog_11111111, a, b, kEnc, kSign ) ] + */ -rule (modulo E) lockab_0_1111111[color=#804046, process="lock ;"]: - [ State_1111111( ~prog_1, ~prog_1111111, a, b, kEnc, kSign ), Fr( lock ) +rule (modulo E) lockab_0_11111111[color=#804046, + process="lock ;"]: + [ + State_11111111( ~prog_1, ~prog_11111111, a.1, b.1, kEnc.1, kSign.1 ), + Fr( lock ) ] --[ - ProgressTo_11111111( ~prog_1111111 ), Lock_0( '0', lock, ), - Lock( '0', lock, ) + ProgressTo_111111111( ~prog_11111111 ), Lock_0( '0', lock, ), + Lock( '0', lock, ) ]-> - [ State_11111111( ~prog_1, ~prog_1111111, a, b, kEnc, kSign, lock ) ] + [ + State_111111111( ~prog_1, ~prog_11111111, lock, a.1, b.1, kEnc.1, kSign.1 + ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lockab_0_11111111[color=#804046, + process="lock ;"]: + [ + State_11111111( ~prog_1, ~prog_11111111, a, b, kEnc, kSign ), Fr( lock ) + ] + --[ + ProgressTo_111111111( ~prog_11111111 ), Lock_0( '0', lock, ), + Lock( '0', lock, ) + ]-> + [ State_111111111( ~prog_1, ~prog_11111111, lock, a, b, kEnc, kSign ) ] + */ -rule (modulo E) incseq_0_11111111[color=#804046, process="in('c',seq);"]: +rule (modulo E) incseq_0_111111111[color=#804046, + process="in('c',seq.1);"]: [ - Fr( ~prog_111111111 ), - State_11111111( ~prog_1, ~prog_1111111, a, b, kEnc, kSign, lock ), - In( <'c', seq> ) + Fr( ~prog_1111111111 ), + State_111111111( ~prog_1, ~prog_11111111, lock, a.1, b.1, kEnc.1, kSign.1 + ), + In( <'c', seq.1> ) ] - --[ ProgressFrom_111111111( ~prog_111111111 ), ChannelIn( <'c', seq> ) + --[ + ProgressFrom_1111111111( ~prog_1111111111 ), ChannelIn( <'c', seq.1> ) ]-> [ - State_111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, seq + State_1111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a.1, + b.1, kEnc.1, kSign.1, seq.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incseq_0_111111111[color=#804046, + process="in('c',seq.1);"]: + [ + Fr( ~prog_1111111111 ), + State_111111111( ~prog_1, ~prog_11111111, lock, a, b, kEnc, kSign ), + In( <'c', seq> ) + ] + --[ ProgressFrom_1111111111( ~prog_1111111111 ), ChannelIn( <'c', seq> ) + ]-> + [ + State_1111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a, b, + kEnc, kSign, seq + ) + ] + */ -rule (modulo E) eventSeqSentabseq_0_111111111[color=#804046, - process="event Seq_Sent( a, b, seq );"]: +rule (modulo E) eventSeqSentabseq_0_1111111111[color=#804046, + process="event Seq_Sent( a.1, b.1, seq.1 );"]: [ - State_111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, seq + State_1111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a.1, + b.1, kEnc.1, kSign.1, seq.1 ) ] - --[ Seq_Sent( a, b, seq ) ]-> + --[ Seq_Sent( a.1, b.1, seq.1 ) ]-> [ - State_1111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, seq + State_11111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a.1, + b.1, kEnc.1, kSign.1, seq.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSeqSentabseq_0_1111111111[color=#804046, + process="event Seq_Sent( a.1, b.1, seq.1 );"]: + [ + State_1111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a, b, + kEnc, kSign, seq + ) + ] + --[ Seq_Sent( a, b, seq ) ]-> + [ + State_11111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a, b, + kEnc, kSign, seq + ) + ] + */ -rule (modulo E) newm_0_1111111111[color=#804046, process="new m;"]: +rule (modulo E) newm_0_11111111111[color=#804046, process="new m.1;"]: [ - State_1111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, seq + State_11111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a.1, + b.1, kEnc.1, kSign.1, seq.1 ), - Fr( m ) + Fr( m.1 ) ] --> [ - State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, m, seq + State_111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a.1, + b.1, kEnc.1, kSign.1, m.1, seq.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newm_0_11111111111[color=#804046, process="new m.1;"]: + [ + State_11111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a, b, + kEnc, kSign, seq + ), + Fr( m ) + ] + --> + [ + State_111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a, + b, kEnc, kSign, m, seq + ) + ] + */ -rule (modulo E) eventSentabm_0_11111111111[color=#804046, - process="event Sent( a, b, m );"]: +rule (modulo E) eventSentabm_0_111111111111[color=#804046, + process="event Sent( a.1, b.1, m.1 );"]: [ - State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, m, seq + State_111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a.1, + b.1, kEnc.1, kSign.1, m.1, seq.1 ) ] - --[ Sent( a, b, m ) ]-> + --[ Sent( a.1, b.1, m.1 ) ]-> [ - State_111111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, m, seq + State_1111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, + a.1, b.1, kEnc.1, kSign.1, m.1, seq.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSentabm_0_111111111111[color=#804046, + process="event Sent( a.1, b.1, m.1 );"]: + [ + State_111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a, + b, kEnc, kSign, m, seq + ) + ] + --[ Sent( a, b, m ) ]-> + [ + State_1111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a, + b, kEnc, kSign, m, seq + ) + ] + */ -rule (modulo E) outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111[color=#804046, - process="out('r',<$MH, $SH, - senc(, kSign)>, kEnc)>);"]: +rule (modulo E) outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111[color=#804046, + process="out('r',<$MH, $SH, + senc(, kSign.1) + >, + kEnc.1) +>);"]: [ - MID_Sender( ~mid_111111111111 ), - State_111111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, m, seq + MID_Sender( ~mid_1111111111111 ), + State_1111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, + a.1, b.1, kEnc.1, kSign.1, m.1, seq.1 ) ] --[ - Send( ~mid_111111111111, + Send( ~mid_1111111111111, <$MH, $SH, - senc(, kSign)>, kEnc)> + senc(, kSign.1)>, + kEnc.1) + > ) ]-> [ Out( <$MH, $SH, - senc(, kSign)>, kEnc)> + senc(, kSign.1)>, + kEnc.1) + > ), - State_1111111111111( $MH, $SH, $pad, ~prog_1, ~prog_1111111, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq + State_11111111111111( $MH, $SH, $pad, ~prog_1, ~prog_11111111, + ~prog_1111111111, lock, a.1, b.1, kEnc.1, kSign.1, m.1, seq.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_1111111111111[color=#804046, + process="out('r',<$MH, $SH, + senc(, kSign.1) + >, + kEnc.1) +>);"]: + [ + MID_Sender( ~mid_1111111111111 ), + State_1111111111111( ~prog_1, ~prog_11111111, ~prog_1111111111, lock, a, + b, kEnc, kSign, m, seq + ) + ] + --[ + Send( ~mid_1111111111111, + <$MH, $SH, + senc(, kSign)>, kEnc)> + ) + ]-> + [ + Out( <$MH, $SH, + senc(, kSign)>, kEnc)> + ), + State_11111111111111( $MH, $SH, $pad, ~prog_1, ~prog_11111111, + ~prog_1111111111, lock, a, b, kEnc, kSign, m, seq + ) + ] + */ -rule (modulo E) unlockab_0_1111111111111[color=#804046, - process="unlock ;"]: +rule (modulo E) unlockab_0_11111111111111[color=#804046, + process="unlock ;"]: [ - State_1111111111111( $MH, $SH, $pad, ~prog_1, ~prog_1111111, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq + State_11111111111111( $MH, $SH, $pad, ~prog_1, ~prog_11111111, + ~prog_1111111111, lock, a.1, b.1, kEnc.1, kSign.1, m.1, seq.1 ) ] --[ - ProgressTo_11111111111111( ~prog_111111111 ), - Unlock_0( '0', lock, ), Unlock( '0', lock, ) + ProgressTo_111111111111111( ~prog_1111111111 ), + Unlock_0( '0', lock, ), Unlock( '0', lock, ) ]-> [ - State_11111111111111( $MH, $SH, $pad, ~prog_1, ~prog_1111111, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq + State_111111111111111( $MH, $SH, $pad, ~prog_1, ~prog_11111111, + ~prog_1111111111, lock, a.1, b.1, kEnc.1, kSign.1, m.1, seq.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockab_0_11111111111111[color=#804046, + process="unlock ;"]: + [ + State_11111111111111( $MH, $SH, $pad, ~prog_1, ~prog_11111111, + ~prog_1111111111, lock, a, b, kEnc, kSign, m, seq + ) + ] + --[ + ProgressTo_111111111111111( ~prog_1111111111 ), + Unlock_0( '0', lock, ), Unlock( '0', lock, ) + ]-> + [ + State_111111111111111( $MH, $SH, $pad, ~prog_1, ~prog_11111111, + ~prog_1111111111, lock, a, b, kEnc, kSign, m, seq + ) + ] + */ -rule (modulo E) p_0_11111111111111[color=#804046, process="0"]: +rule (modulo E) p_0_111111111111111[color=#804046, process="0"]: [ - State_11111111111111( $MH, $SH, $pad, ~prog_1, ~prog_1111111, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq + State_111111111111111( $MH, $SH, $pad, ~prog_1, ~prog_11111111, + ~prog_1111111111, lock, a.1, b.1, kEnc.1, kSign.1, m.1, seq.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_111111111111111[color=#804046, process="0"]: + [ + State_111111111111111( $MH, $SH, $pad, ~prog_1, ~prog_11111111, + ~prog_1111111111, lock, a, b, kEnc, kSign, m, seq + ) + ] + --> + [ ] + */ + +rule (modulo E) p_0_1111112[color=#ffffff, process="0"]: + [ State_1111112( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] --> [ ] + + /* + rule (modulo AC) p_0_1111112[color=#ffffff, process="0"]: + [ State_1111112( ~prog_1, a, b, kEnc, kSign ) ] --> [ ] + */ + +rule (modulo E) B_0_111112[color=#ffffff, process="B()"]: + [ State_111112( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] + --[ ProgressTo_1111121( ~prog_1 ) ]-> + [ State_1111121( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] + + /* + rule (modulo AC) B_0_111112[color=#ffffff, process="B()"]: + [ State_111112( ~prog_1, a, b, kEnc, kSign ) ] + --[ ProgressTo_1111121( ~prog_1 ) ]-> + [ State_1111121( ~prog_1, a, b, kEnc, kSign ) ] + */ -rule (modulo E) p_0_111112[color=#628040, process="!"]: - [ State_111112( ~prog_1, a, b, kEnc, kSign ) ] +rule (modulo E) p_0_1111121[color=#628040, process="!"]: + [ State_1111121( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] --> - [ !Semistate_1111121( ~prog_1, a, b, kEnc, kSign ) ] + [ !Semistate_11111211( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_1111121[color=#628040, process="!"]: + [ State_1111121( ~prog_1, a, b, kEnc, kSign ) ] + --> + [ !Semistate_11111211( ~prog_1, a, b, kEnc, kSign ) ] + */ -rule (modulo E) p_1_111112[color=#628040, process="!"]: - [ Fr( ~prog_1111121 ), !Semistate_1111121( ~prog_1, a, b, kEnc, kSign ) ] - --[ ProgressFrom_1111121( ~prog_1111121 ) ]-> - [ State_1111121( ~prog_1, ~prog_1111121, a, b, kEnc, kSign ) ] +rule (modulo E) p_1_1111121[color=#628040, process="!"]: + [ + Fr( ~prog_11111211 ), + !Semistate_11111211( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) + ] + --[ ProgressFrom_11111211( ~prog_11111211 ) ]-> + [ State_11111211( ~prog_1, ~prog_11111211, a.1, b.1, kEnc.1, kSign.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_1111121[color=#628040, process="!"]: + [ Fr( ~prog_11111211 ), !Semistate_11111211( ~prog_1, a, b, kEnc, kSign ) + ] + --[ ProgressFrom_11111211( ~prog_11111211 ) ]-> + [ State_11111211( ~prog_1, ~prog_11111211, a, b, kEnc, kSign ) ] + */ -rule (modulo E) lockba_0_1111121[color=#628040, process="lock ;"]: +rule (modulo E) lockba_0_11111211[color=#628040, + process="lock ;"]: [ - State_1111121( ~prog_1, ~prog_1111121, a, b, kEnc, kSign ), Fr( lock.1 ) + State_11111211( ~prog_1, ~prog_11111211, a.1, b.1, kEnc.1, kSign.1 ), + Fr( lock.1 ) ] --[ - ProgressTo_11111211( ~prog_1111121 ), Lock_1( '1', lock.1, ), - Lock( '1', lock.1, ) + ProgressTo_111112111( ~prog_11111211 ), + Lock_1( '1', lock.1, ), Lock( '1', lock.1, ) ]-> - [ State_11111211( ~prog_1, ~prog_1111121, a, b, kEnc, kSign, lock.1 ) ] + [ + State_111112111( ~prog_1, ~prog_11111211, a.1, b.1, kEnc.1, kSign.1, + lock.1 + ) + ] /* - rule (modulo AC) lockba_0_1111121[color=#628040, process="lock ;"]: - [ State_1111121( ~prog_1, ~prog_1111121, a, b, kEnc, kSign ), Fr( lock ) + rule (modulo AC) lockba_0_11111211[color=#628040, + process="lock ;"]: + [ + State_11111211( ~prog_1, ~prog_11111211, a, b, kEnc, kSign ), Fr( lock ) ] --[ - ProgressTo_11111211( ~prog_1111121 ), Lock_1( '1', lock, ), + ProgressTo_111112111( ~prog_11111211 ), Lock_1( '1', lock, ), Lock( '1', lock, ) ]-> - [ State_11111211( ~prog_1, ~prog_1111121, a, b, kEnc, kSign, lock ) ] + [ State_111112111( ~prog_1, ~prog_11111211, a, b, kEnc, kSign, lock ) ] */ -rule (modulo E) inrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_11111211[color=#628040, - process="in('r',, kSign)>, kEnc)>);"]: +rule (modulo E) inrMHSHsencseqmpadxmackEnc_0_111112111[color=#628040, + process="in('r',, =kEnc.1)>);"]: [ - Fr( ~prog_111112111 ), - State_11111211( ~prog_1, ~prog_1111121, a, b, kEnc, kSign, lock.1 ), - In( , kSign)>, kEnc) - > + Fr( ~prog_1111121111 ), + State_111112111( ~prog_1, ~prog_11111211, a.1, b.1, kEnc.1, kSign.1, + lock.1 ), - MID_Receiver( ~mid_11111211 ) + In( , kEnc.1)> ), + MID_Receiver( ~mid_111112111 ) ] --[ - ProgressFrom_111112111( ~prog_111112111 ), - Receive( ~mid_11111211, - , kSign)>, kEnc)> + ProgressFrom_1111121111( ~prog_1111121111 ), + Receive( ~mid_111112111, + , kEnc.1)> ) ]-> [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock.1 + State_1111121111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, SH.1, + a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 ) ] /* - rule (modulo AC) inrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_11111211[color=#628040, - process="in('r',, kSign)>, kEnc)>);"]: + rule (modulo AC) inrMHSHsencseqmpadxmackEnc_0_111112111[color=#628040, + process="in('r',, =kEnc.1)>);"]: [ - Fr( ~prog_111112111 ), - State_11111211( ~prog_1, ~prog_1111121, a, b, kEnc, kSign, lock ), - In( , kSign)>, kEnc) - > - ), - MID_Receiver( ~mid_11111211 ) + Fr( ~prog_1111121111 ), + State_111112111( ~prog_1, ~prog_11111211, a, b, kEnc, kSign, lock ), + In( , kEnc)> ), + MID_Receiver( ~mid_111112111 ) ] --[ - ProgressFrom_111112111( ~prog_111112111 ), - Receive( ~mid_11111211, - , kSign)>, kEnc)> - ) + ProgressFrom_1111121111( ~prog_1111121111 ), + Receive( ~mid_111112111, , kEnc)> ) + ]-> + [ + State_1111121111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq + ) + ] + */ + +rule (modulo E) ifxmacmacMHSHseqmpadkSign_0_1111121111[color=#628040, + process="if xmac.1=mac(, kSign.1)"]: + [ + State_1111121111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, SH.1, + a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 + ) + ] + --[ Pred_Eq( xmac.1, mac(, kSign.1) ) ]-> + [ + State_11111211111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, SH.1, + a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 + ) + ] + + /* + rule (modulo AC) ifxmacmacMHSHseqmpadkSign_0_1111121111[color=#628040, + process="if xmac.1=mac(, kSign.1)"]: + [ + State_1111121111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq + ) + ] + --[ Pred_Eq( xmac, mac(, kSign) ) ]-> + [ + State_11111211111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq + ) + ] + */ + +rule (modulo E) ifxmacmacMHSHseqmpadkSign_1_1111121111[color=#628040, + process="if xmac.1=mac(, kSign.1)"]: + [ + State_1111121111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, SH.1, + a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 + ) + ] + --[ + ProgressTo_11111211112( ~prog_1111121111 ), + Pred_Not_Eq( xmac.1, mac(, kSign.1) ) + ]-> + [ + State_11111211112( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, SH.1, + a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 + ) + ] + + /* + rule (modulo AC) ifxmacmacMHSHseqmpadkSign_1_1111121111[color=#628040, + process="if xmac.1=mac(, kSign.1)"]: + [ + State_1111121111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq + ) + ] + --[ + ProgressTo_11111211112( ~prog_1111121111 ), + Pred_Not_Eq( xmac, mac(, kSign) ) ]-> [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock + State_11111211112( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq ) ] */ -rule (modulo E) eventSeqRecvabseq_0_111112111[color=#628040, - process="event Seq_Recv( a, b, seq );"]: +rule (modulo E) eventSeqRecvabseq_0_11111211111[color=#628040, + process="event Seq_Recv( a.1, b.1, seq.2 );"]: [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock.1 + State_11111211111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, SH.1, + a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 ) ] - --[ Seq_Recv( a, b, seq ) ]-> + --[ Seq_Recv( a.1, b.1, seq.2 ) ]-> [ - State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock.1 + State_111112111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, + SH.1, a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 ) ] /* - rule (modulo AC) eventSeqRecvabseq_0_111112111[color=#628040, - process="event Seq_Recv( a, b, seq );"]: + rule (modulo AC) eventSeqRecvabseq_0_11111211111[color=#628040, + process="event Seq_Recv( a.1, b.1, seq.2 );"]: [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock + State_11111211111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq ) ] --[ Seq_Recv( a, b, seq ) ]-> [ - State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock + State_111112111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq ) ] */ -rule (modulo E) eventRecvabm_0_1111121111[color=#628040, - process="event Recv( a, b, m );"]: +rule (modulo E) eventRecvabm_0_111112111111[color=#628040, + process="event Recv( a.1, b.1, m.2 );"]: [ - State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock.1 + State_111112111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, + SH.1, a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 ) ] - --[ Recv( a, b, m ) ]-> + --[ Recv( a.1, b.1, m.2 ) ]-> [ - State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock.1 + State_1111121111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, + SH.1, a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 ) ] /* - rule (modulo AC) eventRecvabm_0_1111121111[color=#628040, - process="event Recv( a, b, m );"]: + rule (modulo AC) eventRecvabm_0_111112111111[color=#628040, + process="event Recv( a.1, b.1, m.2 );"]: [ - State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock + State_111112111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq ) ] --[ Recv( a, b, m ) ]-> [ - State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock + State_1111121111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, + a, b, kEnc, kSign, lock, pad, xmac, m, seq ) ] */ -rule (modulo E) unlockba_0_11111211111[color=#628040, - process="unlock ;"]: +rule (modulo E) unlockba_0_1111121111111[color=#628040, + process="unlock ;"]: [ - State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock.1 + State_1111121111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, + SH.1, a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 ) ] --[ - ProgressTo_111112111111( ~prog_111112111 ), - Unlock_1( '1', lock.1, ), Unlock( '1', lock.1, ) + ProgressTo_11111211111111( ~prog_1111121111 ), + Unlock_1( '1', lock.1, ), Unlock( '1', lock.1, ) ]-> [ - State_111112111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, lock.1 + State_11111211111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, + SH.1, a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 ) ] /* - rule (modulo AC) unlockba_0_11111211111[color=#628040, - process="unlock ;"]: + rule (modulo AC) unlockba_0_1111121111111[color=#628040, + process="unlock ;"]: [ - State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, lock + State_1111121111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, + a, b, kEnc, kSign, lock, pad, xmac, m, seq ) ] --[ - ProgressTo_111112111111( ~prog_111112111 ), + ProgressTo_11111211111111( ~prog_1111121111 ), Unlock_1( '1', lock, ), Unlock( '1', lock, ) ]-> [ - State_111112111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, lock + State_11111211111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, + a, b, kEnc, kSign, lock, pad, xmac, m, seq + ) + ] + */ + +rule (modulo E) p_0_11111211111111[color=#628040, process="0"]: + [ + State_11111211111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, + SH.1, a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 + ) + ] + --> + [ ] + + /* + rule (modulo AC) p_0_11111211111111[color=#628040, process="0"]: + [ + State_11111211111111( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, + a, b, kEnc, kSign, lock, pad, xmac, m, seq ) ] + --> + [ ] */ -rule (modulo E) p_0_111112111111[color=#628040, process="0"]: +rule (modulo E) p_0_11111211112[color=#628040, process="0"]: [ - State_111112111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, lock.1 + State_11111211112( ~prog_1, ~prog_11111211, ~prog_1111121111, MH.1, SH.1, + a.1, b.1, kEnc.1, kSign.1, lock.1, pad.1, xmac.1, m.2, seq.2 ) ] --> [ ] /* - rule (modulo AC) p_0_111112111111[color=#628040, process="0"]: + rule (modulo AC) p_0_11111211112[color=#628040, process="0"]: [ - State_111112111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, lock + State_11111211112( ~prog_1, ~prog_11111211, ~prog_1111121111, MH, SH, a, + b, kEnc, kSign, lock, pad, xmac, m, seq ) ] --> [ ] */ +rule (modulo E) p_0_1111122[color=#ffffff, process="0"]: + [ State_1111122( ~prog_1, a.1, b.1, kEnc.1, kSign.1 ) ] --> [ ] + + /* + rule (modulo AC) p_0_1111122[color=#ffffff, process="0"]: + [ State_1111122( ~prog_1, a, b, kEnc, kSign ) ] --> [ ] + */ + +restriction predicate_eq: + "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" + // safety formula + +restriction predicate_not_eq: + "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" + // safety formula + restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" // safety formula @@ -3596,35 +11917,36 @@ restriction locking_1: (#t3 < #t1)) ∨ (#t1 = #t3))" -restriction Progress_1_to_111111: +restriction Progress_1_to_1111111: "∀ prog_1 #t. (ProgressFrom_1( prog_1 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_111111( prog_1 ) @ #t.1)" + (∃ #t.1. ProgressTo_1111111( prog_1 ) @ #t.1)" -restriction Progress_1_to_111112: +restriction Progress_1_to_1111121: "∀ prog_1 #t. (ProgressFrom_1( prog_1 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_111112( prog_1 ) @ #t.1)" + (∃ #t.1. ProgressTo_1111121( prog_1 ) @ #t.1)" -restriction Progress_1111111_to_11111111: - "∀ prog_1111111 #t. - (ProgressFrom_1111111( prog_1111111 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_11111111( prog_1111111 ) @ #t.1)" +restriction Progress_11111111_to_111111111: + "∀ prog_11111111 #t. + (ProgressFrom_11111111( prog_11111111 ) @ #t) ⇒ + (∃ #t.1. ProgressTo_111111111( prog_11111111 ) @ #t.1)" -restriction Progress_111111111_to_11111111111111: - "∀ prog_111111111 #t. - (ProgressFrom_111111111( prog_111111111 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_11111111111111( prog_111111111 ) @ #t.1)" +restriction Progress_1111111111_to_111111111111111: + "∀ prog_1111111111 #t. + (ProgressFrom_1111111111( prog_1111111111 ) @ #t) ⇒ + (∃ #t.1. ProgressTo_111111111111111( prog_1111111111 ) @ #t.1)" -restriction Progress_1111121_to_11111211: - "∀ prog_1111121 #t. - (ProgressFrom_1111121( prog_1111121 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_11111211( prog_1111121 ) @ #t.1)" +restriction Progress_11111211_to_111112111: + "∀ prog_11111211 #t. + (ProgressFrom_11111211( prog_11111211 ) @ #t) ⇒ + (∃ #t.1. ProgressTo_111112111( prog_11111211 ) @ #t.1)" -restriction Progress_111112111_to_111112111111: - "∀ prog_111112111 #t. - (ProgressFrom_111112111( prog_111112111 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_111112111111( prog_111112111 ) @ #t.1)" +restriction Progress_1111121111_to_11111211111111_or_11111211112: + "∀ prog_1111121111 #t. + (ProgressFrom_1111121111( prog_1111121111 ) @ #t) ⇒ + ((∃ #t.1. ProgressTo_11111211111111( prog_1111121111 ) @ #t.1) ∨ + (∃ #t.1. ProgressTo_11111211112( prog_1111121111 ) @ #t.1))" restriction progressInit: "∃ #t. Init( ) @ #t" @@ -3638,7 +11960,7 @@ restriction reliable: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -3648,13 +11970,13 @@ analyzing: examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy analyzed: examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy output: examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy.tmp - processing time: 33.663950056s - Executable (exists-trace): verified (47 steps) - all_received_were_sent (all-traces): verified (16 steps) - all_received_were_sent_injective (all-traces): verified (138 steps) - order (all-traces): verified (203 steps) - delivery_wo_order (all-traces): verified (15 steps) - delivery_order (all-traces): verified (71 steps) + processing time: 315.449309069s + Executable (exists-trace): verified (36 steps) + all_received_were_sent (all-traces): verified (18 steps) + all_received_were_sent_injective (all-traces): verified (168 steps) + order (all-traces): verified (954 steps) + delivery_wo_order (all-traces): verified (25 steps) + delivery_order (all-traces): verified (124 steps) ------------------------------------------------------------------------------ @@ -3664,13 +11986,13 @@ summary of summaries: analyzed: examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy output: examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy.tmp - processing time: 33.663950056s - Executable (exists-trace): verified (47 steps) - all_received_were_sent (all-traces): verified (16 steps) - all_received_were_sent_injective (all-traces): verified (138 steps) - order (all-traces): verified (203 steps) - delivery_wo_order (all-traces): verified (15 steps) - delivery_order (all-traces): verified (71 steps) + processing time: 315.449309069s + Executable (exists-trace): verified (36 steps) + all_received_were_sent (all-traces): verified (18 steps) + all_received_were_sent_injective (all-traces): verified (168 steps) + order (all-traces): verified (954 steps) + delivery_wo_order (all-traces): verified (25 steps) + delivery_order (all-traces): verified (124 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/SCADA/opc_ua_secure_conversation_variant_analyzed.spthy b/case-studies-regression/sapic/fast/SCADA/opc_ua_secure_conversation_variant_analyzed.spthy deleted file mode 100644 index 20ecff3e1..000000000 --- a/case-studies-regression/sapic/fast/SCADA/opc_ua_secure_conversation_variant_analyzed.spthy +++ /dev/null @@ -1,11676 +0,0 @@ -theory OPC_UA_Secure_Communication_Variant begin - -// Function signature and definition of the equational theory E - -builtins: multiset -functions: fst/1, h/1, mac/2, pair/2, sdec/2, senc/2, snd/1, true/0, - verifyMac/3 -equations: - fst() = x.1, - sdec(senc(x.1, x.2), x.2) = x.1, - snd() = x.2, - verifyMac(mac(m, sk), m, sk) = true - -heuristic: p - -section{* The OPC UA Secure Conversation protocol *} - -restriction A_Counter_Increases: - "∀ A B seq1 seq2 #i #j. - (((Seq_Sent( A, B, seq1 ) @ #i) ∧ (Seq_Sent( A, B, seq2 ) @ #j)) ∧ - (#i < #j)) ⇒ - (∃ dif. seq2 = (dif+seq1))" - -restriction A_Counter_No_Reuse: - "∀ A B seq #i #j. - ((Seq_Sent( A, B, seq ) @ #i) ∧ (Seq_Sent( A, B, seq ) @ #j)) ⇒ - (#i = #j)" - // safety formula - -restriction B_Counter_Counter_Increases: - "∀ A B seq1 seq2 #i #j. - (((Seq_Recv( A, B, seq1 ) @ #i) ∧ (Seq_Recv( A, B, seq2 ) @ #j)) ∧ - (#i < #j)) ⇒ - (∃ dif. seq2 = (dif+seq1))" - -restriction B_Counter_No_Reuse: - "∀ A B seq #i #j. - ((Seq_Recv( A, B, seq ) @ #i) ∧ (Seq_Recv( A, B, seq ) @ #j)) ⇒ - (#i = #j)" - // safety formula - -lemma Executable: - exists-trace "∃ A B m #i. Recv( A, B, m ) @ #i" -/* -guarded formula characterizing all satisfying traces: -"∃ A B m #i. (Recv( A, B, m ) @ #i)" -*/ -simplify -solve( State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, - SH, A, B, kEnc, kSign, m, pad, seq, xmac, lock - ) ▶₀ #i ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m.1, pad.1, seq.1, xmac, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( !KU( senc(, ~n.3)>, ~n.2) - ) @ #vk.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, ~prog_1111121.1, a, b, ~n.2, kSign, - lock - ) ▶₁ #j ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.23) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, <~n.1, ~n> ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.23) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.5, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ (#t0 = #t.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.23 < #t.2) ∥ (#t.2 = #vr.23) ) - case case_3 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.1, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc, kSign, lock, m, seq.1 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111, a, - b, kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - SOLVED // trace found - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed -qed - -lemma all_received_were_sent: - all-traces - "∀ A B m #i. - (Recv( A, B, m ) @ #i) ⇒ (∃ #k. (Sent( A, B, m ) @ #k) ∧ (#k < #i))" -/* -guarded formula characterizing all counter-examples: -"∃ A B m #i. - (Recv( A, B, m ) @ #i) ∧ ∀ #k. (Sent( A, B, m ) @ #k) ⇒ ¬(#k < #i)" -*/ -simplify -solve( State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, - SH, A, B, kEnc, kSign, m, pad, seq, xmac, lock - ) ▶₀ #i ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m.1, pad.1, seq.1, xmac, lock - ) ▶₀ #t.3 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( !KU( senc(, ~n.3)>, ~n.2) - ) @ #vk.4 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.6 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m.1, pad.1, seq.1, xmac, lock - ) ▶₀ #t.3 ) - qed - qed - qed - qed - qed - qed -qed - -lemma all_received_were_sent_injective: - all-traces - "∀ A B t #i. - (Recv( A, B, t ) @ #i) ⇒ - (∃ #j. - ((Sent( A, B, t ) @ #j) ∧ (#j < #i)) ∧ - (¬(∃ A2 B2 #i2. (Recv( A2, B2, t ) @ #i2) ∧ (¬(#i2 = #i)))))" -/* -guarded formula characterizing all counter-examples: -"∃ A B t #i. - (Recv( A, B, t ) @ #i) - ∧ - ∀ #j. - (Sent( A, B, t ) @ #j) - ⇒ - ((¬(#j < #i)) ∨ (∃ A2 B2 #i2. (Recv( A2, B2, t ) @ #i2) ∧ ¬(#i2 = #i)))" -*/ -simplify -solve( State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, - SH, A, B, kEnc, kSign, t, pad, seq, xmac, lock - ) ▶₀ #i ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.3 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m, pad.1, seq.1, xmac, lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( !KU( senc(, ~n.3)>, ~n.2) - ) @ #vk.4 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.6 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( (#i2 < #i) ∥ (#i < #i2) ) - case case_1 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, ~prog_1111121.2, a, b, ~n.2, kSign.1, - lock.1 - ) ▶₁ #j ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.23) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, <~n.1, ~n> ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.23) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.5, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ (#t0 = #t.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.23 < #t.2) ∥ (#t.2 = #vr.23) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.1, kSign.1, lock.1, m, seq.2 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111.1, MH.1, SH.1, A2, B2, - kEnc, kSign, ~n.4, pad.1, seq.1, xmac, - lock - ) ▶₀ #i2 ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121.2, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, - a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1.1, a, b, kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, a, b, kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, a, - b, kEnc, kSign - ) ▶₀ #t.8 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, b, kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.2, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.2, - xmac, - lock - ) ▶₀ #t.9 ) - case eventRecvabm_0_11111211111 - by contradiction - /* cyclic */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.2, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.2, - xmac, - lock - ) ▶₀ #t.9 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.2, kSign.2 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, ~prog_1111111, a, b, kEnc.2, kSign.2 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, $SH.3, $pad.3, ~prog_1.3, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.2, kSign.2, lock.1, m.1, seq.3 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111.1, MH.1, SH.1, A2, B2, - kEnc, kSign, ~n.4, pad.1, seq.1, xmac, - lock - ) ▶₀ #i2 ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.3, ~prog_1111121.2, a, b, - kEnc.1, kSign.1 - ) ▶₀ #t.6 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.2, - ~prog_1111121.3, - ~prog_111112111.3, MH.2, - SH.2, ~n, ~n.1, kEnc, - kSign, m, pad.2, seq.2, - xmac, ~n.11 - ) ▶₀ #t2 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.1, kSign.1, lock.1, m, seq.2 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111.1, MH.1, SH.1, A2, B2, - kEnc, kSign, ~n.4, pad.1, seq.1, xmac, - lock - ) ▶₀ #i2 ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, - a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111111 - solve( State_11111( ~prog_1.1, a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, a, b, kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, a, - b, kEnc, kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, b, kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.1 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.1 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.2, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.2, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case p_1_111112 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( !KU( senc(< - seq.1, - ~n.4, - pad.1, - mac(< - MH.1, - SH.1, - seq.1, - ~n.4, - pad.1 - >, - ~n.9) - >, - ~n.8) - ) @ #vk.12 ) - case c_senc - by solve( !KU( ~n.8 - ) @ #vk.14 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* cyclic - */ - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.2, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.2, - xmac, - lock - ) ▶₀ #t.8 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, ~prog_1111121.2, a, b, ~n.2, kSign.1, - lock.1 - ) ▶₁ #j ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.23) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, <~n.1, ~n> ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.23) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.5, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ (#t0 = #t.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.23 < #t.2) ∥ (#t.2 = #vr.23) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.1, kSign.1, lock.1, m, seq.2 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111.1, MH.1, SH.1, A2, B2, - kEnc, kSign, ~n.4, pad.1, seq.1, xmac, - lock - ) ▶₀ #i2 ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121.2, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, - a, b, kEnc, kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1.1, a, b, kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, a, b, kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, a, - b, kEnc, kSign - ) ▶₀ #t.8 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, b, kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.2, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.2, - xmac, - lock - ) ▶₀ #t.9 ) - case eventRecvabm_0_11111211111 - by contradiction - /* cyclic */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.2, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.2, - xmac, - lock - ) ▶₀ #t.9 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.2, kSign.2 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, ~prog_1111111, a, b, kEnc.2, kSign.2 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, $SH.3, $pad.3, ~prog_1.3, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.2, kSign.2, lock.1, m.1, seq.3 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111.1, MH.1, SH.1, A2, B2, - kEnc, kSign, ~n.4, pad.1, seq.1, xmac, - lock - ) ▶₀ #i2 ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.3, ~prog_1111121.2, a, b, - kEnc.1, kSign.1 - ) ▶₀ #t.6 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.2, - ~prog_1111121.3, - ~prog_111112111.3, MH.2, - SH.2, ~n, ~n.1, kEnc, - kSign, m, pad.2, seq.2, - xmac, ~n.11 - ) ▶₀ #t2 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.2, - ~prog_1111111.1, ~prog_111111111, a, b, - kEnc.1, kSign.1, lock.1, m, seq.2 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111.1, MH.1, SH.1, A2, B2, - kEnc, kSign, ~n.4, pad.1, seq.1, xmac, - lock - ) ▶₀ #i2 ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, - kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, - a, b, kEnc, kSign - ) ▶₀ #t.6 ) - case p_1_111111 - solve( State_11111( ~prog_1.1, a, b, kEnc, - kSign - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, a, b, kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, a, - b, kEnc, kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, b, kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.1 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.1 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.2, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.2, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case p_1_111112 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.9 ) - case newkEnc_0_1111 - solve( !KU( senc(< - seq.1, - ~n.4, - pad.1, - mac(< - MH.1, - SH.1, - seq.1, - ~n.4, - pad.1 - >, - ~n.9) - >, - ~n.8) - ) @ #vk.12 ) - case c_senc - by solve( !KU( ~n.8 - ) @ #vk.14 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* cyclic - */ - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.2, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.2, - xmac, - lock - ) ▶₀ #t.8 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m, pad.1, seq.1, xmac, lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed -qed - -lemma order: - all-traces - "∀ A B m m2 #i #j. - (((Recv( A, B, m ) @ #i) ∧ (Recv( A, B, m2 ) @ #j)) ∧ (#i < #j)) ⇒ - (∃ #k #l. - ((Sent( A, B, m ) @ #k) ∧ (Sent( A, B, m2 ) @ #l)) ∧ (#k < #l))" -/* -guarded formula characterizing all counter-examples: -"∃ A B m m2 #i #j. - (Recv( A, B, m ) @ #i) ∧ (Recv( A, B, m2 ) @ #j) - ∧ - (#i < #j) ∧ - (∀ #k #l. (Sent( A, B, m ) @ #k) ∧ (Sent( A, B, m2 ) @ #l) ⇒ ¬(#k < #l))" -*/ -simplify -solve( State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, - SH, A, B, kEnc, kSign, m, pad, seq, xmac, lock - ) ▶₀ #i ) - case eventSeqRecvabseq_0_1111121111 - solve( State_11111211111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111.1, - MH.1, SH.1, ~n, ~n.1, kEnc, kSign, m2, pad.1, seq.1, xmac, lock - ) ▶₀ #j ) - case eventSeqRecvabseq_0_1111121111 - solve( (¬(#vr < #vr.14)) ∥ (∃ dif. (seq.1 = (dif+seq))) ) - case case_1 - solve( (¬(#vr.14 < #vr)) ∥ (∃ dif. (seq = (dif+seq.1))) ) - case case_1 - solve( ((#vr.3 < #vr.17) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) - ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.17) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.17 < #vr.3) ∥ (#vr.3 = #vr.17) ) - case case_1 - solve( (#vr = #vr.14) ∥ (#vr.14 < #vr) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#vr = #vr.14) ∥ (#vr.14 < #vr) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( ((#vr.3 < #vr.17) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) - ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.17) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.17 < #vr.3) ∥ (#vr.3 = #vr.17) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121.1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111.2, MH.2, SH.2, ~n, ~n.1, kEnc, kSign, m.1, - pad.2, seq.1, xmac, ~n.4 - ) ▶₀ #t2 ) - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121.1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111112 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, ~prog_111112111.2, - MH.2, SH.2, ~n, ~n.1, kEnc, kSign, m.1, pad.2, seq.1, xmac, - ~n.5 - ) ▶₀ #t2 ) - case eventRecvabm_0_11111211111_case_1 - by contradiction /* cyclic */ - next - case eventRecvabm_0_11111211111_case_2 - by contradiction /* cyclic */ - next - case eventRecvabm_0_11111211111_case_3 - by contradiction /* cyclic */ - next - case eventRecvabm_0_11111211111_case_4 - by contradiction /* cyclic */ - next - case eventRecvabm_0_11111211111_case_5 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( (¬(#vr.14 < #vr)) ∥ (∃ dif.1. (seq = (dif+seq+dif.1))) ) - case case_1 - solve( ((#vr.3 < #vr.17) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, <~n.1, ~n> ) @ #t2) - ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.17) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n.1, ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.17 < #vr.3) ∥ (#vr.3 = #vr.17) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121.1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111112 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, ~prog_111112111.2, - MH.2, SH.2, ~n, ~n.1, kEnc, kSign, m.1, pad.2, seq.1, xmac, - ~n.4 - ) ▶₀ #t2 ) - case eventRecvabm_0_11111211111_case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, - kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.1 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.1 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( !KU( senc(, - ~n.3) - >, - ~n.2) - ) @ #vk.4 ) - case c_senc - solve( !KU( senc(<(dif+dif), m2, - pad.1, - mac(, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.11 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.4, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.6, - <~n.1, ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n - > - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - by solve( !KU( ~n.2 - ) @ #vk.11 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.5, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( !KU( senc(< - ( - dif+ - dif - ), - m2, - pad.1, - mac(< - MH.1, - SH.1, - ( - dif+ - dif - ), - m2, - pad.1 - >, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 - ) @ #vk.15 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( (¬(#vr.21 < #vr.31)) ∥ - (∃ dif.1. - (( - dif+ - dif - ) = - ( - dif+ - dif.1 - ))) ) - case case_2 - solve( (¬(#vr.31 < #vr.21)) ∥ - (∃ dif.1. - (dif = - ( - dif+ - dif+ - dif.1 - ))) ) - case case_1 - solve( ((#t.5 < #vr.33) ∧ - (∃ #t2. - (Unlock_0( '0', - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t2) - ∧ - (#t.5 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t0 = - #t.5) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.33 < #t.5) ∥ - (#t.5 = - #vr.33) ) - case case_1 - by contradiction - /* - cyclic - */ - next - case case_2 - solve( MID_Receiver( ~mid_111111111111.1 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, - ~prog_1111121.2, - a, - b, - ~n.2, - kSign.1, - lock - ) ▶₁ #j.2 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.5, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.5, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = - #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.2) ∥ - (#t.2 = - #vr.35) ) - case case_1 - solve( ((#t.3 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.7, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.7, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = - #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.3) ∥ - (#t.3 = - #vr.35) ) - case case_1 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case eventRecvabm_0_11111211111_case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq.1, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, - kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.1 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.1 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq.1, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( !KU( senc(, - ~n.3) - >, - ~n.2) - ) @ #vk.4 ) - case c_senc - solve( !KU( senc(<(dif+seq), m2, - pad.1, - mac(, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.11 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.4, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.6, - <~n.1, ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n - > - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - by solve( !KU( ~n.2 - ) @ #vk.11 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.5, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( !KU( senc(< - ( - dif+ - seq - ), - m2, - pad.1, - mac(< - MH.1, - SH.1, - ( - dif+ - seq - ), - m2, - pad.1 - >, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 - ) @ #vk.15 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( (¬(#vr.21 < #vr.31)) ∥ - (∃ dif.1. - (( - dif+ - seq - ) = - ( - seq+ - dif.1 - ))) ) - case case_2 - solve( (¬(#vr.31 < #vr.21)) ∥ - (∃ dif.1. - (seq = - ( - dif+ - seq+ - dif.1 - ))) ) - case case_1 - solve( ((#t.5 < #vr.33) ∧ - (∃ #t2. - (Unlock_0( '0', - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t2) - ∧ - (#t.5 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t0 = - #t.5) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.33 < #t.5) ∥ - (#t.5 = - #vr.33) ) - case case_1 - by contradiction - /* - cyclic - */ - next - case case_2 - solve( MID_Receiver( ~mid_111111111111.1 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, - ~prog_1111121.2, - a, - b, - ~n.2, - kSign.1, - lock - ) ▶₁ #j.2 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.5, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.5, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = - #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.2) ∥ - (#t.2 = - #vr.35) ) - case case_1 - solve( ((#t.3 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.7, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.7, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = - #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.3) ∥ - (#t.3 = - #vr.35) ) - case case_1 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.3 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.3 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq.1, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq.1, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case eventRecvabm_0_11111211111_case_3 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, - kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.1 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.1 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( !KU( senc(<(dif+x), m, pad, - mac(, - ~n.3) - >, - ~n.2) - ) @ #vk.4 ) - case c_senc - solve( !KU( senc(<(dif+dif+x), m2, - pad.1, - mac(, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.11 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.4, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.6, - <~n.1, ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n - > - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - by solve( !KU( ~n.2 - ) @ #vk.11 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.5, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( !KU( senc(< - ( - dif+ - dif+ - x - ), - m2, - pad.1, - mac(< - MH.1, - SH.1, - ( - dif+ - dif+ - x - ), - m2, - pad.1 - >, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 - ) @ #vk.17 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( (¬(#vr.21 < #vr.31)) ∥ - (∃ dif.1. - (( - dif+ - dif+ - x - ) = - ( - dif+ - x+ - dif.1 - ))) ) - case case_2 - solve( (¬(#vr.31 < #vr.21)) ∥ - (∃ dif.1. - (( - dif+ - x - ) = - ( - dif+ - dif+ - x+ - dif.1 - ))) ) - case case_1 - solve( ((#t.5 < #vr.33) ∧ - (∃ #t2. - (Unlock_0( '0', - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t2) - ∧ - (#t.5 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t0 = - #t.5) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.33 < #t.5) ∥ - (#t.5 = - #vr.33) ) - case case_1 - by contradiction - /* - cyclic - */ - next - case case_2 - solve( MID_Receiver( ~mid_111111111111.1 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, - ~prog_1111121.2, - a, - b, - ~n.2, - kSign.1, - lock - ) ▶₁ #j.2 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.5, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.5, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = - #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.2) ∥ - (#t.2 = - #vr.35) ) - case case_1 - solve( ((#t.3 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.7, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.7, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = - #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.3) ∥ - (#t.3 = - #vr.35) ) - case case_1 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case eventRecvabm_0_11111211111_case_4 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq.1, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, - kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.1 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.1 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq.1, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( !KU( senc(, - ~n.3) - >, - ~n.2) - ) @ #vk.4 ) - case c_senc - solve( !KU( senc(<(seq+seq+x), m2, - pad.1, - mac(, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.11 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.4, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.6, - <~n.1, ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n - > - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - by solve( !KU( ~n.2 - ) @ #vk.11 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq.1, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.5, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( !KU( senc(< - ( - seq+ - seq+ - x - ), - m2, - pad.1, - mac(< - MH.1, - SH.1, - ( - seq+ - seq+ - x - ), - m2, - pad.1 - >, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 - ) @ #vk.15 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( (¬(#vr.21 < #vr.31)) ∥ - (∃ dif. - (( - seq+ - seq+ - x - ) = - ( - dif+ - seq - ))) ) - case case_2 - solve( (¬(#vr.31 < #vr.21)) ∥ - (∃ dif. - (seq = - ( - dif+ - seq+ - seq+ - x - ))) ) - case case_1 - solve( ((#t.5 < #vr.33) ∧ - (∃ #t2. - (Unlock_0( '0', - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t2) - ∧ - (#t.5 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t0 = - #t.5) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.33 < #t.5) ∥ - (#t.5 = - #vr.33) ) - case case_1 - by contradiction - /* - cyclic - */ - next - case case_2 - solve( MID_Receiver( ~mid_111111111111.1 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, - ~prog_1111121.2, - a, - b, - ~n.2, - kSign.1, - lock - ) ▶₁ #j.2 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.5, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.5, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = - #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.2) ∥ - (#t.2 = - #vr.35) ) - case case_1 - solve( ((#t.3 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.7, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.7, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = - #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.3) ∥ - (#t.3 = - #vr.35) ) - case case_1 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.3 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.3 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq.1, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq.1, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case eventRecvabm_0_11111211111_case_5 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, - kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.1 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.1 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, a, b, - kEnc, kSign - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( !KU( senc(<(x+x.1), m, pad, - mac(, - ~n.3) - >, - ~n.2) - ) @ #vk.4 ) - case c_senc - solve( !KU( senc(<(x+x.1+x.1+x.2), - m2, pad.1, - mac(, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 ) @ #vk.11 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.4, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.4, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.6, - <~n.1, ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n - > - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m.1, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - by solve( !KU( ~n.2 - ) @ #vk.11 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.2, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m.1, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111211( ~prog_1.1, - ~prog_1111121.2, - a, b, ~n.2, - kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.5, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.5, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.2) ∥ - (#t.2 = #vr.28) ) - case case_1 - solve( ((#t.3 < #vr.28) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, - <~n.1, ~n> - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.28) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, - <~n.1, ~n> - ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, - <~n.1, ~n> - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.28 < #t.3) ∥ - (#t.3 = #vr.28) ) - case case_1 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.2, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.8 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.2 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.2 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - cyclic - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.2, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - lock - ) ▶₀ #t.8 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111, - a, b, - kEnc.1, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.3, - ~prog_111112111.3, - MH.2, - SH.2, - ~n, - ~n.1, - kEnc, - kSign, - m, - pad.2, - seq, - xmac, - ~n.7 - ) ▶₀ #t2.1 ) - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, b, - kEnc, - kSign - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, - $SH.2, - $pad.2, - ~prog_1.1, - ~prog_1111111.1, - ~prog_111111111, - a, - b, - kEnc, - kSign, - lock, - m, - seq - ) ▶₀ #t.6 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, - ~prog_1111111, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( !KU( senc(< - ( - x+ - x.1+ - x.1+ - x.2 - ), - m2, - pad.1, - mac(< - MH.1, - SH.1, - ( - x+ - x.1+ - x.1+ - x.2 - ), - m2, - pad.1 - >, - ~n.3) - >, - ~n.2) - ) @ #vk.9 ) - case c_senc - by solve( !KU( ~n.2 - ) @ #vk.17 ) - next - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( (¬(#vr.21 < #vr.31)) ∥ - (∃ dif. - (( - x+ - x.1+ - x.1+ - x.2 - ) = - ( - dif+ - x+ - x.1 - ))) ) - case case_2 - solve( (¬(#vr.31 < #vr.21)) ∥ - (∃ dif. - (( - x+ - x.1 - ) = - ( - dif+ - x+ - x.1+ - x.1+ - x.2 - ))) ) - case case_1 - solve( ((#t.5 < #vr.33) ∧ - (∃ #t2. - (Unlock_0( '0', - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t2) - ∧ - (#t.5 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.8, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t0 = - #t.5) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n, - ~n.1 - > - ) @ #t0) - ⇒ - ((#t0 < #t.5) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.33 < #t.5) ∥ - (#t.5 = - #vr.33) ) - case case_1 - by contradiction - /* - cyclic - */ - next - case case_2 - solve( MID_Receiver( ~mid_111111111111.1 - ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111211( ~prog_1.2, - ~prog_1111121.2, - a, - b, - ~n.2, - kSign.1, - lock - ) ▶₁ #j.2 ) - case lockba_0_1111121 - solve( ((#t.2 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.5, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.2 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.5, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t0 = - #t.2) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.2) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.2) ∥ - (#t.2 = - #vr.35) ) - case case_1 - solve( ((#t.3 < #vr.35) ∧ - (∃ #t2. - (Unlock_1( '1', - ~n.7, - < - ~n.1, - ~n - > - ) @ #t2) - ∧ - (#t.3 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 - pp. - (Unlock( pp, - ~n.7, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - #t0 = - #t2) ∧ - (∀ pp - lpp - #t0. - (Lock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t0 = - #t.3) ∨ - (#t2 < #t0))) ∧ - (∀ pp - lpp - #t0. - (Unlock( pp, - lpp, - < - ~n.1, - ~n - > - ) @ #t0) - ⇒ - ((#t0 < #t.3) ∨ - (#t2 < #t0) ∨ - (#t2 = - #t0))))) ∥ - (#vr.35 < #t.3) ∥ - (#t.3 = - #vr.35) ) - case case_1 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - next - case case_3 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, - ~prog_1111111.2, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.3, - $SH.3, - $pad.3, - ~prog_1.2, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.1, - kSign.1, - lock, - m.1, - seq.1 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, - a, - b, - kEnc.1, - kSign.1 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, - ~prog_1111111.2, - a, - b, - kEnc.2, - kSign.2 - ) ▶₀ #t.7 ) - case p_1_111111 - solve( State_1111111111111( $MH.4, - $SH.4, - $pad.4, - ~prog_1.3, - ~prog_1111111.3, - ~prog_111111111.2, - a, - b, - kEnc.2, - kSign.2, - lock, - m.2, - seq.2 - ) ▶₀ #t.8 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction - /* - cyclic - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, MH.2, - SH.2, a, b, kEnc, kSign, - m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111, MH.2, SH.2, a, b, - kEnc, kSign, m.1, pad.2, seq, xmac, - lock - ) ▶₀ #t.4 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121.1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111112 - by solve( State_111112111111( ~prog_1.1, ~prog_1111121.2, - ~prog_111112111.2, MH.2, SH.2, ~n, ~n.1, kEnc, kSign, m.1, - pad.2, seq.1, xmac, ~n.5 - ) ▶₀ #t2 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed -qed - -lemma delivery_wo_order: - all-traces - "∀ A B m #i. - (Sent( A, B, m ) @ #i) ⇒ (∃ #k. (Recv( A, B, m ) @ #k) ∧ (#i < #k))" -/* -guarded formula characterizing all counter-examples: -"∃ A B m #i. - (Sent( A, B, m ) @ #i) ∧ ∀ #k. (Recv( A, B, m ) @ #k) ⇒ ¬(#i < #k)" -*/ -simplify -solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, - kEnc, kSign, lock, m, seq - ) ▶₀ #i ) - case newm_0_1111111111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111, a, b, kEnc, kSign - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH, $SH, $pad, ~prog_1.1, ~prog_1111111.1, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq.1 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j ) - case MessageIDRule - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111211( ~prog_1.1, ~prog_1111121, a, b, ~n.2, kSign, lock - ) ▶₁ #j ) - case lockba_0_1111121 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.1, ~prog_1111111, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, ~prog_1111121, a, b, kEnc, kSign - ) ▶₀ #t.4 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( (∃ #t. (ProgressTo_1111121111111( ~prog_111112111 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1111121112( ~prog_111112111 ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, ~prog_1111121.1, - ~prog_111112111, MH.1, SH.1, a, b, kEnc, - kSign, m, pad.1, seq.1, xmac, lock - ) ▶₀ #t.5 ) - case eventRecvabm_0_11111211111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, ~prog_1111121.1, ~prog_111112111, - MH.1, SH.1, a, b, kEnc, kSign, m, pad.1, - seq.1, xmac, lock - ) ▶₀ #t.5 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed -qed - -lemma delivery_order: - all-traces - "∀ A B m m2 #i #j. - (((Sent( A, B, m ) @ #i) ∧ (Sent( A, B, m2 ) @ #j)) ∧ (#i < #j)) ⇒ - (∃ #k #l. - ((Recv( A, B, m ) @ #k) ∧ (Recv( A, B, m2 ) @ #l)) ∧ (#k < #l))" -/* -guarded formula characterizing all counter-examples: -"∃ A B m m2 #i #j. - (Sent( A, B, m ) @ #i) ∧ (Sent( A, B, m2 ) @ #j) - ∧ - (#i < #j) ∧ - (∀ #k #l. (Recv( A, B, m ) @ #k) ∧ (Recv( A, B, m2 ) @ #l) ⇒ ¬(#k < #l))" -*/ -simplify -solve( State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, A, B, - kEnc, kSign, lock, m, seq - ) ▶₀ #i ) - case newm_0_1111111111 - solve( State_11111111111( ~prog_1.1, ~prog_1111111.1, ~prog_111111111.1, - ~n, ~n.1, kEnc, kSign, lock, m2, seq.1 - ) ▶₀ #j ) - case newm_0_1111111111 - solve( (¬(#vr.1 < #vr.14)) ∥ (∃ dif. (seq.1 = (dif+seq))) ) - case case_1 - solve( (¬(#vr.14 < #vr.1)) ∥ (∃ dif. (seq = (dif+seq.1))) ) - case case_1 - solve( ((#vr.3 < #vr.16) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.4, <~n, ~n.1> ) @ #t2) - ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.16) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n, ~n.1> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n, ~n.1> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n, ~n.1> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.16 < #vr.3) ∥ (#vr.3 = #vr.16) ) - case case_1 - solve( (#vr.1 = #vr.14) ∥ (#vr.14 < #vr.1) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#vr.1 = #vr.14) ∥ (#vr.14 < #vr.1) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( ((#vr.3 < #vr.16) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.4, <~n, ~n.1> ) @ #t2) - ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.16) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n, ~n.1> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n, ~n.1> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n, ~n.1> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.16 < #vr.3) ∥ (#vr.3 = #vr.16) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.3, ~prog_111111111, a, b, kEnc.1, kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.3, ~prog_111111111, a, b, kEnc.1, kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.2 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.2 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, ~prog_1111111.1, a.1, b.1, kEnc.1, - kSign.2 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.3, - ~prog_1111111.3, ~prog_111111111.1, a.1, b.1, kEnc.1, - kSign.2, lock.1, m.1, seq.2 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( (¬(#vr.14 < #vr.1)) ∥ (∃ dif.1. (seq = (dif+seq+dif.1))) ) - case case_1 - solve( ((#vr.3 < #vr.16) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.4, <~n, ~n.1> ) @ #t2) - ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.16) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, <~n, ~n.1> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n, ~n.1> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n, ~n.1> ) @ #t0) - ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.16 < #vr.3) ∥ (#vr.3 = #vr.16) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.3, ~prog_111111111, a, b, kEnc.1, kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.3 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111.1, a.1, b.1, kEnc, kSign.1 - ) ▶₀ #t.3 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.2, ~prog_111111111.1, a.1, b.1, kEnc, - kSign.1, lock.1, m, seq.1 - ) ▶₀ #t.4 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111.1 ) ▶₃ #j.2 ) - case MessageIDRule - solve( State_11111( ~prog_1, a.2, b.2, kEnc, kSign.2 ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.2, b.2, kEnc, kSign.2 ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111211( ~prog_1.1, ~prog_1111121, a, b, ~n.2, kSign, lock - ) ▶₁ #j.1 ) - case lockba_0_1111121 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a.1, b.1, kEnc, - kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc, kSign.1 ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111211( ~prog_1.1, ~prog_1111121.1, a, b, ~n.2, - kSign, lock - ) ▶₁ #j.2 ) - case lockba_0_1111121 - solve( ((#vr.19 < #vr.22) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.8, <~n.1, ~n> ) @ #t2) - ∧ - (#vr.19 < #t2) ∧ - (#t2 < #vr.22) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.8, <~n.1, ~n> ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.19) ∨ (#t0 = #vr.19) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <~n.1, ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.19) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.22 < #vr.19) ∥ (#vr.19 = #vr.22) ) - case case_1 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111.1, a, b, - kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, - b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.1, - ~prog_111112111.1, - MH.1, SH.1, - ~n, ~n.1, - kEnc, - kSign, m, - pad.1, - seq.1, - xmac, ~n.8 - ) ▶₀ #t2.1 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111.1 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111.1 - ) @ #t)) ) - case case_1 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.7 ) - case eventRecvabm_0_11111211111 - by contradiction - /* - from formulas - */ - qed - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111.1, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.7 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by solve( State_111112111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.7 ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111.1, a, b, - kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case p_1_111111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, ~prog_1111121, a, - b, kEnc.1, kSign.1 - ) ▶₀ #t.5 ) - case p_1_111112 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.2, - ~prog_1111121.2, - a, b, kEnc.1, - kSign.1 - ) ▶₀ #t.6 ) - case p_1_111112 - solve( State_111112111111( ~prog_1.1, - ~prog_1111121.1, - ~prog_111112111.1, - MH.1, SH.1, - ~n, ~n.1, - kEnc, - kSign, m, - pad.1, - seq.1, - xmac, ~n.9 - ) ▶₀ #t2.1 ) - case eventRecvabm_0_11111211111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, - kEnc, kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, - b, kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_1111121( ~prog_1.1, - ~prog_1111121.1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case p_1_111112 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, - a, - b, - kEnc, - kSign - ) ▶₀ #t.7 ) - case newkEnc_0_1111 - solve( (∃ #t. - (ProgressTo_1111121111111( ~prog_111112111 - ) @ #t)) ∥ - (∃ #t. - (ProgressTo_1111121112( ~prog_111112111 - ) @ #t)) ) - case case_1 - by solve( State_111112111111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.7 ) - next - case case_2 - solve( State_111112111( ~prog_1.1, - ~prog_1111121.2, - ~prog_111112111, - MH.2, - SH.2, - a, - b, - kEnc, - kSign, - m, - pad.2, - seq.1, - xmac, - lock - ) ▶₀ #t.7 ) - case inrMHSHsencseqmpadxmackEnc_0_11111211 - by contradiction - /* - from formulas - */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111( ~prog_1, a, b, kEnc, kSign ) ▶₀ #t.1 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a, b, kEnc.1, kSign.1 ) ▶₀ #t.2 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.2, ~prog_1111111, a, b, kEnc.1, kSign.1 - ) ▶₀ #t.2 ) - case p_1_111111 - solve( State_1111111111111( $MH.1, $SH.1, $pad.1, ~prog_1.2, - ~prog_1111111.3, ~prog_111111111, a, b, kEnc.1, kSign.1, lock, - m.1, seq.2 - ) ▶₀ #t.3 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - solve( MID_Receiver( ~mid_111111111111 ) ▶₃ #j.1 ) - case MessageIDRule - solve( State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.2 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_11111( ~prog_1, a.1, b.1, kEnc.1, kSign.2 ) ▶₀ #t.4 ) - case newkEnc_0_1111 - solve( State_1111111( ~prog_1.3, ~prog_1111111.1, a.1, b.1, kEnc.1, - kSign.2 - ) ▶₀ #t.4 ) - case p_1_111111 - solve( State_1111111111111( $MH.2, $SH.2, $pad.2, ~prog_1.3, - ~prog_1111111.3, ~prog_111111111.1, a.1, b.1, kEnc.1, - kSign.2, lock.1, m.1, seq.2 - ) ▶₀ #t.5 ) - case outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed -qed - -rule (modulo E) MessageIDRule[color=#ffffff, process="!"]: - [ Fr( ~mid_ ) ] --> [ MID_Receiver( ~mid_ ), MID_Sender( ~mid_ ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ Fr( ~prog_1 ), !Semistate_1( ) ] - --[ ProgressFrom_1( ~prog_1 ) ]-> - [ State_1( ~prog_1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newa_0_1[color=#ffffff, process="new a;"]: - [ State_1( ~prog_1 ), Fr( a ) ] --> [ State_11( ~prog_1, a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newb_0_11[color=#ffffff, process="new b;"]: - [ State_11( ~prog_1, a ), Fr( b ) ] --> [ State_111( ~prog_1, a, b ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newkSign_0_111[color=#ffffff, process="new kSign;"]: - [ State_111( ~prog_1, a, b ), Fr( kSign ) ] - --> - [ State_1111( ~prog_1, a, b, kSign ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newkEnc_0_1111[color=#ffffff, process="new kEnc;"]: - [ State_1111( ~prog_1, a, b, kSign ), Fr( kEnc ) ] - --> - [ State_11111( ~prog_1, a, b, kEnc, kSign ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111[color=#ffffff, process="|"]: - [ State_11111( ~prog_1, a, b, kEnc, kSign ) ] - --[ ProgressTo_111111( ~prog_1 ), ProgressTo_111112( ~prog_1 ) ]-> - [ - State_111111( ~prog_1, a, b, kEnc, kSign ), - State_111112( ~prog_1, a, b, kEnc, kSign ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111[color=#804046, process="!"]: - [ State_111111( ~prog_1, a, b, kEnc, kSign ) ] - --> - [ !Semistate_1111111( ~prog_1, a, b, kEnc, kSign ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_111111[color=#804046, process="!"]: - [ Fr( ~prog_1111111 ), !Semistate_1111111( ~prog_1, a, b, kEnc, kSign ) ] - --[ ProgressFrom_1111111( ~prog_1111111 ) ]-> - [ State_1111111( ~prog_1, ~prog_1111111, a, b, kEnc, kSign ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockab_0_1111111[color=#804046, process="lock ;"]: - [ State_1111111( ~prog_1, ~prog_1111111, a, b, kEnc, kSign ), Fr( lock ) - ] - --[ - ProgressTo_11111111( ~prog_1111111 ), Lock_0( '0', lock, ), - Lock( '0', lock, ) - ]-> - [ State_11111111( ~prog_1, ~prog_1111111, a, b, kEnc, kSign, lock ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) incseq_0_11111111[color=#804046, process="in('c',seq);"]: - [ - Fr( ~prog_111111111 ), - State_11111111( ~prog_1, ~prog_1111111, a, b, kEnc, kSign, lock ), - In( <'c', seq> ) - ] - --[ ProgressFrom_111111111( ~prog_111111111 ), ChannelIn( <'c', seq> ) - ]-> - [ - State_111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, seq - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSeqSentabseq_0_111111111[color=#804046, - process="event Seq_Sent( a, b, seq );"]: - [ - State_111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, seq - ) - ] - --[ Seq_Sent( a, b, seq ) ]-> - [ - State_1111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, seq - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newm_0_1111111111[color=#804046, process="new m;"]: - [ - State_1111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, seq - ), - Fr( m ) - ] - --> - [ - State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, m, seq - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSentabm_0_11111111111[color=#804046, - process="event Sent( a, b, m );"]: - [ - State_11111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, m, seq - ) - ] - --[ Sent( a, b, m ) ]-> - [ - State_111111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, m, seq - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outrMHSHsencseqmpadmacMHSHseqmpadkSignkEnc_0_111111111111[color=#804046, - process="out('r',<$MH, $SH, - senc(, kSign)>, kEnc)>);"]: - [ - MID_Sender( ~mid_111111111111 ), - State_111111111111( ~prog_1, ~prog_1111111, ~prog_111111111, a, b, kEnc, - kSign, lock, m, seq - ) - ] - --[ - Send( ~mid_111111111111, - <$MH, $SH, - senc(, kSign)>, kEnc)> - ) - ]-> - [ - Out( <$MH, $SH, - senc(, kSign)>, kEnc)> - ), - State_1111111111111( $MH, $SH, $pad, ~prog_1, ~prog_1111111, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockab_0_1111111111111[color=#804046, - process="unlock ;"]: - [ - State_1111111111111( $MH, $SH, $pad, ~prog_1, ~prog_1111111, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq - ) - ] - --[ - ProgressTo_11111111111111( ~prog_111111111 ), - Unlock_0( '0', lock, ), Unlock( '0', lock, ) - ]-> - [ - State_11111111111111( $MH, $SH, $pad, ~prog_1, ~prog_1111111, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111111[color=#804046, process="0"]: - [ - State_11111111111111( $MH, $SH, $pad, ~prog_1, ~prog_1111111, - ~prog_111111111, a, b, kEnc, kSign, lock, m, seq - ) - ] - --> - [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111112[color=#628040, process="!"]: - [ State_111112( ~prog_1, a, b, kEnc, kSign ) ] - --> - [ !Semistate_1111121( ~prog_1, a, b, kEnc, kSign ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_111112[color=#628040, process="!"]: - [ Fr( ~prog_1111121 ), !Semistate_1111121( ~prog_1, a, b, kEnc, kSign ) ] - --[ ProgressFrom_1111121( ~prog_1111121 ) ]-> - [ State_1111121( ~prog_1, ~prog_1111121, a, b, kEnc, kSign ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockba_0_1111121[color=#628040, process="lock ;"]: - [ - State_1111121( ~prog_1, ~prog_1111121, a, b, kEnc, kSign ), Fr( lock.1 ) - ] - --[ - ProgressTo_11111211( ~prog_1111121 ), Lock_1( '1', lock.1, ), - Lock( '1', lock.1, ) - ]-> - [ State_11111211( ~prog_1, ~prog_1111121, a, b, kEnc, kSign, lock.1 ) ] - - /* - rule (modulo AC) lockba_0_1111121[color=#628040, process="lock ;"]: - [ State_1111121( ~prog_1, ~prog_1111121, a, b, kEnc, kSign ), Fr( lock ) - ] - --[ - ProgressTo_11111211( ~prog_1111121 ), Lock_1( '1', lock, ), - Lock( '1', lock, ) - ]-> - [ State_11111211( ~prog_1, ~prog_1111121, a, b, kEnc, kSign, lock ) ] - */ - -rule (modulo E) inrMHSHsencseqmpadxmackEnc_0_11111211[color=#628040, - process="in('r',, kEnc)>);"]: - [ - Fr( ~prog_111112111 ), - State_11111211( ~prog_1, ~prog_1111121, a, b, kEnc, kSign, lock.1 ), - In( , kEnc)> ), - MID_Receiver( ~mid_11111211 ) - ] - --[ - ProgressFrom_111112111( ~prog_111112111 ), - Receive( ~mid_11111211, , kEnc)> ) - ]-> - [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - - /* - rule (modulo AC) inrMHSHsencseqmpadxmackEnc_0_11111211[color=#628040, - process="in('r',, kEnc)>);"]: - [ - Fr( ~prog_111112111 ), - State_11111211( ~prog_1, ~prog_1111121, a, b, kEnc, kSign, lock ), - In( , kEnc)> ), - MID_Receiver( ~mid_11111211 ) - ] - --[ - ProgressFrom_111112111( ~prog_111112111 ), - Receive( ~mid_11111211, , kEnc)> ) - ]-> - [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - */ - -rule (modulo E) ifxmacmacMHSHseqmpadkSign_0_111112111[color=#628040, - process="if xmac=mac(, kSign)"]: - [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - --[ Pred_Eq( xmac, mac(, kSign) ) ]-> - [ - State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - - /* - rule (modulo AC) ifxmacmacMHSHseqmpadkSign_0_111112111[color=#628040, - process="if xmac=mac(, kSign)"]: - [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - --[ Pred_Eq( xmac, mac(, kSign) ) ]-> - [ - State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - */ - -rule (modulo E) ifxmacmacMHSHseqmpadkSign_1_111112111[color=#628040, - process="if xmac=mac(, kSign)"]: - [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - --[ - ProgressTo_1111121112( ~prog_111112111 ), - Pred_Not_Eq( xmac, mac(, kSign) ) - ]-> - [ - State_1111121112( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - - /* - rule (modulo AC) ifxmacmacMHSHseqmpadkSign_1_111112111[color=#628040, - process="if xmac=mac(, kSign)"]: - [ - State_111112111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - --[ - ProgressTo_1111121112( ~prog_111112111 ), - Pred_Not_Eq( xmac, mac(, kSign) ) - ]-> - [ - State_1111121112( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - */ - -rule (modulo E) eventSeqRecvabseq_0_1111121111[color=#628040, - process="event Seq_Recv( a, b, seq );"]: - [ - State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - --[ Seq_Recv( a, b, seq ) ]-> - [ - State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - - /* - rule (modulo AC) eventSeqRecvabseq_0_1111121111[color=#628040, - process="event Seq_Recv( a, b, seq );"]: - [ - State_1111121111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - --[ Seq_Recv( a, b, seq ) ]-> - [ - State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - */ - -rule (modulo E) eventRecvabm_0_11111211111[color=#628040, - process="event Recv( a, b, m );"]: - [ - State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - --[ Recv( a, b, m ) ]-> - [ - State_111112111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - - /* - rule (modulo AC) eventRecvabm_0_11111211111[color=#628040, - process="event Recv( a, b, m );"]: - [ - State_11111211111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - --[ Recv( a, b, m ) ]-> - [ - State_111112111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - */ - -rule (modulo E) unlockba_0_111112111111[color=#628040, - process="unlock ;"]: - [ - State_111112111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - --[ - ProgressTo_1111121111111( ~prog_111112111 ), - Unlock_1( '1', lock.1, ), Unlock( '1', lock.1, ) - ]-> - [ - State_1111121111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - - /* - rule (modulo AC) unlockba_0_111112111111[color=#628040, - process="unlock ;"]: - [ - State_111112111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - --[ - ProgressTo_1111121111111( ~prog_111112111 ), - Unlock_1( '1', lock, ), Unlock( '1', lock, ) - ]-> - [ - State_1111121111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - */ - -rule (modulo E) p_0_1111121111111[color=#628040, process="0"]: - [ - State_1111121111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - --> - [ ] - - /* - rule (modulo AC) p_0_1111121111111[color=#628040, process="0"]: - [ - State_1111121111111( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, - b, kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - --> - [ ] - */ - -rule (modulo E) p_0_1111121112[color=#628040, process="0"]: - [ - State_1111121112( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock.1 - ) - ] - --> - [ ] - - /* - rule (modulo AC) p_0_1111121112[color=#628040, process="0"]: - [ - State_1111121112( ~prog_1, ~prog_1111121, ~prog_111112111, MH, SH, a, b, - kEnc, kSign, m, pad, seq, xmac, lock - ) - ] - --> - [ ] - */ - -restriction predicate_eq: - "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" - // safety formula - -restriction predicate_not_eq: - "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" - // safety formula - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -restriction locking_0: - "∀ p pp l x lp #t1 #t3. - ((Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_0( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - -restriction locking_1: - "∀ p pp l x lp #t1 #t3. - ((Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_1( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - -restriction Progress_1_to_111111: - "∀ prog_1 #t. - (ProgressFrom_1( prog_1 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_111111( prog_1 ) @ #t.1)" - -restriction Progress_1_to_111112: - "∀ prog_1 #t. - (ProgressFrom_1( prog_1 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_111112( prog_1 ) @ #t.1)" - -restriction Progress_1111111_to_11111111: - "∀ prog_1111111 #t. - (ProgressFrom_1111111( prog_1111111 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_11111111( prog_1111111 ) @ #t.1)" - -restriction Progress_111111111_to_11111111111111: - "∀ prog_111111111 #t. - (ProgressFrom_111111111( prog_111111111 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_11111111111111( prog_111111111 ) @ #t.1)" - -restriction Progress_1111121_to_11111211: - "∀ prog_1111121 #t. - (ProgressFrom_1111121( prog_1111121 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_11111211( prog_1111121 ) @ #t.1)" - -restriction Progress_111112111_to_1111121111111_or_1111121112: - "∀ prog_111112111 #t. - (ProgressFrom_111112111( prog_111112111 ) @ #t) ⇒ - ((∃ #t.1. ProgressTo_1111121111111( prog_111112111 ) @ #t.1) ∨ - (∃ #t.1. ProgressTo_1111121112( prog_111112111 ) @ #t.1))" - -restriction progressInit: - "∃ #t. Init( ) @ #t" - -restriction reliable: - "∀ #i x y. - (Send( x, y ) @ #i) ⇒ (∃ #j. (Receive( x, y ) @ #j) ∧ (#i < #j))" - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/fast/SCADA/opc_ua_secure_conversation_variant.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/fast/SCADA/opc_ua_secure_conversation_variant.spthy - - output: examples/sapic/fast/SCADA/opc_ua_secure_conversation_variant.spthy.tmp - processing time: 137.149711783s - Executable (exists-trace): verified (36 steps) - all_received_were_sent (all-traces): verified (18 steps) - all_received_were_sent_injective (all-traces): verified (168 steps) - order (all-traces): verified (954 steps) - delivery_wo_order (all-traces): verified (25 steps) - delivery_order (all-traces): verified (124 steps) - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/fast/SCADA/opc_ua_secure_conversation_variant.spthy - - output: examples/sapic/fast/SCADA/opc_ua_secure_conversation_variant.spthy.tmp - processing time: 137.149711783s - Executable (exists-trace): verified (36 steps) - all_received_were_sent (all-traces): verified (18 steps) - all_received_were_sent_injective (all-traces): verified (168 steps) - order (all-traces): verified (954 steps) - delivery_wo_order (all-traces): verified (25 steps) - delivery_order (all-traces): verified (124 steps) - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/fast/Yubikey/Yubikey_analyzed.spthy b/case-studies-regression/sapic/fast/Yubikey/Yubikey_analyzed.spthy new file mode 100644 index 000000000..0ea96343a --- /dev/null +++ b/case-studies-regression/sapic/fast/Yubikey/Yubikey_analyzed.spthy @@ -0,0 +1,1242 @@ +theory Yubikey begin + +// Function signature and definition of the equational theory E + +builtins: multiset +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] +equations: + fst() = x.1, + sdec(senc(x.1, x.2), x.2) = x.1, + snd() = x.2 + +heuristic: p + +/* looping facts with injective instances: L_CellLocked/2, L_PureState/2 +*/ + +section{* The Yubikey-Protocol *} + + + + + + + + + + + +lemma secrecy_enc [sources, reuse]: + all-traces "∀ k #i. (Sec( k ) @ #i) ⇒ (¬(∃ #j. !KU( k ) @ #j))" +/* +guarded formula characterizing all counter-examples: +"∃ k #i. (Sec( k ) @ #i) ∧ ∃ #j. (!KU( k ) @ #j)" +*/ +induction + case empty_trace + by contradiction /* from formulas */ +next + case non_empty_trace + simplify + solve( (∀ k #i. + (Sec( k ) @ #i) ⇒ ((last(#i)) ∨ (∀ #j. (!KU( k ) @ #j) ⇒ last(#j)))) ∥ + (∃ pid k tc1 tc2 #t1 #t2. + (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) + ∧ + (¬(last(#t2))) ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ + (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ + (¬(#t1 = #t2))) ∥ + (∃ x #NOW x.1. + (Restr_ifSmallerotctc_0_111111111111111_1( x, x.1 ) @ #NOW) + ∧ + (¬(last(#NOW))) ∧ (∀ z. (x = (z+x.1)) ⇒ ⊥)) ) + case case_1 + solve( (last(#i)) ∥ (∀ #j. (!KU( ~n ) @ #j) ⇒ last(#j)) ) + case case_1 + solve( State_111111112( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid + ) ▶₀ #i ) + case p_1_1111111 + solve( !KU( ~n.5 ) @ #j ) + case insc_0_111111112111111111211 + by contradiction /* node #j after last node #i */ + qed + qed + next + case case_2 + solve( State_111111112( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid + ) ▶₀ #i ) + case p_1_1111111 + solve( !KU( ~n.5 ) @ #j ) + case insc_0_111111112111111111211 + by contradiction /* cyclic */ + qed + qed + qed + next + case case_2 + solve( (#t1 = #t2) ∥ (#t2 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t2 = #t1) ∥ (#t1 < #t2) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + qed + next + case case_3 + by contradiction /* from formulas */ + qed +qed + +lemma init_server [sources]: + all-traces + "∀ pid sid k tuple otc tc #i. + (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) ⇒ + ((tuple = ) ∧ + (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (#j < #i)))" +/* +guarded formula characterizing all counter-examples: +"∃ pid sid k tuple otc tc #i. + (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) + ∧ + ((¬(tuple = )) ∨ + (∀ #j. (YubiInit( pid, sid, k ) @ #j) ⇒ ¬(#j < #i)))" +*/ +induction + case empty_trace + by contradiction /* from formulas */ +next + case non_empty_trace + simplify + solve( (¬(tuple = )) ∥ + (∀ #j. (YubiInit( pid, sid, k ) @ #j) ⇒ ¬(#j < #i)) ) + case case_1 + solve( (∀ pid sid k tuple otc tc #i. + (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) + ⇒ + ((last(#i)) ∨ + ((tuple = ) ∧ + (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i))))) ∥ + (∃ pid k tc1 tc2 #t1 #t2. + (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) + ∧ + (¬(last(#t2))) ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ + (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ + (¬(#t1 = #t2))) ∥ + (∃ x #NOW x.1. + (Restr_ifSmallerotctc_0_111111111111111_1( x, x.1 ) @ #NOW) + ∧ + (¬(last(#NOW))) ∧ (∀ z. (x = (z+x.1)) ⇒ ⊥)) ) + case case_1 + solve( (last(#i)) ∥ + ((tuple = ) ∧ + (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i))) ) + case case_1 + solve( State_111111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, sid, (otc+z), tuple + ) ▶₀ #i ) + case iftuplesecretidkotc_0_11111111111111 + by contradiction /* from formulas */ + qed + next + case case_2 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (#t1 = #t2) ∥ (#t2 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t2 = #t1) ∥ (#t1 < #t2) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + qed + next + case case_3 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (∀ pid sid k tuple otc tc #i. + (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) + ⇒ + ((last(#i)) ∨ + ((tuple = ) ∧ + (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i))))) ∥ + (∃ pid k tc1 tc2 #t1 #t2. + (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) + ∧ + (¬(last(#t2))) ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ + (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ + (¬(#t1 = #t2))) ∥ + (∃ x #NOW x.1. + (Restr_ifSmallerotctc_0_111111111111111_1( x, x.1 ) @ #NOW) + ∧ + (¬(last(#NOW))) ∧ (∀ z. (x = (z+x.1)) ⇒ ⊥)) ) + case case_1 + solve( (last(#i)) ∥ + ((tuple = ) ∧ + (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i))) ) + case case_1 + solve( State_111111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, sid, (otc+z), tuple + ) ▶₀ #i ) + case iftuplesecretidkotc_0_11111111111111 + solve( State_11111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, sid, (otc+z), + ) ▶₀ #vr ) + case inotc_0_1111111111111_case_1 + solve( State_11111111211111( StateChannel.2, L_pid, SL_pid, + StateChannel.3, YL_pid.1, k, sid + ) ▶₀ #j ) + case newk_0_111111112 + solve( State_11111111111111( StateChannel, lock, ~n.9, ~n.3, + StateChannel.1, YL_pid, ~n.6, nonce.1, npr.1, otc, ~n.7, (otc+z), + <~n.7, ~n.6, otc> + ) ▶₀ #vr.8 ) + case inotc_0_1111111111111_case_1 + by contradiction /* from formulas */ + next + case inotc_0_1111111111111_case_2 + by contradiction /* from formulas */ + qed + qed + next + case inotc_0_1111111111111_case_2 + solve( !KU( ~n.2 ) @ #vk.2 ) + case insc_0_111111112111111111211_case_1 + solve( !KU( senc(<~n.7, ('zero'+z), npr>, ~n.6) ) @ #vk.5 ) + case c_senc + by contradiction /* from formulas */ + next + case insc_0_111111112111111111211_case_1 + by contradiction /* from formulas */ + next + case insc_0_111111112111111111211_case_2 + by contradiction /* from formulas */ + qed + next + case insc_0_111111112111111111211_case_2 + by contradiction /* from formulas */ + next + case p_1_ + solve( !KU( senc(<~n.7, ('zero'+z), npr>, ~n.6) ) @ #vk.5 ) + case c_senc + by contradiction /* from formulas */ + next + case insc_0_111111112111111111211_case_1 + by contradiction /* from formulas */ + next + case insc_0_111111112111111111211_case_2 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (#t1 = #t2) ∥ (#t2 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t2 = #t1) ∥ (#t1 < #t2) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + qed + next + case case_3 + by contradiction /* from formulas */ + qed + qed +qed + +lemma init_server_secrecy [use_induction, reuse]: + all-traces + "∀ pid sid k tuple otc tc #i. + (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) ⇒ + (¬(∃ #j. !KU( k ) @ #j))" +/* +guarded formula characterizing all counter-examples: +"∃ pid sid k tuple otc tc #i. + (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) ∧ ∃ #j. (!KU( k ) @ #j)" +*/ +induction + case empty_trace + by contradiction /* from formulas */ +next + case non_empty_trace + simplify + solve( (∀ pid sid k tuple otc tc #i. + (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) + ⇒ + ((last(#i)) ∨ (∀ #j. (!KU( k ) @ #j) ⇒ last(#j)))) ∥ + (∃ pid k tc1 tc2 #t1 #t2. + (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) + ∧ + (¬(last(#t2))) ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ + (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ + (¬(#t1 = #t2))) ∥ + (∃ x #NOW x.1. + (Restr_ifSmallerotctc_0_111111111111111_1( x, x.1 ) @ #NOW) + ∧ + (¬(last(#NOW))) ∧ (∀ z. (x = (z+x.1)) ⇒ ⊥)) ) + case case_1 + solve( (last(#i)) ∥ (∀ #j. (!KU( k ) @ #j) ⇒ last(#j)) ) + case case_1 + solve( State_111111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, sid, (otc+z), tuple + ) ▶₀ #i ) + case iftuplesecretidkotc_0_11111111111111 + solve( State_11111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, sid, (otc+z), + ) ▶₀ #vr ) + case inotc_0_1111111111111_case_1 + by contradiction /* from formulas */ + next + case inotc_0_1111111111111_case_2 + by contradiction /* from formulas */ + qed + qed + next + case case_2 + solve( State_111111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, sid, (otc+z), tuple + ) ▶₀ #i ) + case iftuplesecretidkotc_0_11111111111111 + solve( State_11111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, sid, (otc+z), + ) ▶₀ #vr ) + case inotc_0_1111111111111_case_1 + by contradiction /* from formulas */ + next + case inotc_0_1111111111111_case_2 + by contradiction /* from formulas */ + qed + qed + qed + next + case case_2 + solve( (#t1 = #t2) ∥ (#t2 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t2 = #t1) ∥ (#t1 < #t2) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + qed + next + case case_3 + by contradiction /* from formulas */ + qed +qed + +restriction slightly_weaker_invariant: + "∀ pid k tc1 tc2 #t1 #t2. + ((Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2)) ⇒ + ((((#t1 < #t2) ∧ (∃ z. (tc1+z) = tc2)) ∨ (#t2 < #t1)) ∨ (#t1 = #t2))" + +lemma Login_reachable: + exists-trace "∃ #i pid k. Login( pid, k, ('one'+'zero') ) @ #i" +/* +guarded formula characterizing all satisfying traces: +"∃ #i pid k. (Login( pid, k, ('one'+'zero') ) @ #i)" +*/ +simplify +solve( Login( pid, k, ('one'+'zero') ) @ #i ) + case eventLoginLpidktc_0_11111111111111111 + solve( State_11111111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, secretid, ('one'+'zero'), + tuple + ) ▶₀ #i ) + case ifSmallerotctc_0_111111111111111_case_2 + solve( State_11111111111111( StateChannel, lock, ~n, SL_pid, + StateChannel.1, YL_pid, ~n.1, nonce, npr, 'zero', ~n.2, ('one'+'zero'), + <~n.2, ~n.1, 'zero'> + ) ▶₀ #vr.1 ) + case inotc_0_1111111111111 + solve( !KU( ~n.2 ) @ #vk.2 ) + case insc_0_111111112111111111211 + solve( !KU( senc(<~n.7, ('one'+'zero'), npr>, ~n.6) ) @ #vk.5 ) + case insc_0_111111112111111111211 + solve( L_CellLocked( ~n.3, ~n.1 ) ▶₁ #i ) + case inLpidnoncesencsecretidtcnprk_0_1111111111 + solve( L_CellLocked( ~n.5, ~n.14 ) ▶₄ #vr.9 ) + case lookupYLpidastc_0_11111111211111111121 + solve( L_PureState( ~n.5, tc ) ▶₁ #vr.11 ) + case insc_0_111111112111111111111 + solve( L_CellLocked( ~n.5, ~n.15 ) ▶₄ #vr.17 ) + case lookupYLpidastc_0_11111111211111111121 + solve( L_PureState( ~n.5, ('one'+'zero') ) ▶₁ #vr.20 ) + case newk_0_111111112 + solve( L_CellLocked( ~n.5, ~n.16 ) ▶₂ #vr.23 ) + case lookupYLpidassc_0_11111111211111111111 + solve( L_PureState( ~n.5, sc ) ▶₁ #vr.24 ) + case insc_0_111111112111111111111 + solve( L_CellLocked( ~n.5, ~n.21 ) ▶₂ #vr.32 ) + case lookupYLpidassc_0_11111111211111111111 + solve( L_PureState( ~n.5, sc ) ▶₁ #vr.33 ) + case newk_0_111111112 + SOLVED // trace found + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed +qed + +lemma Login_reachable_two: + exists-trace "∃ #i pid k. Login( pid, k, ('one'+'one'+'zero') ) @ #i" +/* +guarded formula characterizing all satisfying traces: +"∃ #i pid k. (Login( pid, k, ('one'+'one'+'zero') ) @ #i)" +*/ +simplify +solve( Login( pid, k, ('one'+'one'+'zero') ) @ #i ) + case eventLoginLpidktc_0_11111111111111111 + solve( State_11111111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, secretid, + ('one'+'one'+'zero'), tuple + ) ▶₀ #i ) + case ifSmallerotctc_0_111111111111111_case_2 + solve( State_11111111111111( StateChannel, lock, ~n, SL_pid, + StateChannel.1, YL_pid, ~n.1, nonce, npr, 'zero', ~n.2, + ('one'+'one'+'zero'), <~n.2, ~n.1, 'zero'> + ) ▶₀ #vr.1 ) + case inotc_0_1111111111111 + solve( !KU( ~n.2 ) @ #vk.2 ) + case insc_0_111111112111111111211 + solve( !KU( senc(<~n.7, ('one'+'one'+'zero'), npr>, ~n.6) ) @ #vk.5 ) + case insc_0_111111112111111111211 + solve( L_CellLocked( ~n.3, ~n.1 ) ▶₁ #i ) + case inLpidnoncesencsecretidtcnprk_0_1111111111 + solve( L_CellLocked( ~n.5, ~n.14 ) ▶₄ #vr.9 ) + case lookupYLpidastc_0_11111111211111111121 + solve( L_PureState( ~n.5, tc ) ▶₁ #vr.11 ) + case insc_0_111111112111111111111 + solve( L_CellLocked( ~n.5, ~n.15 ) ▶₄ #vr.17 ) + case lookupYLpidastc_0_11111111211111111121 + solve( L_PureState( ~n.5, ('one'+'one'+'zero') ) ▶₁ #vr.20 ) + case insc_0_111111112111111111111 + solve( L_CellLocked( ~n.5, ~n.16 ) ▶₂ #vr.23 ) + case lookupYLpidassc_0_11111111211111111111 + solve( L_PureState( ~n.5, sc ) ▶₁ #vr.24 ) + case newk_0_111111112 + solve( L_CellLocked( ~n.5, ~n.19 ) ▶₂ #vr.30 ) + case lookupYLpidassc_0_11111111211111111111 + solve( L_PureState( ~n.5, ('one'+'zero') ) ▶₁ #vr.31 ) + case newk_0_111111112 + SOLVED // trace found + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed +qed + +lemma one_count_foreach_login [reuse, use_induction, + heuristic=O "oracle"]: + all-traces + "∀ pid k x #t2. + (Login( pid, k, x ) @ #t2) ⇒ + (∃ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ∧ (#t1 < #t2))" +/* +guarded formula characterizing all counter-examples: +"∃ pid k x #t2. + (Login( pid, k, x ) @ #t2) + ∧ + ∀ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ⇒ ¬(#t1 < #t2)" +*/ +induction + case empty_trace + by contradiction /* from formulas */ +next + case non_empty_trace + simplify + solve( (∀ pid k x #t2. + (Login( pid, k, x ) @ #t2) + ⇒ + ((last(#t2)) ∨ + (∃ #t1 sid. + (YubiPress( pid, sid, k, x ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2)))) ∥ + (∃ pid k tc1 tc2 #t1 #t2. + (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) + ∧ + (¬(last(#t2))) ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ + (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ + (¬(#t1 = #t2))) ∥ + (∃ x #NOW x.1. + (Restr_ifSmallerotctc_0_111111111111111_1( x, x.1 ) @ #NOW) + ∧ + (¬(last(#NOW))) ∧ (∀ z. (x = (z+x.1)) ⇒ ⊥)) ) + case case_1 + solve( (last(#t2)) ∥ + (∃ #t1 sid. + (YubiPress( pid, sid, k, x ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2)) ) + case case_1 + solve( State_11111111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, secretid, x, tuple + ) ▶₀ #t2 ) + case ifSmallerotctc_0_111111111111111 + solve( State_11111111111111( StateChannel, lock, ~n, SL_pid, + StateChannel.1, YL_pid, ~n.1, nonce, npr, otc, ~n.2, (otc+z), + <~n.2, ~n.1, otc> + ) ▶₀ #vr.1 ) + case inotc_0_1111111111111_case_1 + solve( !KU( senc(<~n.6, (otc+z+z.1), npr>, ~n.5) ) @ #vk.5 ) + case c_senc + by contradiction /* from formulas */ + next + case insc_0_111111112111111111211 + by contradiction /* from formulas */ + qed + next + case inotc_0_1111111111111_case_2 + solve( !KU( senc(<~n.6, ('zero'+z), npr>, ~n.5) ) @ #vk.5 ) + case c_senc + by contradiction /* from formulas */ + next + case insc_0_111111112111111111211 + by contradiction /* from formulas */ + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (#t1 = #t2.1) ∥ (#t2.1 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t2.1 = #t1) ∥ (#t1 < #t2.1) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + qed + next + case case_3 + by contradiction /* from formulas */ + qed +qed + +lemma no_replay [reuse]: + all-traces + "¬(∃ #i #j pid k x. + ((Login( pid, k, x ) @ #i) ∧ (Login( pid, k, x ) @ #j)) ∧ (¬(#i = #j)))" +/* +guarded formula characterizing all counter-examples: +"∃ #i #j pid k x. + (Login( pid, k, x ) @ #i) ∧ (Login( pid, k, x ) @ #j) ∧ ¬(#i = #j)" +*/ +simplify +by solve( (#i < #j) ∥ (#j < #i) ) + +lemma injective_correspondance [use_induction]: + all-traces + "∀ pid k x #t2. + (Login( pid, k, x ) @ #t2) ⇒ + ((∃ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ∧ (#t1 < #t2)) ∧ + (∀ #t3. (Login( pid, k, x ) @ #t3) ⇒ (#t3 = #t2)))" +/* +guarded formula characterizing all counter-examples: +"∃ pid k x #t2. + (Login( pid, k, x ) @ #t2) + ∧ + ((∀ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ⇒ ¬(#t1 < #t2)) ∨ + (∃ #t3. (Login( pid, k, x ) @ #t3) ∧ ¬(#t3 = #t2)))" +*/ +induction + case empty_trace + by contradiction /* from formulas */ +next + case non_empty_trace + simplify + solve( (∀ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ⇒ ¬(#t1 < #t2)) ∥ + (∃ #t3. (Login( pid, k, x ) @ #t3) ∧ ¬(#t3 = #t2)) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed +qed + +lemma Login_invalidates_smaller_counters: + all-traces + "∀ pid k tc1 tc2 #t1 #t2. + (((Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2)) ∧ + (∃ z. (tc1+z) = tc2)) ⇒ + (#t1 < #t2)" +/* +guarded formula characterizing all counter-examples: +"∃ pid k tc1 tc2 #t1 #t2. + (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) + ∧ + (∃ z. ((tc1+z) = tc2)) ∧ (¬(#t1 < #t2))" +*/ +simplify +solve( (#t1 = #t2) ∥ (#t2 < #t1) ) + case case_1 + solve( State_11111111111111111( StateChannel, lock, pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, secretid, tc1, tuple + ) ▶₀ #t1 ) + case ifSmallerotctc_0_111111111111111 + solve( State_111111112111111111211( StateChannel.2, ~n, SL_pid.1, + StateChannel.3, YL_pid.1, ~n.1, lock.1, sid, (otc+z) + ) ▶₀ #t1.1 ) + case lookupYLpidastc_0_11111111211111111121 + solve( State_111111112111111111211( StateChannel.2, ~n.1, SL_pid.1, + StateChannel.3, YL_pid.1, ~n.5, lock.1, sid, (otc+z) + ) ▶₀ #t1.2 ) + case lookupYLpidastc_0_11111111211111111121 + by solve( Login( ~n.1, ~n.5, (otc+z+z.1) ) @ #t1 ) + qed + qed + qed +qed + + + +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ + !Semistate_1( ), Fr( SL_pid.1 ), Fr( StateChannel ), Fr( YL_pid.1 ), + Fr( StateChannel.1 ), Fr( L_pid.1 ) + ] + --> + [ + !Semistate_11111111( StateChannel, L_pid.1, SL_pid.1, StateChannel.1, + YL_pid.1 + ), + Out( L_pid.1 ) + ] + + /* + rule (modulo AC) p_1_[color=#ffffff, process="!"]: + [ + !Semistate_1( ), Fr( SL_pid ), Fr( StateChannel ), Fr( YL_pid ), + Fr( StateChannel.1 ), Fr( L_pid ) + ] + --> + [ + !Semistate_11111111( StateChannel, L_pid, SL_pid, StateChannel.1, YL_pid + ), + Out( L_pid ) + ] + */ + +rule (modulo E) inLpidnoncesencsecretidtcnprk_0_1111111111[color=#806040, + process="in(<=L_pid.1, nonce.1, senc(, k.1)>);"]: + [ + State_1111111111( StateChannel, L_pid.1, SL_pid.1, StateChannel.1, + YL_pid.1 + ), + In( , k.1)> ), + L_PureState( SL_pid.1, tuple.1 ), Fr( lock ) + ] + --> + [ + State_1111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, secretid.1, tc.1, tuple.1 + ), + L_CellLocked( SL_pid.1, lock ) + ] + + /* + rule (modulo AC) inLpidnoncesencsecretidtcnprk_0_1111111111[color=#806040, + process="in(<=L_pid.1, nonce.1, senc(, k.1)>);"]: + [ + State_1111111111( StateChannel, L_pid, SL_pid, StateChannel.1, YL_pid ), + In( , k)> ), + L_PureState( SL_pid, tuple ), Fr( lock ) + ] + --> + [ + State_1111111111111( StateChannel, lock, L_pid, SL_pid, StateChannel.1, + YL_pid, k, nonce, npr, secretid, tc, tuple + ), + L_CellLocked( SL_pid, lock ) + ] + */ + +rule (modulo E) inotc_0_1111111111111[color=#806040, + process="in(otc.1);"]: + [ + State_1111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, secretid.1, tc.1, tuple.1 + ), + In( otc.1 ) + ] + --> + [ + State_11111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, otc.1, secretid.1, tc.1, + tuple.1 + ) + ] + + /* + rule (modulo AC) inotc_0_1111111111111[color=#806040, + process="in(otc.1);"]: + [ + State_1111111111111( StateChannel, lock, L_pid, SL_pid, StateChannel.1, + YL_pid, k, nonce, npr, secretid, tc, tuple + ), + In( otc ) + ] + --> + [ + State_11111111111111( StateChannel, lock, L_pid, SL_pid, StateChannel.1, + YL_pid, k, nonce, npr, otc, secretid, tc, tuple + ) + ] + */ + +rule (modulo E) iftuplesecretidkotc_0_11111111111111[color=#806040, + process="if tuple.1="]: + [ + State_11111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, otc.1, secretid.1, tc.1, + tuple.1 + ) + ] + --[ Pred_Eq( tuple.1, ) ]-> + [ + State_111111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, otc.1, secretid.1, tc.1, + tuple.1 + ) + ] + + // loop breaker: [0] + /* + rule (modulo AC) iftuplesecretidkotc_0_11111111111111[color=#806040, + process="if tuple.1="]: + [ + State_11111111111111( StateChannel, lock, L_pid, SL_pid, StateChannel.1, + YL_pid, k, nonce, npr, otc, secretid, tc, tuple + ) + ] + --[ Pred_Eq( tuple, ) ]-> + [ + State_111111111111111( StateChannel, lock, L_pid, SL_pid, StateChannel.1, + YL_pid, k, nonce, npr, otc, secretid, tc, tuple + ) + ] + // loop breaker: [0] + */ + +restriction Restr_ifSmallerotctc_0_111111111111111_1: + "∀ x #NOW x.1. + (Restr_ifSmallerotctc_0_111111111111111_1( x, x.1 ) @ #NOW) ⇒ + (∃ z. x = (z+x.1))" + +rule (modulo E) ifSmallerotctc_0_111111111111111[color=#806040, + process="if Smaller( otc.1, tc.1 )"]: + [ + State_111111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, otc.1, secretid.1, tc.1, + tuple.1 + ) + ] + --[ + InitStuff( L_pid.1, secretid.1, k.1, tuple.1, otc.1, tc.1 ), + Restr_ifSmallerotctc_0_111111111111111_1( tc.1, otc.1 ) + ]-> + [ + State_11111111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, otc.1, secretid.1, tc.1, + tuple.1 + ) + ] + + /* + rule (modulo AC) ifSmallerotctc_0_111111111111111[color=#806040, + process="if Smaller( otc.1, tc.1 )"]: + [ + State_111111111111111( StateChannel, lock, L_pid, SL_pid, StateChannel.1, + YL_pid, k, nonce, npr, otc, secretid, tc, tuple + ) + ] + --[ + InitStuff( L_pid, secretid, k, tuple, otc, tc ), + Restr_ifSmallerotctc_0_111111111111111_1( tc, otc ) + ]-> + [ + State_11111111111111111( StateChannel, lock, L_pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, secretid, tc, tuple + ) + ] + */ + +rule (modulo E) eventLoginLpidktc_0_11111111111111111[color=#806040, + process="event Login( L_pid.1, k.1, tc.1 );"]: + [ + State_11111111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, otc.1, secretid.1, tc.1, + tuple.1 + ), + L_CellLocked( SL_pid.1, lock ) + ] + --[ Login( L_pid.1, k.1, tc.1 ) ]-> + [ L_PureState( SL_pid.1, ) ] + + // loop breaker: [1] + /* + rule (modulo AC) eventLoginLpidktc_0_11111111111111111[color=#806040, + process="event Login( L_pid.1, k.1, tc.1 );"]: + [ + State_11111111111111111( StateChannel, lock, L_pid, SL_pid, + StateChannel.1, YL_pid, k, nonce, npr, otc, secretid, tc, tuple + ), + L_CellLocked( SL_pid, lock ) + ] + --[ Login( L_pid, k, tc ) ]-> + [ L_PureState( SL_pid, ) ] + // loop breaker: [1] + */ + +rule (modulo E) iftuplesecretidkotc_1_11111111111111[color=#806040, + process="if tuple.1="]: + [ + State_11111111111111( StateChannel, lock, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.1, nonce.1, npr.1, otc.1, secretid.1, tc.1, + tuple.1 + ) + ] + --[ Pred_Not_Eq( tuple.1, ) ]-> + [ ] + + /* + rule (modulo AC) iftuplesecretidkotc_1_11111111111111[color=#806040, + process="if tuple.1="]: + [ + State_11111111111111( StateChannel, lock, L_pid, SL_pid, StateChannel.1, + YL_pid, k, nonce, npr, otc, secretid, tc, tuple + ) + ] + --[ Pred_Not_Eq( tuple, ) ]-> + [ ] + */ + +rule (modulo E) p_1_1111111[color=#ffffff, process="!"]: + [ + !Semistate_11111111( StateChannel, L_pid.1, SL_pid.1, StateChannel.1, + YL_pid.1 + ) + ] + --> + [ + State_1111111111( StateChannel, L_pid.1, SL_pid.1, StateChannel.1, + YL_pid.1 + ), + State_111111112( StateChannel, L_pid.1, SL_pid.1, StateChannel.1, + YL_pid.1 + ) + ] + + /* + rule (modulo AC) p_1_1111111[color=#ffffff, process="!"]: + [ + !Semistate_11111111( StateChannel, L_pid, SL_pid, StateChannel.1, YL_pid + ) + ] + --> + [ + State_1111111111( StateChannel, L_pid, SL_pid, StateChannel.1, YL_pid ), + State_111111112( StateChannel, L_pid, SL_pid, StateChannel.1, YL_pid ) + ] + */ + +rule (modulo E) newk_0_111111112[color=#ffffff, process="new k.2;"]: + [ + State_111111112( StateChannel, L_pid.1, SL_pid.1, StateChannel.1, + YL_pid.1 + ), + Fr( k.2 ), Fr( secretid.2 ) + ] + --[ Sec( k.2 ) ]-> + [ + State_11111111211111( StateChannel, L_pid.1, SL_pid.1, StateChannel.1, + YL_pid.1, k.2, secretid.2 + ), + L_PureState( YL_pid.1, ('one'+'zero') ), + L_PureState( SL_pid.1, ) + ] + + /* + rule (modulo AC) newk_0_111111112[color=#ffffff, process="new k.2;"]: + [ + State_111111112( StateChannel, L_pid, SL_pid, StateChannel.1, YL_pid ), + Fr( k ), Fr( secretid ) + ] + --[ Sec( k ) ]-> + [ + State_11111111211111( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, secretid + ), + L_PureState( YL_pid, ('one'+'zero') ), + L_PureState( SL_pid, ) + ] + */ + +rule (modulo E) eventYubiInitLpidsecretidk_0_11111111211111[color=#ffffff, + process="event YubiInit( L_pid.1, secretid.2, k.2 );"]: + [ + State_11111111211111( StateChannel, L_pid.1, SL_pid.1, StateChannel.1, + YL_pid.1, k.2, secretid.2 + ) + ] + --[ YubiInit( L_pid.1, secretid.2, k.2 ) ]-> + [ + !Semistate_1111111121111111( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, secretid.2 + ) + ] + + /* + rule (modulo AC) eventYubiInitLpidsecretidk_0_11111111211111[color=#ffffff, + process="event YubiInit( L_pid.1, secretid.2, k.2 );"]: + [ + State_11111111211111( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, secretid + ) + ] + --[ YubiInit( L_pid, secretid, k ) ]-> + [ + !Semistate_1111111121111111( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, secretid + ) + ] + */ + +rule (modulo E) p_1_111111112111111[color=#ffffff, process="!"]: + [ + !Semistate_1111111121111111( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, secretid.2 + ) + ] + --> + [ + !Semistate_111111112111111111( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, secretid.2 + ) + ] + + /* + rule (modulo AC) p_1_111111112111111[color=#ffffff, process="!"]: + [ + !Semistate_1111111121111111( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, secretid + ) + ] + --> + [ + !Semistate_111111112111111111( StateChannel, L_pid, SL_pid, + StateChannel.1, YL_pid, k, secretid + ) + ] + */ + +rule (modulo E) lookupYLpidassc_0_11111111211111111111[color=#805140, + process="lookup YL_pid.1 as sc.1"]: + [ + State_11111111211111111111( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, secretid.2 + ), + L_PureState( YL_pid.1, sc.1 ), Fr( lock.1 ) + ] + --> + [ + State_111111112111111111111( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, lock.1, sc.1, k.2, secretid.2 + ), + L_CellLocked( YL_pid.1, lock.1 ) + ] + + // loop breaker: [1] + /* + rule (modulo AC) lookupYLpidassc_0_11111111211111111111[color=#805140, + process="lookup YL_pid.1 as sc.1"]: + [ + State_11111111211111111111( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, secretid + ), + L_PureState( YL_pid, sc ), Fr( lock ) + ] + --> + [ + State_111111112111111111111( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, lock, sc, k, secretid + ), + L_CellLocked( YL_pid, lock ) + ] + // loop breaker: [1] + */ + +rule (modulo E) insc_0_111111112111111111111[color=#805140, + process="in(=sc.1);"]: + [ + State_111111112111111111111( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, lock.1, sc.1, k.2, secretid.2 + ), + In( sc.1 ), L_CellLocked( YL_pid.1, lock.1 ) + ] + --> + [ L_PureState( YL_pid.1, ('one'+sc.1) ) ] + + // loop breaker: [2] + /* + rule (modulo AC) insc_0_111111112111111111111[color=#805140, + process="in(=sc.1);"]: + [ + State_111111112111111111111( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, lock, sc, k, secretid + ), + In( sc ), L_CellLocked( YL_pid, lock ) + ] + --> + [ L_PureState( YL_pid, ('one'+sc) ) ] + // loop breaker: [2] + */ + +rule (modulo E) p_1_11111111211111111[color=#805140, process="!"]: + [ + !Semistate_111111112111111111( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, secretid.2 + ) + ] + --> + [ + State_11111111211111111121( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, secretid.2 + ), + State_11111111211111111111( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, secretid.2 + ) + ] + + /* + rule (modulo AC) p_1_11111111211111111[color=#805140, process="!"]: + [ + !Semistate_111111112111111111( StateChannel, L_pid, SL_pid, + StateChannel.1, YL_pid, k, secretid + ) + ] + --> + [ + State_11111111211111111121( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, secretid + ), + State_11111111211111111111( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, secretid + ) + ] + */ + +rule (modulo E) lookupYLpidastc_0_11111111211111111121[color=#805140, + process="lookup YL_pid.1 as tc.2"]: + [ + State_11111111211111111121( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, secretid.2 + ), + L_PureState( YL_pid.1, tc.2 ), Fr( lock.2 ) + ] + --> + [ + State_111111112111111111211( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, lock.2, secretid.2, tc.2 + ), + L_CellLocked( YL_pid.1, lock.2 ) + ] + + // loop breaker: [1] + /* + rule (modulo AC) lookupYLpidastc_0_11111111211111111121[color=#805140, + process="lookup YL_pid.1 as tc.2"]: + [ + State_11111111211111111121( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, secretid + ), + L_PureState( YL_pid, tc ), Fr( lock ) + ] + --> + [ + State_111111112111111111211( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, lock, secretid, tc + ), + L_CellLocked( YL_pid, lock ) + ] + // loop breaker: [1] + */ + +rule (modulo E) insc_0_111111112111111111211[color=#805140, + process="in(=sc);"]: + [ + State_111111112111111111211( StateChannel, L_pid.1, SL_pid.1, + StateChannel.1, YL_pid.1, k.2, lock.2, secretid.2, tc.2 + ), + In( sc ), Fr( nonce.2 ), Fr( npr.2 ), L_CellLocked( YL_pid.1, lock.2 ) + ] + --[ YubiPress( L_pid.1, secretid.2, k.2, tc.2 ) ]-> + [ + L_PureState( YL_pid.1, ('one'+tc.2) ), + Out( , k.2)> ) + ] + + // loop breaker: [4] + /* + rule (modulo AC) insc_0_111111112111111111211[color=#805140, + process="in(=sc);"]: + [ + State_111111112111111111211( StateChannel, L_pid, SL_pid, StateChannel.1, + YL_pid, k, lock, secretid, tc + ), + In( sc ), Fr( nonce ), Fr( npr ), L_CellLocked( YL_pid, lock ) + ] + --[ YubiPress( L_pid, secretid, k, tc ) ]-> + [ + L_PureState( YL_pid, ('one'+tc) ), + Out( , k)> ) + ] + // loop breaker: [4] + */ + +restriction predicate_eq: + "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" + // safety formula + +restriction predicate_not_eq: + "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" + // safety formula + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/Yubikey/Yubikey.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/Yubikey/Yubikey.spthy + + output: examples/sapic/fast/Yubikey/Yubikey.spthy.tmp + processing time: 14.971877017s + secrecy_enc (all-traces): verified (18 steps) + init_server (all-traces): verified (42 steps) + init_server_secrecy (all-traces): verified (20 steps) + Login_reachable (exists-trace): verified (16 steps) + Login_reachable_two (exists-trace): verified (16 steps) + one_count_foreach_login (all-traces): verified (21 steps) + no_replay (all-traces): verified (2 steps) + injective_correspondance (all-traces): verified (6 steps) + Login_invalidates_smaller_counters (all-traces): verified (6 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/Yubikey/Yubikey.spthy + + output: examples/sapic/fast/Yubikey/Yubikey.spthy.tmp + processing time: 14.971877017s + secrecy_enc (all-traces): verified (18 steps) + init_server (all-traces): verified (42 steps) + init_server_secrecy (all-traces): verified (20 steps) + Login_reachable (exists-trace): verified (16 steps) + Login_reachable_two (exists-trace): verified (16 steps) + one_count_foreach_login (all-traces): verified (21 steps) + no_replay (all-traces): verified (2 steps) + injective_correspondance (all-traces): verified (6 steps) + Login_invalidates_smaller_counters (all-traces): verified (6 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/boundonce2_analyzed.spthy b/case-studies-regression/sapic/fast/basic/boundonce2_analyzed.spthy new file mode 100644 index 000000000..e7950ef3d --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/boundonce2_analyzed.spthy @@ -0,0 +1,60 @@ +theory BoundOnce begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + +rule (modulo E) Init[color=#ffffff, process="new x.1;"]: + [ Fr( x.1 ), Fr( x.2 ) ] --[ Init( ) ]-> [ ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new x.1;"]: + [ Fr( x ), Fr( x.1 ) ] --[ Init( ) ]-> [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/boundonce2.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/boundonce2.spthy + + output: examples/sapic/fast/basic/boundonce2.spthy.tmp + processing time: 0.004218385s + WARNING: 1 wellformedness check failed! + The analysis results might be wrong! + Wellformedness-error in Process: + Variable bound twice: x. + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/boundonce2.spthy + + output: examples/sapic/fast/basic/boundonce2.spthy.tmp + processing time: 0.004218385s + WARNING: 1 wellformedness check failed! + The analysis results might be wrong! + Wellformedness-error in Process: + Variable bound twice: x. + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/boundonce_analyzed.spthy b/case-studies-regression/sapic/fast/basic/boundonce_analyzed.spthy new file mode 100644 index 000000000..023b3cd7d --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/boundonce_analyzed.spthy @@ -0,0 +1,51 @@ +theory BoundOnce begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ State_1( ), State_2( ) ] + + /* has exactly the trivial AC variant */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/boundonce.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/boundonce.spthy + + output: examples/sapic/fast/basic/boundonce.spthy.tmp + processing time: 0.003343514s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/boundonce.spthy + + output: examples/sapic/fast/basic/boundonce.spthy.tmp + processing time: 0.003343514s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/channels1_analyzed.spthy b/case-studies-regression/sapic/fast/basic/channels1_analyzed.spthy index 8cb05ac3e..f5a330656 100644 --- a/case-studies-regression/sapic/fast/basic/channels1_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/channels1_analyzed.spthy @@ -2,11 +2,17 @@ theory ChannelsTestOne begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + + + + + lemma secret: all-traces "∀ x #i. (Secret( x ) @ #i) ⇒ (¬(∃ #j. K( x ) @ #j))" /* @@ -14,11 +20,11 @@ guarded formula characterizing all counter-examples: "∃ x #i. (Secret( x ) @ #i) ∧ ∃ #j. (K( x ) @ #j)" */ simplify -solve( State_111( x, c ) ▶₀ #i ) - case newa_0_11 - solve( !KU( ~n ) @ #vk ) - case outca_0_1111 - by solve( !KU( ~n.1 ) @ #vk.1 ) +solve( State_111( c ) ▶₀ #i ) + case Init + solve( !KU( ~n.1 ) @ #vk ) + case outca_0_11111 + by solve( !KU( ~n ) @ #vk.1 ) qed qed @@ -29,82 +35,110 @@ guarded formula characterizing all satisfying traces: "∃ x #i. (Received( x ) @ #i)" */ simplify -solve( State_121( c, x ) ▶₀ #i ) - case incx_1_12 +solve( State_1211( c, x ) ▶₀ #i ) + case incx_1_121_case_1 SOLVED // trace found qed -rule (modulo E) Init[color=#ffffff, process="new c;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newc_0_[color=#ffffff, process="new c;"]: - [ State_( ), Fr( c ) ] --> [ State_1( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( c ) ] --> [ State_11( c ), State_12( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newa_0_11[color=#6c8040, process="new a;"]: - [ State_11( c ), Fr( a ) ] --> [ State_111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSecreta_0_111[color=#6c8040, - process="event Secret( a );"]: - [ State_111( a, c ) ] --[ Secret( a ) ]-> [ State_1111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outca_0_1111[color=#6c8040, process="out(c,a);"]: - [ State_1111( a, c ), In( c ) ] --> [ Out( a ), State_11111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outca_1_1111[color=#6c8040, process="out(c,a);"]: - [ State_1111( a, c ) ] --> [ Message( c, a ), Semistate_11111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outca_2_1111[color=#6c8040, process="out(c,a);"]: - [ Semistate_11111( a, c ), Ack( c, a ) ] --> [ State_11111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outc_0_11111[color=#6c8040, process="out(c);"]: - [ State_11111( a, c ) ] --> [ State_111111( a, c ), Out( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111[color=#6c8040, process="0"]: - [ State_111111( a, c ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) incx_0_12[color=#807140, process="in(c,x);"]: - [ State_12( c ), In( ) ] --> [ State_121( c, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) incx_1_12[color=#807140, process="in(c,x);"]: - [ State_12( c ), Message( c, x ) ] --> [ Ack( c, x ), State_121( c, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventReceivedx_0_121[color=#807140, - process="event Received( x );"]: - [ State_121( c, x ) ] --[ Received( x ) ]-> [ State_1211( c, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1211[color=#807140, process="0"]: - [ State_1211( c, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ +rule (modulo E) newa_0_111[color=#6c8040, process="new a.1;"]: + [ State_111( c.1 ), Fr( a.1 ) ] + --[ Secret( a.1 ) ]-> + [ State_11111( a.1, c.1 ) ] + + /* + rule (modulo AC) newa_0_111[color=#6c8040, process="new a.1;"]: + [ State_111( c ), Fr( a ) ] --[ Secret( a ) ]-> [ State_11111( a, c ) ] + */ + +rule (modulo E) outca_1_11111[color=#6c8040, process="out(c.1,a.1);"]: + [ State_11111( a.1, c.1 ) ] + --> + [ Message( c.1, a.1 ), Semistate_111111( a.1, c.1 ) ] + + /* + rule (modulo AC) outca_1_11111[color=#6c8040, process="out(c.1,a.1);"]: + [ State_11111( a, c ) ] --> [ Message( c, a ), Semistate_111111( a, c ) ] + */ + +rule (modulo E) outca_0_11111[color=#6c8040, process="out(c.1,a.1);"]: + [ State_11111( a.1, c.1 ), In( c.1 ) ] + --> + [ Out( a.1 ), State_111111( a.1, c.1 ) ] + + /* + rule (modulo AC) outca_0_11111[color=#6c8040, process="out(c.1,a.1);"]: + [ State_11111( a, c ), In( c ) ] --> [ Out( a ), State_111111( a, c ) ] + */ + +rule (modulo E) outca_2_11111[color=#6c8040, process="out(c.1,a.1);"]: + [ Semistate_111111( a.1, c.1 ), Ack( c.1, a.1 ) ] + --> + [ State_111111( a.1, c.1 ) ] + + /* + rule (modulo AC) outca_2_11111[color=#6c8040, process="out(c.1,a.1);"]: + [ Semistate_111111( a, c ), Ack( c, a ) ] --> [ State_111111( a, c ) ] + */ + +rule (modulo E) outc_0_111111[color=#6c8040, process="out(c.1);"]: + [ State_111111( a.1, c.1 ) ] --> [ Out( c.1 ) ] + + /* + rule (modulo AC) outc_0_111111[color=#6c8040, process="out(c.1);"]: + [ State_111111( a, c ) ] --> [ Out( c ) ] + */ + +rule (modulo E) Init[color=#ffffff, process="new c.1;"]: + [ Fr( c.1 ) ] --[ Init( ) ]-> [ State_121( c.1 ), State_111( c.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new c.1;"]: + [ Fr( c ) ] --[ Init( ) ]-> [ State_121( c ), State_111( c ) ] + */ + +rule (modulo E) incx_0_121[color=#807140, process="in(c.1,x.1);"]: + [ State_121( c.1 ), Message( c.1, x.2 ) ] + --> + [ Let_1211( x.2, c.1 ), Ack( c.1, x.2 ) ] + + /* + rule (modulo AC) incx_0_121[color=#807140, process="in(c.1,x.1);"]: + [ State_121( c ), Message( c, x ) ] --> [ Let_1211( x, c ), Ack( c, x ) ] + */ + +rule (modulo E) incx_2_121[color=#807140, process="in(c.1,x.1);"]: + [ State_121( c.1 ), In( ) ] --> [ Let_1211( x.2, c.1 ) ] + + /* + rule (modulo AC) incx_2_121[color=#807140, process="in(c.1,x.1);"]: + [ State_121( c ), In( ) ] --> [ Let_1211( x, c ) ] + */ + +rule (modulo E) incx_1_121[color=#807140, process="in(c.1,x.1);"]: + [ Let_1211( x.1, c.1 ) ] --> [ State_1211( c.1, x.1 ) ] + + /* + rule (modulo AC) incx_1_121[color=#807140, process="in(c.1,x.1);"]: + [ Let_1211( x, c ) ] --> [ State_1211( c, x ) ] + */ + +rule (modulo E) incx_3_121[color=#807140, process="in(c.1,x.1);"]: + [ Let_1211( x.1, c.1 ) ] --> [ State_1211( c.1, x.1 ) ] + + /* + rule (modulo AC) incx_3_121[color=#807140, process="in(c.1,x.1);"]: + [ Let_1211( x, c ) ] --> [ State_1211( c, x ) ] + */ + +rule (modulo E) eventReceivedx_0_1211[color=#807140, + process="event Received( x.1 );"]: + [ State_1211( c.1, x.1 ) ] --[ Received( x.1 ) ]-> [ ] + + /* + rule (modulo AC) eventReceivedx_0_1211[color=#807140, + process="event Received( x.1 );"]: + [ State_1211( c, x ) ] --[ Received( x ) ]-> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -115,7 +149,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -125,7 +159,7 @@ analyzing: examples/sapic/fast/basic/channels1.spthy analyzed: examples/sapic/fast/basic/channels1.spthy output: examples/sapic/fast/basic/channels1.spthy.tmp - processing time: 0.168360637s + processing time: 0.089541881s secret (all-traces): verified (4 steps) received (exists-trace): verified (3 steps) @@ -137,7 +171,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/channels1.spthy output: examples/sapic/fast/basic/channels1.spthy.tmp - processing time: 0.168360637s + processing time: 0.089541881s secret (all-traces): verified (4 steps) received (exists-trace): verified (3 steps) diff --git a/case-studies-regression/sapic/fast/basic/channels2_analyzed.spthy b/case-studies-regression/sapic/fast/basic/channels2_analyzed.spthy index f65764f34..aebe0d2a9 100644 --- a/case-studies-regression/sapic/fast/basic/channels2_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/channels2_analyzed.spthy @@ -2,11 +2,15 @@ theory ChannelTestTwo begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + + + lemma received: all-traces "¬(∃ #i. Reached( ) @ #i)" /* @@ -14,43 +18,30 @@ guarded formula characterizing all counter-examples: "∃ #i. (Reached( ) @ #i)" */ simplify -by solve( State_111( a, c ) ▶₀ #i ) - -rule (modulo E) Init[color=#ffffff, process="new c;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newc_0_[color=#ffffff, process="new c;"]: - [ State_( ), Fr( c ) ] --> [ State_1( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newa_0_1[color=#6c8040, process="new a;"]: - [ State_1( c ), Fr( a ) ] --> [ State_11( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outca_0_11[color=#6c8040, process="out(c,a);"]: - [ State_11( a, c ) ] --> [ Message( c, a ), Semistate_111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outca_1_11[color=#6c8040, process="out(c,a);"]: - [ Semistate_111( a, c ), Ack( c, a ) ] --> [ State_111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventReached_0_111[color=#6c8040, - process="event Reached( );"]: - [ State_111( a, c ) ] --[ Reached( ) ]-> [ State_1111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#6c8040, process="0"]: - [ State_1111( a, c ) ] --> [ ] - - /* has exactly the trivial AC variant */ +solve( Semistate_1111( a, c ) ▶₀ #i ) + case Init + by solve( Ack( ~n.1, ~n ) ▶₁ #i ) +qed + +rule (modulo E) Init[color=#ffffff, process="new c.1;"]: + [ Fr( c.1 ), Fr( a.1 ) ] + --[ Init( ) ]-> + [ Message( c.1, a.1 ), Semistate_1111( a.1, c.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new c.1;"]: + [ Fr( c ), Fr( a ) ] + --[ Init( ) ]-> + [ Message( c, a ), Semistate_1111( a, c ) ] + */ + +rule (modulo E) outca_1_111[color=#6c8040, process="out(c.1,a.1);"]: + [ Semistate_1111( a.1, c.1 ), Ack( c.1, a.1 ) ] --[ Reached( ) ]-> [ ] + + /* + rule (modulo AC) outca_1_111[color=#6c8040, process="out(c.1,a.1);"]: + [ Semistate_1111( a, c ), Ack( c, a ) ] --[ Reached( ) ]-> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -61,7 +52,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -71,8 +62,8 @@ analyzing: examples/sapic/fast/basic/channels2.spthy analyzed: examples/sapic/fast/basic/channels2.spthy output: examples/sapic/fast/basic/channels2.spthy.tmp - processing time: 0.048803472s - received (all-traces): verified (2 steps) + processing time: 0.015984977s + received (all-traces): verified (3 steps) ------------------------------------------------------------------------------ @@ -82,8 +73,8 @@ summary of summaries: analyzed: examples/sapic/fast/basic/channels2.spthy output: examples/sapic/fast/basic/channels2.spthy.tmp - processing time: 0.048803472s - received (all-traces): verified (2 steps) + processing time: 0.015984977s + received (all-traces): verified (3 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/basic/channels3_analyzed.spthy b/case-studies-regression/sapic/fast/basic/channels3_analyzed.spthy index 9af974d2b..67610d23e 100644 --- a/case-studies-regression/sapic/fast/basic/channels3_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/channels3_analyzed.spthy @@ -2,11 +2,17 @@ theory ChannelsTestThree begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + + + + + lemma not_secret: exists-trace "∃ #i #j x. (Received( x ) @ #i) ∧ (!KU( x ) @ #j)" /* @@ -14,8 +20,8 @@ guarded formula characterizing all satisfying traces: "∃ #i #j x. (Received( x ) @ #i) ∧ (!KU( x ) @ #j)" */ simplify -solve( State_21( x ) ▶₀ #i ) - case incx_0_2 +solve( State_211( x ) ▶₀ #i ) + case incx_1_21_case_2 solve( (#vf < #t2) ∥ (#vf = #t2) ) case case_1 SOLVED // trace found @@ -30,73 +36,89 @@ guarded formula characterizing all satisfying traces: "∃ x #i. (Received( x ) @ #i) ∧ ∀ y #j. (K( y ) @ #j) ⇒ ¬(x = y)" */ simplify -solve( State_21( x ) ▶₀ #i ) - case incx_0_2 - solve( (#vf < #t2) ∥ (#vf = #t2) ) - case case_1 - SOLVED // trace found - qed +solve( State_211( x ) ▶₀ #i ) + case incx_1_21_case_1 + SOLVED // trace found qed -rule (modulo E) Init[color=#ffffff, process="|"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="|"]: - [ State_( ) ] --> [ State_1( ), State_2( ) ] +rule (modulo E) newa_0_11[color=#6c8040, process="new a.1;"]: + [ State_11( ), Fr( a.1 ) ] --> [ State_111( a.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newa_0_11[color=#6c8040, process="new a.1;"]: + [ State_11( ), Fr( a ) ] --> [ State_111( a ) ] + */ -rule (modulo E) newa_0_1[color=#6c8040, process="new a;"]: - [ State_1( ), Fr( a ) ] --> [ State_11( a ) ] +rule (modulo E) outca_1_111[color=#6c8040, process="out('c',a.1);"]: + [ State_111( a.1 ) ] --> [ Message( 'c', a.1 ), Semistate_1111( a.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) outca_1_111[color=#6c8040, process="out('c',a.1);"]: + [ State_111( a ) ] --> [ Message( 'c', a ), Semistate_1111( a ) ] + */ -rule (modulo E) outca_0_11[color=#6c8040, process="out('c',a);"]: - [ State_11( a ), In( 'c' ) ] +rule (modulo E) outca_0_111[color=#6c8040, process="out('c',a.1);"]: + [ State_111( a.1 ), In( 'c' ) ] --[ ChannelIn( 'c' ) ]-> - [ Out( a ), State_111( a ) ] + [ Out( a.1 ), State_1111( a.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) outca_0_111[color=#6c8040, process="out('c',a.1);"]: + [ State_111( a ), In( 'c' ) ] + --[ ChannelIn( 'c' ) ]-> + [ Out( a ), State_1111( a ) ] + */ -rule (modulo E) outca_1_11[color=#6c8040, process="out('c',a);"]: - [ State_11( a ) ] --> [ Message( 'c', a ), Semistate_111( a ) ] +rule (modulo E) outca_2_111[color=#6c8040, process="out('c',a.1);"]: + [ Semistate_1111( a.1 ), Ack( 'c', a.1 ) ] --> [ State_1111( a.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) outca_2_111[color=#6c8040, process="out('c',a.1);"]: + [ Semistate_1111( a ), Ack( 'c', a ) ] --> [ State_1111( a ) ] + */ -rule (modulo E) outca_2_11[color=#6c8040, process="out('c',a);"]: - [ Semistate_111( a ), Ack( 'c', a ) ] --> [ State_111( a ) ] +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ State_21( ), State_11( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#6c8040, process="0"]: - [ State_111( a ) ] --> [ ] +rule (modulo E) incx_0_21[color=#807140, process="in('c',x.1);"]: + [ State_21( ), Message( 'c', x ) ] --> [ Let_211( x ), Ack( 'c', x ) ] /* has exactly the trivial AC variant */ -rule (modulo E) incx_0_2[color=#807140, process="in('c',x);"]: - [ State_2( ), In( <'c', x> ) ] +rule (modulo E) incx_2_21[color=#807140, process="in('c',x.1);"]: + [ State_21( ), In( <'c', x> ) ] --[ ChannelIn( <'c', x> ) ]-> - [ State_21( x ) ] + [ Let_211( x ) ] /* has exactly the trivial AC variant */ -rule (modulo E) incx_1_2[color=#807140, process="in('c',x);"]: - [ State_2( ), Message( 'c', x ) ] --> [ Ack( 'c', x ), State_21( x ) ] +rule (modulo E) incx_1_21[color=#807140, process="in('c',x.1);"]: + [ Let_211( x.1 ) ] --> [ State_211( x.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incx_1_21[color=#807140, process="in('c',x.1);"]: + [ Let_211( x ) ] --> [ State_211( x ) ] + */ -rule (modulo E) eventReceivedx_0_21[color=#807140, - process="event Received( x );"]: - [ State_21( x ) ] --[ Received( x ), Event( ) ]-> [ State_211( x ) ] +rule (modulo E) incx_3_21[color=#807140, process="in('c',x.1);"]: + [ Let_211( x.1 ) ] --> [ State_211( x.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incx_3_21[color=#807140, process="in('c',x.1);"]: + [ Let_211( x ) ] --> [ State_211( x ) ] + */ -rule (modulo E) p_0_211[color=#807140, process="0"]: - [ State_211( x ) ] --> [ ] +rule (modulo E) eventReceivedx_0_211[color=#807140, + process="event Received( x.1 );"]: + [ State_211( x.1 ) ] --[ Received( x.1 ), Event( ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventReceivedx_0_211[color=#807140, + process="event Received( x.1 );"]: + [ State_211( x ) ] --[ Received( x ), Event( ) ]-> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -116,7 +138,7 @@ restriction in_event: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -126,9 +148,9 @@ analyzing: examples/sapic/fast/basic/channels3.spthy analyzed: examples/sapic/fast/basic/channels3.spthy output: examples/sapic/fast/basic/channels3.spthy.tmp - processing time: 0.117719903s + processing time: 0.065110218s not_secret (exists-trace): verified (4 steps) - internal_comm (exists-trace): verified (4 steps) + internal_comm (exists-trace): verified (3 steps) ------------------------------------------------------------------------------ @@ -138,9 +160,9 @@ summary of summaries: analyzed: examples/sapic/fast/basic/channels3.spthy output: examples/sapic/fast/basic/channels3.spthy.tmp - processing time: 0.117719903s + processing time: 0.065110218s not_secret (exists-trace): verified (4 steps) - internal_comm (exists-trace): verified (4 steps) + internal_comm (exists-trace): verified (3 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/basic/channels4_analyzed.spthy b/case-studies-regression/sapic/fast/basic/channels4_analyzed.spthy index b53e5ffd4..394437196 100644 --- a/case-studies-regression/sapic/fast/basic/channels4_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/channels4_analyzed.spthy @@ -2,11 +2,17 @@ theory ChannelsTestOne begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + + + + + lemma secret: all-traces "∀ x #i. (Secret( x ) @ #i) ⇒ (¬(∃ #j. K( x ) @ #j))" /* @@ -14,9 +20,9 @@ guarded formula characterizing all counter-examples: "∃ x #i. (Secret( x ) @ #i) ∧ ∃ #j. (K( x ) @ #j)" */ simplify -solve( State_111( x, c ) ▶₀ #i ) - case newa_0_11 - by solve( !KU( ~n ) @ #vk ) +solve( State_111( c ) ▶₀ #i ) + case Init + by solve( !KU( ~n.1 ) @ #vk ) qed lemma received: @@ -26,67 +32,58 @@ guarded formula characterizing all satisfying traces: "∃ x #i. (Received( x ) @ #i)" */ simplify -solve( State_121( c, x ) ▶₀ #i ) - case incx_0_12 +solve( State_1211( c, x ) ▶₀ #i ) + case incx_1_121 SOLVED // trace found qed -rule (modulo E) Init[color=#ffffff, process="new c;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newc_0_[color=#ffffff, process="new c;"]: - [ State_( ), Fr( c ) ] --> [ State_1( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( c ) ] --> [ State_11( c ), State_12( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newa_0_11[color=#6c8040, process="new a;"]: - [ State_11( c ), Fr( a ) ] --> [ State_111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSecreta_0_111[color=#6c8040, - process="event Secret( a );"]: - [ State_111( a, c ) ] --[ Secret( a ) ]-> [ State_1111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outca_0_1111[color=#6c8040, process="out(c,a);"]: - [ State_1111( a, c ) ] --> [ Message( c, a ), Semistate_11111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outca_1_1111[color=#6c8040, process="out(c,a);"]: - [ Semistate_11111( a, c ), Ack( c, a ) ] --> [ State_11111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111[color=#6c8040, process="0"]: - [ State_11111( a, c ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) incx_0_12[color=#807140, process="in(c,x);"]: - [ State_12( c ), Message( c, x ) ] --> [ Ack( c, x ), State_121( c, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventReceivedx_0_121[color=#807140, - process="event Received( x );"]: - [ State_121( c, x ) ] --[ Received( x ) ]-> [ State_1211( c, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1211[color=#807140, process="0"]: - [ State_1211( c, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ +rule (modulo E) newa_0_111[color=#6c8040, process="new a.1;"]: + [ State_111( c.1 ), Fr( a.1 ) ] + --[ Secret( a.1 ) ]-> + [ Message( c.1, a.1 ), Semistate_111111( a.1, c.1 ) ] + + /* + rule (modulo AC) newa_0_111[color=#6c8040, process="new a.1;"]: + [ State_111( c ), Fr( a ) ] + --[ Secret( a ) ]-> + [ Message( c, a ), Semistate_111111( a, c ) ] + */ + +rule (modulo E) Init[color=#ffffff, process="new c.1;"]: + [ Fr( c.1 ) ] --[ Init( ) ]-> [ State_121( c.1 ), State_111( c.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new c.1;"]: + [ Fr( c ) ] --[ Init( ) ]-> [ State_121( c ), State_111( c ) ] + */ + +rule (modulo E) incx_0_121[color=#807140, process="in(c.1,x.1);"]: + [ State_121( c.1 ), Message( c.1, x.2 ) ] + --> + [ Let_1211( x.2, c.1 ), Ack( c.1, x.2 ) ] + + /* + rule (modulo AC) incx_0_121[color=#807140, process="in(c.1,x.1);"]: + [ State_121( c ), Message( c, x ) ] --> [ Let_1211( x, c ), Ack( c, x ) ] + */ + +rule (modulo E) incx_1_121[color=#807140, process="in(c.1,x.1);"]: + [ Let_1211( x.1, c.1 ) ] --> [ State_1211( c.1, x.1 ) ] + + /* + rule (modulo AC) incx_1_121[color=#807140, process="in(c.1,x.1);"]: + [ Let_1211( x, c ) ] --> [ State_1211( c, x ) ] + */ + +rule (modulo E) eventReceivedx_0_1211[color=#807140, + process="event Received( x.1 );"]: + [ State_1211( c.1, x.1 ) ] --[ Received( x.1 ) ]-> [ ] + + /* + rule (modulo AC) eventReceivedx_0_1211[color=#807140, + process="event Received( x.1 );"]: + [ State_1211( c, x ) ] --[ Received( x ) ]-> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -97,7 +94,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -107,7 +104,7 @@ analyzing: examples/sapic/fast/basic/channels4.spthy analyzed: examples/sapic/fast/basic/channels4.spthy output: examples/sapic/fast/basic/channels4.spthy.tmp - processing time: 0.094964463s + processing time: 0.022714764s secret (all-traces): verified (3 steps) received (exists-trace): verified (3 steps) @@ -119,7 +116,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/channels4.spthy output: examples/sapic/fast/basic/channels4.spthy.tmp - processing time: 0.094964463s + processing time: 0.022714764s secret (all-traces): verified (3 steps) received (exists-trace): verified (3 steps) diff --git a/case-studies-regression/sapic/fast/basic/design-choices_analyzed.spthy b/case-studies-regression/sapic/fast/basic/design-choices_analyzed.spthy index 580eb05b8..e3de78f3b 100644 --- a/case-studies-regression/sapic/fast/basic/design-choices_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/design-choices_analyzed.spthy @@ -2,11 +2,13 @@ theory DesignChoices begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + lemma visit_once: all-traces "∀ #t1 #t2. ((Visit( ) @ #t1) ∧ (Visit( ) @ #t2)) ⇒ (#t1 = #t2)" @@ -21,12 +23,12 @@ solve( (#t1 < #t2) ∥ (#t2 < #t1) ) case lookupvisitedasv_1_11 solve( State_112( lock ) ▶₀ #t2 ) case lookupvisitedasv_1_11 - solve( ((#vr.1 < #vr.6) ∧ + solve( ((#vr.1 < #vr.4) ∧ (∃ #t2. (Unlock_0( '0', ~n, 's' ) @ #t2) ∧ (#vr.1 < #t2) ∧ - (#t2 < #vr.6) ∧ + (#t2 < #vr.4) ∧ (∀ #t0 pp. (Unlock( pp, ~n, 's' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 's' ) @ #t0) @@ -36,7 +38,7 @@ solve( (#t1 < #t2) ∥ (#t2 < #t1) ) (Unlock( pp, lpp, 's' ) @ #t0) ⇒ ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.6 < #vr.1) ∥ (#vr.1 = #vr.6) ) + (#vr.4 < #vr.1) ∥ (#vr.1 = #vr.4) ) case case_1 solve( Unlock_0( '0', ~n, 's' ) @ #t2.1 ) case unlocks_0_111 @@ -72,12 +74,12 @@ next case lookupvisitedasv_1_11 solve( State_112( lock ) ▶₀ #t2 ) case lookupvisitedasv_1_11 - solve( ((#vr.1 < #vr.6) ∧ + solve( ((#vr.1 < #vr.4) ∧ (∃ #t2. (Unlock_0( '0', ~n, 's' ) @ #t2) ∧ (#vr.1 < #t2) ∧ - (#t2 < #vr.6) ∧ + (#t2 < #vr.4) ∧ (∀ #t0 pp. (Unlock( pp, ~n, 's' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 's' ) @ #t0) @@ -87,7 +89,7 @@ next (Unlock( pp, lpp, 's' ) @ #t0) ⇒ ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.6 < #vr.1) ∥ (#vr.1 = #vr.6) ) + (#vr.4 < #vr.1) ∥ (#vr.1 = #vr.4) ) case case_1 solve( Unlock_0( '0', ~n, 's' ) @ #t2.1 ) case unlocks_0_111 @@ -120,50 +122,46 @@ next qed rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) locks_0_1[color=#ffffff, process="lock 's';"]: - [ State_1( ), Fr( lock ) ] + [ !Semistate_1( ), Fr( lock ) ] --[ Lock_0( '0', lock, 's' ), Lock( '0', lock, 's' ) ]-> [ State_11( lock ) ] /* has exactly the trivial AC variant */ rule (modulo E) lookupvisitedasv_0_11[color=#ffffff, - process="lookup 'visited' as v"]: + process="lookup 'visited' as v.1"]: [ State_11( lock ) ] - --[ IsIn( 'visited', v ) ]-> - [ State_111( lock, v ) ] - - /* has exactly the trivial AC variant */ + --[ IsIn( 'visited', v.1 ) ]-> + [ State_111( lock, v.1 ) ] -rule (modulo E) lookupvisitedasv_1_11[color=#ffffff, - process="lookup 'visited' as v"]: - [ State_11( lock ) ] --[ IsNotSet( 'visited' ) ]-> [ State_112( lock ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupvisitedasv_0_11[color=#ffffff, + process="lookup 'visited' as v.1"]: + [ State_11( lock ) ] + --[ IsIn( 'visited', v ) ]-> + [ State_111( lock, v ) ] + */ rule (modulo E) unlocks_0_111[color=#ffffff, process="unlock 's';"]: - [ State_111( lock, v ) ] + [ State_111( lock, v.1 ) ] --[ Unlock_0( '0', lock, 's' ), Unlock( '0', lock, 's' ) ]-> - [ State_1111( lock, v ) ] + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlocks_0_111[color=#ffffff, process="unlock 's';"]: + [ State_111( lock, v ) ] + --[ Unlock_0( '0', lock, 's' ), Unlock( '0', lock, 's' ) ]-> + [ ] + */ -rule (modulo E) p_0_1111[color=#ffffff, process="0"]: - [ State_1111( lock, v ) ] --> [ ] +rule (modulo E) lookupvisitedasv_1_11[color=#ffffff, + process="lookup 'visited' as v.1"]: + [ State_11( lock ) ] --[ IsNotSet( 'visited' ) ]-> [ State_112( lock ) ] /* has exactly the trivial AC variant */ @@ -184,12 +182,7 @@ rule (modulo E) insertvisiteds_0_1121[color=#ffffff, rule (modulo E) unlocks_0_11211[color=#ffffff, process="unlock 's';"]: [ State_11211( lock ) ] --[ Unlock_0( '0', lock, 's' ), Unlock( '0', lock, 's' ) ]-> - [ State_112111( lock ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_112111[color=#ffffff, process="0"]: - [ State_112111( lock ) ] --> [ ] + [ ] /* has exactly the trivial AC variant */ @@ -231,7 +224,7 @@ restriction locking_0: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -241,7 +234,7 @@ analyzing: examples/sapic/fast/basic/design-choices.spthy analyzed: examples/sapic/fast/basic/design-choices.spthy output: examples/sapic/fast/basic/design-choices.spthy.tmp - processing time: 0.300474877s + processing time: 0.287655687s visit_once (all-traces): verified (26 steps) ------------------------------------------------------------------------------ @@ -252,7 +245,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/design-choices.spthy output: examples/sapic/fast/basic/design-choices.spthy.tmp - processing time: 0.300474877s + processing time: 0.287655687s visit_once (all-traces): verified (26 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/destructors_analyzed.spthy b/case-studies-regression/sapic/fast/basic/destructors_analyzed.spthy new file mode 100644 index 000000000..465b5cab9 --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/destructors_analyzed.spthy @@ -0,0 +1,179 @@ +theory Destructors begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] +equations: + fst() = x.1, + sdec(k, senc(k, m)) = m, + snd() = x.2 + +heuristic: p + +section{* Testing the pattern matching with let destructors *} + + + +lemma else: + exists-trace "∃ #t. Else( ) @ #t" +/* +guarded formula characterizing all satisfying traces: +"∃ #t. (Else( ) @ #t)" +*/ +simplify +solve( State_1112( k, x ) ▶₀ #t ) + case letysdeckx_2_111 + SOLVED // trace found +qed + +lemma main: + exists-trace "∃ m #t. Dec( m ) @ #t" +/* +guarded formula characterizing all satisfying traces: +"∃ m #t. (Dec( m ) @ #t)" +*/ +simplify +solve( State_1111( k, x, m ) ▶₀ #t ) + case letysdeckx_1_111 + solve( !KU( senc(~n, m) ) @ #vk ) + case Init + SOLVED // trace found + qed +qed + +lemma main2: + all-traces "∀ m #t. (Dec( m ) @ #t) ⇒ (m = '1')" +/* +guarded formula characterizing all counter-examples: +"∃ m #t. (Dec( m ) @ #t) ∧ ¬(m = '1')" +*/ +simplify +solve( State_1111( k, x, m ) ▶₀ #t ) + case letysdeckx_1_111 + solve( !KU( senc(~n, m) ) @ #vk ) + case Init + by contradiction /* from formulas */ + next + case c_senc + solve( !KU( ~n ) @ #vk.1 ) + case eventDecy_0_1111 + by contradiction /* cyclic */ + qed + next + case eventDecy_0_1111 + by contradiction /* cyclic */ + qed +qed + + + + + +rule (modulo E) Init[color=#ffffff, process="new k.1;"]: + [ Fr( k.1 ) ] --[ Init( ) ]-> [ State_11( k.1 ), Out( senc(k.1, '1') ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new k.1;"]: + [ Fr( k ) ] --[ Init( ) ]-> [ State_11( k ), Out( senc(k, '1') ) ] + */ + +rule (modulo E) inx_0_11[color=#ffffff, process="in(x.1);"]: + [ State_11( k.1 ), In( x.1 ) ] --> [ Let_1111( , k.1, x.1 ) ] + + /* + rule (modulo AC) inx_0_11[color=#ffffff, process="in(x.1);"]: + [ State_11( k ), In( x ) ] --> [ Let_1111( , k, x ) ] + */ + +rule (modulo E) letysdeckx_1_111[color=#ffffff, + process="let y.1=sdec(k.1, x.1)"]: + [ Let_1111( , k.1, x.1 ) ] + --> + [ State_1111( k.1, x.1, y.1 ) ] + + /* + rule (modulo AC) letysdeckx_1_111[color=#ffffff, + process="let y.1=sdec(k.1, x.1)"]: + [ Let_1111( , k.1, x ) ] --> [ State_1111( k.1, x, y ) ] + */ + +rule (modulo E) eventDecy_0_1111[color=#ffffff, + process="event Dec( y.1 );"]: + [ State_1111( k.1, x.1, y.1 ) ] --[ Dec( y.1 ) ]-> [ Out( y.1 ) ] + + /* + rule (modulo AC) eventDecy_0_1111[color=#ffffff, + process="event Dec( y.1 );"]: + [ State_1111( k, x, y ) ] --[ Dec( y ) ]-> [ Out( y ) ] + */ + +restriction Restr_letysdeckx_2_111_1: + "∀ x #NOW. + (Restr_letysdeckx_2_111_1( x ) @ #NOW) ⇒ + (∀ k y. ( = x) ⇒ (⊥))" + // safety formula + +rule (modulo E) letysdeckx_2_111[color=#ffffff, + process="let y.1=sdec(k.1, x.1)"]: + [ Let_1111( , k.1, x.1 ) ] + --[ Restr_letysdeckx_2_111_1( ) ]-> + [ State_1112( k.1, x.1 ) ] + + /* + rule (modulo AC) letysdeckx_2_111[color=#ffffff, + process="let y.1=sdec(k.1, x.1)"]: + [ Let_1111( , k, x ) ] + --[ Restr_letysdeckx_2_111_1( ) ]-> + [ State_1112( k, x ) ] + */ + +rule (modulo E) eventElse_0_1112[color=#ffffff, + process="event Else( );"]: + [ State_1112( k.1, x.1 ) ] --[ Else( ) ]-> [ ] + + /* + rule (modulo AC) eventElse_0_1112[color=#ffffff, + process="event Else( );"]: + [ State_1112( k, x ) ] --[ Else( ) ]-> [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/destructors.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/destructors.spthy + + output: examples/sapic/fast/basic/destructors.spthy.tmp + processing time: 0.070352302s + else (exists-trace): verified (3 steps) + main (exists-trace): verified (4 steps) + main2 (all-traces): verified (7 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/destructors.spthy + + output: examples/sapic/fast/basic/destructors.spthy.tmp + processing time: 0.070352302s + else (exists-trace): verified (3 steps) + main (exists-trace): verified (4 steps) + main2 (all-traces): verified (7 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/exclusive-secrets_analyzed.spthy b/case-studies-regression/sapic/fast/basic/exclusive-secrets_analyzed.spthy index 6e7ba7666..7d489bd35 100644 --- a/case-studies-regression/sapic/fast/basic/exclusive-secrets_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/exclusive-secrets_analyzed.spthy @@ -2,11 +2,16 @@ theory ExclusiveSecrets begin // Function signature and definition of the equational theory E -functions: fst/1, left/0, pair/2, right/0, snd/1, store/0 +functions: fst/1[destructor], left/0, pair/2, right/0, snd/1[destructor], + store/0 equations: fst() = x.1, snd() = x.2 heuristic: p + + + + lemma a_not_secret: exists-trace "∃ #i #j x y. (Secret( x, y ) @ #i) ∧ (K( x ) @ #j)" /* @@ -15,10 +20,10 @@ guarded formula characterizing all satisfying traces: */ simplify solve( State_11111( x, y, x.1 ) ▶₀ #i ) - case newb_0_1111 + case eventSetStorex_0_11 solve( !KU( ~n ) @ #vk ) - case outa_0_111111111 - solve( (#vr.3 < #t2) ∥ (#vr.3 = #t2) ) + case ifvleft_0_111111111 + solve( (#vr.1 < #t2) ∥ (#vr.1 = #t2) ) case case_2 SOLVED // trace found qed @@ -33,10 +38,10 @@ guarded formula characterizing all satisfying traces: */ simplify solve( State_11111( x, y, x.1 ) ▶₀ #i ) - case newb_0_1111 + case eventSetStorex_0_11 solve( !KU( ~n.1 ) @ #vk ) - case outb_0_1111111121 - solve( (#vr.3 < #t2) ∥ (#vr.3 = #t2) ) + case ifvright_0_1111111112 + solve( (#vr.1 < #t2) ∥ (#vr.1 = #t2) ) case case_2 SOLVED // trace found qed @@ -57,15 +62,15 @@ guarded formula characterizing all counter-examples: */ simplify solve( State_11111( x, y, x.1 ) ▶₀ #i ) - case newb_0_1111 + case eventSetStorex_0_11 solve( State_11( z ) ▶₀ #k ) case insertstorex_0_1 solve( !KU( ~n ) @ #vk ) - case outa_0_111111111 - solve( (#vr.2 < #t2) ∥ (#vr.2 = #t2) ) + case ifvleft_0_111111111 + solve( (#vr < #t2) ∥ (#vr = #t2) ) case case_1 solve( State_1( left ) ▶₀ #t2 ) - case inx_0_ + case Init by contradiction /* cyclic */ qed next @@ -86,154 +91,162 @@ guarded formula characterizing all counter-examples: */ simplify solve( State_11111( x, y, x.1 ) ▶₀ #i ) - case newb_0_1111 + case eventSetStorex_0_11 solve( !KU( ~n ) @ #vk ) - case outa_0_111111111 - solve( (#vr.3 < #t2) ∥ (#vr.3 = #t2) ) + case ifvleft_0_111111111 + solve( (#vr.1 < #t2) ∥ (#vr.1 = #t2) ) case case_1 solve( State_1( left ) ▶₀ #t2 ) - case inx_0_ + case Init by contradiction /* cyclic */ qed next case case_2 solve( !KU( ~n.1 ) @ #vk.1 ) - case outb_0_1111111121 + case ifvright_0_1111111112 by solve( State_1( right ) ▶₀ #t2.1 ) qed qed qed qed -rule (modulo E) Init[color=#ffffff, process="in(x);"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) inx_0_[color=#ffffff, process="in(x);"]: - [ State_( ), In( x ) ] --> [ State_1( x ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) insertstorex_0_1[color=#ffffff, - process="insert store,x;"]: - [ State_1( x ) ] --[ Insert( store, x ) ]-> [ State_11( x ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) eventSetStorex_0_11[color=#ffffff, - process="event SetStore( x );"]: - [ State_11( x ) ] --[ SetStore( x ) ]-> [ State_111( x ) ] - /* has exactly the trivial AC variant */ +rule (modulo E) Init[color=#ffffff, process="in(x.1);"]: + [ In( x.1 ) ] --[ Init( ) ]-> [ State_1( x.1 ) ] -rule (modulo E) newa_0_111[color=#ffffff, process="new a;"]: - [ State_111( x ), Fr( a ) ] --> [ State_1111( a, x ) ] + /* + rule (modulo AC) Init[color=#ffffff, process="in(x.1);"]: + [ In( x ) ] --[ Init( ) ]-> [ State_1( x ) ] + */ - /* has exactly the trivial AC variant */ +rule (modulo E) insertstorex_0_1[color=#ffffff, + process="insert store,x.1;"]: + [ State_1( x.1 ) ] --[ Insert( store, x.1 ) ]-> [ State_11( x.1 ) ] -rule (modulo E) newb_0_1111[color=#ffffff, process="new b;"]: - [ State_1111( a, x ), Fr( b ) ] --> [ State_11111( a, b, x ) ] + /* + rule (modulo AC) insertstorex_0_1[color=#ffffff, + process="insert store,x.1;"]: + [ State_1( x ) ] --[ Insert( store, x ) ]-> [ State_11( x ) ] + */ - /* has exactly the trivial AC variant */ +rule (modulo E) eventSetStorex_0_11[color=#ffffff, + process="event SetStore( x.1 );"]: + [ State_11( x.1 ), Fr( a.1 ), Fr( b.1 ) ] + --[ SetStore( x.1 ) ]-> + [ State_11111( a.1, b.1, x.1 ) ] + + /* + rule (modulo AC) eventSetStorex_0_11[color=#ffffff, + process="event SetStore( x.1 );"]: + [ State_11( x ), Fr( a ), Fr( b ) ] + --[ SetStore( x ) ]-> + [ State_11111( a, b, x ) ] + */ rule (modulo E) eventSecretab_0_11111[color=#ffffff, - process="event Secret( a, b );"]: - [ State_11111( a, b, x ) ] - --[ Secret( a, b ) ]-> - [ State_111111( a, b, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111[color=#ffffff, process="!"]: - [ State_111111( a, b, x ) ] --> [ !Semistate_1111111( a, b, x ) ] - - /* has exactly the trivial AC variant */ + process="event Secret( a.1, b.1 );"]: + [ State_11111( a.1, b.1, x.1 ) ] + --[ Secret( a.1, b.1 ) ]-> + [ !Semistate_1111111( a.1, b.1, x.1 ) ] + + /* + rule (modulo AC) eventSecretab_0_11111[color=#ffffff, + process="event Secret( a.1, b.1 );"]: + [ State_11111( a, b, x ) ] + --[ Secret( a, b ) ]-> + [ !Semistate_1111111( a, b, x ) ] + */ rule (modulo E) p_1_111111[color=#ffffff, process="!"]: - [ !Semistate_1111111( a, b, x ) ] --> [ State_1111111( a, b, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupstoreasv_0_1111111[color=#6c8040, - process="lookup store as v"]: - [ State_1111111( a, b, x ) ] - --[ IsIn( store, v ) ]-> - [ State_11111111( a, b, v, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupstoreasv_1_1111111[color=#6c8040, - process="lookup store as v"]: - [ State_1111111( a, b, x ) ] - --[ IsNotSet( store ) ]-> - [ State_11111112( a, b, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifvleft_0_11111111[color=#6c8040, process="if v=left"]: - [ State_11111111( a, b, v, x ) ] - --[ Pred_Eq( v, left ) ]-> - [ State_111111111( a, b, v, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifvleft_1_11111111[color=#6c8040, process="if v=left"]: - [ State_11111111( a, b, v, x ) ] - --[ Pred_Not_Eq( v, left ) ]-> - [ State_111111112( a, b, v, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outa_0_111111111[color=#6c8040, process="out(a);"]: - [ State_111111111( a, b, v, x ) ] + [ !Semistate_1111111( a.1, b.1, x.1 ) ] --> - [ State_1111111111( a, b, v, x ), Out( a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111[color=#6c8040, process="0"]: - [ State_1111111111( a, b, v, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifvright_0_111111112[color=#6c8040, - process="if v=right"]: - [ State_111111112( a, b, v, x ) ] - --[ Pred_Eq( v, right ) ]-> - [ State_1111111121( a, b, v, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifvright_1_111111112[color=#6c8040, - process="if v=right"]: - [ State_111111112( a, b, v, x ) ] - --[ Pred_Not_Eq( v, right ) ]-> - [ State_1111111122( a, b, v, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outb_0_1111111121[color=#6c8040, process="out(b);"]: - [ State_1111111121( a, b, v, x ) ] - --> - [ State_11111111211( a, b, v, x ), Out( b ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111211[color=#6c8040, process="0"]: - [ State_11111111211( a, b, v, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111122[color=#6c8040, process="0"]: - [ State_1111111122( a, b, v, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111112[color=#6c8040, process="0"]: - [ State_11111112( a, b, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ + [ State_11111111( a.1, b.1, x.1 ) ] + + /* + rule (modulo AC) p_1_111111[color=#ffffff, process="!"]: + [ !Semistate_1111111( a, b, x ) ] --> [ State_11111111( a, b, x ) ] + */ + +rule (modulo E) lookupstoreasv_0_11111111[color=#6c8040, + process="lookup store as v.1"]: + [ State_11111111( a.1, b.1, x.1 ) ] + --[ IsIn( store, v.1 ) ]-> + [ State_111111111( a.1, b.1, v.1, x.1 ) ] + + /* + rule (modulo AC) lookupstoreasv_0_11111111[color=#6c8040, + process="lookup store as v.1"]: + [ State_11111111( a, b, x ) ] + --[ IsIn( store, v ) ]-> + [ State_111111111( a, b, v, x ) ] + */ + +rule (modulo E) ifvleft_0_111111111[color=#6c8040, + process="if v.1=left"]: + [ State_111111111( a.1, b.1, v.1, x.1 ) ] + --[ Pred_Eq( v.1, left ) ]-> + [ Out( a.1 ) ] + + /* + rule (modulo AC) ifvleft_0_111111111[color=#6c8040, + process="if v.1=left"]: + [ State_111111111( a, b, v, x ) ] --[ Pred_Eq( v, left ) ]-> [ Out( a ) ] + */ + +rule (modulo E) ifvleft_1_111111111[color=#6c8040, + process="if v.1=left"]: + [ State_111111111( a.1, b.1, v.1, x.1 ) ] + --[ Pred_Not_Eq( v.1, left ) ]-> + [ State_1111111112( a.1, b.1, v.1, x.1 ) ] + + /* + rule (modulo AC) ifvleft_1_111111111[color=#6c8040, + process="if v.1=left"]: + [ State_111111111( a, b, v, x ) ] + --[ Pred_Not_Eq( v, left ) ]-> + [ State_1111111112( a, b, v, x ) ] + */ + +rule (modulo E) ifvright_0_1111111112[color=#6c8040, + process="if v.1=right"]: + [ State_1111111112( a.1, b.1, v.1, x.1 ) ] + --[ Pred_Eq( v.1, right ) ]-> + [ Out( b.1 ) ] + + /* + rule (modulo AC) ifvright_0_1111111112[color=#6c8040, + process="if v.1=right"]: + [ State_1111111112( a, b, v, x ) ] + --[ Pred_Eq( v, right ) ]-> + [ Out( b ) ] + */ + +rule (modulo E) ifvright_1_1111111112[color=#6c8040, + process="if v.1=right"]: + [ State_1111111112( a.1, b.1, v.1, x.1 ) ] + --[ Pred_Not_Eq( v.1, right ) ]-> + [ ] + + /* + rule (modulo AC) ifvright_1_1111111112[color=#6c8040, + process="if v.1=right"]: + [ State_1111111112( a, b, v, x ) ] --[ Pred_Not_Eq( v, right ) ]-> [ ] + */ + +rule (modulo E) lookupstoreasv_1_11111111[color=#6c8040, + process="lookup store as v.1"]: + [ State_11111111( a.1, b.1, x.1 ) ] --[ IsNotSet( store ) ]-> [ ] + + /* + rule (modulo AC) lookupstoreasv_1_11111111[color=#6c8040, + process="lookup store as v.1"]: + [ State_11111111( a, b, x ) ] --[ IsNotSet( store ) ]-> [ ] + */ restriction set_in: "∀ x y #t3. @@ -265,7 +278,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -275,7 +288,7 @@ analyzing: examples/sapic/fast/basic/exclusive-secrets.spthy analyzed: examples/sapic/fast/basic/exclusive-secrets.spthy output: examples/sapic/fast/basic/exclusive-secrets.spthy.tmp - processing time: 0.273375965s + processing time: 0.18171498s a_not_secret (exists-trace): verified (5 steps) b_not_secret (exists-trace): verified (5 steps) sanity (all-traces): verified (8 steps) @@ -289,7 +302,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/exclusive-secrets.spthy output: examples/sapic/fast/basic/exclusive-secrets.spthy.tmp - processing time: 0.273375965s + processing time: 0.18171498s a_not_secret (exists-trace): verified (5 steps) b_not_secret (exists-trace): verified (5 steps) sanity (all-traces): verified (8 steps) diff --git a/case-studies-regression/sapic/fast/basic/let-blocks2_analyzed.spthy b/case-studies-regression/sapic/fast/basic/let-blocks2_analyzed.spthy new file mode 100644 index 000000000..873721c8a --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/let-blocks2_analyzed.spthy @@ -0,0 +1,67 @@ +theory LetBlockCharlyOne begin + +// Function signature and definition of the equational theory E + +builtins: diffie-hellman +functions: fst/1[destructor], hash/1, pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + + + + + +rule (modulo E) Init[color=#ffffff, process="P()"]: + [ Fr( a.1 ) ] --[ Init( ) ]-> [ Out( 'g'^a.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="P()"]: + [ Fr( a ) ] --[ Init( ) ]-> [ Out( z ) ] + variants (modulo AC) + 1. a = a.4 + z = 'g'^a.4 + + 2. a = one + z = 'g' + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/let-blocks2.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/let-blocks2.spthy + + output: examples/sapic/fast/basic/let-blocks2.spthy.tmp + processing time: 0.021569415s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/let-blocks2.spthy + + output: examples/sapic/fast/basic/let-blocks2.spthy.tmp + processing time: 0.021569415s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/let-blocks3_analyzed.spthy b/case-studies-regression/sapic/fast/basic/let-blocks3_analyzed.spthy new file mode 100644 index 000000000..4eb5ce1fb --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/let-blocks3_analyzed.spthy @@ -0,0 +1,58 @@ +theory LetBlockCharlyTwo begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], hash/1, pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + + + +rule (modulo E) Init[color=#ffffff, process="P()"]: + [ Fr( a.1 ) ] --[ Init( ) ]-> [ Out( a.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="P()"]: + [ Fr( a ) ] --[ Init( ) ]-> [ Out( a ) ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/let-blocks3.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/let-blocks3.spthy + + output: examples/sapic/fast/basic/let-blocks3.spthy.tmp + processing time: 0.008808683s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/let-blocks3.spthy + + output: examples/sapic/fast/basic/let-blocks3.spthy.tmp + processing time: 0.008808683s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/let-blocks_analyzed.spthy b/case-studies-regression/sapic/fast/basic/let-blocks_analyzed.spthy new file mode 100644 index 000000000..0f435bee4 --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/let-blocks_analyzed.spthy @@ -0,0 +1,646 @@ +theory RunningExampleWithLet begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] +equations: + fst() = x.1, + sdec(senc(x.1, x.2), x.2) = x.1, + snd() = x.2 + +heuristic: p + + + +predicate: EncSucc( c, k )<=>∃ m. senc(m, k) = c + + + +lemma can_create_key: + exists-trace "∃ #t h k. NewKey( h, k ) @ #t" +/* +guarded formula characterizing all satisfying traces: +"∃ #t h k. (NewKey( h, k ) @ #t)" +*/ +simplify +solve( State_1111( ) ▶₀ #t ) + case p_1_ + SOLVED // trace found +qed + +lemma can_obtain_wrapping: + exists-trace "∃ #t k1 k2. Wrap( k1, k2 ) @ #t" +/* +guarded formula characterizing all satisfying traces: +"∃ #t k1 k2. (Wrap( k1, k2 ) @ #t)" +*/ +simplify +solve( State_1211111( a1, h1, h2, k1, k2 ) ▶₀ #t ) + case lookupkeyhask_0_121111 + solve( Insert( <'key', h2>, k2 ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2 ) + case newh_0_1111 + solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) + case newh_0_1111 + solve( Insert( <'att', ~n>, 'wrap' ) @ #t2.2 ) + case inh_0_1112 + solve( State_1112( ) ▶₀ #t2.2 ) + case p_1_ + solve( !KU( ~n.1 ) @ #vk.2 ) + case insertatthdec_0_11111111 + solve( !KU( ~n ) @ #vk.2 ) + case insertatthdec_0_11111111 + SOLVED // trace found + qed + qed + qed + qed + qed + qed + qed + qed +qed + +lemma dec_limits [reuse, sources]: + all-traces + "∀ k m #t1. + (DecUsing( k, m ) @ #t1) ⇒ + (∃ h k2 #t2 #t3. + (((NewKey( h, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3)) ∧ (#t2 < #t1)) ∧ + (#t3 < #t1))" +/* +guarded formula characterizing all counter-examples: +"∃ k m #t1. + (DecUsing( k, m ) @ #t1) + ∧ + ∀ h k2 #t2 #t3. + (NewKey( h, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) + ⇒ + ((¬(#t2 < #t1)) ∨ (¬(#t3 < #t1)))" +*/ +induction + case non_empty_trace + simplify + solve( (∀ k m #t1. + (DecUsing( k, m ) @ #t1) + ⇒ + ((last(#t1)) ∨ + (∃ h k2 #t2 #t3. + (NewKey( h, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) + ∧ + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)))) ∥ + (∃ x #NOW x.1. + (Restr_ifEncSuccck_0_1121111_1( x, x.1 ) @ #NOW) + ∧ + (¬(last(#NOW))) ∧ (∀ m. (senc(m, x) = x.1) ⇒ ⊥)) ∥ + (∃ x y #t3. + (IsIn( x, y ) @ #t3) + ∧ + (¬(last(#t3))) ∧ + (∀ #t2. + (Insert( x, y ) @ #t2) + ⇒ + ((last(#t2)) ∨ + (#t2 = #t3) ∨ + (#t3 < #t2) ∨ + (∃ #t1 yp. + (Insert( x, yp ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ + (¬(#t1 = #t2)) ∧ + (((#t3 = #t1) ∨ (#t1 < #t3))))))) ) + case case_1 + solve( (last(#t1)) ∥ + (∃ h k2 #t2 #t3. + (NewKey( h, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) + ∧ + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)) ) + case case_1 + solve( State_1121111( a, senc(m, k), k, h ) ▶₀ #t1 ) + case lookupkeyhask_0_112111 + solve( !KU( senc(m, k) ) @ #vk.2 ) + case eventWrapkk_0_1211111_case_1 + solve( Insert( <'key', h>, k ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h, k ) ▶₀ #t2 ) + case newh_0_1111 + solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) + case insertatthdec_0_11111111 + solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) + case insertkeyhk_0_1111111 + solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) + case newh_0_1111 + solve( Insert( <'key', h1>, k1 ) @ #t2.3 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h1, k1 ) ▶₀ #t2.3 ) + case newh_0_1111 + solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.4 ) + case inh_0_1112 + solve( State_1112( ) ▶₀ #t2.4 ) + case p_1_ + solve( !KU( ~n.1 ) @ #vk.2 ) + case eventWrapkk_0_1211111 + solve( !KU( ~n.3 ) @ #vk.5 ) + case insertatthdec_0_11111111 + solve( !KU( ~n.2 ) @ #vk.5 ) + case insertatthdec_0_11111111 + solve( Insert( <'key', h2>, k2.1 ) @ #t2.5 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2.1 ) ▶₀ #t2.5 ) + case newh_0_1111 + solve( Insert( <'key', h1>, k1.1 ) @ #t2.6 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h1, k1.1 ) ▶₀ #t2.6 ) + case newh_0_1111 + solve( Insert( <'att', ~n.8>, 'wrap' ) @ #t2.7 ) + case inh_0_1112 + solve( State_1112( ) ▶₀ #t2.7 ) + case p_1_ + solve( !KU( ~n.6 ) @ #vk.9 ) + case insertatthdec_0_11111111 + solve( !KU( ~n.8 ) @ #vk.9 ) + case insertatthdec_0_11111111 + SOLVED // trace found + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed +qed + +lemma cannot_obtain_key_ind [reuse, use_induction]: + all-traces "¬(∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (!KU( k ) @ #j))" +/* +guarded formula characterizing all counter-examples: +"∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (!KU( k ) @ #j)" +*/ +induction + case non_empty_trace + simplify + solve( (∀ #i #j h k. + (NewKey( h, k ) @ #i) ∧ (!KU( k ) @ #j) ⇒ ((last(#j)) ∨ (last(#i)))) ∥ + (∃ x #NOW x.1. + (Restr_ifEncSuccck_0_1121111_1( x, x.1 ) @ #NOW) + ∧ + (¬(last(#NOW))) ∧ (∀ m. (senc(m, x) = x.1) ⇒ ⊥)) ∥ + (∃ x y #t3. + (IsIn( x, y ) @ #t3) + ∧ + (¬(last(#t3))) ∧ + (∀ #t2. + (Insert( x, y ) @ #t2) + ⇒ + ((last(#t2)) ∨ + (#t2 = #t3) ∨ + (#t3 < #t2) ∨ + (∃ #t1 yp. + (Insert( x, yp ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ + (¬(#t1 = #t2)) ∧ + (((#t3 = #t1) ∨ (#t1 < #t3))))))) ) + case case_1 + solve( (last(#j)) ∥ (last(#i)) ) + case case_1 + solve( State_1111( ) ▶₀ #i ) + case p_1_ + solve( !KU( ~n.1 ) @ #j ) + case eventWrapkk_0_1211111 + solve( Insert( <'key', h2>, k2.1 ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2 ) + case newh_0_1111 + solve( Insert( <'key', h1>, k1.1 ) @ #t2.1 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h1, k1.1 ) ▶₀ #t2.1 ) + case newh_0_1111 + solve( Insert( <'att', ~n.4>, 'wrap' ) @ #t2.2 ) + case inh_0_1112 + solve( State_1112( ) ▶₀ #t2.2 ) + case p_1_ + solve( !KU( ~n.2 ) @ #vk.3 ) + case insertatthdec_0_11111111 + solve( !KU( ~n.4 ) @ #vk.3 ) + case insertatthdec_0_11111111 + SOLVED // trace found + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed +qed + +lemma cannot_obtain_key: + all-traces "¬(∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (K( k ) @ #j))" +/* +guarded formula characterizing all counter-examples: +"∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (K( k ) @ #j)" +*/ +simplify +by contradiction /* from formulas */ + + + + + +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h.1 ), Fr( k.1 ) ] + --[ NewKey( h.1, k.1 ) ]-> + [ State_1111111( h.1, k.1 ) ] + + /* + rule (modulo AC) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h ), Fr( k ) ] + --[ NewKey( h, k ) ]-> + [ State_1111111( h, k ) ] + */ + +rule (modulo E) insertkeyhk_0_1111111[color=#ffffff, + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h.1, k.1 ) ] + --[ Insert( <'key', h.1>, k.1 ) ]-> + [ State_11111111( h.1, k.1 ) ] + + /* + rule (modulo AC) insertkeyhk_0_1111111[color=#ffffff, + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h, k ) ] + --[ Insert( <'key', h>, k ) ]-> + [ State_11111111( h, k ) ] + */ + +rule (modulo E) insertatthdec_0_11111111[color=#ffffff, + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h.1, k.1 ) ] + --[ Insert( <'att', h.1>, 'dec' ) ]-> + [ Out( h.1 ) ] + + /* + rule (modulo AC) insertatthdec_0_11111111[color=#ffffff, + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h, k ) ] + --[ Insert( <'att', h>, 'dec' ) ]-> + [ Out( h ) ] + */ + +rule (modulo E) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h.2 ) ] --[ Insert( <'att', h.2>, 'wrap' ) ]-> [ ] + + /* + rule (modulo AC) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h ) ] --[ Insert( <'att', h>, 'wrap' ) ]-> [ ] + */ + +rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c.1, h.3 ) ] + + /* + rule (modulo AC) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] + */ + +rule (modulo E) lookupatthasa_0_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] + --[ IsIn( <'att', h.3>, a.1 ) ]-> + [ State_11211( a.1, c.1, h.3 ) ] + + /* + rule (modulo AC) lookupatthasa_0_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_11211( a, c, h ) ] + */ + +rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] + --[ Pred_Eq( a.1, 'dec' ) ]-> + [ State_112111( a.1, c.1, h.3 ) ] + + /* + rule (modulo AC) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] + --[ Pred_Eq( a, 'dec' ) ]-> + [ State_112111( a, c, h ) ] + */ + +rule (modulo E) lookupkeyhask_0_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] + --[ IsIn( <'key', h.3>, k.2 ) ]-> + [ State_1121111( a.1, c.1, k.2, h.3 ) ] + + /* + rule (modulo AC) lookupkeyhask_0_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] + --[ IsIn( <'key', h>, k ) ]-> + [ State_1121111( a, c, k, h ) ] + */ + +restriction Restr_ifEncSuccck_0_1121111_1: + "∀ x #NOW x.1. + (Restr_ifEncSuccck_0_1121111_1( x, x.1 ) @ #NOW) ⇒ + (∃ m. senc(m, x) = x.1)" + +rule (modulo E) ifEncSuccck_0_1121111[color=#ffffff, + process="if EncSucc( c.1, k.2 )"]: + [ State_1121111( a.1, c.1, k.2, h.3 ) ] + --[ + DecUsing( k.2, sdec(c.1, k.2) ), + Restr_ifEncSuccck_0_1121111_1( k.2, c.1 ) + ]-> + [ Out( sdec(c.1, k.2) ) ] + + /* + rule (modulo AC) ifEncSuccck_0_1121111[color=#ffffff, + process="if EncSucc( c.1, k.2 )"]: + [ State_1121111( a, c, k, h ) ] + --[ DecUsing( k, z ), Restr_ifEncSuccck_0_1121111_1( k, c ) ]-> + [ Out( z ) ] + variants (modulo AC) + 1. c = c.9 + k = k.10 + z = sdec(c.9, k.10) + + 2. c = senc(x.9, x.10) + k = x.10 + z = x.9 + */ + +rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] --[ IsNotSet( <'key', h.3> ) ]-> [ ] + + /* + rule (modulo AC) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] --[ IsNotSet( <'key', h> ) ]-> [ ] + */ + +rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] --[ Pred_Not_Eq( a.1, 'dec' ) ]-> [ ] + + /* + rule (modulo AC) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] --[ Pred_Not_Eq( a, 'dec' ) ]-> [ ] + */ + +rule (modulo E) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] --[ IsNotSet( <'att', h.3> ) ]-> [ ] + + /* + rule (modulo AC) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] + */ + +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] + --> + [ State_1111( ), State_1112( ), State_112( ), State_12( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1.1, h2.1 ) ] + + /* + rule (modulo AC) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] + */ + +rule (modulo E) lookupatthasa_0_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] + --[ IsIn( <'att', h1.1>, a1.1 ) ]-> + [ State_1211( a1.1, h1.1, h2.1 ) ] + + /* + rule (modulo AC) lookupatthasa_0_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] + --[ IsIn( <'att', h1>, a1 ) ]-> + [ State_1211( a1, h1, h2 ) ] + */ + +rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Eq( a1.1, 'wrap' ) ]-> + [ State_12111( a1.1, h1.1, h2.1 ) ] + + /* + rule (modulo AC) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] + --[ Pred_Eq( a1, 'wrap' ) ]-> + [ State_12111( a1, h1, h2 ) ] + */ + +rule (modulo E) lookupkeyhask_0_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] + --[ IsIn( <'key', h1.1>, k1.1 ) ]-> + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + + /* + rule (modulo AC) lookupkeyhask_0_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] + --[ IsIn( <'key', h1>, k1 ) ]-> + [ State_121111( a1, h1, h2, k1 ) ] + */ + +rule (modulo E) lookupkeyhask_0_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsIn( <'key', h2.1>, k2.1 ) ]-> + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] + + /* + rule (modulo AC) lookupkeyhask_0_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] + --[ IsIn( <'key', h2>, k2 ) ]-> + [ State_1211111( a1, h1, h2, k1, k2 ) ] + */ + +rule (modulo E) eventWrapkk_0_1211111[color=#ffffff, + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] + --[ Wrap( k1.1, k2.1 ) ]-> + [ Out( senc(k2, k1) ) ] + + /* + rule (modulo AC) eventWrapkk_0_1211111[color=#ffffff, + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1, h1, h2, k1, k2 ) ] + --[ Wrap( k1, k2 ) ]-> + [ Out( senc(k2.1, k1.1) ) ] + */ + +rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsNotSet( <'key', h2.1> ) ]-> + [ ] + + /* + rule (modulo AC) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] --[ IsNotSet( <'key', h2> ) ]-> [ ] + */ + +rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] --[ IsNotSet( <'key', h1.1> ) ]-> [ ] + + /* + rule (modulo AC) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] --[ IsNotSet( <'key', h1> ) ]-> [ ] + */ + +rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Not_Eq( a1.1, 'wrap' ) ]-> + [ ] + + /* + rule (modulo AC) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] --[ Pred_Not_Eq( a1, 'wrap' ) ]-> [ ] + */ + +rule (modulo E) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] --[ IsNotSet( <'att', h1.1> ) ]-> [ ] + + /* + rule (modulo AC) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] --[ IsNotSet( <'att', h1> ) ]-> [ ] + */ + +restriction set_in: + "∀ x y #t3. + (IsIn( x, y ) @ #t3) ⇒ + (∃ #t2. + ((Insert( x, y ) @ #t2) ∧ (#t2 < #t3)) ∧ + (∀ #t1 yp. + (Insert( x, yp ) @ #t1) ⇒ (((#t1 < #t2) ∨ (#t1 = #t2)) ∨ (#t3 < #t1))))" + +restriction set_notin: + "∀ x #t3. + (IsNotSet( x ) @ #t3) ⇒ (∀ #t1 y. (Insert( x, y ) @ #t1) ⇒ (#t3 < #t1))" + // safety formula + +restriction predicate_eq: + "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" + // safety formula + +restriction predicate_not_eq: + "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" + // safety formula + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* +WARNING: the following wellformedness checks failed! + +unbound: + rule `eventWrapkk_0_1211111' has unbound variables: + k1, k2 +*/ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/let-blocks.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/let-blocks.spthy + + output: examples/sapic/fast/basic/let-blocks.spthy.tmp + processing time: 5.951264692s + WARNING: 1 wellformedness check failed! + The analysis results might be wrong! + unbound: + rule `eventWrapkk_0_1211111' has unbound variables: + k1, k2 + + can_create_key (exists-trace): verified (3 steps) + can_obtain_wrapping (exists-trace): verified (11 steps) + dec_limits (all-traces): falsified - found trace (28 steps) + cannot_obtain_key_ind (all-traces): falsified - found trace (15 steps) + cannot_obtain_key (all-traces): verified (2 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/let-blocks.spthy + + output: examples/sapic/fast/basic/let-blocks.spthy.tmp + processing time: 5.951264692s + WARNING: 1 wellformedness check failed! + The analysis results might be wrong! + unbound: + rule `eventWrapkk_0_1211111' has unbound variables: + k1, k2 + + can_create_key (exists-trace): verified (3 steps) + can_obtain_wrapping (exists-trace): verified (11 steps) + dec_limits (all-traces): falsified - found trace (28 steps) + cannot_obtain_key_ind (all-traces): falsified - found trace (15 steps) + cannot_obtain_key (all-traces): verified (2 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/let_pattern_analyzed.spthy b/case-studies-regression/sapic/fast/basic/let_pattern_analyzed.spthy new file mode 100644 index 000000000..4c6d95cb9 --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/let_pattern_analyzed.spthy @@ -0,0 +1,113 @@ +theory PatternMatchLet begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + +section{* A few test cases for operator precedence *} + + + +lemma first: + all-traces "∀ #e x. (E( x ) @ #e) ⇒ (x = '1')" +/* +guarded formula characterizing all counter-examples: +"∃ #e x. (E( x ) @ #e) ∧ ¬(x = '1')" +*/ +simplify +solve( State_1( x, y ) ▶₀ #e ) + case letxy_1_ + by contradiction /* from formulas */ +qed + +lemma first2: + all-traces "¬(∃ #e x. Fail( x ) @ #e)" +/* +guarded formula characterizing all counter-examples: +"∃ #e x. (Fail( x ) @ #e)" +*/ +simplify +by solve( State_2( ) ▶₀ #e ) + +rule (modulo E) Init[color=#ffffff, process="let =<'1', '2'>"]: + [ ] --[ Init( ) ]-> [ Let_1( <'1', '2'> ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) letxy_1_[color=#ffffff, + process="let =<'1', '2'>"]: + [ Let_1( ) ] --> [ State_1( x.1, y.1 ) ] + + /* + rule (modulo AC) letxy_1_[color=#ffffff, + process="let =<'1', '2'>"]: + [ Let_1( ) ] --> [ State_1( x, y ) ] + */ + +rule (modulo E) inpatx_0_1[color=#ffffff, process="in(pat_x.1);"]: + [ State_1( x.1, y.1 ), In( pat_x.1 ) ] --[ E( x.1 ) ]-> [ ] + + /* + rule (modulo AC) inpatx_0_1[color=#ffffff, process="in(pat_x.1);"]: + [ State_1( x, y ), In( pat_x ) ] --[ E( x ) ]-> [ ] + */ + +restriction Restr_letxy_2__1: + "∀ #NOW. + (Restr_letxy_2__1( ) @ #NOW) ⇒ (∀ x y. ( = <'1', '2'>) ⇒ (⊥))" + // safety formula + +rule (modulo E) letxy_2_[color=#ffffff, + process="let =<'1', '2'>"]: + [ Let_1( <'1', '2'> ) ] --[ Restr_letxy_2__1( ) ]-> [ State_2( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) inpatx_0_2[color=#ffffff, process="in(pat_x.2);"]: + [ State_2( ), In( pat_x.2 ) ] --[ Fail( pat_x.2 ) ]-> [ ] + + /* + rule (modulo AC) inpatx_0_2[color=#ffffff, process="in(pat_x.2);"]: + [ State_2( ), In( pat_x ) ] --[ Fail( pat_x ) ]-> [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/let_pattern.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/let_pattern.spthy + + output: examples/sapic/fast/basic/let_pattern.spthy.tmp + processing time: 0.018444306s + first (all-traces): verified (3 steps) + first2 (all-traces): verified (2 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/let_pattern.spthy + + output: examples/sapic/fast/basic/let_pattern.spthy.tmp + processing time: 0.018444306s + first (all-traces): verified (3 steps) + first2 (all-traces): verified (2 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/match_new_analyzed.spthy b/case-studies-regression/sapic/fast/basic/match_new_analyzed.spthy new file mode 100644 index 000000000..3eb238b43 --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/match_new_analyzed.spthy @@ -0,0 +1,102 @@ +theory Test begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + + + +lemma no_acceptP: + all-traces "¬(∃ #i. AcceptP( ) @ #i)" +/* +guarded formula characterizing all counter-examples: +"∃ #i. (AcceptP( ) @ #i)" +*/ +simplify +by contradiction /* cyclic */ + +lemma acceptQ: + exists-trace "∃ #i. AcceptQ( ) @ #i" +/* +guarded formula characterizing all satisfying traces: +"∃ #i. (AcceptQ( ) @ #i)" +*/ +simplify +solve( State_21( ) ▶₀ #i ) + case Init + SOLVED // trace found +qed + +rule (modulo E) inc_0_11[color=#6c8040, process="in(c.1);"]: + [ State_11( ), In( c.1 ), Fr( a.1 ), In( <, 'toto'> ) ] + --[ AcceptP( ) ]-> + [ ] + + /* + rule (modulo AC) inc_0_11[color=#6c8040, process="in(c.1);"]: + [ State_11( ), In( c ), Fr( a ), In( <, 'toto'> ) ] + --[ AcceptP( ) ]-> + [ ] + */ + +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ State_21( ), State_11( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) inc_0_21[color=#807140, process="in(c.2);"]: + [ State_21( ), In( c.2 ), In( <, 'toto'> ) ] + --[ AcceptQ( ) ]-> + [ ] + + /* + rule (modulo AC) inc_0_21[color=#807140, process="in(c.2);"]: + [ State_21( ), In( c ), In( <, 'toto'> ) ] + --[ AcceptQ( ) ]-> + [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/match_new.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/match_new.spthy + + output: examples/sapic/fast/basic/match_new.spthy.tmp + processing time: 0.014113996s + no_acceptP (all-traces): verified (2 steps) + acceptQ (exists-trace): verified (3 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/match_new.spthy + + output: examples/sapic/fast/basic/match_new.spthy.tmp + processing time: 0.014113996s + no_acceptP (all-traces): verified (2 steps) + acceptQ (exists-trace): verified (3 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-2_analyzed.spthy b/case-studies-regression/sapic/fast/basic/ndc-nested-2_analyzed.spthy similarity index 92% rename from case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-2_analyzed.spthy rename to case-studies-regression/sapic/fast/basic/ndc-nested-2_analyzed.spthy index c898a89bb..f46e8aebd 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-2_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/ndc-nested-2_analyzed.spthy @@ -2,7 +2,8 @@ theory nestedNDC2 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -221,17 +230,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy +analyzing: examples/sapic/fast/basic/ndc-nested-2.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy +analyzed: examples/sapic/fast/basic/ndc-nested-2.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy.tmp - processing time: 0.116975653s + output: examples/sapic/fast/basic/ndc-nested-2.spthy.tmp + processing time: 0.093451386s A_possible (exists-trace): verified (7 steps) B_possible (exists-trace): verified (7 steps) C_possible (exists-trace): verified (7 steps) @@ -242,10 +251,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy +analyzed: examples/sapic/fast/basic/ndc-nested-2.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy.tmp - processing time: 0.116975653s + output: examples/sapic/fast/basic/ndc-nested-2.spthy.tmp + processing time: 0.093451386s A_possible (exists-trace): verified (7 steps) B_possible (exists-trace): verified (7 steps) C_possible (exists-trace): verified (7 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-3_analyzed.spthy b/case-studies-regression/sapic/fast/basic/ndc-nested-3_analyzed.spthy similarity index 91% rename from case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-3_analyzed.spthy rename to case-studies-regression/sapic/fast/basic/ndc-nested-3_analyzed.spthy index 03b6e5633..13ce1abd5 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-3_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/ndc-nested-3_analyzed.spthy @@ -2,7 +2,8 @@ theory nestedNDC3 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -181,17 +190,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy +analyzing: examples/sapic/fast/basic/ndc-nested-3.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy +analyzed: examples/sapic/fast/basic/ndc-nested-3.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy.tmp - processing time: 0.110875731s + output: examples/sapic/fast/basic/ndc-nested-3.spthy.tmp + processing time: 0.063226119s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (5 steps) C_possible (exists-trace): verified (5 steps) @@ -202,10 +211,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy +analyzed: examples/sapic/fast/basic/ndc-nested-3.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy.tmp - processing time: 0.110875731s + output: examples/sapic/fast/basic/ndc-nested-3.spthy.tmp + processing time: 0.063226119s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (5 steps) C_possible (exists-trace): verified (5 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-4_analyzed.spthy b/case-studies-regression/sapic/fast/basic/ndc-nested-4_analyzed.spthy similarity index 91% rename from case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-4_analyzed.spthy rename to case-studies-regression/sapic/fast/basic/ndc-nested-4_analyzed.spthy index 9a05153fe..6908236ff 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-4_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/ndc-nested-4_analyzed.spthy @@ -2,7 +2,8 @@ theory nestedNDC3 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -181,17 +190,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy +analyzing: examples/sapic/fast/basic/ndc-nested-4.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy +analyzed: examples/sapic/fast/basic/ndc-nested-4.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy.tmp - processing time: 0.10961319s + output: examples/sapic/fast/basic/ndc-nested-4.spthy.tmp + processing time: 0.062958572s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (5 steps) C_possible (exists-trace): verified (5 steps) @@ -202,10 +211,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy +analyzed: examples/sapic/fast/basic/ndc-nested-4.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy.tmp - processing time: 0.10961319s + output: examples/sapic/fast/basic/ndc-nested-4.spthy.tmp + processing time: 0.062958572s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (5 steps) C_possible (exists-trace): verified (5 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-5_analyzed.spthy b/case-studies-regression/sapic/fast/basic/ndc-nested-5_analyzed.spthy similarity index 94% rename from case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-5_analyzed.spthy rename to case-studies-regression/sapic/fast/basic/ndc-nested-5_analyzed.spthy index e27ba1b52..f6029b19e 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested-5_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/ndc-nested-5_analyzed.spthy @@ -2,7 +2,8 @@ theory nestedNDC5 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -290,17 +299,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy +analyzing: examples/sapic/fast/basic/ndc-nested-5.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy +analyzed: examples/sapic/fast/basic/ndc-nested-5.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy.tmp - processing time: 0.145508666s + output: examples/sapic/fast/basic/ndc-nested-5.spthy.tmp + processing time: 0.147209008s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (5 steps) C_possible (exists-trace): verified (5 steps) @@ -313,10 +322,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy +analyzed: examples/sapic/fast/basic/ndc-nested-5.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy.tmp - processing time: 0.145508666s + output: examples/sapic/fast/basic/ndc-nested-5.spthy.tmp + processing time: 0.147209008s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (5 steps) C_possible (exists-trace): verified (5 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested_analyzed.spthy b/case-studies-regression/sapic/fast/basic/ndc-nested_analyzed.spthy similarity index 93% rename from case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested_analyzed.spthy rename to case-studies-regression/sapic/fast/basic/ndc-nested_analyzed.spthy index 716674d8e..62b2d2c04 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-nested_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/ndc-nested_analyzed.spthy @@ -2,7 +2,8 @@ theory nestedNDC begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -244,17 +253,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/ndc-nested.spthy +analyzing: examples/sapic/fast/basic/ndc-nested.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested.spthy +analyzed: examples/sapic/fast/basic/ndc-nested.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested.spthy.tmp - processing time: 0.083198148s + output: examples/sapic/fast/basic/ndc-nested.spthy.tmp + processing time: 0.072181305s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (5 steps) C_possible (exists-trace): verified (5 steps) @@ -269,10 +278,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/ndc-nested.spthy +analyzed: examples/sapic/fast/basic/ndc-nested.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-nested.spthy.tmp - processing time: 0.083198148s + output: examples/sapic/fast/basic/ndc-nested.spthy.tmp + processing time: 0.072181305s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (5 steps) C_possible (exists-trace): verified (5 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-two-replications_analyzed.spthy b/case-studies-regression/sapic/fast/basic/ndc-two-replications_analyzed.spthy similarity index 89% rename from case-studies-regression/sapic/fast/fairexchange-mini/ndc-two-replications_analyzed.spthy rename to case-studies-regression/sapic/fast/basic/ndc-two-replications_analyzed.spthy index bf38d2a7a..9b79f9879 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/ndc-two-replications_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/ndc-two-replications_analyzed.spthy @@ -2,7 +2,8 @@ theory NDCTwoReplications begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -155,17 +164,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy +analyzing: examples/sapic/fast/basic/ndc-two-replications.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy +analyzed: examples/sapic/fast/basic/ndc-two-replications.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy.tmp - processing time: 0.079804826s + output: examples/sapic/fast/basic/ndc-two-replications.spthy.tmp + processing time: 0.043962286s A_possible (exists-trace): verified (4 steps) B_possible (exists-trace): verified (4 steps) no_progress_possible (exists-trace): verified (2 steps) @@ -177,10 +186,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy +analyzed: examples/sapic/fast/basic/ndc-two-replications.spthy - output: examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy.tmp - processing time: 0.079804826s + output: examples/sapic/fast/basic/ndc-two-replications.spthy.tmp + processing time: 0.043962286s A_possible (exists-trace): verified (4 steps) B_possible (exists-trace): verified (4 steps) no_progress_possible (exists-trace): verified (2 steps) diff --git a/case-studies-regression/sapic/fast/basic/no-replication_analyzed.spthy b/case-studies-regression/sapic/fast/basic/no-replication_analyzed.spthy index 31266cef5..dc5dbb126 100644 --- a/case-studies-regression/sapic/fast/basic/no-replication_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/no-replication_analyzed.spthy @@ -2,11 +2,13 @@ theory NoReplication begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + lemma onlyOneSecret: all-traces "∀ #i #j x y. ((Secret( x ) @ #i) ∧ (Secret( y ) @ #j)) ⇒ (x = y)" @@ -16,38 +18,30 @@ guarded formula characterizing all counter-examples: */ simplify solve( State_1( x ) ▶₀ #i ) - case news_0_ + case Init solve( State_1( y ) ▶₀ #j ) - case news_0_ + case Init by contradiction /* from formulas */ qed qed -rule (modulo E) Init[color=#ffffff, process="new s;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) news_0_[color=#ffffff, process="new s;"]: - [ State_( ), Fr( s ) ] --> [ State_1( s ) ] +rule (modulo E) Init[color=#ffffff, process="new s.1;"]: + [ Fr( s.1 ) ] --[ Init( ) ]-> [ State_1( s.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="new s.1;"]: + [ Fr( s ) ] --[ Init( ) ]-> [ State_1( s ) ] + */ rule (modulo E) eventSecrets_0_1[color=#ffffff, - process="event Secret( s );"]: - [ State_1( s ) ] --[ Secret( s ) ]-> [ State_11( s ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outs_0_11[color=#ffffff, process="out(s);"]: - [ State_11( s ) ] --> [ State_111( s ), Out( s ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( s ) ] --> [ ] + process="event Secret( s.1 );"]: + [ State_1( s.1 ) ] --[ Secret( s.1 ) ]-> [ Out( s.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSecrets_0_1[color=#ffffff, + process="event Secret( s.1 );"]: + [ State_1( s ) ] --[ Secret( s ) ]-> [ Out( s ) ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -58,7 +52,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -68,7 +62,7 @@ analyzing: examples/sapic/fast/basic/no-replication.spthy analyzed: examples/sapic/fast/basic/no-replication.spthy output: examples/sapic/fast/basic/no-replication.spthy.tmp - processing time: 0.053403595s + processing time: 0.019708097s onlyOneSecret (all-traces): verified (4 steps) ------------------------------------------------------------------------------ @@ -79,7 +73,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/no-replication.spthy output: examples/sapic/fast/basic/no-replication.spthy.tmp - processing time: 0.053403595s + processing time: 0.019708097s onlyOneSecret (all-traces): verified (4 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/operator-precedence-1_analyzed.spthy b/case-studies-regression/sapic/fast/basic/operator-precedence-1_analyzed.spthy index 19b106880..2c25348e9 100644 --- a/case-studies-regression/sapic/fast/basic/operator-precedence-1_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/operator-precedence-1_analyzed.spthy @@ -2,13 +2,15 @@ theory OperatorPrecedencePar begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p section{* A few test cases for operator precedence *} + + lemma semicolon_binds_stronger_than_parallel: exists-trace "((∃ #c. C( ) @ #c) ∧ (¬(∃ #a. A( ) @ #a))) ∧ (¬(∃ #b. B( ) @ #b))" @@ -18,42 +20,27 @@ guarded formula characterizing all satisfying traces: */ simplify solve( State_2( ) ▶₀ #c ) - case p_0_ + case Init SOLVED // trace found qed -rule (modulo E) Init[color=#ffffff, process="|"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="|"]: - [ State_( ) ] --> [ State_1( ), State_2( ) ] - - /* has exactly the trivial AC variant */ - rule (modulo E) eventA_0_1[color=#ffffff, process="event A( );"]: [ State_1( ) ] --[ A( ) ]-> [ State_11( ) ] /* has exactly the trivial AC variant */ rule (modulo E) eventB_0_11[color=#ffffff, process="event B( );"]: - [ State_11( ) ] --[ B( ) ]-> [ State_111( ) ] + [ State_11( ) ] --[ B( ) ]-> [ ] /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ) ] --> [ ] +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ State_1( ), State_2( ) ] /* has exactly the trivial AC variant */ rule (modulo E) eventC_0_2[color=#ffffff, process="event C( );"]: - [ State_2( ) ] --[ C( ) ]-> [ State_21( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_21[color=#ffffff, process="0"]: - [ State_21( ) ] --> [ ] + [ State_2( ) ] --[ C( ) ]-> [ ] /* has exactly the trivial AC variant */ @@ -66,7 +53,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -76,7 +63,7 @@ analyzing: examples/sapic/fast/basic/operator-precedence-1.spthy analyzed: examples/sapic/fast/basic/operator-precedence-1.spthy output: examples/sapic/fast/basic/operator-precedence-1.spthy.tmp - processing time: 0.069637732s + processing time: 0.015363131s semicolon_binds_stronger_than_parallel (exists-trace): verified (3 steps) ------------------------------------------------------------------------------ @@ -87,7 +74,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/operator-precedence-1.spthy output: examples/sapic/fast/basic/operator-precedence-1.spthy.tmp - processing time: 0.069637732s + processing time: 0.015363131s semicolon_binds_stronger_than_parallel (exists-trace): verified (3 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/operator-precedence-2_analyzed.spthy b/case-studies-regression/sapic/fast/basic/operator-precedence-2_analyzed.spthy index 3681894e7..21a937679 100644 --- a/case-studies-regression/sapic/fast/basic/operator-precedence-2_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/operator-precedence-2_analyzed.spthy @@ -2,13 +2,15 @@ theory OperatorPrecedenceNDC begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p section{* A few test cases for operator precedence *} + + lemma semicolon_binds_stronger_than_NDC: exists-trace "((∃ #c. C( ) @ #c) ∧ (¬(∃ #a. A( ) @ #a))) ∧ (¬(∃ #b. B( ) @ #b))" @@ -33,22 +35,12 @@ rule (modulo E) eventA_0_1[color=#ffffff, process="event A( );"]: /* has exactly the trivial AC variant */ rule (modulo E) eventB_0_11[color=#ffffff, process="event B( );"]: - [ State_11( ) ] --[ B( ) ]-> [ State_111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ) ] --> [ ] + [ State_11( ) ] --[ B( ) ]-> [ ] /* has exactly the trivial AC variant */ rule (modulo E) eventC_0_2[color=#ffffff, process="event C( );"]: - [ State_( ) ] --[ C( ) ]-> [ State_21( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_21[color=#ffffff, process="0"]: - [ State_21( ) ] --> [ ] + [ State_( ) ] --[ C( ) ]-> [ ] /* has exactly the trivial AC variant */ @@ -61,7 +53,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -71,7 +63,7 @@ analyzing: examples/sapic/fast/basic/operator-precedence-2.spthy analyzed: examples/sapic/fast/basic/operator-precedence-2.spthy output: examples/sapic/fast/basic/operator-precedence-2.spthy.tmp - processing time: 0.072330264s + processing time: 0.010272693s semicolon_binds_stronger_than_NDC (exists-trace): verified (3 steps) ------------------------------------------------------------------------------ @@ -82,7 +74,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/operator-precedence-2.spthy output: examples/sapic/fast/basic/operator-precedence-2.spthy.tmp - processing time: 0.072330264s + processing time: 0.010272693s semicolon_binds_stronger_than_NDC (exists-trace): verified (3 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/operator-precedence-3_analyzed.spthy b/case-studies-regression/sapic/fast/basic/operator-precedence-3_analyzed.spthy index 0aadae49f..4438f9096 100644 --- a/case-studies-regression/sapic/fast/basic/operator-precedence-3_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/operator-precedence-3_analyzed.spthy @@ -2,7 +2,7 @@ theory OperatorPrecedenceLookup begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p @@ -11,6 +11,8 @@ section{* A few test cases for operator precedence *} predicate: True( )<=>⊤ + + lemma elseIsResolvedInnerFirst: exists-trace "(∃ #l. LookupElse( ) @ #l) ∧ (∃ #p. PositiveBranch( ) @ #p)" @@ -21,8 +23,8 @@ guarded formula characterizing all satisfying traces: simplify solve( State_112( ) ▶₀ #l ) case lookupxasx_1_11 - solve( State_1( ) ▶₀ #p ) - case ifTrue_0_ + solve( State_( ) ▶₀ #p ) + case Init SOLVED // trace found qed qed @@ -37,42 +39,28 @@ restriction Restr_ifTrue_0__1: // safety formula rule (modulo E) ifTrue_0_[color=#ffffff, process="if True( )"]: - [ State_( ) ] --[ Restr_ifTrue_0__1( ) ]-> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifTrue_1__1: - "∀ #NOW. (Restr_ifTrue_1__1( ) @ #NOW) ⇒ (¬(⊤))" - // safety formula - -rule (modulo E) ifTrue_1_[color=#ffffff, process="if True( )"]: - [ State_( ) ] --[ Restr_ifTrue_1__1( ) ]-> [ State_2( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventPositiveBranch_0_1[color=#ffffff, - process="event PositiveBranch( );"]: - [ State_1( ) ] --[ PositiveBranch( ) ]-> [ State_11( ) ] + [ State_( ) ] + --[ PositiveBranch( ), Restr_ifTrue_0__1( ) ]-> + [ State_11( ) ] /* has exactly the trivial AC variant */ rule (modulo E) lookupxasx_0_11[color=#ffffff, - process="lookup 'x' as x"]: - [ State_11( ) ] --[ IsIn( 'x', x ) ]-> [ State_111( x ) ] + process="lookup 'x' as x.1"]: + [ State_11( ) ] --[ IsIn( 'x', x.1 ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupxasx_0_11[color=#ffffff, + process="lookup 'x' as x.1"]: + [ State_11( ) ] --[ IsIn( 'x', x ) ]-> [ ] + */ rule (modulo E) lookupxasx_1_11[color=#ffffff, - process="lookup 'x' as x"]: + process="lookup 'x' as x.1"]: [ State_11( ) ] --[ IsNotSet( 'x' ) ]-> [ State_112( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - rule (modulo E) eventLookupElse_0_112[color=#ffffff, process="event LookupElse( );"]: [ State_112( ) ] --[ LookupElse( ) ]-> [ State_1121( ) ] @@ -81,17 +69,7 @@ rule (modulo E) eventLookupElse_0_112[color=#ffffff, rule (modulo E) insertyy_0_1121[color=#ffffff, process="insert 'y','y';"]: - [ State_1121( ) ] --[ Insert( 'y', 'y' ) ]-> [ State_11211( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11211[color=#ffffff, process="0"]: - [ State_11211( ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_2[color=#ffffff, process="0"]: - [ State_2( ) ] --> [ ] + [ State_1121( ) ] --[ Insert( 'y', 'y' ) ]-> [ ] /* has exactly the trivial AC variant */ @@ -117,7 +95,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -127,7 +105,7 @@ analyzing: examples/sapic/fast/basic/operator-precedence-3.spthy analyzed: examples/sapic/fast/basic/operator-precedence-3.spthy output: examples/sapic/fast/basic/operator-precedence-3.spthy.tmp - processing time: 0.067967751s + processing time: 0.016481791s elseIsResolvedInnerFirst (exists-trace): verified (4 steps) ------------------------------------------------------------------------------ @@ -138,7 +116,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/operator-precedence-3.spthy output: examples/sapic/fast/basic/operator-precedence-3.spthy.tmp - processing time: 0.067967751s + processing time: 0.016481791s elseIsResolvedInnerFirst (exists-trace): verified (4 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/operator-precedence-4_analyzed.spthy b/case-studies-regression/sapic/fast/basic/operator-precedence-4_analyzed.spthy index 1259ba4d2..9c6924b2a 100644 --- a/case-studies-regression/sapic/fast/basic/operator-precedence-4_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/operator-precedence-4_analyzed.spthy @@ -2,13 +2,15 @@ theory OperatorPrecedenceLet begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p section{* A few test cases for operator precedence *} + + lemma second_process_covered: all-traces "∀ #e x. (E( x ) @ #e) ⇒ (x = '1')" /* @@ -17,50 +19,25 @@ guarded formula characterizing all counter-examples: */ simplify solve( E( x ) @ #e ) - case eventE_0_11 + case in_0_1 by contradiction /* from formulas */ next - case eventE_0_21 + case in_0_2 by contradiction /* from formulas */ qed -rule (modulo E) Init[color=#ffffff, process="|"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="|"]: - [ State_( ) ] --> [ State_1( ), State_2( ) ] - - /* has exactly the trivial AC variant */ - rule (modulo E) in_0_1[color=#ffffff, process="in('1');"]: - [ State_1( ), In( '1' ) ] --> [ State_11( ) ] + [ State_1( ), In( '1' ) ] --[ E( '1' ) ]-> [ ] /* has exactly the trivial AC variant */ -rule (modulo E) eventE_0_11[color=#ffffff, process="event E( '1' );"]: - [ State_11( ) ] --[ E( '1' ) ]-> [ State_111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ) ] --> [ ] +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ State_1( ), State_2( ) ] /* has exactly the trivial AC variant */ rule (modulo E) in_0_2[color=#ffffff, process="in('1');"]: - [ State_2( ), In( '1' ) ] --> [ State_21( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventE_0_21[color=#ffffff, process="event E( '1' );"]: - [ State_21( ) ] --[ E( '1' ) ]-> [ State_211( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_211[color=#ffffff, process="0"]: - [ State_211( ) ] --> [ ] + [ State_2( ), In( '1' ) ] --[ E( '1' ) ]-> [ ] /* has exactly the trivial AC variant */ @@ -73,7 +50,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -83,7 +60,7 @@ analyzing: examples/sapic/fast/basic/operator-precedence-4.spthy analyzed: examples/sapic/fast/basic/operator-precedence-4.spthy output: examples/sapic/fast/basic/operator-precedence-4.spthy.tmp - processing time: 0.083197688s + processing time: 0.009440112s second_process_covered (all-traces): verified (4 steps) ------------------------------------------------------------------------------ @@ -94,7 +71,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/operator-precedence-4.spthy output: examples/sapic/fast/basic/operator-precedence-4.spthy.tmp - processing time: 0.083197688s + processing time: 0.009440112s second_process_covered (all-traces): verified (4 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/operator-precedence-5_analyzed.spthy b/case-studies-regression/sapic/fast/basic/operator-precedence-5_analyzed.spthy index 83c48a477..827fcc92e 100644 --- a/case-studies-regression/sapic/fast/basic/operator-precedence-5_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/operator-precedence-5_analyzed.spthy @@ -2,13 +2,15 @@ theory OperatorPrecedenceLetTriple begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p section{* A few test cases for operator precedence *} + + lemma second_process_covered: all-traces "∀ #e x. (E( x ) @ #e) ⇒ (x = '1')" /* @@ -17,73 +19,33 @@ guarded formula characterizing all counter-examples: */ simplify solve( E( x ) @ #e ) - case eventE_0_111 + case in_0_11 by contradiction /* from formulas */ next - case eventE_0_121 + case in_0_12 by contradiction /* from formulas */ next - case eventE_0_21 + case in_0_2 by contradiction /* from formulas */ qed -rule (modulo E) Init[color=#ffffff, process="|"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="|"]: - [ State_( ) ] --> [ State_1( ), State_2( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - - /* has exactly the trivial AC variant */ - rule (modulo E) in_0_11[color=#ffffff, process="in('1');"]: - [ State_11( ), In( '1' ) ] --> [ State_111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventE_0_111[color=#ffffff, process="event E( '1' );"]: - [ State_111( ) ] --[ E( '1' ) ]-> [ State_1111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#ffffff, process="0"]: - [ State_1111( ) ] --> [ ] + [ State_11( ), In( '1' ) ] --[ E( '1' ) ]-> [ ] /* has exactly the trivial AC variant */ rule (modulo E) in_0_12[color=#ffffff, process="in('1');"]: - [ State_12( ), In( '1' ) ] --> [ State_121( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventE_0_121[color=#ffffff, process="event E( '1' );"]: - [ State_121( ) ] --[ E( '1' ) ]-> [ State_1211( ) ] + [ State_12( ), In( '1' ) ] --[ E( '1' ) ]-> [ ] /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1211[color=#ffffff, process="0"]: - [ State_1211( ) ] --> [ ] +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ State_11( ), State_12( ), State_2( ) ] /* has exactly the trivial AC variant */ rule (modulo E) in_0_2[color=#ffffff, process="in('1');"]: - [ State_2( ), In( '1' ) ] --> [ State_21( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventE_0_21[color=#ffffff, process="event E( '1' );"]: - [ State_21( ) ] --[ E( '1' ) ]-> [ State_211( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_211[color=#ffffff, process="0"]: - [ State_211( ) ] --> [ ] + [ State_2( ), In( '1' ) ] --[ E( '1' ) ]-> [ ] /* has exactly the trivial AC variant */ @@ -96,7 +58,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -106,7 +68,7 @@ analyzing: examples/sapic/fast/basic/operator-precedence-5.spthy analyzed: examples/sapic/fast/basic/operator-precedence-5.spthy output: examples/sapic/fast/basic/operator-precedence-5.spthy.tmp - processing time: 0.06524398s + processing time: 0.015741644s second_process_covered (all-traces): verified (5 steps) ------------------------------------------------------------------------------ @@ -117,7 +79,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/operator-precedence-5.spthy output: examples/sapic/fast/basic/operator-precedence-5.spthy.tmp - processing time: 0.06524398s + processing time: 0.015741644s second_process_covered (all-traces): verified (5 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/patterns_analyzed.spthy b/case-studies-regression/sapic/fast/basic/patterns_analyzed.spthy new file mode 100644 index 000000000..2708a44af --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/patterns_analyzed.spthy @@ -0,0 +1,56 @@ +theory Patterns begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + +rule (modulo E) Init[color=#ffffff, process="in(x.1);"]: + [ In( x.1 ), In( x.1 ), In( ), In( z.1 ), In( z.1 ) ] + --[ Init( ) ]-> + [ ] + + /* + rule (modulo AC) Init[color=#ffffff, process="in(x.1);"]: + [ In( x ), In( x ), In( ), In( z ), In( z ) ] --[ Init( ) ]-> [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/patterns.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/patterns.spthy + + output: examples/sapic/fast/basic/patterns.spthy.tmp + processing time: 0.00839677s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/patterns.spthy + + output: examples/sapic/fast/basic/patterns.spthy.tmp + processing time: 0.00839677s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/reliable-channel_analyzed.spthy b/case-studies-regression/sapic/fast/basic/reliable-channel_analyzed.spthy index adf9b9816..8864aafb2 100644 --- a/case-studies-regression/sapic/fast/basic/reliable-channel_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/reliable-channel_analyzed.spthy @@ -2,7 +2,8 @@ theory reliableChannels begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -10,6 +11,14 @@ equations: heuristic: p + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -30,7 +39,7 @@ guarded formula characterizing all satisfying traces: */ simplify solve( State_211( m ) ▶₀ #t ) - case inrm_0_21 + case p_1_2 SOLVED // trace found qed @@ -71,9 +80,9 @@ simplify solve( (#t1 < #t2) ∥ (#t2 < #t1) ) case case_1 solve( State_211( m ) ▶₀ #t1 ) - case inrm_0_21 + case p_1_2 solve( State_211( m.1 ) ▶₀ #t2 ) - case inrm_0_21 + case p_1_2 SOLVED // trace found qed qed @@ -89,49 +98,50 @@ rule (modulo E) Init[color=#ffffff, process="+"]: /* has exactly the trivial AC variant */ -rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m);"]: - [ State_( ), In( m ), MID_Receiver( ~mid_1 ) ] - --[ Receive( ~mid_1, m ) ]-> - [ State_11( m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventA_0_11[color=#ffffff, process="event A( );"]: - [ State_11( m ) ] --[ A( ) ]-> [ State_111( m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( m ) ] --> [ ] - - /* has exactly the trivial AC variant */ - rule (modulo E) p_0_2[color=#ffffff, process="!"]: [ State_( ) ] --> [ !Semistate_21( ) ] /* has exactly the trivial AC variant */ rule (modulo E) p_1_2[color=#ffffff, process="!"]: - [ !Semistate_21( ) ] --> [ State_21( ) ] + [ !Semistate_21( ), In( m.2 ), MID_Receiver( ~mid_21 ) ] + --[ Receive( ~mid_21, m.2 ) ]-> + [ State_211( m.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_2[color=#ffffff, process="!"]: + [ !Semistate_21( ), In( m ), MID_Receiver( ~mid_21 ) ] + --[ Receive( ~mid_21, m ) ]-> + [ State_211( m ) ] + */ -rule (modulo E) inrm_0_21[color=#ffffff, process="in('r',m);"]: - [ State_21( ), In( m ), MID_Receiver( ~mid_21 ) ] - --[ Receive( ~mid_21, m ) ]-> - [ State_211( m ) ] +rule (modulo E) eventB_0_211[color=#ffffff, process="event B( );"]: + [ State_211( m.2 ) ] --[ B( ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventB_0_211[color=#ffffff, process="event B( );"]: + [ State_211( m ) ] --[ B( ) ]-> [ ] + */ -rule (modulo E) eventB_0_211[color=#ffffff, process="event B( );"]: - [ State_211( m ) ] --[ B( ) ]-> [ State_2111( m ) ] +rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ State_( ), In( m.1 ), MID_Receiver( ~mid_1 ) ] + --[ Receive( ~mid_1, m.1 ) ]-> + [ State_11( m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ State_( ), In( m ), MID_Receiver( ~mid_1 ) ] + --[ Receive( ~mid_1, m ) ]-> + [ State_11( m ) ] + */ -rule (modulo E) p_0_2111[color=#ffffff, process="0"]: - [ State_2111( m ) ] --> [ ] +rule (modulo E) eventA_0_11[color=#ffffff, process="event A( );"]: + [ State_11( m.1 ) ] --[ A( ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventA_0_11[color=#ffffff, process="event A( );"]: + [ State_11( m ) ] --[ A( ) ]-> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -142,7 +152,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -152,7 +162,7 @@ analyzing: examples/sapic/fast/basic/reliable-channel.spthy analyzed: examples/sapic/fast/basic/reliable-channel.spthy output: examples/sapic/fast/basic/reliable-channel.spthy.tmp - processing time: 0.063076259s + processing time: 0.041074284s A_possible (exists-trace): verified (3 steps) B_possible (exists-trace): verified (3 steps) A_once (all-traces): verified (8 steps) @@ -166,7 +176,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/reliable-channel.spthy output: examples/sapic/fast/basic/reliable-channel.spthy.tmp - processing time: 0.063076259s + processing time: 0.041074284s A_possible (exists-trace): verified (3 steps) B_possible (exists-trace): verified (3 steps) A_once (all-traces): verified (8 steps) diff --git a/case-studies-regression/sapic/fast/basic/replication_analyzed.spthy b/case-studies-regression/sapic/fast/basic/replication_analyzed.spthy index 1d43a0e4b..4f97d3cc1 100644 --- a/case-studies-regression/sapic/fast/basic/replication_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/replication_analyzed.spthy @@ -2,11 +2,13 @@ theory Replication begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + lemma onlyOneSecret: exists-trace "∃ #i #j x y. ((Secret( x ) @ #i) ∧ (Secret( y ) @ #j)) ∧ (¬(x = y))" @@ -15,49 +17,26 @@ guarded formula characterizing all satisfying traces: "∃ #i #j x y. (Secret( x ) @ #i) ∧ (Secret( y ) @ #j) ∧ ¬(x = y)" */ simplify -solve( State_11( x ) ▶₀ #i ) - case news_0_1 - solve( State_11( y ) ▶₀ #j ) - case news_0_1 +solve( !Semistate_1( ) ▶₀ #i ) + case Init + solve( !Semistate_1( ) ▶₀ #j ) + case Init SOLVED // trace found qed qed rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) news_0_1[color=#ffffff, process="new s;"]: - [ State_1( ), Fr( s ) ] --> [ State_11( s ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSecrets_0_11[color=#ffffff, - process="event Secret( s );"]: - [ State_11( s ) ] --[ Secret( s ) ]-> [ State_111( s ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outs_0_111[color=#ffffff, process="out(s);"]: - [ State_111( s ) ] --> [ State_1111( s ), Out( s ) ] + [ !Semistate_1( ), Fr( s.1 ) ] --[ Secret( s.1 ) ]-> [ Out( s.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#ffffff, process="0"]: - [ State_1111( s ) ] --> [ ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( s ) ] --[ Secret( s ) ]-> [ Out( s ) ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -68,7 +47,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -78,7 +57,7 @@ analyzing: examples/sapic/fast/basic/replication.spthy analyzed: examples/sapic/fast/basic/replication.spthy output: examples/sapic/fast/basic/replication.spthy.tmp - processing time: 0.055508216s + processing time: 0.01550528s onlyOneSecret (exists-trace): verified (4 steps) ------------------------------------------------------------------------------ @@ -89,7 +68,7 @@ summary of summaries: analyzed: examples/sapic/fast/basic/replication.spthy output: examples/sapic/fast/basic/replication.spthy.tmp - processing time: 0.055508216s + processing time: 0.01550528s onlyOneSecret (exists-trace): verified (4 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/running-example_analyzed.spthy b/case-studies-regression/sapic/fast/basic/running-example_analyzed.spthy index e9b3ee462..c0cca2913 100644 --- a/case-studies-regression/sapic/fast/basic/running-example_analyzed.spthy +++ b/case-studies-regression/sapic/fast/basic/running-example_analyzed.spthy @@ -2,7 +2,8 @@ theory RunningExample begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,8 +11,12 @@ equations: heuristic: p + + predicate: SencSucc( c, k )<=>∃ m. senc(m, k) = c + + lemma can_create_key: exists-trace "∃ #t h k. NewKey( h, k ) @ #t" /* @@ -19,8 +24,8 @@ guarded formula characterizing all satisfying traces: "∃ #t h k. (NewKey( h, k ) @ #t)" */ simplify -solve( State_111111( h, k ) ▶₀ #t ) - case newk_0_11111 +solve( State_1111( ) ▶₀ #t ) + case p_1_ SOLVED // trace found qed @@ -36,19 +41,19 @@ solve( State_1211111( a1, h1, h2, k1, k2 ) ▶₀ #t ) solve( Insert( <'key', h2>, k2 ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'att', ~n>, 'wrap' ) @ #t2.2 ) - case insertatthwrap_0_11121 - solve( State_11121( ~n ) ▶₀ #t2.2 ) - case inh_0_1112 + case inh_0_1112 + solve( State_1112( ) ▶₀ #t2.2 ) + case p_1_ solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 + case insertatthdec_0_11111111 solve( !KU( ~n ) @ #vk.2 ) - case outh_0_111111111 + case insertatthdec_0_11111111 SOLVED // trace found qed qed @@ -119,77 +124,77 @@ next ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)) ) case case_1 - solve( State_11211111( a, c, h, k ) ▶₀ #t1 ) - case ifSencSuccck_0_1121111 - solve( Insert( <'key', h>, k ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) - case insertatthdec_0_11111111 - solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) - case insertkeyhk_0_1111111 - solve( !KU( senc(m, ~n) ) @ #vk.2 ) - case c_senc - by contradiction /* from formulas */ - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111_case_1 - solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 - solve( Insert( <'key', h2>, m ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, m ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_111111 - solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.1 ) - qed - qed - qed - qed - qed - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, m ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, m ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_111111 - solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.22 < #t2.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.1 ) - next - case case_3 - solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.3 ) - case insertatthwrap_0_11121 - solve( State_11121( ~n.2 ) ▶₀ #t2.3 ) - case inh_0_1112 - solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) - case eventNewKeyhk_0_111111 - by solve( (#vr.27, 0) ~~> (#vk.1, 0) ) + solve( State_1121111( a, senc(m, k), k, h ) ▶₀ #t1 ) + case lookupkeyhask_0_112111 + solve( !KU( senc(m, k) ) @ #vk.2 ) + case c_senc + solve( Insert( <'key', h>, k ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h, k ) ▶₀ #t2 ) + case newh_0_1111 + by contradiction /* from formulas */ + qed + qed + next + case eventWrapkk_0_1211111_case_1 + solve( Insert( <'key', h>, k ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h, k ) ▶₀ #t2 ) + case newh_0_1111 + solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) + case insertatthdec_0_11111111 + solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) + case insertkeyhk_0_1111111 + solve( Insert( <'key', h2>, m ) @ #t2.2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, m ) ▶₀ #t2.2 ) + case newh_0_1111 + solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) + case newh_0_1111 + solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.10 < #t2.1) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.1 ) + next + case case_3 + solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.3 ) + case inh_0_1112 + solve( State_1112( ) ▶₀ #t2.3 ) + case p_1_ + solve( !KU( ~n.2 ) @ #vk.2 ) + case eventWrapkk_0_1211111 + solve( !KU( ~n.3 ) @ #vk.4 ) + case eventWrapkk_0_1211111 + solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) + case newh_0_1111 + by solve( (#vr.19, 0) ~~> (#vk.1, 0) ) + qed + qed + next + case ifSencSuccck_0_1121111 + by contradiction /* from formulas */ + next + case insertatthdec_0_11111111 + solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) + case newh_0_1111 + by solve( (#vr.19, 0) ~~> (#vk.1, 0) ) + qed qed qed + next + case ifSencSuccck_0_1121111 + by contradiction /* from formulas */ + next + case insertatthdec_0_11111111 + by contradiction /* cyclic */ qed qed qed @@ -198,34 +203,34 @@ next qed qed qed - next - case outsenckk_0_12111111_case_2 - solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 - solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - by contradiction /* impossible chain */ - qed - qed - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - by contradiction /* impossible chain */ - qed + qed + qed + qed + qed + next + case eventWrapkk_0_1211111_case_2 + solve( Insert( <'key', h>, k ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h, k ) ▶₀ #t2 ) + case newh_0_1111 + solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) + case insertatthdec_0_11111111 + solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) + case insertkeyhk_0_1111111 + solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) + case newh_0_1111 + by contradiction /* impossible chain */ qed qed qed qed qed qed + next + case ifSencSuccck_0_1121111 + by contradiction /* from formulas */ qed qed next @@ -285,50 +290,41 @@ next case case_1 solve( (last(#j)) ∥ (last(#i)) ) case case_1 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 + solve( State_1111( ) ▶₀ #i ) + case p_1_ solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 + case eventWrapkk_0_1211111 solve( Insert( <'key', h2>, k2 ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) + case newh_0_1111 + solve( (#vr.3, 0) ~~> (#j, 0) ) case Var_fresh_3_n solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 by contradiction /* from formulas */ qed qed qed qed qed + next + case ifSencSuccck_0_1121111 + by contradiction /* from formulas */ qed qed next case case_2 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 + solve( State_1111( ) ▶₀ #i ) + case p_1_ solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 - by contradiction /* from formulas */ + case eventWrapkk_0_1211111 + by contradiction /* node #j after last node #i */ next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - by contradiction /* from formulas */ - qed - qed - qed + case ifSencSuccck_0_1121111 + by contradiction /* from formulas */ qed qed qed @@ -356,146 +352,110 @@ guarded formula characterizing all counter-examples: simplify by contradiction /* from formulas */ -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( ) ] --> [ State_111( ), State_112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( ) ] --> [ State_1111( ), State_1112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newh_0_1111[color=#ffffff, process="new h;"]: - [ State_1111( ), Fr( h ) ] --> [ State_11111( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_11111[color=#ffffff, process="new k;"]: - [ State_11111( h ), Fr( k ) ] --> [ State_111111( h, k ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventNewKeyhk_0_111111[color=#ffffff, - process="event NewKey( h, k );"]: - [ State_111111( h, k ) ] --[ NewKey( h, k ) ]-> [ State_1111111( h, k ) ] +rule (modulo E) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h.1 ), Fr( k.1 ) ] + --[ NewKey( h.1, k.1 ) ]-> + [ State_1111111( h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h ), Fr( k ) ] + --[ NewKey( h, k ) ]-> + [ State_1111111( h, k ) ] + */ rule (modulo E) insertkeyhk_0_1111111[color=#ffffff, - process="insert <'key', h>,k;"]: - [ State_1111111( h, k ) ] - --[ Insert( <'key', h>, k ) ]-> - [ State_11111111( h, k ) ] + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h.1, k.1 ) ] + --[ Insert( <'key', h.1>, k.1 ) ]-> + [ State_11111111( h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertkeyhk_0_1111111[color=#ffffff, + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h, k ) ] + --[ Insert( <'key', h>, k ) ]-> + [ State_11111111( h, k ) ] + */ rule (modulo E) insertatthdec_0_11111111[color=#ffffff, - process="insert <'att', h>,'dec';"]: - [ State_11111111( h, k ) ] - --[ Insert( <'att', h>, 'dec' ) ]-> - [ State_111111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outh_0_111111111[color=#ffffff, process="out(h);"]: - [ State_111111111( h, k ) ] --> [ State_1111111111( h, k ), Out( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111[color=#ffffff, process="0"]: - [ State_1111111111( h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inh_0_1112[color=#ffffff, process="in(h);"]: - [ State_1112( ), In( h ) ] --> [ State_11121( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertatthwrap_0_11121[color=#ffffff, - process="insert <'att', h>,'wrap';"]: - [ State_11121( h ) ] - --[ Insert( <'att', h>, 'wrap' ) ]-> - [ State_111211( h ) ] + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h.1, k.1 ) ] + --[ Insert( <'att', h.1>, 'dec' ) ]-> + [ Out( h.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertatthdec_0_11111111[color=#ffffff, + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h, k ) ] + --[ Insert( <'att', h>, 'dec' ) ]-> + [ Out( h ) ] + */ -rule (modulo E) p_0_111211[color=#ffffff, process="0"]: - [ State_111211( h ) ] --> [ ] +rule (modulo E) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h.2 ) ] --[ Insert( <'att', h.2>, 'wrap' ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h ) ] --[ Insert( <'att', h>, 'wrap' ) ]-> [ ] + */ -rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: - [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] +rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] + */ rule (modulo E) lookupatthasa_0_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_11211( a, c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_11212( c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Eq( a, 'dec' ) ]-> - [ State_112111( a, c, h ) ] + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] + --[ IsIn( <'att', h.3>, a.1 ) ]-> + [ State_11211( a.1, c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_0_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_11211( a, c, h ) ] + */ -rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Not_Eq( a, 'dec' ) ]-> - [ State_112112( a, c, h ) ] +rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] + --[ Pred_Eq( a.1, 'dec' ) ]-> + [ State_112111( a.1, c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] + --[ Pred_Eq( a, 'dec' ) ]-> + [ State_112111( a, c, h ) ] + */ rule (modulo E) lookupkeyhask_0_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsIn( <'key', h>, k ) ]-> - [ State_1121111( a, c, h, k ) ] + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] + --[ IsIn( <'key', h.3>, k.2 ) ]-> + [ State_1121111( a.1, c.1, k.2, h.3 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsNotSet( <'key', h> ) ]-> - [ State_1121112( a, c, h ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] + --[ IsIn( <'key', h>, k ) ]-> + [ State_1121111( a, c, k, h ) ] + */ restriction Restr_ifSencSuccck_0_1121111_1: "∀ x #NOW x.1. @@ -503,203 +463,182 @@ restriction Restr_ifSencSuccck_0_1121111_1: (∃ m. senc(m, x) = x.1)" rule (modulo E) ifSencSuccck_0_1121111[color=#ffffff, - process="if SencSucc( c, k )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifSencSuccck_0_1121111_1( k, c ) ]-> - [ State_11211111( a, c, h, k ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifSencSuccck_1_1121111_1: - "∀ x #NOW x.1. - (Restr_ifSencSuccck_1_1121111_1( x, x.1 ) @ #NOW) ⇒ - (¬(∃ m. senc(m, x) = x.1))" - // safety formula - -rule (modulo E) ifSencSuccck_1_1121111[color=#ffffff, - process="if SencSucc( c, k )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifSencSuccck_1_1121111_1( k, c ) ]-> - [ State_11211112( a, c, h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, sdec(c, k) ) ]-> - [ State_112111111( a, c, h, k ) ] + process="if SencSucc( c.1, k.2 )"]: + [ State_1121111( a.1, c.1, k.2, h.3 ) ] + --[ + DecUsing( k.2, sdec(c.1, k.2) ), + Restr_ifSencSuccck_0_1121111_1( k.2, c.1 ) + ]-> + [ Out( sdec(c.1, k.2) ) ] /* - rule (modulo AC) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, z ) ]-> - [ State_112111111( a, c, h, k ) ] + rule (modulo AC) ifSencSuccck_0_1121111[color=#ffffff, + process="if SencSucc( c.1, k.2 )"]: + [ State_1121111( a, c, k, h ) ] + --[ DecUsing( k, z ), Restr_ifSencSuccck_0_1121111_1( k, c ) ]-> + [ Out( z ) ] variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) + 1. c = c.9 + k = k.10 + z = sdec(c.9, k.10) - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 + 2. c = senc(x.9, x.10) + k = x.10 + z = x.9 */ -rule (modulo E) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( sdec(c, k) ) ] +rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] --[ IsNotSet( <'key', h.3> ) ]-> [ ] /* - rule (modulo AC) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( z ) ] - variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) - - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 + rule (modulo AC) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] --[ IsNotSet( <'key', h> ) ]-> [ ] */ -rule (modulo E) p_0_1121111111[color=#ffffff, process="0"]: - [ State_1121111111( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11211112[color=#ffffff, process="0"]: - [ State_11211112( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1121112[color=#ffffff, process="0"]: - [ State_1121112( a, c, h ) ] --> [ ] +rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] --[ Pred_Not_Eq( a.1, 'dec' ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] --[ Pred_Not_Eq( a, 'dec' ) ]-> [ ] + */ -rule (modulo E) p_0_112112[color=#ffffff, process="0"]: - [ State_112112( a, c, h ) ] --> [ ] +rule (modulo E) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] --[ IsNotSet( <'att', h.3> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] + */ -rule (modulo E) p_0_11212[color=#ffffff, process="0"]: - [ State_11212( c, h ) ] --> [ ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] + --> + [ State_1111( ), State_1112( ), State_112( ), State_12( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: - [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] +rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] + */ rule (modulo E) lookupatthasa_0_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsIn( <'att', h1>, a1 ) ]-> - [ State_1211( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsNotSet( <'att', h1> ) ]-> - [ State_1212( h1, h2 ) ] + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] + --[ IsIn( <'att', h1.1>, a1.1 ) ]-> + [ State_1211( a1.1, h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Eq( a1, 'wrap' ) ]-> - [ State_12111( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_0_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] + --[ IsIn( <'att', h1>, a1 ) ]-> + [ State_1211( a1, h1, h2 ) ] + */ -rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Not_Eq( a1, 'wrap' ) ]-> - [ State_12112( a1, h1, h2 ) ] +rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Eq( a1.1, 'wrap' ) ]-> + [ State_12111( a1.1, h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] + --[ Pred_Eq( a1, 'wrap' ) ]-> + [ State_12111( a1, h1, h2 ) ] + */ rule (modulo E) lookupkeyhask_0_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsIn( <'key', h1>, k1 ) ]-> - [ State_121111( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsNotSet( <'key', h1> ) ]-> - [ State_121112( a1, h1, h2 ) ] + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] + --[ IsIn( <'key', h1.1>, k1.1 ) ]-> + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] + --[ IsIn( <'key', h1>, k1 ) ]-> + [ State_121111( a1, h1, h2, k1 ) ] + */ rule (modulo E) lookupkeyhask_0_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsIn( <'key', h2>, k2 ) ]-> - [ State_1211111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsIn( <'key', h2.1>, k2.1 ) ]-> + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] -rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsNotSet( <'key', h2> ) ]-> - [ State_1211112( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] + --[ IsIn( <'key', h2>, k2 ) ]-> + [ State_1211111( a1, h1, h2, k1, k2 ) ] + */ rule (modulo E) eventWrapkk_0_1211111[color=#ffffff, - process="event Wrap( k1, k2 );"]: - [ State_1211111( a1, h1, h2, k1, k2 ) ] - --[ Wrap( k1, k2 ) ]-> - [ State_12111111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsenckk_0_12111111[color=#ffffff, - process="out(senc(k2, k1));"]: - [ State_12111111( a1, h1, h2, k1, k2 ) ] - --> - [ State_121111111( a1, h1, h2, k1, k2 ), Out( senc(k2, k1) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_121111111[color=#ffffff, process="0"]: - [ State_121111111( a1, h1, h2, k1, k2 ) ] --> [ ] + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] + --[ Wrap( k1.1, k2.1 ) ]-> + [ Out( senc(k2.1, k1.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventWrapkk_0_1211111[color=#ffffff, + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1, h1, h2, k1, k2 ) ] + --[ Wrap( k1, k2 ) ]-> + [ Out( senc(k2, k1) ) ] + */ -rule (modulo E) p_0_1211112[color=#ffffff, process="0"]: - [ State_1211112( a1, h1, h2, k1 ) ] --> [ ] +rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsNotSet( <'key', h2.1> ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] --[ IsNotSet( <'key', h2> ) ]-> [ ] + */ -rule (modulo E) p_0_121112[color=#ffffff, process="0"]: - [ State_121112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] --[ IsNotSet( <'key', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] --[ IsNotSet( <'key', h1> ) ]-> [ ] + */ -rule (modulo E) p_0_12112[color=#ffffff, process="0"]: - [ State_12112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Not_Eq( a1.1, 'wrap' ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] --[ Pred_Not_Eq( a1, 'wrap' ) ]-> [ ] + */ -rule (modulo E) p_0_1212[color=#ffffff, process="0"]: - [ State_1212( h1, h2 ) ] --> [ ] +rule (modulo E) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] --[ IsNotSet( <'att', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] --[ IsNotSet( <'att', h1> ) ]-> [ ] + */ restriction set_in: "∀ x y #t3. @@ -731,7 +670,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -741,11 +680,11 @@ analyzing: examples/sapic/fast/basic/running-example.spthy analyzed: examples/sapic/fast/basic/running-example.spthy output: examples/sapic/fast/basic/running-example.spthy.tmp - processing time: 2.189912653s + processing time: 4.643746574s can_create_key (exists-trace): verified (3 steps) can_obtain_wrapping (exists-trace): verified (11 steps) dec_limits (all-traces): verified (47 steps) - cannot_obtain_key_ind (all-traces): verified (25 steps) + cannot_obtain_key_ind (all-traces): verified (22 steps) cannot_obtain_key (all-traces): verified (2 steps) ------------------------------------------------------------------------------ @@ -756,11 +695,11 @@ summary of summaries: analyzed: examples/sapic/fast/basic/running-example.spthy output: examples/sapic/fast/basic/running-example.spthy.tmp - processing time: 2.189912653s + processing time: 4.643746574s can_create_key (exists-trace): verified (3 steps) can_obtain_wrapping (exists-trace): verified (11 steps) dec_limits (all-traces): verified (47 steps) - cannot_obtain_key_ind (all-traces): verified (25 steps) + cannot_obtain_key_ind (all-traces): verified (22 steps) cannot_obtain_key (all-traces): verified (2 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/basic/typing2_analyzed.spthy b/case-studies-regression/sapic/fast/basic/typing2_analyzed.spthy new file mode 100644 index 000000000..d5a432bc0 --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/typing2_analyzed.spthy @@ -0,0 +1,66 @@ +theory Typing begin + +// Function signature and definition of the equational theory E + +functions: f/1, fst/1[destructor], pair/2, snd/1[destructor] +equations: f(x) = x, fst() = x.1, snd() = x.2 + +heuristic: p + + + + + +rule (modulo E) Init[color=#ffffff, process="new x.1:lol;"]: + [ Fr( x.1 ) ] --[ Init( ) ]-> [ State_1( x.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new x.1:lol;"]: + [ Fr( x ) ] --[ Init( ) ]-> [ State_1( x ) ] + */ + +rule (modulo E) eventTestxlol_0_1[color=#ffffff, + process="event Test( x.1:lol );"]: + [ State_1( x.1 ) ] --[ Test( x.1 ) ]-> [ Out( f(f(x.1)) ) ] + + /* + rule (modulo AC) eventTestxlol_0_1[color=#ffffff, + process="event Test( x.1:lol );"]: + [ State_1( x ) ] --[ Test( x ) ]-> [ Out( x ) ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/typing2.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/typing2.spthy + + output: examples/sapic/fast/basic/typing2.spthy.tmp + processing time: 0.010741926s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/typing2.spthy + + output: examples/sapic/fast/basic/typing2.spthy.tmp + processing time: 0.010741926s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/typing3_analyzed.spthy b/case-studies-regression/sapic/fast/basic/typing3_analyzed.spthy new file mode 100644 index 000000000..b6ca2efad --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/typing3_analyzed.spthy @@ -0,0 +1,76 @@ +theory Typing begin + +// Function signature and definition of the equational theory E + +builtins: multiset +functions: f/1, fst/1[destructor], g/1, h/1, pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + + + + + + + +rule (modulo E) newxlol_0_1[color=#ffffff, process="new x.1:lol;"]: + [ State_1( ), Fr( x.1 ) ] --> [ Out( x.1 ) ] + + /* + rule (modulo AC) newxlol_0_1[color=#ffffff, process="new x.1:lol;"]: + [ State_1( ), Fr( x ) ] --> [ Out( x ) ] + */ + +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ State_1( ), State_2( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) newxlol_0_2[color=#ffffff, process="new x.2:lol;"]: + [ State_2( ), Fr( x.2 ) ] --> [ Out( x.2 ) ] + + /* + rule (modulo AC) newxlol_0_2[color=#ffffff, process="new x.2:lol;"]: + [ State_2( ), Fr( x ) ] --> [ Out( x ) ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/typing3.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/typing3.spthy + + output: examples/sapic/fast/basic/typing3.spthy.tmp + processing time: 0.009393774s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/typing3.spthy + + output: examples/sapic/fast/basic/typing3.spthy.tmp + processing time: 0.009393774s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/typing4_analyzed.spthy b/case-studies-regression/sapic/fast/basic/typing4_analyzed.spthy new file mode 100644 index 000000000..290c6a5aa --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/typing4_analyzed.spthy @@ -0,0 +1,92 @@ +theory Typing begin + +// Function signature and definition of the equational theory E + +builtins: multiset +functions: f/1, fst/1[destructor], g/1, h/1, pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + +lemma sanity: + exists-trace "∃ x y #i. (Run( x, y ) @ #i) ∧ (¬(x = y))" +/* +guarded formula characterizing all satisfying traces: +"∃ x y #i. (Run( x, y ) @ #i) ∧ ¬(x = y)" +*/ +simplify +solve( State_2( ) ▶₀ #i ) + case Init + SOLVED // trace found +qed + + + + + + + +rule (modulo E) newxlol_0_1[color=#ffffff, process="new x.2:lol;"]: + [ State_1( ), Fr( x.2 ) ] --> [ Out( x.2 ) ] + + /* + rule (modulo AC) newxlol_0_1[color=#ffffff, process="new x.2:lol;"]: + [ State_1( ), Fr( x ) ] --> [ Out( x ) ] + */ + +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ State_1( ), State_2( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) newxlol_0_2[color=#ffffff, process="new x.3:lol;"]: + [ State_2( ), Fr( x.3 ), Fr( x.4 ) ] + --[ Run( x.3, x.4 ) ]-> + [ Out( ) ] + + /* + rule (modulo AC) newxlol_0_2[color=#ffffff, process="new x.3:lol;"]: + [ State_2( ), Fr( x ), Fr( x.1 ) ] + --[ Run( x, x.1 ) ]-> + [ Out( ) ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/typing4.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/typing4.spthy + + output: examples/sapic/fast/basic/typing4.spthy.tmp + processing time: 0.021697052s + sanity (exists-trace): verified (3 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/typing4.spthy + + output: examples/sapic/fast/basic/typing4.spthy.tmp + processing time: 0.021697052s + sanity (exists-trace): verified (3 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/basic/typing_analyzed.spthy b/case-studies-regression/sapic/fast/basic/typing_analyzed.spthy new file mode 100644 index 000000000..d2f3e905e --- /dev/null +++ b/case-studies-regression/sapic/fast/basic/typing_analyzed.spthy @@ -0,0 +1,224 @@ +theory Typing begin + +// Function signature and definition of the equational theory E + +builtins: multiset +functions: f/1, fst/1[destructor], g/1, h/1, pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + + + + + + + + + + + +rule (modulo E) newnlol_0_11111[color=#ffffff, process="new n.2:lol;"]: + [ State_11111( a.1, n.1 ), Fr( n.2 ) ] --> [ Out( n.2 ) ] + + /* + rule (modulo AC) newnlol_0_11111[color=#ffffff, process="new n.2:lol;"]: + [ State_11111( a, n ), Fr( n.1 ) ] --> [ Out( n.1 ) ] + */ + +rule (modulo E) newnrofl_0_11112[color=#ffffff, process="new n.3:rofl;"]: + [ State_11112( a.1, n.1 ), Fr( n.3 ) ] --> [ Out( n.3 ) ] + + /* + rule (modulo AC) newnrofl_0_11112[color=#ffffff, + process="new n.3:rofl;"]: + [ State_11112( a, n ), Fr( n.1 ) ] --> [ Out( n.1 ) ] + */ + +rule (modulo E) newxlol_0_11121[color=#6c8040, process="new x.1:lol;"]: + [ State_11121( a.1, n.1 ), Fr( x.1 ), Fr( y.1 ) ] + --> + [ State_11121111( a.1, n.1, x.1, y.1 ), Out( x.1 ) ] + + /* + rule (modulo AC) newxlol_0_11121[color=#6c8040, process="new x.1:lol;"]: + [ State_11121( a, n ), Fr( x ), Fr( y ) ] + --> + [ State_11121111( a, n, x, y ), Out( x ) ] + */ + +rule (modulo E) outybitstring_0_11121111[color=#6c8040, + process="out(y.1:bitstring);"]: + [ State_11121111( a.1, n.1, x.1, y.1 ) ] + --> + [ State_111211111( a.1, n.1, x.1, y.1 ), Out( y.1 ) ] + + /* + rule (modulo AC) outybitstring_0_11121111[color=#6c8040, + process="out(y.1:bitstring);"]: + [ State_11121111( a, n, x, y ) ] + --> + [ State_111211111( a, n, x, y ), Out( y ) ] + */ + +rule (modulo E) outfybitstring_0_111211111[color=#6c8040, + process="out(f(y.1:bitstring));"]: + [ State_111211111( a.1, n.1, x.1, y.1 ) ] + --> + [ State_1112111111( a.1, n.1, x.1, y.1 ), Out( f(y.1) ) ] + + /* + rule (modulo AC) outfybitstring_0_111211111[color=#6c8040, + process="out(f(y.1:bitstring));"]: + [ State_111211111( a, n, x, y ) ] + --> + [ State_1112111111( a, n, x, y ), Out( f(y) ) ] + */ + +rule (modulo E) outxloly_0_1112111111[color=#6c8040, + process="out();"]: + [ State_1112111111( a.1, n.1, x.1, y.1 ) ] + --> + [ State_11121111111( a.1, n.1, x.1, y.1 ), Out( ) ] + + /* + rule (modulo AC) outxloly_0_1112111111[color=#6c8040, + process="out();"]: + [ State_1112111111( a, n, x, y ) ] + --> + [ State_11121111111( a, n, x, y ), Out( ) ] + */ + +rule (modulo E) outxloly_0_11121111111[color=#6c8040, + process="out((x.1:lol+y.1));"]: + [ State_11121111111( a.1, n.1, x.1, y.1 ) ] + --> + [ State_111211111111( a.1, n.1, x.1, y.1 ), Out( (x.1+y.1) ) ] + + /* + rule (modulo AC) outxloly_0_11121111111[color=#6c8040, + process="out((x.1:lol+y.1));"]: + [ State_11121111111( a, n, x, y ) ] + --> + [ State_111211111111( a, n, x, y ), Out( (x+y) ) ] + */ + +rule (modulo E) outfxloly_0_111211111111[color=#6c8040, + process="out(f());"]: + [ State_111211111111( a.1, n.1, x.1, y.1 ) ] + --> + [ State_1112111111111( a.1, n.1, x.1, y.1 ), Out( f() ) ] + + /* + rule (modulo AC) outfxloly_0_111211111111[color=#6c8040, + process="out(f());"]: + [ State_111211111111( a, n, x, y ) ] + --> + [ State_1112111111111( a, n, x, y ), Out( f() ) ] + */ + +rule (modulo E) outhxlol_0_1112111111111[color=#6c8040, + process="out(h(x.1:lol));"]: + [ State_1112111111111( a.1, n.1, x.1, y.1 ) ] + --> + [ State_11121111111111( a.1, n.1, x.1, y.1 ), Out( h(x.1) ) ] + + /* + rule (modulo AC) outhxlol_0_1112111111111[color=#6c8040, + process="out(h(x.1:lol));"]: + [ State_1112111111111( a, n, x, y ) ] + --> + [ State_11121111111111( a, n, x, y ), Out( h(x) ) ] + */ + +rule (modulo E) outhhxlol_0_11121111111111[color=#6c8040, + process="out(h(h(x.1:lol)));"]: + [ State_11121111111111( a.1, n.1, x.1, y.1 ) ] + --> + [ State_111211111111111( a.1, n.1, x.1, y.1 ), Out( h(h(x.1)) ) ] + + /* + rule (modulo AC) outhhxlol_0_11121111111111[color=#6c8040, + process="out(h(h(x.1:lol)));"]: + [ State_11121111111111( a, n, x, y ) ] + --> + [ State_111211111111111( a, n, x, y ), Out( h(h(x)) ) ] + */ + +rule (modulo E) eventTestxlolalol_0_111211111111111[color=#6c8040, + process="event Test( x.1:lol, a.1:lol );"]: + [ State_111211111111111( a.1, n.1, x.1, y.1 ) ] + --[ Test( x.1, a.1 ) ]-> + [ + State_11121111111111111( a.1, n.1, x.1, y.1 ), + State_11121111111111112( a.1, n.1, x.1, y.1 ) + ] + + /* + rule (modulo AC) eventTestxlolalol_0_111211111111111[color=#6c8040, + process="event Test( x.1:lol, a.1:lol );"]: + [ State_111211111111111( a, n, x, y ) ] + --[ Test( x, a ) ]-> + [ + State_11121111111111111( a, n, x, y ), + State_11121111111111112( a, n, x, y ) + ] + */ + +rule (modulo E) Init[color=#ffffff, process="in(a.1:lol);"]: + [ In( a.1 ), Fr( n.1 ) ] + --[ Init( ) ]-> + [ + State_1121( a.1, n.1 ), State_11121( a.1, n.1 ), State_11111( a.1, n.1 ), + State_11112( a.1, n.1 ) + ] + + /* + rule (modulo AC) Init[color=#ffffff, process="in(a.1:lol);"]: + [ In( a ), Fr( n ) ] + --[ Init( ) ]-> + [ + State_1121( a, n ), State_11121( a, n ), State_11111( a, n ), + State_11112( a, n ) + ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/basic/typing.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/basic/typing.spthy + + output: examples/sapic/fast/basic/typing.spthy.tmp + processing time: 0.022682473s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/basic/typing.spthy + + output: examples/sapic/fast/basic/typing.spthy.tmp + processing time: 0.022682473s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini2_analyzed.spthy b/case-studies-regression/sapic/fast/fairexchange-mini/mini2_analyzed.spthy deleted file mode 100644 index 7bf823826..000000000 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini2_analyzed.spthy +++ /dev/null @@ -1,170 +0,0 @@ -theory mini2 begin - -// Function signature and definition of the equational theory E - -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 -equations: - fst() = x.1, - snd() = x.2, - verify(sign(x.1, x.2), x.1, pk(x.2)) = true - -heuristic: p - -section{* small example for progression function *} - -lemma A_impossible: - all-traces "¬(∃ #t. A( ) @ #t)" -/* -guarded formula characterizing all counter-examples: -"∃ #t. (A( ) @ #t)" -*/ -simplify -by solve( State_111( ~prog_, ~prog_111, k, m ) ▶₀ #t ) - -lemma B_possible: - exists-trace "∃ #t. B( ) @ #t" -/* -guarded formula characterizing all satisfying traces: -"∃ #t. (B( ) @ #t)" -*/ -simplify -solve( State_1211( ~prog_, ~prog_121, k, m ) ▶₀ #t ) - case outcm_0_121 - solve( State_( ~prog_ ) ▶₀ #t.2 ) - case Init - solve( State_( ~prog_ ) ▶₀ #t.3 ) - case Init - solve( State_1211( ~prog_.1, ~prog_121, k, m.1 ) ▶₀ #t.3 ) - case outcm_0_121 - solve( State_( ~prog_ ) ▶₀ #t.3 ) - case Init - SOLVED // trace found - qed - qed - qed - qed -qed - -rule (modulo E) MessageIDRule[color=#ffffff, process="new k;"]: - [ Fr( ~mid_ ) ] --> [ MID_Receiver( ~mid_ ), MID_Sender( ~mid_ ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) Init[color=#ffffff, process="new k;"]: - [ Fr( ~prog_ ) ] - --[ ProgressFrom_( ~prog_ ), Init( ) ]-> - [ State_( ~prog_ ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_[color=#ffffff, process="new k;"]: - [ State_( ~prog_ ), Fr( k ) ] - --[ ProgressTo_1( ~prog_ ) ]-> - [ State_1( ~prog_, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inrsignmk_0_11[color=#ffffff, - process="in('r',sign(m, k));"]: - [ - Fr( ~prog_111 ), State_1( ~prog_, k ), In( sign(m, k) ), - MID_Receiver( ~mid_11 ) - ] - --[ ProgressFrom_111( ~prog_111 ), Receive( ~mid_11, sign(m, k) ) ]-> - [ State_111( ~prog_, ~prog_111, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventA_0_111[color=#ffffff, process="event A( );"]: - [ State_111( ~prog_, ~prog_111, k, m ) ] - --[ ProgressTo_1111( ~prog_111 ), A( ) ]-> - [ State_1111( ~prog_, ~prog_111, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#ffffff, process="0"]: - [ State_1111( ~prog_, ~prog_111, k, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inrm_0_12[color=#ffffff, process="in('r',m);"]: - [ Fr( ~prog_121 ), State_1( ~prog_, k ), In( m ), MID_Receiver( ~mid_12 ) - ] - --[ ProgressFrom_121( ~prog_121 ), Receive( ~mid_12, m ) ]-> - [ State_121( ~prog_, ~prog_121, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outcm_0_121[color=#ffffff, process="out('c',m);"]: - [ State_121( ~prog_, ~prog_121, k, m ), In( 'c' ) ] - --[ ChannelIn( 'c' ) ]-> - [ State_1211( ~prog_, ~prog_121, k, m ), Out( m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventB_0_1211[color=#ffffff, process="event B( );"]: - [ State_1211( ~prog_, ~prog_121, k, m ) ] - --[ ProgressTo_12111( ~prog_121 ), B( ) ]-> - [ State_12111( ~prog_, ~prog_121, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12111[color=#ffffff, process="0"]: - [ State_12111( ~prog_, ~prog_121, k, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -restriction Progress__to_1: - "∀ prog_ #t. - (ProgressFrom_( prog_ ) @ #t) ⇒ (∃ #t.1. ProgressTo_1( prog_ ) @ #t.1)" - -restriction Progress_111_to_1111: - "∀ prog_111 #t. - (ProgressFrom_111( prog_111 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_1111( prog_111 ) @ #t.1)" - -restriction Progress_121_to_12111: - "∀ prog_121 #t. - (ProgressFrom_121( prog_121 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_12111( prog_121 ) @ #t.1)" - -restriction progressInit: - "∃ #t. Init( ) @ #t" - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/fast/fairexchange-mini/mini2.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/fast/fairexchange-mini/mini2.spthy - - output: examples/sapic/fast/fairexchange-mini/mini2.spthy.tmp - processing time: 0.098965915s - A_impossible (all-traces): verified (2 steps) - B_possible (exists-trace): verified (7 steps) - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/fast/fairexchange-mini/mini2.spthy - - output: examples/sapic/fast/fairexchange-mini/mini2.spthy.tmp - processing time: 0.098965915s - A_impossible (all-traces): verified (2 steps) - B_possible (exists-trace): verified (7 steps) - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini6_analyzed.spthy b/case-studies-regression/sapic/fast/fairexchange-mini/mini6_analyzed.spthy deleted file mode 100644 index b2b012f43..000000000 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini6_analyzed.spthy +++ /dev/null @@ -1,199 +0,0 @@ -theory mini6 begin - -// Function signature and definition of the equational theory E - -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 -equations: - fst() = x.1, - snd() = x.2, - verify(sign(x.1, x.2), x.1, pk(x.2)) = true - -heuristic: p - -section{* small example for progression function *} - -lemma A_possible: - exists-trace "∃ #t. A( ) @ #t" -/* -guarded formula characterizing all satisfying traces: -"∃ #t. (A( ) @ #t)" -*/ -simplify -solve( State_1111( ~prog_, ~prog_11, ~prog_1111, a, m ) ▶₀ #t ) - case inrm_0_111 - solve( State_( ~prog_ ) ▶₀ #t.2 ) - case Init - solve( State_( ~prog_ ) ▶₀ #t.3 ) - case Init - solve( State_1111( ~prog_.1, ~prog_11.1, ~prog_1111, a, m.1 ) ▶₀ #t.3 ) - case inrm_0_111 - solve( State_( ~prog_ ) ▶₀ #t.3 ) - case Init - solve( (∃ #t. (ProgressTo_111( ~prog_11 ) @ #t)) ∥ - (∃ #t. (ProgressTo_1121( ~prog_11 ) @ #t)) ) - case case_1 - solve( State_11( ~prog_.1, ~prog_11, a ) ▶₀ #t.3 ) - case p_1_1 - solve( State_( ~prog_ ) ▶₀ #t.3 ) - case Init - SOLVED // trace found - qed - qed - qed - qed - qed - qed - qed -qed - -lemma B_impossible: - all-traces "¬(∃ #t. B( ) @ #t)" -/* -guarded formula characterizing all counter-examples: -"∃ #t. (B( ) @ #t)" -*/ -simplify -by solve( State_112( ~prog_, ~prog_11, a ) ▶₀ #t ) - -rule (modulo E) MessageIDRule[color=#ffffff, process="new a;"]: - [ Fr( ~mid_ ) ] --> [ MID_Receiver( ~mid_ ), MID_Sender( ~mid_ ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) Init[color=#ffffff, process="new a;"]: - [ Fr( ~prog_ ) ] - --[ ProgressFrom_( ~prog_ ), Init( ) ]-> - [ State_( ~prog_ ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newa_0_[color=#ffffff, process="new a;"]: - [ State_( ~prog_ ), Fr( a ) ] - --[ ProgressTo_1( ~prog_ ) ]-> - [ State_1( ~prog_, a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="!"]: - [ State_1( ~prog_, a ) ] --> [ !Semistate_11( ~prog_, a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_1[color=#ffffff, process="!"]: - [ Fr( ~prog_11 ), !Semistate_11( ~prog_, a ) ] - --[ ProgressFrom_11( ~prog_11 ) ]-> - [ State_11( ~prog_, ~prog_11, a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifaa_0_11[color=#ffffff, process="if a=a"]: - [ State_11( ~prog_, ~prog_11, a ) ] - --[ ProgressTo_111( ~prog_11 ), Pred_Eq( a, a ) ]-> - [ State_111( ~prog_, ~prog_11, a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifaa_1_11[color=#ffffff, process="if a=a"]: - [ State_11( ~prog_, ~prog_11, a ) ] - --[ Pred_Not_Eq( a, a ) ]-> - [ State_112( ~prog_, ~prog_11, a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inrm_0_111[color=#ffffff, process="in('r',m);"]: - [ - Fr( ~prog_1111 ), State_111( ~prog_, ~prog_11, a ), In( m ), - MID_Receiver( ~mid_111 ) - ] - --[ ProgressFrom_1111( ~prog_1111 ), Receive( ~mid_111, m ) ]-> - [ State_1111( ~prog_, ~prog_11, ~prog_1111, a, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventA_0_1111[color=#ffffff, process="event A( );"]: - [ State_1111( ~prog_, ~prog_11, ~prog_1111, a, m ) ] - --[ ProgressTo_11111( ~prog_1111 ), A( ) ]-> - [ State_11111( ~prog_, ~prog_11, ~prog_1111, a, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111[color=#ffffff, process="0"]: - [ State_11111( ~prog_, ~prog_11, ~prog_1111, a, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventB_0_112[color=#ffffff, process="event B( );"]: - [ State_112( ~prog_, ~prog_11, a ) ] - --[ ProgressTo_1121( ~prog_11 ), B( ) ]-> - [ State_1121( ~prog_, ~prog_11, a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1121[color=#ffffff, process="0"]: - [ State_1121( ~prog_, ~prog_11, a ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -restriction predicate_eq: - "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" - // safety formula - -restriction predicate_not_eq: - "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" - // safety formula - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -restriction Progress__to_1: - "∀ prog_ #t. - (ProgressFrom_( prog_ ) @ #t) ⇒ (∃ #t.1. ProgressTo_1( prog_ ) @ #t.1)" - -restriction Progress_11_to_111_or_1121: - "∀ prog_11 #t. - (ProgressFrom_11( prog_11 ) @ #t) ⇒ - ((∃ #t.1. ProgressTo_111( prog_11 ) @ #t.1) ∨ - (∃ #t.1. ProgressTo_1121( prog_11 ) @ #t.1))" - -restriction Progress_1111_to_11111: - "∀ prog_1111 #t. - (ProgressFrom_1111( prog_1111 ) @ #t) ⇒ - (∃ #t.1. ProgressTo_11111( prog_1111 ) @ #t.1)" - -restriction progressInit: - "∃ #t. Init( ) @ #t" - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/fast/fairexchange-mini/mini6.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/fast/fairexchange-mini/mini6.spthy - - output: examples/sapic/fast/fairexchange-mini/mini6.spthy.tmp - processing time: 0.155113251s - A_possible (exists-trace): verified (10 steps) - B_impossible (all-traces): verified (2 steps) - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/fast/fairexchange-mini/mini6.spthy - - output: examples/sapic/fast/fairexchange-mini/mini6.spthy.tmp - processing time: 0.155113251s - A_possible (exists-trace): verified (10 steps) - B_impossible (all-traces): verified (2 steps) - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/fast/feature-ass-immediate/test-all_analyzed.spthy b/case-studies-regression/sapic/fast/feature-ass-immediate/test-all_analyzed.spthy new file mode 100644 index 000000000..ac0b210da --- /dev/null +++ b/case-studies-regression/sapic/fast/feature-ass-immediate/test-all_analyzed.spthy @@ -0,0 +1,143 @@ +theory AssImmediateTestAll begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + +lemma intuitiveTest: + all-traces + "∀ #a #b. + ((A( ) @ #a) ∧ (B( ) @ #b)) ⇒ + (∃ #i x. ((K( x ) @ #i) ∧ (#a < #i)) ∧ (#i < #b))" +/* +guarded formula characterizing all counter-examples: +"∃ #a #b. + (A( ) @ #a) ∧ (B( ) @ #b) + ∧ + ∀ #i x. (K( x ) @ #i) ⇒ ((¬(#a < #i)) ∨ (¬(#i < #b)))" +*/ +simplify +solve( State_11( x ) ▶₀ #a ) + case Init + solve( State_1111( x ) ▶₀ #b ) + case inxx_1_111 + by contradiction /* from formulas */ + next + case inxx_3_111 + by contradiction /* from formulas */ + qed +qed + +rule (modulo E) Init[color=#ffffff, process="new x.1;"]: + [ Fr( x.1 ) ] --[ Init( ) ]-> [ State_11( x.1 ), Out( x.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new x.1;"]: + [ Fr( x ) ] --[ Init( ) ]-> [ State_11( x ), Out( x ) ] + */ + +rule (modulo E) eventA_0_11[color=#ffffff, process="event A( );"]: + [ State_11( x.1 ) ] --[ A( ), Event( ) ]-> [ State_111( x.1 ) ] + + /* + rule (modulo AC) eventA_0_11[color=#ffffff, process="event A( );"]: + [ State_11( x ) ] --[ A( ), Event( ) ]-> [ State_111( x ) ] + */ + +rule (modulo E) inxx_0_111[color=#ffffff, process="in(x.1,=x.1);"]: + [ State_111( x.1 ), Message( x.1, x.2 ) ] + --> + [ Let_1111( x.2, x.1 ), Ack( x.1, x.2 ) ] + + /* + rule (modulo AC) inxx_0_111[color=#ffffff, process="in(x.1,=x.1);"]: + [ State_111( x ), Message( x, x.1 ) ] + --> + [ Let_1111( x.1, x ), Ack( x, x.1 ) ] + */ + +rule (modulo E) inxx_2_111[color=#ffffff, process="in(x.1,=x.1);"]: + [ State_111( x.1 ), In( ) ] + --[ ChannelIn( ) ]-> + [ Let_1111( x.2, x.1 ) ] + + /* + rule (modulo AC) inxx_2_111[color=#ffffff, process="in(x.1,=x.1);"]: + [ State_111( x ), In( ) ] + --[ ChannelIn( ) ]-> + [ Let_1111( x.1, x ) ] + */ + +rule (modulo E) inxx_1_111[color=#ffffff, process="in(x.1,=x.1);"]: + [ Let_1111( x.1, x.1 ) ] --> [ State_1111( x.1 ) ] + + /* + rule (modulo AC) inxx_1_111[color=#ffffff, process="in(x.1,=x.1);"]: + [ Let_1111( x, x ) ] --> [ State_1111( x ) ] + */ + +rule (modulo E) inxx_3_111[color=#ffffff, process="in(x.1,=x.1);"]: + [ Let_1111( x.1, x.1 ) ] --> [ State_1111( x.1 ) ] + + /* + rule (modulo AC) inxx_3_111[color=#ffffff, process="in(x.1,=x.1);"]: + [ Let_1111( x, x ) ] --> [ State_1111( x ) ] + */ + +rule (modulo E) eventB_0_1111[color=#ffffff, process="event B( );"]: + [ State_1111( x.1 ) ] --[ B( ), Event( ) ]-> [ ] + + /* + rule (modulo AC) eventB_0_1111[color=#ffffff, process="event B( );"]: + [ State_1111( x ) ] --[ B( ), Event( ) ]-> [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +restriction in_event: + "∀ x #t3. + (ChannelIn( x ) @ #t3) ⇒ + (∃ #t2. + (((K( x ) @ #t2) ∧ (#t2 < #t3)) ∧ + (∀ #t1. (Event( ) @ #t1) ⇒ ((#t1 < #t2) ∨ (#t3 < #t1)))) ∧ + (∀ #t1 xp. + (K( xp ) @ #t1) ⇒ (((#t1 < #t2) ∨ (#t1 = #t2)) ∨ (#t3 < #t1))))" + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/feature-ass-immediate/test-all.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/feature-ass-immediate/test-all.spthy + + output: examples/sapic/fast/feature-ass-immediate/test-all.spthy.tmp + processing time: 0.06042211s + intuitiveTest (all-traces): verified (5 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/feature-ass-immediate/test-all.spthy + + output: examples/sapic/fast/feature-ass-immediate/test-all.spthy.tmp + processing time: 0.06042211s + intuitiveTest (all-traces): verified (5 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/feature-ass-immediate/test-channelin_analyzed.spthy b/case-studies-regression/sapic/fast/feature-ass-immediate/test-channelin_analyzed.spthy new file mode 100644 index 000000000..756f34a0e --- /dev/null +++ b/case-studies-regression/sapic/fast/feature-ass-immediate/test-channelin_analyzed.spthy @@ -0,0 +1,103 @@ +theory AssImmediateChannelIn begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + +lemma intuitiveTest: + all-traces "∀ #a. (A( ) @ #a) ⇒ (∃ #i x. (K( x ) @ #i) ∧ (#i < #a))" +/* +guarded formula characterizing all counter-examples: +"∃ #a. (A( ) @ #a) ∧ ∀ #i x. (K( x ) @ #i) ⇒ ¬(#i < #a)" +*/ +simplify +solve( State_111( x ) ▶₀ #a ) + case inx_1_11 + by contradiction /* from formulas */ +qed + +rule (modulo E) Init[color=#ffffff, process="new x.1;"]: + [ Fr( x.1 ) ] --[ Init( ) ]-> [ State_11( x.1 ), Out( x.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new x.1;"]: + [ Fr( x ) ] --[ Init( ) ]-> [ State_11( x ), Out( x ) ] + */ + +rule (modulo E) inx_0_11[color=#ffffff, process="in(=x.1);"]: + [ State_11( x.1 ), In( x.2 ) ] + --[ ChannelIn( x.2 ) ]-> + [ Let_111( x.2, x.1 ) ] + + /* + rule (modulo AC) inx_0_11[color=#ffffff, process="in(=x.1);"]: + [ State_11( x ), In( x.1 ) ] + --[ ChannelIn( x.1 ) ]-> + [ Let_111( x.1, x ) ] + */ + +rule (modulo E) inx_1_11[color=#ffffff, process="in(=x.1);"]: + [ Let_111( x.1, x.1 ) ] --> [ State_111( x.1 ) ] + + /* + rule (modulo AC) inx_1_11[color=#ffffff, process="in(=x.1);"]: + [ Let_111( x, x ) ] --> [ State_111( x ) ] + */ + +rule (modulo E) eventA_0_111[color=#ffffff, process="event A( );"]: + [ State_111( x.1 ) ] --[ A( ), Event( ) ]-> [ ] + + /* + rule (modulo AC) eventA_0_111[color=#ffffff, process="event A( );"]: + [ State_111( x ) ] --[ A( ), Event( ) ]-> [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +restriction in_event: + "∀ x #t3. + (ChannelIn( x ) @ #t3) ⇒ + (∃ #t2. + (((K( x ) @ #t2) ∧ (#t2 < #t3)) ∧ + (∀ #t1. (Event( ) @ #t1) ⇒ ((#t1 < #t2) ∨ (#t3 < #t1)))) ∧ + (∀ #t1 xp. + (K( xp ) @ #t1) ⇒ (((#t1 < #t2) ∨ (#t1 = #t2)) ∨ (#t3 < #t1))))" + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/feature-ass-immediate/test-channelin.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/feature-ass-immediate/test-channelin.spthy + + output: examples/sapic/fast/feature-ass-immediate/test-channelin.spthy.tmp + processing time: 0.027968544s + intuitiveTest (all-traces): verified (3 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/feature-ass-immediate/test-channelin.spthy + + output: examples/sapic/fast/feature-ass-immediate/test-channelin.spthy.tmp + processing time: 0.027968544s + intuitiveTest (all-traces): verified (3 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/feature-boundonce/boundonce_analyzed.spthy b/case-studies-regression/sapic/fast/feature-boundonce/boundonce_analyzed.spthy deleted file mode 100644 index a828104b0..000000000 --- a/case-studies-regression/sapic/fast/feature-boundonce/boundonce_analyzed.spthy +++ /dev/null @@ -1,74 +0,0 @@ -theory BoundOnce begin - -// Function signature and definition of the equational theory E - -functions: fst/1, pair/2, snd/1 -equations: fst() = x.1, snd() = x.2 - -heuristic: p - -rule (modulo E) Init[color=#ffffff, process="|"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="|"]: - [ State_( ) ] --> [ State_1( ), State_2( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newx_0_1[color=#ffffff, process="new x;"]: - [ State_1( ), Fr( x ) ] --> [ State_11( x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="0"]: - [ State_11( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newx_0_2[color=#ffffff, process="new x;"]: - [ State_2( ), Fr( x ) ] --> [ State_21( x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_21[color=#ffffff, process="0"]: - [ State_21( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/fast/feature-boundonce/boundonce.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/fast/feature-boundonce/boundonce.spthy - - output: examples/sapic/fast/feature-boundonce/boundonce.spthy.tmp - processing time: 0.054533185s - - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/fast/feature-boundonce/boundonce.spthy - - output: examples/sapic/fast/feature-boundonce/boundonce.spthy.tmp - processing time: 0.054533185s - - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/fast/feature-export/export-tag_analyzed.spthy b/case-studies-regression/sapic/fast/feature-export/export-tag_analyzed.spthy new file mode 100644 index 000000000..71f835b86 --- /dev/null +++ b/case-studies-regression/sapic/fast/feature-export/export-tag_analyzed.spthy @@ -0,0 +1,44 @@ +theory ExportInfo begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + + + + + + + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/feature-export/export-tag.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/feature-export/export-tag.spthy + + output: examples/sapic/fast/feature-export/export-tag.spthy.tmp + processing time: 0.001401361s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/feature-export/export-tag.spthy + + output: examples/sapic/fast/feature-export/export-tag.spthy.tmp + processing time: 0.001401361s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/feature-export/smaller_analyzed.spthy b/case-studies-regression/sapic/fast/feature-export/smaller_analyzed.spthy new file mode 100644 index 000000000..a9133311b --- /dev/null +++ b/case-studies-regression/sapic/fast/feature-export/smaller_analyzed.spthy @@ -0,0 +1,85 @@ +theory SmallerSyntax begin + +// Function signature and definition of the equational theory E + +builtins: multiset +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + +lemma Ahappens: + exists-trace "∃ #i. A( ) @ #i" +/* +guarded formula characterizing all satisfying traces: +"∃ #i. (A( ) @ #i)" +*/ +simplify +solve( State_11( x, (x+z) ) ▶₀ #i ) + case Init + SOLVED // trace found +qed + +rule (modulo E) Init[color=#ffffff, process="in(x.1);"]: + [ In( x.1 ), In( y.1 ) ] --[ Init( ) ]-> [ State_11( x.1, y.1 ) ] + + /* + rule (modulo AC) Init[color=#ffffff, process="in(x.1);"]: + [ In( x ), In( y ) ] --[ Init( ) ]-> [ State_11( x, y ) ] + */ + +restriction Restr_ifSmallerxy_0_11_1: + "∀ x #NOW x.1. + (Restr_ifSmallerxy_0_11_1( x, x.1 ) @ #NOW) ⇒ (∃ z. x = (z+x.1))" + +rule (modulo E) ifSmallerxy_0_11[color=#ffffff, + process="if Smaller( x.1, y.1 )"]: + [ State_11( x.1, y.1 ) ] + --[ A( ), Restr_ifSmallerxy_0_11_1( y.1, x.1 ) ]-> + [ ] + + /* + rule (modulo AC) ifSmallerxy_0_11[color=#ffffff, + process="if Smaller( x.1, y.1 )"]: + [ State_11( x, y ) ] --[ A( ), Restr_ifSmallerxy_0_11_1( y, x ) ]-> [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/feature-export/smaller.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/feature-export/smaller.spthy + + output: examples/sapic/fast/feature-export/smaller.spthy.tmp + processing time: 0.016248479s + Ahappens (exists-trace): verified (3 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/feature-export/smaller.spthy + + output: examples/sapic/fast/feature-export/smaller.spthy.tmp + processing time: 0.016248479s + Ahappens (exists-trace): verified (3 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel_analyzed.spthy b/case-studies-regression/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel_analyzed.spthy index 2f0f5dafb..70628f7b8 100644 --- a/case-studies-regression/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel_analyzed.spthy @@ -2,11 +2,13 @@ theory InEventRestrictionPrivateChannel begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + lemma test: all-traces "∀ #a #b. @@ -23,7 +25,10 @@ simplify solve( State_( ) ▶₀ #a ) case Init solve( State_11( ) ▶₀ #b ) - case inca_0_1 + case inca_1_1 + by contradiction /* from formulas */ + next + case inca_3_1 by contradiction /* from formulas */ qed qed @@ -39,24 +44,29 @@ rule (modulo E) eventA_0_[color=#ffffff, process="event A( );"]: /* has exactly the trivial AC variant */ rule (modulo E) inca_0_1[color=#ffffff, process="in('c','a');"]: - [ State_1( ), In( <'c', 'a'> ) ] - --[ ChannelIn( <'c', 'a'> ) ]-> - [ State_11( ) ] + [ State_1( ), Message( 'c', x ) ] --> [ Let_11( x ), Ack( 'c', x ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) inca_2_1[color=#ffffff, process="in('c','a');"]: + [ State_1( ), In( <'c', x> ) ] + --[ ChannelIn( <'c', x> ) ]-> + [ Let_11( x ) ] /* has exactly the trivial AC variant */ rule (modulo E) inca_1_1[color=#ffffff, process="in('c','a');"]: - [ State_1( ), Message( 'c', 'a' ) ] --> [ Ack( 'c', 'a' ), State_11( ) ] + [ Let_11( 'a' ) ] --> [ State_11( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventB_0_11[color=#ffffff, process="event B( );"]: - [ State_11( ) ] --[ B( ), Event( ) ]-> [ State_111( ) ] +rule (modulo E) inca_3_1[color=#ffffff, process="in('c','a');"]: + [ Let_11( 'a' ) ] --> [ State_11( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ) ] --> [ ] +rule (modulo E) eventB_0_11[color=#ffffff, process="event B( );"]: + [ State_11( ) ] --[ B( ), Event( ) ]-> [ ] /* has exactly the trivial AC variant */ @@ -78,7 +88,7 @@ restriction in_event: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -88,8 +98,8 @@ analyzing: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-p analyzed: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel.spthy output: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel.spthy.tmp - processing time: 0.060736908s - test (all-traces): verified (4 steps) + processing time: 0.036844654s + test (all-traces): verified (5 steps) ------------------------------------------------------------------------------ @@ -99,8 +109,8 @@ summary of summaries: analyzed: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel.spthy output: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel.spthy.tmp - processing time: 0.060736908s - test (all-traces): verified (4 steps) + processing time: 0.036844654s + test (all-traces): verified (5 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel_analyzed.spthy b/case-studies-regression/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel_analyzed.spthy index 5260e7345..65f1aff0a 100644 --- a/case-studies-regression/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel_analyzed.spthy @@ -2,11 +2,13 @@ theory InEventRestrictionPublicChannel begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + lemma test: all-traces "∀ #a #b. @@ -23,7 +25,7 @@ simplify solve( State_( ) ▶₀ #a ) case Init solve( State_11( ) ▶₀ #b ) - case ina_0_1 + case ina_1_1 by contradiction /* from formulas */ qed qed @@ -39,17 +41,17 @@ rule (modulo E) eventA_0_[color=#ffffff, process="event A( );"]: /* has exactly the trivial AC variant */ rule (modulo E) ina_0_1[color=#ffffff, process="in('a');"]: - [ State_1( ), In( 'a' ) ] --[ ChannelIn( 'a' ) ]-> [ State_11( ) ] + [ State_1( ), In( x ) ] --[ ChannelIn( x ) ]-> [ Let_11( x ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventB_0_11[color=#ffffff, process="event B( );"]: - [ State_11( ) ] --[ B( ), Event( ) ]-> [ State_111( ) ] +rule (modulo E) ina_1_1[color=#ffffff, process="in('a');"]: + [ Let_11( 'a' ) ] --> [ State_11( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ) ] --> [ ] +rule (modulo E) eventB_0_11[color=#ffffff, process="event B( );"]: + [ State_11( ) ] --[ B( ), Event( ) ]-> [ ] /* has exactly the trivial AC variant */ @@ -71,7 +73,7 @@ restriction in_event: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -81,7 +83,7 @@ analyzing: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-p analyzed: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel.spthy output: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel.spthy.tmp - processing time: 0.050532273s + processing time: 0.023747444s test (all-traces): verified (4 steps) ------------------------------------------------------------------------------ @@ -92,7 +94,7 @@ summary of summaries: analyzed: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel.spthy output: examples/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel.spthy.tmp - processing time: 0.050532273s + processing time: 0.023747444s test (all-traces): verified (4 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks2_analyzed.spthy b/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks2_analyzed.spthy deleted file mode 100644 index 765790804..000000000 --- a/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks2_analyzed.spthy +++ /dev/null @@ -1,74 +0,0 @@ -theory LetBlockCharlyOne begin - -// Function signature and definition of the equational theory E - -builtins: diffie-hellman -functions: fst/1, hash/1, pair/2, snd/1 -equations: fst() = x.1, snd() = x.2 - -heuristic: p - -rule (modulo E) Init[color=#6c8040, process="new a;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newa_0_[color=#6c8040, process="new a;"]: - [ State_( ), Fr( a ) ] --> [ State_1( a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outga_0_1[color=#6c8040, process="out('g'^a);"]: - [ State_1( a ) ] --> [ State_11( a ), Out( 'g'^a ) ] - - /* - rule (modulo AC) outga_0_1[color=#6c8040, process="out('g'^a);"]: - [ State_1( a ) ] --> [ State_11( a ), Out( z ) ] - variants (modulo AC) - 1. a = a.3 - z = 'g'^a.3 - - 2. a = one - z = 'g' - */ - -rule (modulo E) p_0_11[color=#6c8040, process="0"]: - [ State_11( a ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/fast/feature-let-bindings/let-blocks2.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/fast/feature-let-bindings/let-blocks2.spthy - - output: examples/sapic/fast/feature-let-bindings/let-blocks2.spthy.tmp - processing time: 0.056060875s - - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/fast/feature-let-bindings/let-blocks2.spthy - - output: examples/sapic/fast/feature-let-bindings/let-blocks2.spthy.tmp - processing time: 0.056060875s - - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks3_analyzed.spthy b/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks3_analyzed.spthy deleted file mode 100644 index 72286fff0..000000000 --- a/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks3_analyzed.spthy +++ /dev/null @@ -1,64 +0,0 @@ -theory LetBlockCharlyTwo begin - -// Function signature and definition of the equational theory E - -functions: fst/1, hash/1, pair/2, snd/1 -equations: fst() = x.1, snd() = x.2 - -heuristic: p - -rule (modulo E) Init[color=#6c8040, process="new a;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newa_0_[color=#6c8040, process="new a;"]: - [ State_( ), Fr( a ) ] --> [ State_1( a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outa_0_1[color=#6c8040, process="out(a);"]: - [ State_1( a ) ] --> [ State_11( a ), Out( a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#6c8040, process="0"]: - [ State_11( a ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/fast/feature-let-bindings/let-blocks3.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/fast/feature-let-bindings/let-blocks3.spthy - - output: examples/sapic/fast/feature-let-bindings/let-blocks3.spthy.tmp - processing time: 0.039568899s - - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/fast/feature-let-bindings/let-blocks3.spthy - - output: examples/sapic/fast/feature-let-bindings/let-blocks3.spthy.tmp - processing time: 0.039568899s - - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks_analyzed.spthy b/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks_analyzed.spthy deleted file mode 100644 index 4232a38ee..000000000 --- a/case-studies-regression/sapic/fast/feature-let-bindings/let-blocks_analyzed.spthy +++ /dev/null @@ -1,767 +0,0 @@ -theory RunningExampleWithLet begin - -// Function signature and definition of the equational theory E - -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 -equations: - fst() = x.1, - sdec(senc(x.1, x.2), x.2) = x.1, - snd() = x.2 - -heuristic: p - -predicate: EncSucc( c, k )<=>∃ m. senc(m, k) = c - -lemma can_create_key: - exists-trace "∃ #t h k. NewKey( h, k ) @ #t" -/* -guarded formula characterizing all satisfying traces: -"∃ #t h k. (NewKey( h, k ) @ #t)" -*/ -simplify -solve( State_111111( h, k ) ▶₀ #t ) - case newk_0_11111 - SOLVED // trace found -qed - -lemma can_obtain_wrapping: - exists-trace "∃ #t k1 k2. Wrap( k1, k2 ) @ #t" -/* -guarded formula characterizing all satisfying traces: -"∃ #t k1 k2. (Wrap( k1, k2 ) @ #t)" -*/ -simplify -solve( State_1211111( a1, h1, h2, k1, k2 ) ▶₀ #t ) - case lookupkeyhask_0_121111 - solve( Insert( <'key', h2>, k2 ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'att', ~n>, 'wrap' ) @ #t2.2 ) - case insertatthwrap_0_11121 - solve( State_11121( ~n ) ▶₀ #t2.2 ) - case inh_0_1112 - solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 - solve( !KU( ~n ) @ #vk.2 ) - case outh_0_111111111 - SOLVED // trace found - qed - qed - qed - qed - qed - qed - qed - qed -qed - -lemma dec_limits [reuse, sources]: - all-traces - "∀ k m #t1. - (DecUsing( k, m ) @ #t1) ⇒ - (∃ h k2 #t2 #t3. - (((NewKey( h, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3)) ∧ (#t2 < #t1)) ∧ - (#t3 < #t1))" -/* -guarded formula characterizing all counter-examples: -"∃ k m #t1. - (DecUsing( k, m ) @ #t1) - ∧ - ∀ h k2 #t2 #t3. - (NewKey( h, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) - ⇒ - ((¬(#t2 < #t1)) ∨ (¬(#t3 < #t1)))" -*/ -induction - case empty_trace - by contradiction /* from formulas */ -next - case non_empty_trace - simplify - solve( (∀ k m #t1. - (DecUsing( k, m ) @ #t1) - ⇒ - ((last(#t1)) ∨ - (∃ h k2 #t2 #t3. - (NewKey( h, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) - ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)))) ∥ - (∃ x #NOW x.1. - (Restr_ifEncSuccck_0_1121111_1( x, x.1 ) @ #NOW) - ∧ - (¬(last(#NOW))) ∧ (∀ m. (senc(m, x) = x.1) ⇒ ⊥)) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ) - case case_1 - solve( (last(#t1)) ∥ - (∃ h k2 #t2 #t3. - (NewKey( h, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) - ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)) ) - case case_1 - solve( State_11211111( a, c, h, k ) ▶₀ #t1 ) - case ifEncSuccck_0_1121111 - solve( Insert( <'key', h>, k ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) - case insertatthdec_0_11111111 - solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) - case insertkeyhk_0_1111111 - solve( !KU( senc(m, ~n) ) @ #vk.2 ) - case c_senc - by contradiction /* from formulas */ - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111_case_1 - solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 - solve( Insert( <'key', h2>, m ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, m ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_111111 - solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.1 ) - qed - qed - qed - qed - qed - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, m ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, m ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_111111 - solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.22 < #t2.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.1 ) - next - case case_3 - solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.3 ) - case insertatthwrap_0_11121 - solve( State_11121( ~n.2 ) ▶₀ #t2.3 ) - case inh_0_1112 - solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) - case eventNewKeyhk_0_111111 - by solve( (#vr.27, 0) ~~> (#vk.1, 0) ) - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case outsenckk_0_12111111_case_2 - solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 - solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - by contradiction /* impossible chain */ - qed - qed - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t1.1 = #t2) ∥ (#t2 < #t1.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed -qed - -lemma cannot_obtain_key_ind [reuse, use_induction]: - all-traces "¬(∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (!KU( k ) @ #j))" -/* -guarded formula characterizing all counter-examples: -"∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (!KU( k ) @ #j)" -*/ -induction - case empty_trace - by contradiction /* from formulas */ -next - case non_empty_trace - simplify - solve( (∀ #i #j h k. - (NewKey( h, k ) @ #i) ∧ (!KU( k ) @ #j) ⇒ ((last(#j)) ∨ (last(#i)))) ∥ - (∃ x #NOW x.1. - (Restr_ifEncSuccck_0_1121111_1( x, x.1 ) @ #NOW) - ∧ - (¬(last(#NOW))) ∧ (∀ m. (senc(m, x) = x.1) ⇒ ⊥)) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ) - case case_1 - solve( (last(#j)) ∥ (last(#i)) ) - case case_1 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 - solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 - solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed -qed - -lemma cannot_obtain_key: - all-traces "¬(∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (K( k ) @ #j))" -/* -guarded formula characterizing all counter-examples: -"∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (K( k ) @ #j)" -*/ -simplify -by contradiction /* from formulas */ - -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( ) ] --> [ State_111( ), State_112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( ) ] --> [ State_1111( ), State_1112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newh_0_1111[color=#ffffff, process="new h;"]: - [ State_1111( ), Fr( h ) ] --> [ State_11111( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_11111[color=#ffffff, process="new k;"]: - [ State_11111( h ), Fr( k ) ] --> [ State_111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventNewKeyhk_0_111111[color=#ffffff, - process="event NewKey( h, k );"]: - [ State_111111( h, k ) ] --[ NewKey( h, k ) ]-> [ State_1111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertkeyhk_0_1111111[color=#ffffff, - process="insert <'key', h>,k;"]: - [ State_1111111( h, k ) ] - --[ Insert( <'key', h>, k ) ]-> - [ State_11111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertatthdec_0_11111111[color=#ffffff, - process="insert <'att', h>,'dec';"]: - [ State_11111111( h, k ) ] - --[ Insert( <'att', h>, 'dec' ) ]-> - [ State_111111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outh_0_111111111[color=#ffffff, process="out(h);"]: - [ State_111111111( h, k ) ] --> [ State_1111111111( h, k ), Out( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111[color=#ffffff, process="0"]: - [ State_1111111111( h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inh_0_1112[color=#ffffff, process="in(h);"]: - [ State_1112( ), In( h ) ] --> [ State_11121( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertatthwrap_0_11121[color=#ffffff, - process="insert <'att', h>,'wrap';"]: - [ State_11121( h ) ] - --[ Insert( <'att', h>, 'wrap' ) ]-> - [ State_111211( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111211[color=#ffffff, process="0"]: - [ State_111211( h ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: - [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_0_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_11211( a, c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_11212( c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Eq( a, 'dec' ) ]-> - [ State_112111( a, c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Not_Eq( a, 'dec' ) ]-> - [ State_112112( a, c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_0_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsIn( <'key', h>, k ) ]-> - [ State_1121111( a, c, h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsNotSet( <'key', h> ) ]-> - [ State_1121112( a, c, h ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifEncSuccck_0_1121111_1: - "∀ x #NOW x.1. - (Restr_ifEncSuccck_0_1121111_1( x, x.1 ) @ #NOW) ⇒ - (∃ m. senc(m, x) = x.1)" - -rule (modulo E) ifEncSuccck_0_1121111[color=#ffffff, - process="if EncSucc( c, k )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifEncSuccck_0_1121111_1( k, c ) ]-> - [ State_11211111( a, c, h, k ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifEncSuccck_1_1121111_1: - "∀ x #NOW x.1. - (Restr_ifEncSuccck_1_1121111_1( x, x.1 ) @ #NOW) ⇒ - (¬(∃ m. senc(m, x) = x.1))" - // safety formula - -rule (modulo E) ifEncSuccck_1_1121111[color=#ffffff, - process="if EncSucc( c, k )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifEncSuccck_1_1121111_1( k, c ) ]-> - [ State_11211112( a, c, h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, sdec(c, k) ) ]-> - [ State_112111111( a, c, h, k ) ] - - /* - rule (modulo AC) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, z ) ]-> - [ State_112111111( a, c, h, k ) ] - variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) - - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 - */ - -rule (modulo E) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( sdec(c, k) ) ] - - /* - rule (modulo AC) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( z ) ] - variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) - - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 - */ - -rule (modulo E) p_0_1121111111[color=#ffffff, process="0"]: - [ State_1121111111( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11211112[color=#ffffff, process="0"]: - [ State_11211112( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1121112[color=#ffffff, process="0"]: - [ State_1121112( a, c, h ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_112112[color=#ffffff, process="0"]: - [ State_112112( a, c, h ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11212[color=#ffffff, process="0"]: - [ State_11212( c, h ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: - [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_0_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsIn( <'att', h1>, a1 ) ]-> - [ State_1211( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsNotSet( <'att', h1> ) ]-> - [ State_1212( h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Eq( a1, 'wrap' ) ]-> - [ State_12111( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Not_Eq( a1, 'wrap' ) ]-> - [ State_12112( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_0_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsIn( <'key', h1>, k1 ) ]-> - [ State_121111( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsNotSet( <'key', h1> ) ]-> - [ State_121112( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_0_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsIn( <'key', h2>, k2 ) ]-> - [ State_1211111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsNotSet( <'key', h2> ) ]-> - [ State_1211112( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventWrapkk_0_1211111[color=#ffffff, - process="event Wrap( k1, k2 );"]: - [ State_1211111( a1, h1, h2, k1, k2 ) ] - --[ Wrap( k1, k2 ) ]-> - [ State_12111111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsenckk_0_12111111[color=#ffffff, - process="out(senc(k2, k1));"]: - [ State_12111111( a1, h1, h2, k1, k2 ) ] - --> - [ State_121111111( a1, h1, h2, k1, k2 ), Out( senc(k2, k1) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_121111111[color=#ffffff, process="0"]: - [ State_121111111( a1, h1, h2, k1, k2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1211112[color=#ffffff, process="0"]: - [ State_1211112( a1, h1, h2, k1 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_121112[color=#ffffff, process="0"]: - [ State_121112( a1, h1, h2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12112[color=#ffffff, process="0"]: - [ State_12112( a1, h1, h2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1212[color=#ffffff, process="0"]: - [ State_1212( h1, h2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -restriction set_in: - "∀ x y #t3. - (IsIn( x, y ) @ #t3) ⇒ - (∃ #t2. - ((Insert( x, y ) @ #t2) ∧ (#t2 < #t3)) ∧ - (∀ #t1 yp. - (Insert( x, yp ) @ #t1) ⇒ (((#t1 < #t2) ∨ (#t1 = #t2)) ∨ (#t3 < #t1))))" - -restriction set_notin: - "∀ x #t3. - (IsNotSet( x ) @ #t3) ⇒ (∀ #t1 y. (Insert( x, y ) @ #t1) ⇒ (#t3 < #t1))" - // safety formula - -restriction predicate_eq: - "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" - // safety formula - -restriction predicate_not_eq: - "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" - // safety formula - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/fast/feature-let-bindings/let-blocks.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/fast/feature-let-bindings/let-blocks.spthy - - output: examples/sapic/fast/feature-let-bindings/let-blocks.spthy.tmp - processing time: 2.274623952s - can_create_key (exists-trace): verified (3 steps) - can_obtain_wrapping (exists-trace): verified (11 steps) - dec_limits (all-traces): verified (47 steps) - cannot_obtain_key_ind (all-traces): verified (25 steps) - cannot_obtain_key (all-traces): verified (2 steps) - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/fast/feature-let-bindings/let-blocks.spthy - - output: examples/sapic/fast/feature-let-bindings/let-blocks.spthy.tmp - processing time: 2.274623952s - can_create_key (exists-trace): verified (3 steps) - can_obtain_wrapping (exists-trace): verified (11 steps) - dec_limits (all-traces): verified (47 steps) - cannot_obtain_key_ind (all-traces): verified (25 steps) - cannot_obtain_key (all-traces): verified (2 steps) - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/fast/feature-let-bindings/match_new_analyzed.spthy b/case-studies-regression/sapic/fast/feature-let-bindings/match_new_analyzed.spthy deleted file mode 100644 index 8ff60f878..000000000 --- a/case-studies-regression/sapic/fast/feature-let-bindings/match_new_analyzed.spthy +++ /dev/null @@ -1,128 +0,0 @@ -theory Test begin - -// Function signature and definition of the equational theory E - -functions: fst/1, pair/2, snd/1 -equations: fst() = x.1, snd() = x.2 - -heuristic: p - -lemma no_acceptP: - all-traces "¬(∃ #i. AcceptP( ) @ #i)" -/* -guarded formula characterizing all counter-examples: -"∃ #i. (AcceptP( ) @ #i)" -*/ -simplify -by solve( State_1111( a, c ) ▶₀ #i ) - -lemma acceptQ: - exists-trace "∃ #i. AcceptQ( ) @ #i" -/* -guarded formula characterizing all satisfying traces: -"∃ #i. (AcceptQ( ) @ #i)" -*/ -simplify -solve( State_211( c ) ▶₀ #i ) - case inctesttoto_0_21 - SOLVED // trace found -qed - -rule (modulo E) Init[color=#ffffff, process="|"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="|"]: - [ State_( ) ] --> [ State_1( ), State_2( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inc_0_1[color=#6c8040, process="in(c);"]: - [ State_1( ), In( c ) ] --> [ State_11( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newa_0_11[color=#6c8040, process="new a;"]: - [ State_11( c ), Fr( a ) ] --> [ State_111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inatesttoto_0_111[color=#6c8040, - process="in(<, 'toto'>);"]: - [ State_111( a, c ), In( <, 'toto'> ) ] - --> - [ State_1111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventAcceptP_0_1111[color=#6c8040, - process="event AcceptP( );"]: - [ State_1111( a, c ) ] --[ AcceptP( ) ]-> [ State_11111( a, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111[color=#6c8040, process="0"]: - [ State_11111( a, c ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inc_0_2[color=#807140, process="in(c);"]: - [ State_2( ), In( c ) ] --> [ State_21( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inctesttoto_0_21[color=#807140, - process="in(<, 'toto'>);"]: - [ State_21( c ), In( <, 'toto'> ) ] --> [ State_211( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventAcceptQ_0_211[color=#807140, - process="event AcceptQ( );"]: - [ State_211( c ) ] --[ AcceptQ( ) ]-> [ State_2111( c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_2111[color=#807140, process="0"]: - [ State_2111( c ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/fast/feature-let-bindings/match_new.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/fast/feature-let-bindings/match_new.spthy - - output: examples/sapic/fast/feature-let-bindings/match_new.spthy.tmp - processing time: 0.062681788s - no_acceptP (all-traces): verified (2 steps) - acceptQ (exists-trace): verified (3 steps) - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/fast/feature-let-bindings/match_new.spthy - - output: examples/sapic/fast/feature-let-bindings/match_new.spthy.tmp - processing time: 0.062681788s - no_acceptP (all-traces): verified (2 steps) - acceptQ (exists-trace): verified (3 steps) - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/fast/feature-locations/AC_analyzed.spthy b/case-studies-regression/sapic/fast/feature-locations/AC_analyzed.spthy index 237c31c13..886593b92 100644 --- a/case-studies-regression/sapic/fast/feature-locations/AC_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-locations/AC_analyzed.spthy @@ -2,994 +2,366 @@ theory AttestedComputation begin // Function signature and definition of the equational theory E -functions: check_rep/2, fst/1, get_rep/1, list/2, pair/2, prog/3, - rep/2 [private], report/1, snd/1 +functions: check_rep/2[destructor], fst/1[destructor], + get_rep/1[destructor], list/2, pair/2, prog/3, rep/2[private,destructor], + report/1, snd/1[destructor] equations: check_rep(rep(x.1, x.2), x.2) = x.1, fst() = x.1, get_rep(rep(x.1, x.2)) = x.1, snd() = x.2 -heuristic: s +heuristic: S -predicate: Report( x, y )<=>¬(y = 'l') - -lemma attested_comput: - all-traces - "∀ #i m. - (Local( m, 'l' ) @ #i) ⇒ (∃ #j. (Remote( m, 'l' ) @ #j) ∧ (#j < #i))" -/* -guarded formula characterizing all counter-examples: -"∃ #i m. - (Local( m, 'l' ) @ #i) ∧ ∀ #j. (Remote( m, 'l' ) @ #j) ⇒ ¬(#j < #i)" +/* looping facts with injective instances: L_CellLocked/2, L_PureState/2 */ -simplify -solve( State_11211111111( i.1, init, lio, o, r, state, lock ) ▶₀ #i ) - case ifoiliocheckreprl_0_1121111111_case_1 - by contradiction /* from formulas */ -next - case ifoiliocheckreprl_0_1121111111_case_2 - solve( (#vr.6 < #t2) ∥ (#vr.6 = #t2) ) - case case_1 - solve( (#vr.27 < #t2.1) ∥ (#vr.27 = #t2.1) ) - case case_1 - solve( Insert( ~n.1, lio ) @ #t2 ) - case insertstateinit_0_1111 - by solve( State_1111( lio, ~n.1 ) ▶₀ #t2 ) - next - case insertstateinit_0_11211 - solve( State_11211( lio, ~n.1 ) ▶₀ #t2 ) - case newstate_0_1121 - by contradiction /* cyclic */ - qed - next - case insertstatelistolistilio_0_112111111111 - solve( State_112111111111( i.2, init, lio, o, r, ~n.1, lock ) ▶₀ #t2 ) - case eventLocaloiliol_0_11211111111_case_1 - solve( ((#vr.2 < #vr.34) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n.2 ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.34) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.3, ~n.2 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.2 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.2 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.34 < #vr.2) ) - case case_1 - solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) - case case_1 - solve( (#vr.46 < #t2.4) ∥ (#vr.46 = #t2.4) ) - case case_1 - solve( Insert( ~n.7, lio.1 ) @ #t2.1 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.6 ) ▶₀ #t2.1 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.6 ) ▶₀ #t2.1 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - qed - next - case case_2 - solve( Insert( ~n.8, lio.1 ) @ #t2.2 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.7 ) ▶₀ #t2.2 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.7 ) ▶₀ #t2.2 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - qed - qed - next - case case_2 - solve( (#vr.45 < #t2.4) ∥ (#vr.45 = #t2.4) ) - case case_1 - solve( Insert( ~n.7, lio.1 ) @ #t2.2 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.6 ) ▶₀ #t2.2 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.6 ) ▶₀ #t2.2 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - next - case case_2 - solve( Insert( ~n.8, lio.1 ) @ #t2.3 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.7 ) ▶₀ #t2.3 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.7 ) ▶₀ #t2.3 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - qed - qed - next - case case_2 - solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) - case case_1 - solve( (#vr.46 < #t2.3) ∥ (#vr.46 = #t2.3) ) - case case_1 - solve( Insert( ~n.7, lio.1 ) @ #t2.1 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.6 ) ▶₀ #t2.1 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.6 ) ▶₀ #t2.1 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - qed - next - case case_2 - solve( Insert( ~n.8, lio.1 ) @ #t2.2 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.7 ) ▶₀ #t2.2 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.7 ) ▶₀ #t2.2 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - qed - qed - next - case case_2 - solve( (#vr.45 < #t2.3) ∥ (#vr.45 = #t2.3) ) - case case_1 - solve( Insert( ~n.7, lio.1 ) @ #t2.2 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.6 ) ▶₀ #t2.2 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.6 ) ▶₀ #t2.2 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - next - case case_2 - solve( Insert( ~n.8, lio.1 ) @ #t2.3 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.7 ) ▶₀ #t2.3 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.7 ) ▶₀ #t2.3 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - qed - qed - qed - next - case eventLocaloiliol_0_11211111111_case_2 - solve( ((#vr.2 < #vr.34) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n.1 ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.34) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ~n.1 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.1 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.1 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.34 < #vr.2) ) - case case_1 - solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) - case case_1 - solve( (#vr.49 < #t2.4) ∥ (#vr.49 = #t2.4) ) - case case_1 - solve( Insert( ~n.7, lio.1 ) @ #t2.1 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.5 ) ▶₀ #t2.1 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.5 ) ▶₀ #t2.1 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - qed - next - case case_2 - solve( Insert( ~n.8, lio.1 ) @ #t2.2 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.7 ) ▶₀ #t2.2 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.7 ) ▶₀ #t2.2 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - qed - qed - next - case case_2 - solve( (#vr.48 < #t2.4) ∥ (#vr.48 = #t2.4) ) - case case_1 - solve( Insert( ~n.7, lio.1 ) @ #t2.2 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.6 ) ▶₀ #t2.2 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.6 ) ▶₀ #t2.2 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - next - case case_2 - solve( Insert( ~n.8, lio.1 ) @ #t2.3 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.7 ) ▶₀ #t2.3 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.7 ) ▶₀ #t2.3 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - qed - qed - next - case case_2 - solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) - case case_1 - solve( (#vr.49 < #t2.3) ∥ (#vr.49 = #t2.3) ) - case case_1 - solve( Insert( ~n.7, lio.1 ) @ #t2.1 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.5 ) ▶₀ #t2.1 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.5 ) ▶₀ #t2.1 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - qed - next - case case_2 - solve( Insert( ~n.8, lio.1 ) @ #t2.2 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.7 ) ▶₀ #t2.2 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.7 ) ▶₀ #t2.2 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.19, 0) ~~> (#vk, 0) ) - qed - qed - next - case case_2 - solve( (#vr.48 < #t2.3) ∥ (#vr.48 = #t2.3) ) - case case_1 - solve( Insert( ~n.7, lio.1 ) @ #t2.2 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.6 ) ▶₀ #t2.2 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.6 ) ▶₀ #t2.2 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - next - case case_2 - solve( Insert( ~n.8, lio.1 ) @ #t2.3 ) - case insertstateinit_0_1111 - solve( State_1111( lio.1, ~n.7 ) ▶₀ #t2.3 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio.1, ~n.7 ) ▶₀ #t2.3 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - qed - qed - qed - qed - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( State_111111111111( i.2, init, lio, lock, r, ~n.1 ) ▶₀ #t2 ) - qed - next - case case_2 - solve( Insert( ~n.1, lio ) @ #t2.1 ) - case insertstateinit_0_1111 - by solve( State_1111( lio, ~n.1 ) ▶₀ #t2.1 ) - next - case insertstateinit_0_11211 - solve( State_11211( lio, ~n.1 ) ▶₀ #t2.1 ) - case newstate_0_1121 - by contradiction /* cyclic */ - qed - next - case insertstatelistolistilio_0_112111111111 - solve( State_112111111111( i.2, init, lio, o, r, ~n.1, lock ) ▶₀ #t2.1 ) - case eventLocaloiliol_0_11211111111_case_1 - solve( ((#vr.2 < #vr.33) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n.2 ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.3, ~n.2 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.2 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.2 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.33 < #vr.2) ) - case case_1 - solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) - case case_1 - solve( (#vr.45 < #t2.4) ∥ (#vr.45 = #t2.4) ) - case case_1 - solve( Insert( ~n.4, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( Insert( ~n.4, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - solve( (#vr.44 < #t2.4) ∥ (#vr.44 = #t2.4) ) - case case_1 - solve( Insert( ~n.4, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( Insert( ~n.4, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - qed - next - case case_2 - solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) - case case_1 - solve( (#vr.45 < #t2.3) ∥ (#vr.45 = #t2.3) ) - case case_1 - solve( Insert( ~n.4, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( Insert( ~n.4, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - solve( (#vr.44 < #t2.3) ∥ (#vr.44 = #t2.3) ) - case case_1 - solve( Insert( ~n.4, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( Insert( ~n.4, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - next - case eventLocaloiliol_0_11211111111_case_2 - solve( ((#vr.2 < #vr.33) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n.1 ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ~n.1 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.1 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.1 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.33 < #vr.2) ) - case case_1 - solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) - case case_1 - solve( (#vr.48 < #t2.4) ∥ (#vr.48 = #t2.4) ) - case case_1 - solve( Insert( ~n.3, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( Insert( ~n.3, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - solve( (#vr.47 < #t2.4) ∥ (#vr.47 = #t2.4) ) - case case_1 - solve( Insert( ~n.3, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( Insert( ~n.3, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - qed - next - case case_2 - solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) - case case_1 - solve( (#vr.48 < #t2.3) ∥ (#vr.48 = #t2.3) ) - case case_1 - solve( Insert( ~n.3, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( Insert( ~n.3, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - solve( (#vr.47 < #t2.3) ∥ (#vr.47 = #t2.3) ) - case case_1 - solve( Insert( ~n.3, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( Insert( ~n.3, lio.1 ) @ #t2 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - qed - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( State_111111111111( i.2, init, lio, lock, r, ~n.1 ) ▶₀ #t2.1 ) - qed - qed - next - case case_2 - solve( (#vr.26 < #t2.1) ∥ (#vr.26 = #t2.1) ) - case case_1 - solve( Insert( ~n.1, lio ) @ #t2 ) - case insertstateinit_0_11211 - solve( Insert( ~n.5, lio ) @ #t2.1 ) - case insertstateinit_0_1111 - solve( State_1111( lio, ~n.4 ) ▶₀ #t2.1 ) - case newstate_0_111 - by contradiction /* cyclic */ - qed - next - case insertstateinit_0_11211 - by solve( State_11211( lio, ~n.4 ) ▶₀ #t2.1 ) - next - case insertstatelistolistilio_0_112111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - next - case insertstatelistprogriliolistilio_0_111111111111 - by solve( (#vr.18, 0) ~~> (#vk, 0) ) - qed - qed - next - case case_2 - solve( Insert( ~n.1, lio ) @ #t2 ) - case insertstateinit_0_11211 - solve( Insert( ~n.4, lio ) @ #t2.1 ) - case insertstateinit_0_1111 - by contradiction /* impossible chain */ - qed - qed - qed - qed -qed - -restriction Restr_ReportRule_1: - "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'l'))" - // safety formula -rule (modulo E) ReportRule[color=#ffffff, process="new init;"]: - [ In( ) ] - --[ Restr_ReportRule_1( loc ) ]-> - [ Out( rep(x, loc) ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) Init[color=#ffffff, process="new init;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newinit_0_[color=#ffffff, process="new init;"]: - [ State_( ), Fr( init ) ] --> [ State_1( init ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="!"]: - [ State_1( init ) ] --> [ !Semistate_11( init ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_1[color=#ffffff, process="!"]: - [ !Semistate_11( init ) ] --> [ State_11( init ) ] - - /* has exactly the trivial AC variant */ +predicate: Report( x, y )<=>¬(y = 'loc') -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( init ) ] --> [ State_111( init ), State_112( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newstate_0_111[color=#ffffff, process="new state;"]: - [ State_111( init ), Fr( state ) ] --> [ State_1111( init, state ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) insertstateinit_0_1111[color=#ffffff, - process="insert state,init;"]: - [ State_1111( init, state ) ] - --[ Insert( state, init ) ]-> - [ State_11111( init, state ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11111[color=#ffffff, process="!"]: - [ State_11111( init, state ) ] --> [ !Semistate_111111( init, state ) ] +lemma can_run_v: + exists-trace "∃ #i m. Local( m, 'loc' ) @ #i" +/* +guarded formula characterizing all satisfying traces: +"∃ #i m. (Local( m, 'loc' ) @ #i)" +*/ +simplify +solve( State_1211111111111( StateChannel, lock, state2, i.1, lio, o, r + ) ▶₀ #i ) + case ifoiliocheckreprloc_0_121111111111_case_1 + solve( State_111111111( StateChannel, lock, lio, state ) ▶₀ #vr.8 ) + case p_1_11111_case_1 + solve( L_CellLocked( ~n.2, ~n.1 ) ▶₁ #i ) + case p_1_121111 + solve( L_PureState( ~n.2, 'init' ) ▶₂ #vr.2 ) + case p_1_12 + solve( L_CellLocked( ~n.6, ~n.4 ) ▶₁ #vr.6 ) + case p_1_11111 + solve( !KU( prog(~n.3, i.1, 'init') ) @ #vk.4 ) + case eventRemoteprogrilioilioloc_0_111111111111_case_1 + SOLVED // trace found + qed + qed + qed + qed + qed +qed - /* has exactly the trivial AC variant */ +lemma simp [reuse]: + all-traces + "∀ #i m. (!KU( rep(m, 'loc') ) @ #i) ⇒ (∃ #j. Remote( m, 'loc' ) @ #j)" +/* +guarded formula characterizing all counter-examples: +"∃ #i m. + (!KU( rep(m, 'loc') ) @ #i) ∧ ∀ #j. (Remote( m, 'loc' ) @ #j) ⇒ ⊥" +*/ +simplify +solve( !KU( rep(m, 'loc') ) @ #i ) + case ReportRule + by contradiction /* from formulas */ +next + case eventRemoteprogrilioilioloc_0_111111111111_case_1 + by contradiction /* from formulas */ +next + case eventRemoteprogrilioilioloc_0_111111111111_case_2 + solve( State_111111111( StateChannel, lock, lio, state ) ▶₀ #vr.5 ) + case p_1_11111_case_1 + by contradiction /* forbidden KD-fact */ + next + case p_1_11111_case_2 + by solve( (#vr.4, 0) ~~> (#i, 0) ) + qed +qed -rule (modulo E) p_1_11111[color=#ffffff, process="!"]: - [ !Semistate_111111( init, state ) ] --> [ State_111111( init, state ) ] +lemma attested_comput: + all-traces + "∀ #i m. (Local( m, 'loc' ) @ #i) ⇒ (∃ #j. Remote( m, 'loc' ) @ #j)" +/* +guarded formula characterizing all counter-examples: +"∃ #i m. (Local( m, 'loc' ) @ #i) ∧ ∀ #j. (Remote( m, 'loc' ) @ #j) ⇒ ⊥" +*/ +simplify +solve( State_1211111111111( StateChannel, lock, state2, i.1, lio, o, r + ) ▶₀ #i ) + case ifoiliocheckreprloc_0_121111111111_case_1 + by contradiction /* from formulas */ +next + case ifoiliocheckreprloc_0_121111111111_case_2 + by contradiction /* from formulas */ +qed - /* has exactly the trivial AC variant */ -rule (modulo E) lockstate_0_111111[color=#405280, process="lock state;"]: - [ State_111111( init, state ), Fr( lock ) ] - --[ Lock_0( '0', lock, state ), Lock( '0', lock, state ) ]-> - [ State_1111111( init, lock, state ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) lookupstateaslio_0_1111111[color=#405280, - process="lookup state as lio"]: - [ State_1111111( init, lock, state ) ] - --[ IsIn( state, lio ) ]-> - [ State_11111111( init, lio, lock, state ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) lookupstateaslio_1_1111111[color=#405280, - process="lookup state as lio"]: - [ State_1111111( init, lock, state ) ] - --[ IsNotSet( state ) ]-> - [ State_11111112( init, lock, state ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) ini_0_11111111[color=#405280, process="in(i);"]: - [ State_11111111( init, lio, lock, state ), In( i ) ] - --> - [ State_111111111( i, init, lio, lock, state ) ] - /* has exactly the trivial AC variant */ +restriction Restr_ReportRule_1: + "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'loc'))" + // safety formula -rule (modulo E) newr_0_111111111[color=#405280, process="new r;"]: - [ State_111111111( i, init, lio, lock, state ), Fr( r ) ] - --> - [ State_1111111111( i, init, lio, lock, r, state ) ] +rule (modulo E) ReportRule[color=#ffffff, process="!"]: + [ In( ) ] + --[ Restr_ReportRule_1( loc ) ]-> + [ Out( rep(x, loc) ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventRemoteprogrilioiliol_0_1111111111[color=#405280, - process="event Remote( , 'l' );"]: - [ State_1111111111( i, init, lio, lock, r, state ) ] - --[ Remote( , 'l' ) ]-> - [ State_11111111111( i, init, lio, lock, r, state ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) outprogriliorepprogrilioiliol_0_11111111111[color=#405280, - process="out(, 'l')>);"]: - [ State_11111111111( i, init, lio, lock, r, state ) ] +rule (modulo E) newstate_0_11[color=#ffffff, process="new state.1;"]: + [ State_11( ), Fr( state.1 ), Fr( StateChannel ) ] --> [ - State_111111111111( i, init, lio, lock, r, state ), - Out( , 'l')> ) + !Semistate_111111( StateChannel, state.1 ), + L_PureState( state.1, 'init' ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) insertstatelistprogriliolistilio_0_111111111111[color=#405280, - process="insert state,list(prog(r, i, lio), list(i, lio));"]: - [ State_111111111111( i, init, lio, lock, r, state ) ] - --[ Insert( state, list(prog(r, i, lio), list(i, lio)) ) ]-> - [ State_1111111111111( i, init, lio, lock, r, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockstate_0_1111111111111[color=#405280, - process="unlock state;"]: - [ State_1111111111111( i, init, lio, lock, r, state ) ] - --[ Unlock_0( '0', lock, state ), Unlock( '0', lock, state ) ]-> - [ State_11111111111111( i, init, lio, lock, r, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111111[color=#405280, process="0"]: - [ State_11111111111111( i, init, lio, lock, r, state ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111112[color=#405280, process="0"]: - [ State_11111112( init, lock, state ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_112[color=#ffffff, process="!"]: - [ State_112( init ) ] --> [ !Semistate_1121( init ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_112[color=#ffffff, process="!"]: - [ !Semistate_1121( init ) ] --> [ State_1121( init ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newstate_0_1121[color=#ffffff, process="new state;"]: - [ State_1121( init ), Fr( state ) ] --> [ State_11211( init, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertstateinit_0_11211[color=#ffffff, - process="insert state,init;"]: - [ State_11211( init, state ) ] - --[ Insert( state, init ) ]-> - [ State_112111( init, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_112111[color=#ffffff, process="!"]: - [ State_112111( init, state ) ] --> [ !Semistate_1121111( init, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_112111[color=#ffffff, process="!"]: - [ !Semistate_1121111( init, state ) ] - --> - [ State_1121111( init, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inior_0_1121111[color=#658040, process="in();"]: - [ State_1121111( init, state ), In( ) ] - --> - [ State_11211111( i, init, o, r, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockstate_0_11211111[color=#658040, - process="lock state;"]: - [ State_11211111( i, init, o, r, state ), Fr( lock.1 ) ] - --[ Lock_1( '1', lock.1, state ), Lock( '1', lock.1, state ) ]-> - [ State_112111111( i, init, o, r, state, lock.1 ) ] - /* - rule (modulo AC) lockstate_0_11211111[color=#658040, - process="lock state;"]: - [ State_11211111( i, init, o, r, state ), Fr( lock ) ] - --[ Lock_1( '1', lock, state ), Lock( '1', lock, state ) ]-> - [ State_112111111( i, init, o, r, state, lock ) ] + rule (modulo AC) newstate_0_11[color=#ffffff, process="new state.1;"]: + [ State_11( ), Fr( state ), Fr( StateChannel ) ] + --> + [ !Semistate_111111( StateChannel, state ), L_PureState( state, 'init' ) + ] */ -rule (modulo E) lookupstateaslio_0_112111111[color=#658040, - process="lookup state as lio"]: - [ State_112111111( i, init, o, r, state, lock.1 ) ] - --[ IsIn( state, lio ) ]-> - [ State_1121111111( i, init, lio, o, r, state, lock.1 ) ] - - /* - rule (modulo AC) lookupstateaslio_0_112111111[color=#658040, - process="lookup state as lio"]: - [ State_112111111( i, init, o, r, state, lock ) ] - --[ IsIn( state, lio ) ]-> - [ State_1121111111( i, init, lio, o, r, state, lock ) ] - */ - -rule (modulo E) lookupstateaslio_1_112111111[color=#658040, - process="lookup state as lio"]: - [ State_112111111( i, init, o, r, state, lock.1 ) ] - --[ IsNotSet( state ) ]-> - [ State_1121111112( i, init, o, r, state, lock.1 ) ] +rule (modulo E) p_1_11111[color=#ffffff, process="!"]: + [ + !Semistate_111111( StateChannel, state.1 ), + L_PureState( state.1, lio.1 ), Fr( lock ) + ] + --> + [ + State_111111111( StateChannel, lock, lio.1, state.1 ), + L_CellLocked( state.1, lock ) + ] /* - rule (modulo AC) lookupstateaslio_1_112111111[color=#658040, - process="lookup state as lio"]: - [ State_112111111( i, init, o, r, state, lock ) ] - --[ IsNotSet( state ) ]-> - [ State_1121111112( i, init, o, r, state, lock ) ] + rule (modulo AC) p_1_11111[color=#ffffff, process="!"]: + [ + !Semistate_111111( StateChannel, state ), L_PureState( state, lio ), + Fr( lock ) + ] + --> + [ + State_111111111( StateChannel, lock, lio, state ), + L_CellLocked( state, lock ) + ] */ -rule (modulo E) ifoiliocheckreprl_0_1121111111[color=#658040, - process="if =check_rep(r, 'l')"]: - [ State_1121111111( i, init, lio, o, r, state, lock.1 ) ] - --[ Pred_Eq( , check_rep(r, 'l') ) ]-> - [ State_11211111111( i, init, lio, o, r, state, lock.1 ) ] +rule (modulo E) eventReadlio_0_111111111[color=#405280, + process="event Read( lio.1 );"]: + [ + State_111111111( StateChannel, lock, lio.1, state.1 ), In( i.1 ), + Fr( r.1 ) + ] + --[ Read( lio.1 ) ]-> + [ State_111111111111( StateChannel, lock, i.1, lio.1, r.1, state.1 ) ] + // loop breaker: [0] /* - rule (modulo AC) ifoiliocheckreprl_0_1121111111[color=#658040, - process="if =check_rep(r, 'l')"]: - [ State_1121111111( i, init, lio, o, r, state, lock ) ] - --[ Pred_Eq( , z ) ]-> - [ State_11211111111( i, init, lio, o, r, state, lock ) ] - variants (modulo AC) - 1. r = r.10 - z = check_rep(r.10, 'l') - - 2. r = rep(x.10, 'l') - z = x.10 + rule (modulo AC) eventReadlio_0_111111111[color=#405280, + process="event Read( lio.1 );"]: + [ State_111111111( StateChannel, lock, lio, state ), In( i ), Fr( r ) ] + --[ Read( lio ) ]-> + [ State_111111111111( StateChannel, lock, i, lio, r, state ) ] + // loop breaker: [0] */ -rule (modulo E) ifoiliocheckreprl_1_1121111111[color=#658040, - process="if =check_rep(r, 'l')"]: - [ State_1121111111( i, init, lio, o, r, state, lock.1 ) ] - --[ Pred_Not_Eq( , check_rep(r, 'l') ) ]-> - [ State_11211111112( i, init, lio, o, r, state, lock.1 ) ] +rule (modulo E) eventRemoteprogrilioilioloc_0_111111111111[color=#405280, + process="event Remote( , 'loc' );"]: + [ + State_111111111111( StateChannel, lock, i.1, lio.1, r.1, state.1 ), + L_CellLocked( state.1, lock ) + ] + --[ Remote( , 'loc' ) ]-> + [ + L_PureState( state.1, list(prog(r.1, i.1, lio.1), list(i.1, lio.1)) ), + Out( , 'loc')> + ) + ] + // loop breaker: [1] /* - rule (modulo AC) ifoiliocheckreprl_1_1121111111[color=#658040, - process="if =check_rep(r, 'l')"]: - [ State_1121111111( i, init, lio, o, r, state, lock ) ] - --[ Pred_Not_Eq( , z ) ]-> - [ State_11211111112( i, init, lio, o, r, state, lock ) ] - variants (modulo AC) - 1. r = r.10 - z = check_rep(r.10, 'l') - - 2. r = rep(x.10, 'l') - z = x.10 + rule (modulo AC) eventRemoteprogrilioilioloc_0_111111111111[color=#405280, + process="event Remote( , 'loc' );"]: + [ + State_111111111111( StateChannel, lock, i, lio, r, state ), + L_CellLocked( state, lock ) + ] + --[ Remote( , 'loc' ) ]-> + [ + L_PureState( state, list(prog(r, i, lio), list(i, lio)) ), + Out( , 'loc')> ) + ] + // loop breaker: [1] */ -rule (modulo E) eventLocaloiliol_0_11211111111[color=#658040, - process="event Local( , 'l' );"]: - [ State_11211111111( i, init, lio, o, r, state, lock.1 ) ] - --[ Local( , 'l' ) ]-> - [ State_112111111111( i, init, lio, o, r, state, lock.1 ) ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] --> [ !Semistate_121( ), State_11( ) ] - /* - rule (modulo AC) eventLocaloiliol_0_11211111111[color=#658040, - process="event Local( , 'l' );"]: - [ State_11211111111( i, init, lio, o, r, state, lock ) ] - --[ Local( , 'l' ) ]-> - [ State_112111111111( i, init, lio, o, r, state, lock ) ] - */ + /* has exactly the trivial AC variant */ -rule (modulo E) insertstatelistolistilio_0_112111111111[color=#658040, - process="insert state,list(o, list(i, lio));"]: - [ State_112111111111( i, init, lio, o, r, state, lock.1 ) ] - --[ Insert( state, list(o, list(i, lio)) ) ]-> - [ State_1121111111111( i, init, lio, o, r, state, lock.1 ) ] +rule (modulo E) p_1_12[color=#ffffff, process="!"]: + [ !Semistate_121( ), Fr( state2.1 ), Fr( StateChannel.1 ) ] + --> + [ + !Semistate_1211111( StateChannel.1, state2.1 ), + L_PureState( state2.1, 'init' ) + ] /* - rule (modulo AC) insertstatelistolistilio_0_112111111111[color=#658040, - process="insert state,list(o, list(i, lio));"]: - [ State_112111111111( i, init, lio, o, r, state, lock ) ] - --[ Insert( state, list(o, list(i, lio)) ) ]-> - [ State_1121111111111( i, init, lio, o, r, state, lock ) ] + rule (modulo AC) p_1_12[color=#ffffff, process="!"]: + [ !Semistate_121( ), Fr( state2 ), Fr( StateChannel ) ] + --> + [ + !Semistate_1211111( StateChannel, state2 ), L_PureState( state2, 'init' ) + ] */ -rule (modulo E) unlockstate_0_1121111111111[color=#658040, - process="unlock state;"]: - [ State_1121111111111( i, init, lio, o, r, state, lock.1 ) ] - --[ Unlock_1( '1', lock.1, state ), Unlock( '1', lock.1, state ) ]-> - [ State_11211111111111( i, init, lio, o, r, state, lock.1 ) ] +rule (modulo E) p_1_121111[color=#ffffff, process="!"]: + [ + !Semistate_1211111( StateChannel.1, state2.1 ), In( ), + L_PureState( state2.1, lio.2 ), Fr( lock.1 ) + ] + --> + [ + State_12111111111( StateChannel.1, lock.1, state2.1, i.2, lio.2, o.2, r.2 + ), + L_CellLocked( state2.1, lock.1 ) + ] + // loop breaker: [2] /* - rule (modulo AC) unlockstate_0_1121111111111[color=#658040, - process="unlock state;"]: - [ State_1121111111111( i, init, lio, o, r, state, lock ) ] - --[ Unlock_1( '1', lock, state ), Unlock( '1', lock, state ) ]-> - [ State_11211111111111( i, init, lio, o, r, state, lock ) ] + rule (modulo AC) p_1_121111[color=#ffffff, process="!"]: + [ + !Semistate_1211111( StateChannel, state2 ), In( ), + L_PureState( state2, lio ), Fr( lock ) + ] + --> + [ + State_12111111111( StateChannel, lock, state2, i, lio, o, r ), + L_CellLocked( state2, lock ) + ] + // loop breaker: [2] */ -rule (modulo E) p_0_11211111111111[color=#658040, process="0"]: - [ State_11211111111111( i, init, lio, o, r, state, lock.1 ) ] --> [ ] +rule (modulo E) eventReadlio_0_12111111111[color=#658040, + process="event Read( lio.2 );"]: + [ + State_12111111111( StateChannel.1, lock.1, state2.1, i.2, lio.2, o.2, r.2 + ) + ] + --[ Read( lio.2 ) ]-> + [ + State_121111111111( StateChannel.1, lock.1, state2.1, i.2, lio.2, o.2, + r.2 + ) + ] /* - rule (modulo AC) p_0_11211111111111[color=#658040, process="0"]: - [ State_11211111111111( i, init, lio, o, r, state, lock ) ] --> [ ] + rule (modulo AC) eventReadlio_0_12111111111[color=#658040, + process="event Read( lio.2 );"]: + [ State_12111111111( StateChannel, lock, state2, i, lio, o, r ) ] + --[ Read( lio ) ]-> + [ State_121111111111( StateChannel, lock, state2, i, lio, o, r ) ] */ -rule (modulo E) unlockstate_0_11211111112[color=#658040, - process="unlock state;"]: - [ State_11211111112( i, init, lio, o, r, state, lock.1 ) ] - --[ Unlock_1( '1', lock.1, state ), Unlock( '1', lock.1, state ) ]-> - [ State_112111111121( i, init, lio, o, r, state, lock.1 ) ] +rule (modulo E) ifoiliocheckreprloc_0_121111111111[color=#658040, + process="if =check_rep(r.2, 'loc')"]: + [ + State_121111111111( StateChannel.1, lock.1, state2.1, i.2, lio.2, o.2, + r.2 + ) + ] + --[ Pred_Eq( , check_rep(r.2, 'loc') ) ]-> + [ + State_1211111111111( StateChannel.1, lock.1, state2.1, i.2, lio.2, o.2, + r.2 + ) + ] /* - rule (modulo AC) unlockstate_0_11211111112[color=#658040, - process="unlock state;"]: - [ State_11211111112( i, init, lio, o, r, state, lock ) ] - --[ Unlock_1( '1', lock, state ), Unlock( '1', lock, state ) ]-> - [ State_112111111121( i, init, lio, o, r, state, lock ) ] + rule (modulo AC) ifoiliocheckreprloc_0_121111111111[color=#658040, + process="if =check_rep(r.2, 'loc')"]: + [ State_121111111111( StateChannel, lock, state2, i, lio, o, r ) ] + --[ Pred_Eq( , z ) ]-> + [ State_1211111111111( StateChannel, lock, state2, i, lio, o, r ) ] + variants (modulo AC) + 1. r = r.12 + z = check_rep(r.12, 'loc') + + 2. r = rep(x.11, 'loc') + z = x.11 */ -rule (modulo E) p_0_112111111121[color=#658040, process="0"]: - [ State_112111111121( i, init, lio, o, r, state, lock.1 ) ] --> [ ] +rule (modulo E) eventLocaloilioloc_0_1211111111111[color=#658040, + process="event Local( , 'loc' );"]: + [ + State_1211111111111( StateChannel.1, lock.1, state2.1, i.2, lio.2, o.2, + r.2 + ), + L_CellLocked( state2.1, lock.1 ) + ] + --[ Local( , 'loc' ) ]-> + [ L_PureState( state2.1, list(o.2, list(i.2, lio.2)) ) ] + // loop breaker: [1] /* - rule (modulo AC) p_0_112111111121[color=#658040, process="0"]: - [ State_112111111121( i, init, lio, o, r, state, lock ) ] --> [ ] + rule (modulo AC) eventLocaloilioloc_0_1211111111111[color=#658040, + process="event Local( , 'loc' );"]: + [ + State_1211111111111( StateChannel, lock, state2, i, lio, o, r ), + L_CellLocked( state2, lock ) + ] + --[ Local( , 'loc' ) ]-> + [ L_PureState( state2, list(o, list(i, lio)) ) ] + // loop breaker: [1] */ -rule (modulo E) p_0_1121111112[color=#658040, process="0"]: - [ State_1121111112( i, init, o, r, state, lock.1 ) ] --> [ ] +rule (modulo E) ifoiliocheckreprloc_1_121111111111[color=#658040, + process="if =check_rep(r.2, 'loc')"]: + [ + State_121111111111( StateChannel.1, lock.1, state2.1, i.2, lio.2, o.2, + r.2 + ), + L_CellLocked( state2.1, lock.1 ) + ] + --[ Pred_Not_Eq( , check_rep(r.2, 'loc') ) ]-> + [ L_PureState( state2.1, lio.2 ) ] + // loop breaker: [1] /* - rule (modulo AC) p_0_1121111112[color=#658040, process="0"]: - [ State_1121111112( i, init, o, r, state, lock ) ] --> [ ] + rule (modulo AC) ifoiliocheckreprloc_1_121111111111[color=#658040, + process="if =check_rep(r.2, 'loc')"]: + [ + State_121111111111( StateChannel, lock, state2, i, lio, o, r ), + L_CellLocked( state2, lock ) + ] + --[ Pred_Not_Eq( , z ) ]-> + [ L_PureState( state2, lio ) ] + variants (modulo AC) + 1. r = r.12 + z = check_rep(r.12, 'loc') + + 2. r = rep(x.11, 'loc') + z = x.11 + // loop breaker: [1] */ -restriction set_in: - "∀ x y #t3. - (IsIn( x, y ) @ #t3) ⇒ - (∃ #t2. - ((Insert( x, y ) @ #t2) ∧ (#t2 < #t3)) ∧ - (∀ #t1 yp. - (Insert( x, yp ) @ #t1) ⇒ (((#t1 < #t2) ∨ (#t1 = #t2)) ∨ (#t3 < #t1))))" - -restriction set_notin: - "∀ x #t3. - (IsNotSet( x ) @ #t3) ⇒ (∀ #t1 y. (Insert( x, y ) @ #t1) ⇒ (#t3 < #t1))" - // safety formula - restriction predicate_eq: "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" // safety formula @@ -1002,44 +374,12 @@ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" // safety formula -restriction locking_0: - "∀ p pp l x lp #t1 #t3. - ((Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_0( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - -restriction locking_1: - "∀ p pp l x lp #t1 #t3. - ((Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_1( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - /* All well-formedness checks were successful. */ end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -1049,8 +389,10 @@ analyzing: examples/sapic/fast/feature-locations/AC.spthy analyzed: examples/sapic/fast/feature-locations/AC.spthy output: examples/sapic/fast/feature-locations/AC.spthy.tmp - processing time: 8.752980035s - attested_comput (all-traces): verified (184 steps) + processing time: 0.871507562s + can_run_v (exists-trace): verified (8 steps) + simp (all-traces): verified (7 steps) + attested_comput (all-traces): verified (4 steps) ------------------------------------------------------------------------------ @@ -1060,8 +402,10 @@ summary of summaries: analyzed: examples/sapic/fast/feature-locations/AC.spthy output: examples/sapic/fast/feature-locations/AC.spthy.tmp - processing time: 8.752980035s - attested_comput (all-traces): verified (184 steps) + processing time: 0.871507562s + can_run_v (exists-trace): verified (8 steps) + simp (all-traces): verified (7 steps) + attested_comput (all-traces): verified (4 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/feature-locations/AC_counter_with_attack_analyzed.spthy b/case-studies-regression/sapic/fast/feature-locations/AC_counter_with_attack_analyzed.spthy new file mode 100644 index 000000000..3fde273e3 --- /dev/null +++ b/case-studies-regression/sapic/fast/feature-locations/AC_counter_with_attack_analyzed.spthy @@ -0,0 +1,540 @@ +theory AC_counter begin + +// Function signature and definition of the equational theory E + +functions: check_rep/2[destructor], fst/1[destructor], + get_rep/1[destructor], list/2, null/0, pair/2, prog/3, + rep/2[private,destructor], report/1, snd/1[destructor], succ/1 +equations: + check_rep(rep(x.1, x.2), x.2) = x.1, + fst() = x.1, + get_rep(rep(x.1, x.2)) = x.1, + snd() = x.2 + +heuristic: S + +/* looping facts with injective instances: L_CellLocked/2, L_PureState/2 +*/ + + + +predicate: Report( x, y )<=>¬(y = 'l') + + + + + + + +lemma attested_comput_second_step [reuse]: + all-traces + "∀ #t1 o2 i2 o i. + (Voutput( ) @ #t1) ⇒ + (∃ #t2. (Poutput( ) @ #t2) ∧ (#t2 < #t1))" +/* +guarded formula characterizing all counter-examples: +"∃ #t1 o2 i2 o i. + (Voutput( ) @ #t1) + ∧ + ∀ #t2. (Poutput( ) @ #t2) ⇒ ¬(#t2 < #t1)" +*/ +simplify +solve( State_121111111111111( StateChannel, lock, signedios, counter, i2, + , o2, st, state + ) ▶₀ #t1 ) + case ifoipcountercheckrepsignediosl_0_12111111111111_case_1 + solve( Let_1111111111( , StateChannel, lock, , + state + ) ▶₀ #vr.13 ) + case p_1_11111_case_2 + solve( Let_1111111111( , StateChannel, lock, , ~n.7 + ) ▶₀ #vr.20 ) + case p_1_11111_case_1 + solve( L_CellLocked( ~n.4, ~n.1 ) ▶₁ #t1 ) + case p_1_121111 + solve( L_PureState( ~n.4, <, succ(null)> ) ▶₁ #vr.5 ) + case eventVoutputoipipo_0_121111111111111_case_1 + solve( Let_1111111111( , StateChannel, lock, , state + ) ▶₀ #vr.33 ) + case p_1_11111 + solve( L_CellLocked( ~n.7, ~n.6 ) ▶₃ #vr.9 ) + case p_1_11111 + solve( L_CellLocked( ~n.7, ~n.9 ) ▶₃ #vr.16 ) + case p_1_11111 + solve( L_CellLocked( ~n.5, ~n.10 ) ▶₁ #vr.22 ) + case p_1_121111 + solve( L_PureState( ~n.5, <'init', null> ) ▶₁ #vr.28 ) + case p_1_12 + solve( L_CellLocked( ~n.12, ~n.11 ) ▶₃ #vr.29 ) + case p_1_11111 + solve( !KU( prog(~n.2, i2, ) + ) @ #vk.5 ) + case inip_0_11111111111_case_1 + solve( !KU( prog(~n.4, i, 'init') ) @ #vk.8 ) + case inip_0_11111111111_case_1 + SOLVED // trace found + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed + qed +qed + + + + + + + + + + + + + + + + + +restriction Restr_ReportRule_1: + "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'l'))" + // safety formula + +rule (modulo E) ReportRule[color=#ffffff, process="!"]: + [ In( ) ] + --[ Restr_ReportRule_1( loc ) ]-> + [ Out( rep(x, loc) ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) newstate_0_11[color=#ffffff, process="new state.1;"]: + [ State_11( ), Fr( state.1 ), Fr( StateChannel ) ] + --> + [ + !Semistate_111111( StateChannel, state.1 ), + L_PureState( state.1, <'init', null> ) + ] + + /* + rule (modulo AC) newstate_0_11[color=#ffffff, process="new state.1;"]: + [ State_11( ), Fr( state ), Fr( StateChannel ) ] + --> + [ + !Semistate_111111( StateChannel, state ), + L_PureState( state, <'init', null> ) + ] + */ + +rule (modulo E) p_1_11111[color=#ffffff, process="!"]: + [ + !Semistate_111111( StateChannel, state.1 ), L_PureState( state.1, st.1 ), + Fr( lock ) + ] + --> + [ + Let_1111111111( st.1, StateChannel, lock, st.1, state.1 ), + L_CellLocked( state.1, lock ) + ] + + /* + rule (modulo AC) p_1_11111[color=#ffffff, process="!"]: + [ + !Semistate_111111( StateChannel, state ), L_PureState( state, st ), + Fr( lock ) + ] + --> + [ + Let_1111111111( st, StateChannel, lock, st, state ), + L_CellLocked( state, lock ) + ] + */ + +rule (modulo E) letipofstst_1_111111111[color=#ffffff, + process="let ipo.1=fst(st.1)"]: + [ Let_1111111111( , StateChannel, lock, st.1, state.1 ) ] + --> + [ State_1111111111( StateChannel, lock, ipo.1, st.1, state.1 ) ] + + // loop breaker: [0] + /* + rule (modulo AC) letipofstst_1_111111111[color=#ffffff, + process="let ipo.1=fst(st.1)"]: + [ Let_1111111111( , StateChannel, lock, st, state ) ] + --> + [ State_1111111111( StateChannel, lock, ipo, st, state ) ] + // loop breaker: [0] + */ + +rule (modulo E) letcountersndst_0_1111111111[color=#ffffff, + process="let counter.1=snd(st.1)"]: + [ State_1111111111( StateChannel, lock, ipo.1, st.1, state.1 ) ] + --> + [ Let_11111111111( st.1, StateChannel, lock, ipo.1, st.1, state.1 ) ] + + /* + rule (modulo AC) letcountersndst_0_1111111111[color=#ffffff, + process="let counter.1=snd(st.1)"]: + [ State_1111111111( StateChannel, lock, ipo, st, state ) ] + --> + [ Let_11111111111( st, StateChannel, lock, ipo, st, state ) ] + */ + +rule (modulo E) letcountersndst_1_1111111111[color=#ffffff, + process="let counter.1=snd(st.1)"]: + [ + Let_11111111111( , StateChannel, lock, ipo.1, st.1, + state.1 + ) + ] + --> + [ + State_11111111111( StateChannel, lock, counter.1, ipo.1, st.1, state.1 ) + ] + + /* + rule (modulo AC) letcountersndst_1_1111111111[color=#ffffff, + process="let counter.1=snd(st.1)"]: + [ Let_11111111111( , StateChannel, lock, ipo, st, state ) ] + --> + [ State_11111111111( StateChannel, lock, counter, ipo, st, state ) ] + */ + +rule (modulo E) inip_0_11111111111[color=#405280, process="in(ip.1);"]: + [ + State_11111111111( StateChannel, lock, counter.1, ipo.1, st.1, state.1 ), + In( ip.1 ), Fr( r.1 ), L_CellLocked( state.1, lock ) + ] + --[ Poutput( ) ]-> + [ + L_PureState( state.1, + <, succ(counter.1)> + ), + Out( , 'l')> + ) + ] + + // loop breaker: [3] + /* + rule (modulo AC) inip_0_11111111111[color=#405280, process="in(ip.1);"]: + [ + State_11111111111( StateChannel, lock, counter, ipo, st, state ), + In( ip ), Fr( r ), L_CellLocked( state, lock ) + ] + --[ Poutput( ) ]-> + [ + L_PureState( state, <, succ(counter)> ), + Out( , 'l')> ) + ] + // loop breaker: [3] + */ + +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] --> [ !Semistate_121( ), State_11( ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) p_1_12[color=#ffffff, process="!"]: + [ !Semistate_121( ), Fr( state.2 ), Fr( StateChannel.1 ) ] + --> + [ + !Semistate_1211111( StateChannel.1, state.2 ), + L_PureState( state.2, <'init', null> ) + ] + + /* + rule (modulo AC) p_1_12[color=#ffffff, process="!"]: + [ !Semistate_121( ), Fr( state ), Fr( StateChannel ) ] + --> + [ + !Semistate_1211111( StateChannel, state ), + L_PureState( state, <'init', null> ) + ] + */ + +rule (modulo E) p_1_121111[color=#ffffff, process="!"]: + [ + !Semistate_1211111( StateChannel.1, state.2 ), + L_PureState( state.2, st.2 ), Fr( lock.1 ) + ] + --> + [ + Let_12111111111( st.2, StateChannel.1, lock.1, st.2, state.2 ), + L_CellLocked( state.2, lock.1 ) + ] + + // loop breaker: [1] + /* + rule (modulo AC) p_1_121111[color=#ffffff, process="!"]: + [ + !Semistate_1211111( StateChannel, state ), L_PureState( state, st ), + Fr( lock ) + ] + --> + [ + Let_12111111111( st, StateChannel, lock, st, state ), + L_CellLocked( state, lock ) + ] + // loop breaker: [1] + */ + +rule (modulo E) letipofstst_1_1211111111[color=#ffffff, + process="let ipo.2=fst(st.2)"]: + [ Let_12111111111( , StateChannel.1, lock.1, st.2, state.2 ) + ] + --> + [ State_12111111111( StateChannel.1, lock.1, ipo.2, st.2, state.2 ) ] + + /* + rule (modulo AC) letipofstst_1_1211111111[color=#ffffff, + process="let ipo.2=fst(st.2)"]: + [ Let_12111111111( , StateChannel, lock, st, state ) ] + --> + [ State_12111111111( StateChannel, lock, ipo, st, state ) ] + */ + +rule (modulo E) letcountersndst_0_12111111111[color=#ffffff, + process="let counter.2=snd(st.2)"]: + [ State_12111111111( StateChannel.1, lock.1, ipo.2, st.2, state.2 ) ] + --> + [ Let_121111111111( st.2, StateChannel.1, lock.1, ipo.2, st.2, state.2 ) + ] + + /* + rule (modulo AC) letcountersndst_0_12111111111[color=#ffffff, + process="let counter.2=snd(st.2)"]: + [ State_12111111111( StateChannel, lock, ipo, st, state ) ] + --> + [ Let_121111111111( st, StateChannel, lock, ipo, st, state ) ] + */ + +rule (modulo E) letcountersndst_1_12111111111[color=#ffffff, + process="let counter.2=snd(st.2)"]: + [ + Let_121111111111( , StateChannel.1, lock.1, ipo.2, st.2, + state.2 + ) + ] + --> + [ + State_121111111111( StateChannel.1, lock.1, counter.2, ipo.2, st.2, + state.2 + ) + ] + + /* + rule (modulo AC) letcountersndst_1_12111111111[color=#ffffff, + process="let counter.2=snd(st.2)"]: + [ Let_121111111111( , StateChannel, lock, ipo, st, state ) ] + --> + [ State_121111111111( StateChannel, lock, counter, ipo, st, state ) ] + */ + +rule (modulo E) inip_0_121111111111[color=#658040, process="in(ip.2);"]: + [ + State_121111111111( StateChannel.1, lock.1, counter.2, ipo.2, st.2, + state.2 + ), + In( ip.2 ), In( ) + ] + --> + [ + State_12111111111111( StateChannel.1, lock.1, signedios.1, counter.2, + ip.2, ipo.2, o.2, st.2, state.2 + ) + ] + + /* + rule (modulo AC) inip_0_121111111111[color=#658040, process="in(ip.2);"]: + [ + State_121111111111( StateChannel, lock, counter, ipo, st, state ), + In( ip ), In( ) + ] + --> + [ + State_12111111111111( StateChannel, lock, signedios, counter, ip, ipo, o, + st, state + ) + ] + */ + +rule (modulo E) ifoipcountercheckrepsignediosl_0_12111111111111[color=#658040, + process="if =check_rep(signedios.1, 'l')"]: + [ + State_12111111111111( StateChannel.1, lock.1, signedios.1, counter.2, + ip.2, ipo.2, o.2, st.2, state.2 + ) + ] + --[ Pred_Eq( , check_rep(signedios.1, 'l') ) ]-> + [ + State_121111111111111( StateChannel.1, lock.1, signedios.1, counter.2, + ip.2, ipo.2, o.2, st.2, state.2 + ) + ] + + /* + rule (modulo AC) ifoipcountercheckrepsignediosl_0_12111111111111[color=#658040, + process="if =check_rep(signedios.1, 'l')"]: + [ + State_12111111111111( StateChannel, lock, signedios, counter, ip, ipo, o, + st, state + ) + ] + --[ Pred_Eq( , z ) ]-> + [ + State_121111111111111( StateChannel, lock, signedios, counter, ip, ipo, + o, st, state + ) + ] + variants (modulo AC) + 1. signedios + = signedios.13 + z = check_rep(signedios.13, 'l') + + 2. signedios + = rep(x.13, 'l') + z = x.13 + */ + +rule (modulo E) eventVoutputoipipo_0_121111111111111[color=#658040, + process="event Voutput( );"]: + [ + State_121111111111111( StateChannel.1, lock.1, signedios.1, counter.2, + ip.2, ipo.2, o.2, st.2, state.2 + ), + L_CellLocked( state.2, lock.1 ) + ] + --[ Voutput( ) ]-> + [ L_PureState( state.2, <, succ(counter.2)> ) ] + + // loop breaker: [1] + /* + rule (modulo AC) eventVoutputoipipo_0_121111111111111[color=#658040, + process="event Voutput( );"]: + [ + State_121111111111111( StateChannel, lock, signedios, counter, ip, ipo, + o, st, state + ), + L_CellLocked( state, lock ) + ] + --[ Voutput( ) ]-> + [ L_PureState( state, <, succ(counter)> ) ] + // loop breaker: [1] + */ + +rule (modulo E) ifoipcountercheckrepsignediosl_1_12111111111111[color=#658040, + process="if =check_rep(signedios.1, 'l')"]: + [ + State_12111111111111( StateChannel.1, lock.1, signedios.1, counter.2, + ip.2, ipo.2, o.2, st.2, state.2 + ) + ] + --[ Pred_Not_Eq( , check_rep(signedios.1, 'l') ) + ]-> + [ + State_121111111111112( StateChannel.1, lock.1, signedios.1, counter.2, + ip.2, ipo.2, o.2, st.2, state.2 + ) + ] + + /* + rule (modulo AC) ifoipcountercheckrepsignediosl_1_12111111111111[color=#658040, + process="if =check_rep(signedios.1, 'l')"]: + [ + State_12111111111111( StateChannel, lock, signedios, counter, ip, ipo, o, + st, state + ) + ] + --[ Pred_Not_Eq( , z ) ]-> + [ + State_121111111111112( StateChannel, lock, signedios, counter, ip, ipo, + o, st, state + ) + ] + variants (modulo AC) + 1. signedios + = signedios.13 + z = check_rep(signedios.13, 'l') + + 2. signedios + = rep(x.13, 'l') + z = x.13 + */ + +rule (modulo E) eventFail_0_121111111111112[color=#658040, + process="event Fail( );"]: + [ + State_121111111111112( StateChannel.1, lock.1, signedios.1, counter.2, + ip.2, ipo.2, o.2, st.2, state.2 + ) + ] + --[ Fail( ) ]-> + [ ] + + /* + rule (modulo AC) eventFail_0_121111111111112[color=#658040, + process="event Fail( );"]: + [ + State_121111111111112( StateChannel, lock, signedios, counter, ip, ipo, + o, st, state + ) + ] + --[ Fail( ) ]-> + [ ] + */ + +restriction predicate_eq: + "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" + // safety formula + +restriction predicate_not_eq: + "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" + // safety formula + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/feature-locations/AC_counter_with_attack.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/feature-locations/AC_counter_with_attack.spthy + + output: examples/sapic/fast/feature-locations/AC_counter_with_attack.spthy.tmp + processing time: 6.645585059s + attested_comput_second_step (all-traces): falsified - found trace (15 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/feature-locations/AC_counter_with_attack.spthy + + output: examples/sapic/fast/feature-locations/AC_counter_with_attack.spthy.tmp + processing time: 6.645585059s + attested_comput_second_step (all-traces): falsified - found trace (15 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/feature-locations/AKE_analyzed.spthy b/case-studies-regression/sapic/fast/feature-locations/AKE_analyzed.spthy index 0367354d4..e440c6321 100644 --- a/case-studies-regression/sapic/fast/feature-locations/AKE_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-locations/AKE_analyzed.spthy @@ -2,19 +2,90 @@ theory AKE begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, check_rep/2, fst/1, get_rep/1, pair/2, pk/1, - rep/2 [private], report/1, sdec/2, senc/2, snd/1 +functions: adec/2[destructor], aenc/2, check_rep/2[destructor], first/1, + fst/1[destructor], get_rep/1[destructor], pair/2, pk/1, + rep/2[private,destructor], report/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, check_rep(rep(x.1, x.2), x.2) = x.1, + first() = x, fst() = x.1, get_rep(rep(x.1, x.2)) = x.1, - sdec(senc(x.1, x.2), x.2) = x.1, snd() = x.2 heuristic: p -predicate: Report( x, y )<=>¬(∃ z. y = <'loc', z>) + + + + +predicate: Report( x, y )<=>¬(first(y) = 'loc') + + + + + + + +lemma can_run_p: + exists-trace "∃ #t h1 h2. Poutput( h1, h2 ) @ #t" +/* +guarded formula characterizing all satisfying traces: +"∃ #t h1 h2. (Poutput( h1, h2 ) @ #t)" +*/ +simplify +solve( State_1111111( k, pkV ) ▶₀ #t ) + case p_1_1111 + SOLVED // trace found +qed + +lemma can_run_v: + exists-trace "∃ #t h1 h2. Voutput( h1, h2 ) @ #t" +/* +guarded formula characterizing all satisfying traces: +"∃ #t h1 h2. (Voutput( h1, h2 ) @ #t)" +*/ +simplify +solve( State_2111111111( cypher, skV, k, h2 ) ▶₀ #t ) + case ifcyphercheckrepsignedlocpkskVskey_0_211111111 + solve( !KU( aenc(~n, pk(~n.1)) ) @ #vk.2 ) + case eventPoutputaenckpkVrepaenckpkVlocpkV_0_1111111_case_1 + solve( !KU( pk(~n.1) ) @ #vk.3 ) + case p_1_2 + SOLVED // trace found + qed + qed +qed + +lemma sanity1: + exists-trace "∃ pka k #t1. SessionP( pka, k ) @ #t1" +/* +guarded formula characterizing all satisfying traces: +"∃ pka k #t1. (SessionP( pka, k ) @ #t1)" +*/ +simplify +solve( !Semistate_11111( pka ) ▶₀ #t1 ) + case p_1_1 + SOLVED // trace found +qed + +lemma sanity2: + exists-trace "∃ pka k #t1. SessionV( pka, k ) @ #t1" +/* +guarded formula characterizing all satisfying traces: +"∃ pka k #t1. (SessionV( pka, k ) @ #t1)" +*/ +simplify +solve( State_21111111111( cypher, skV, k, signed ) ▶₀ #t1 ) + case eventVoutputaenckpkskVskeysigned_0_2111111111 + solve( !KU( aenc(~n, pk(~n.1)) ) @ #vk.2 ) + case eventPoutputaenckpkVrepaenckpkVlocpkV_0_1111111_case_1 + solve( !KU( pk(~n.1) ) @ #vk.3 ) + case p_1_2 + SOLVED // trace found + qed + qed +qed lemma sanity3 [reuse]: all-traces @@ -29,242 +100,234 @@ guarded formula characterizing all counter-examples: ∀ #t2. (SessionP( pka, k ) @ #t2) ⇒ ¬(#t2 < #t1)" */ simplify -solve( State_121111111( init, k, signed, skV ) ▶₀ #t1 ) - case eventVoutputaenckpkskVsigned_0_12111111 +solve( State_21111111111( cypher, skV, k, signed ) ▶₀ #t1 ) + case eventVoutputaenckpkskVskeysigned_0_2111111111 by contradiction /* from formulas */ qed lemma secrecy [reuse]: all-traces - "¬(∃ pka k #t1 #t2. (SessionV( pka, k ) @ #t1) ∧ (K( k ) @ #t2))" + "¬(∃ pka k #t1 #t2. (SessionV( pka, k ) @ #t1) ∧ (!KU( k ) @ #t2))" /* guarded formula characterizing all counter-examples: -"∃ pka k #t1 #t2. (SessionV( pka, k ) @ #t1) ∧ (K( k ) @ #t2)" +"∃ pka k #t1 #t2. (SessionV( pka, k ) @ #t1) ∧ (!KU( k ) @ #t2)" */ simplify -solve( State_121111111( init, k, signed, skV ) ▶₀ #t1 ) - case eventVoutputaenckpkskVsigned_0_12111111 - solve( State_111111( init, ~n.1, ~n.2 ) ▶₀ #t2.1 ) - case newk_0_11111 - solve( State_111111( init, ~n.1, ~n.2 ) ▶₀ #t2.2 ) - case newk_0_11111 - solve( !KU( ~n.1 ) @ #vk.2 ) - case outaenckpkskVrepaenckpkskVlocpkskV_0_11111111_case_1 - by solve( !KU( ~n.2 ) @ #vk.5 ) - next - case outaenckpkskVrepaenckpkskVlocpkskV_0_11111111_case_2 - by solve( !KU( ~n.2 ) @ #vk.5 ) - qed - qed +solve( State_21111111111( cypher, skV, ~n, signed ) ▶₀ #t1 ) + case eventVoutputaenckpkskVskeysigned_0_2111111111 + solve( !KU( ~n ) @ #t2.1 ) + case eventPoutputaenckpkVrepaenckpkVlocpkV_0_1111111_case_1 + by solve( !KU( ~n.1 ) @ #vk.4 ) + next + case eventPoutputaenckpkVrepaenckpkVlocpkV_0_1111111_case_2 + by solve( !KU( ~n.1 ) @ #vk.4 ) + next + case eventPoutputaenckpkVrepaenckpkVlocpkV_0_1111111_case_3 + by solve( !KU( ~n.1 ) @ #vk.4 ) qed qed -restriction Restr_ReportRule_1: - "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(∃ z. x = <'loc', z>))" - // safety formula -rule (modulo E) ReportRule[color=#ffffff, process="new init;"]: - [ In( ) ] - --[ Restr_ReportRule_1( loc ) ]-> - [ Out( rep(x, loc) ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) Init[color=#ffffff, process="new init;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newinit_0_[color=#ffffff, process="new init;"]: - [ State_( ), Fr( init ) ] --> [ State_1( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( init ) ] --> [ State_11( init ), State_12( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11[color=#ffffff, process="!"]: - [ State_11( init ) ] --> [ !Semistate_111( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_11[color=#ffffff, process="!"]: - [ !Semistate_111( init ) ] --> [ State_111( init ) ] - /* has exactly the trivial AC variant */ +restriction Restr_ReportRule_1: + "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'loc'))" + // safety formula -rule (modulo E) inpkskV_0_111[color=#405280, process="in(pk(skV));"]: - [ State_111( init ), In( pk(skV) ) ] --> [ State_1111( init, skV ) ] +rule (modulo E) ReportRule[color=#ffffff, process="|"]: + [ In( ) ] + --[ Restr_ReportRule_1( first(loc) ) ]-> + [ Out( rep(x, loc) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ReportRule[color=#ffffff, process="|"]: + [ In( ) ] --[ Restr_ReportRule_1( z ) ]-> [ Out( rep(x, loc) ) ] + variants (modulo AC) + 1. loc = loc.4 + z = first(loc.4) + + 2. loc = + z = x.4 + */ -rule (modulo E) p_0_1111[color=#405280, process="!"]: - [ State_1111( init, skV ) ] --> [ !Semistate_11111( init, skV ) ] +rule (modulo E) p_1_1[color=#ffffff, process="!"]: + [ !Semistate_11( ), In( pkV.1 ) ] --> [ !Semistate_11111( pkV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_1[color=#ffffff, process="!"]: + [ !Semistate_11( ), In( pkV ) ] --> [ !Semistate_11111( pkV ) ] + */ rule (modulo E) p_1_1111[color=#405280, process="!"]: - [ !Semistate_11111( init, skV ) ] --> [ State_11111( init, skV ) ] + [ !Semistate_11111( pkV.1 ), Fr( k.1 ) ] + --[ SessionP( pkV.1, k.1 ) ]-> + [ State_1111111( k.1, pkV.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_11111[color=#405280, process="new k;"]: - [ State_11111( init, skV ), Fr( k ) ] - --> - [ State_111111( init, k, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSessionPpkskVk_0_111111[color=#405280, - process="event SessionP( pk(skV), k );"]: - [ State_111111( init, k, skV ) ] - --[ SessionP( pk(skV), k ) ]-> - [ State_1111111( init, k, skV ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_1111[color=#405280, process="!"]: + [ !Semistate_11111( pkV ), Fr( k ) ] + --[ SessionP( pkV, k ) ]-> + [ State_1111111( k, pkV ) ] + */ -rule (modulo E) eventPoutputaenckpkskVrepaenckpkskVlocpkskV_0_1111111[color=#405280, - process="event Poutput( ) - > -);"]: - [ State_1111111( init, k, skV ) ] - --[ - Poutput( )> ) +rule (modulo E) eventPoutputaenckpkVrepaenckpkVlocpkV_0_1111111[color=#405280, + process="event Poutput( aenc(k.1, pkV.1), rep(aenc(k.1, pkV.1), <'loc', pkV.1>) );"]: + [ State_1111111( k.1, pkV.1 ) ] + --[ Poutput( aenc(k.1, pkV.1), rep(aenc(k.1, pkV.1), <'loc', pkV.1>) ) ]-> - [ State_11111111( init, k, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outaenckpkskVrepaenckpkskVlocpkskV_0_11111111[color=#405280, - process="out()>);"]: - [ State_11111111( init, k, skV ) ] - --> - [ - State_111111111( init, k, skV ), - Out( )> ) - ] + [ Out( )> ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111111[color=#405280, process="0"]: - [ State_111111111( init, k, skV ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12[color=#ffffff, process="!"]: - [ State_12( init ) ] --> [ !Semistate_121( init ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_12[color=#ffffff, process="!"]: - [ !Semistate_121( init ) ] --> [ State_121( init ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventPoutputaenckpkVrepaenckpkVlocpkV_0_1111111[color=#405280, + process="event Poutput( aenc(k.1, pkV.1), rep(aenc(k.1, pkV.1), <'loc', pkV.1>) );"]: + [ State_1111111( k, pkV ) ] + --[ Poutput( aenc(k, pkV), rep(aenc(k, pkV), <'loc', pkV>) ) ]-> + [ Out( )> ) ] + */ -rule (modulo E) newskV_0_121[color=#658040, process="new skV;"]: - [ State_121( init ), Fr( skV ) ] --> [ State_1211( init, skV ) ] +rule (modulo E) Init[color=#ffffff, process="|"]: + [ ] --[ Init( ) ]-> [ !Semistate_21( ), !Semistate_11( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventHonestPpkskV_0_1211[color=#658040, - process="event HonestP( pk(skV) );"]: - [ State_1211( init, skV ) ] - --[ HonestP( pk(skV) ) ]-> - [ State_12111( init, skV ) ] +rule (modulo E) p_1_2[color=#ffffff, process="!"]: + [ !Semistate_21( ), Fr( skV.1 ) ] + --[ HonestP( pk(skV.1), 'pubkey' ) ]-> + [ State_211111( skV.1 ), Out( pk(skV.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_2[color=#ffffff, process="!"]: + [ !Semistate_21( ), Fr( skV ) ] + --[ HonestP( pk(skV), 'pubkey' ) ]-> + [ State_211111( skV ), Out( pk(skV) ) ] + */ -rule (modulo E) outpkskV_0_12111[color=#658040, process="out(pk(skV));"]: - [ State_12111( init, skV ) ] +rule (modulo E) incyphersigned_0_211111[color=#658040, + process="in();"]: + [ State_211111( skV.1 ), In( ) ] --> - [ State_121111( init, skV ), Out( pk(skV) ) ] + [ Let_21111111( , cypher.1, skV.1, signed.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incyphersigned_0_211111[color=#658040, + process="in();"]: + [ State_211111( skV ), In( ) ] + --> + [ Let_21111111( , cypher, skV, signed ) ] + */ -rule (modulo E) inaenckpkskVsigned_0_121111[color=#658040, - process="in();"]: - [ State_121111( init, skV ), In( ) ] +rule (modulo E) letkadeccypherskVskey_1_2111111[color=#ffffff, + process="let k.2=adec(cypher.1, skV.1:skey)"]: + [ Let_21111111( , cypher.1, skV.1, signed.2 ) ] --> - [ State_1211111( init, k, signed, skV ) ] + [ State_21111111( cypher.1, skV.1, k.2, signed.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letkadeccypherskVskey_1_2111111[color=#ffffff, + process="let k.2=adec(cypher.1, skV.1:skey)"]: + [ Let_21111111( , cypher, skV, signed ) ] + --> + [ State_21111111( cypher, skV, k, signed ) ] + */ -rule (modulo E) ifaenckpkskVcheckrepsignedlocpkskV_0_1211111[color=#658040, - process="if aenc(k, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_1211111( init, k, signed, skV ) ] - --[ Pred_Eq( aenc(k, pk(skV)), check_rep(signed, <'loc', pk(skV)>) ) ]-> - [ State_12111111( init, k, signed, skV ) ] +rule (modulo E) eventTest_0_21111111[color=#658040, + process="event Test( );"]: + [ State_21111111( cypher.1, skV.1, k.2, signed.2 ) ] + --[ Test( ) ]-> + [ State_211111111( cypher.1, skV.1, k.2, signed.2 ) ] /* - rule (modulo AC) ifaenckpkskVcheckrepsignedlocpkskV_0_1211111[color=#658040, - process="if aenc(k, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_1211111( init, k, signed, skV ) ] - --[ Pred_Eq( aenc(k, pk(skV)), z ) ]-> - [ State_12111111( init, k, signed, skV ) ] - variants (modulo AC) - 1. signed - = signed.6 - skV = skV.6 - z = check_rep(signed.6, <'loc', pk(skV.6)>) - - 2. signed - = rep(x.6, <'loc', pk(x.7)>) - skV = x.7 - z = x.6 + rule (modulo AC) eventTest_0_21111111[color=#658040, + process="event Test( );"]: + [ State_21111111( cypher, skV, k, signed ) ] + --[ Test( ) ]-> + [ State_211111111( cypher, skV, k, signed ) ] */ -rule (modulo E) ifaenckpkskVcheckrepsignedlocpkskV_1_1211111[color=#658040, - process="if aenc(k, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_1211111( init, k, signed, skV ) ] - --[ Pred_Not_Eq( aenc(k, pk(skV)), check_rep(signed, <'loc', pk(skV)>) ) - ]-> - [ State_12111112( init, k, signed, skV ) ] +rule (modulo E) ifcyphercheckrepsignedlocpkskVskey_0_211111111[color=#658040, + process="if cypher.1=check_rep(signed.2, <'loc', pk(skV.1:skey)>)"]: + [ State_211111111( cypher.1, skV.1, k.2, signed.2 ) ] + --[ Pred_Eq( cypher.1, check_rep(signed.2, <'loc', pk(skV.1)>) ) ]-> + [ State_2111111111( cypher.1, skV.1, k.2, signed.2 ) ] /* - rule (modulo AC) ifaenckpkskVcheckrepsignedlocpkskV_1_1211111[color=#658040, - process="if aenc(k, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_1211111( init, k, signed, skV ) ] - --[ Pred_Not_Eq( aenc(k, pk(skV)), z ) ]-> - [ State_12111112( init, k, signed, skV ) ] + rule (modulo AC) ifcyphercheckrepsignedlocpkskVskey_0_211111111[color=#658040, + process="if cypher.1=check_rep(signed.2, <'loc', pk(skV.1:skey)>)"]: + [ State_211111111( cypher, skV, k, signed ) ] + --[ Pred_Eq( cypher, z ) ]-> + [ State_2111111111( cypher, skV, k, signed ) ] variants (modulo AC) 1. signed - = signed.6 - skV = skV.6 - z = check_rep(signed.6, <'loc', pk(skV.6)>) + = signed.9 + skV = skV.8 + z = check_rep(signed.9, <'loc', pk(skV.8)>) 2. signed - = rep(x.6, <'loc', pk(x.7)>) - skV = x.7 - z = x.6 + = rep(x.10, <'loc', pk(x.8)>) + skV = x.8 + z = x.10 */ -rule (modulo E) eventVoutputaenckpkskVsigned_0_12111111[color=#658040, - process="event Voutput( );"]: - [ State_12111111( init, k, signed, skV ) ] - --[ Voutput( ) ]-> - [ State_121111111( init, k, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSessionVpkskVk_0_121111111[color=#658040, - process="event SessionV( pk(skV), k );"]: - [ State_121111111( init, k, signed, skV ) ] - --[ SessionV( pk(skV), k ) ]-> - [ State_1211111111( init, k, signed, skV ) ] +rule (modulo E) eventVoutputaenckpkskVskeysigned_0_2111111111[color=#658040, + process="event Voutput( aenc(k.2, pk(skV.1:skey)), signed.2 );"]: + [ State_2111111111( cypher.1, skV.1, k.2, signed.2 ) ] + --[ Voutput( aenc(k.2, pk(skV.1)), signed.2 ) ]-> + [ State_21111111111( cypher.1, skV.1, k.2, signed.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventVoutputaenckpkskVskeysigned_0_2111111111[color=#658040, + process="event Voutput( aenc(k.2, pk(skV.1:skey)), signed.2 );"]: + [ State_2111111111( cypher, skV, k, signed ) ] + --[ Voutput( aenc(k, pk(skV)), signed ) ]-> + [ State_21111111111( cypher, skV, k, signed ) ] + */ -rule (modulo E) p_0_1211111111[color=#658040, process="0"]: - [ State_1211111111( init, k, signed, skV ) ] --> [ ] +rule (modulo E) eventSessionVpkskVskeyk_0_21111111111[color=#658040, + process="event SessionV( pk(skV.1:skey), k.2 );"]: + [ State_21111111111( cypher.1, skV.1, k.2, signed.2 ) ] + --[ SessionV( pk(skV.1), k.2 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSessionVpkskVskeyk_0_21111111111[color=#658040, + process="event SessionV( pk(skV.1:skey), k.2 );"]: + [ State_21111111111( cypher, skV, k, signed ) ] + --[ SessionV( pk(skV), k ) ]-> + [ ] + */ -rule (modulo E) p_0_12111112[color=#658040, process="0"]: - [ State_12111112( init, k, signed, skV ) ] --> [ ] +rule (modulo E) ifcyphercheckrepsignedlocpkskVskey_1_211111111[color=#658040, + process="if cypher.1=check_rep(signed.2, <'loc', pk(skV.1:skey)>)"]: + [ State_211111111( cypher.1, skV.1, k.2, signed.2 ) ] + --[ Pred_Not_Eq( cypher.1, check_rep(signed.2, <'loc', pk(skV.1)>) ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifcyphercheckrepsignedlocpkskVskey_1_211111111[color=#658040, + process="if cypher.1=check_rep(signed.2, <'loc', pk(skV.1:skey)>)"]: + [ State_211111111( cypher, skV, k, signed ) ] + --[ Pred_Not_Eq( cypher, z ) ]-> + [ ] + variants (modulo AC) + 1. signed + = signed.9 + skV = skV.8 + z = check_rep(signed.9, <'loc', pk(skV.8)>) + + 2. signed + = rep(x.10, <'loc', pk(x.8)>) + skV = x.8 + z = x.10 + */ restriction predicate_eq: "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" @@ -283,7 +346,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -293,9 +356,13 @@ analyzing: examples/sapic/fast/feature-locations/AKE.spthy analyzed: examples/sapic/fast/feature-locations/AKE.spthy output: examples/sapic/fast/feature-locations/AKE.spthy.tmp - processing time: 0.710949186s + processing time: 0.619246571s + can_run_p (exists-trace): verified (3 steps) + can_run_v (exists-trace): verified (5 steps) + sanity1 (exists-trace): verified (3 steps) + sanity2 (exists-trace): verified (5 steps) sanity3 (all-traces): verified (3 steps) - secrecy (all-traces): verified (7 steps) + secrecy (all-traces): verified (6 steps) ------------------------------------------------------------------------------ @@ -305,9 +372,13 @@ summary of summaries: analyzed: examples/sapic/fast/feature-locations/AKE.spthy output: examples/sapic/fast/feature-locations/AKE.spthy.tmp - processing time: 0.710949186s + processing time: 0.619246571s + can_run_p (exists-trace): verified (3 steps) + can_run_v (exists-trace): verified (5 steps) + sanity1 (exists-trace): verified (3 steps) + sanity2 (exists-trace): verified (5 steps) sanity3 (all-traces): verified (3 steps) - secrecy (all-traces): verified (7 steps) + secrecy (all-traces): verified (6 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/feature-locations/OTP_analyzed.spthy b/case-studies-regression/sapic/fast/feature-locations/OTP_analyzed.spthy index 14a9b6cc8..07198cb3d 100644 --- a/case-studies-regression/sapic/fast/feature-locations/OTP_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-locations/OTP_analyzed.spthy @@ -2,10 +2,11 @@ theory OTP begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, cde/1, chall/1, chall2/1, check_rep/2, dcde/1, - dchall/1, dchall2/1, dscode/1, dshared/1, dsko/1, fst/1, get_rep/1, h/1, - hash/2, list/2, pair/2, pk/1, prog/2, rep/2 [private], report/1, scode/1, - sdec/2, senc/2, shared/1, sko/1, snd/1 +functions: adec/2[destructor], aenc/2, cde/1, chall/1, chall2/1, + check_rep/2[destructor], dcde/1, dchall/1, dchall2/1, dscode/1, + dshared/1, dsko/1, fst/1[destructor], get_rep/1[destructor], h/1, hash/2, + list/2, pair/2, pk/1, prog/2, rep/2[private,destructor], report/1, + scode/1, sdec/2[destructor], senc/2, shared/1, sko/1, snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, check_rep(rep(x.1, x.2), x.2) = x.1, @@ -20,8 +21,39 @@ equations: heuristic: S + + + + + + predicate: Report( x, y )<=>¬(y = 'loc') + + + + + + + + +lemma reachV: + exists-trace "∃ pka k #t1. SessionV( pka, k ) @ #t1" +/* +guarded formula characterizing all satisfying traces: +"∃ pka k #t1. (SessionV( pka, k ) @ #t1)" +*/ +simplify +solve( State_1111111111111111( cu, cypher, pc, pw, share, k, signed, skV + ) ▶₀ #t1 ) + case ifaencsharedkpkskVcheckrepsignedloc_0_111111111111111 + solve( !KU( shared() + ) @ #vk ) + case p_1_1111111111212 + SOLVED // trace found + qed +qed + lemma secrecy_key [reuse]: all-traces "¬(∃ k #t1 #t2. (Key( k ) @ #t1) ∧ (!KU( k ) @ #t2))" /* @@ -30,20 +62,20 @@ guarded formula characterizing all counter-examples: */ simplify solve( State_1111111( cu, pc, pw, k ) ▶₀ #t1 ) - case outpw_0_111111 + case eventChanpcchannel_0_11111 solve( !KU( ~n.3 ) @ #t2 ) - case outcdecode_0_111111111121111 - solve( State_11111111112111( code, cu, pc, pw, skV ) ▶₀ #vr.10 ) - case inpccode_0_1111111111211_case_1 - by solve( (#vr.9, 0) ~~> (#t2, 0) ) + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.5 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.4, 0) ~~> (#t2, 0) ) next - case inpccode_0_1111111111211_case_2 - solve( (#vr.9, 0) ~~> (#t2, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.4, 0) ~~> (#t2, 0) ) case d_0_fst - by solve( State_11111111112111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.25 ) + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.11 ) next case d_0_snd - by solve( (#vr.26, 0) ~~> (#t2, 0) ) + by solve( (#vr.12, 0) ~~> (#t2, 0) ) qed qed qed @@ -62,45 +94,52 @@ guarded formula characterizing all counter-examples: ∀ #t2. (SessionP( pka, k ) @ #t2) ⇒ ¬(#t2 < #t1)" */ simplify -solve( State_1111111111111( cu, pc, pw, k, signed, skV ) ▶₀ #t1 ) - case ifaencsharedkpkskVcheckrepsignedloc_0_111111111111 - solve( !KU( shared() +solve( State_1111111111111111( cu, cypher, pc, pw, share, k, signed, skV + ) ▶₀ #t1 ) + case ifaencsharedkpkskVcheckrepsignedloc_0_111111111111111 + solve( !KU( shared() ) @ #vk ) case c_shared - solve( !KU( rep(aenc(k, pk(~n.3)), 'loc') ) @ #vk.3 ) + solve( !KU( rep(aenc(k, pk(~n.1)), 'loc') ) @ #vk.3 ) case ReportRule by contradiction /* from formulas */ next - case outcdecode_0_111111111121111 - solve( State_11111111112111( code, cu, pc, pw, skV ) ▶₀ #vr.17 ) - case inpccode_0_1111111111211_case_1 + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.12 ) + case inpcchannelcode_0_11111111112111_case_1 by contradiction /* impossible chain */ next - case inpccode_0_1111111111211_case_2 - solve( (#vr.16, 0) ~~> (#vk.1, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.11, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( State_11111111112111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.30 ) + by solve( Let_111111111121111( code, ~n.2, pc, pw, skV ) ▶₀ #vr.18 ) next case d_0_snd by contradiction /* impossible chain */ qed qed + next + case p_1_1111111111212 + by contradiction /* from formulas */ qed next - case outcdecode_0_111111111121111 - solve( State_11111111112111( code, cu, pc, pw, skV ) ▶₀ #vr.17 ) - case inpccode_0_1111111111211_case_1 + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.12 ) + case inpcchannelcode_0_11111111112111_case_1 by contradiction /* impossible chain */ next - case inpccode_0_1111111111211_case_2 - solve( (#vr.16, 0) ~~> (#vk, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.11, 0) ~~> (#vk, 0) ) case d_0_fst - by solve( State_11111111112111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.30 ) + by solve( Let_111111111121111( code, ~n.2, pc, pw, skV ) ▶₀ #vr.18 ) next case d_0_snd by contradiction /* impossible chain */ qed qed + next + case p_1_1111111111212 + by contradiction /* from formulas */ qed qed @@ -112,66 +151,47 @@ guarded formula characterizing all counter-examples: "∃ pka k #t1 #t2. (SessionV( pka, k ) @ #t1) ∧ (!KU( k ) @ #t2)" */ simplify -solve( State_1111111111111( cu, pc, pw, k, signed, skV ) ▶₀ #t1 ) - case ifaencsharedkpkskVcheckrepsignedloc_0_111111111111 - solve( State_111111111121211( cu, pc, pw, k, ~n.3 ) ▶₀ #t2 ) - case newsharedk_0_11111111112121 - solve( State_111111111121211( cu, pc, pw, ~n.3, ~n.4 ) ▶₀ #t2.1 ) - case newsharedk_0_11111111112121 - solve( !KU( ~n.3 ) @ #t2.1 ) - case outcdecode_0_111111111121111 - solve( State_11111111112111( code, cu, pc, pw, skV ) ▶₀ #vr.25 ) - case inpccode_0_1111111111211_case_1 - by solve( (#vr.24, 0) ~~> (#t2.1, 0) ) +solve( State_1111111111111111( cu, cypher, pc, pw, share, ~n, signed, skV + ) ▶₀ #t1 ) + case ifaencsharedkpkskVcheckrepsignedloc_0_111111111111111 + solve( !Semistate_11111111112121( cu, pc, pw, ~n.2 ) ▶₀ #t2 ) + case p_1_11111111112 + solve( !KU( ~n.1 ) @ #t2.1 ) + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.14 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.13, 0) ~~> (#t2.1, 0) ) + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.13, 0) ~~> (#t2.1, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.3, pc, pw, skV ) ▶₀ #vr.20 ) next - case inpccode_0_1111111111211_case_2 - solve( (#vr.24, 0) ~~> (#t2.1, 0) ) - case d_0_fst - by solve( State_11111111112111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.38 ) - next - case d_0_snd - by solve( (#vr.39, 0) ~~> (#t2.1, 0) ) - qed + case d_0_snd + by solve( (#vr.21, 0) ~~> (#t2.1, 0) ) qed - next - case outsharedaencsharedkpkskVreportaencsharedkpkskV_0_1111111111212111 - by contradiction /* from formulas */ qed + next + case p_1_1111111111212_case_1 + by contradiction /* from formulas */ + next + case p_1_1111111111212_case_2 + by contradiction /* from formulas */ qed qed qed lemma unic [reuse]: all-traces - "¬(∃ #t1 #t2 pw fr. - ((AskU( pw, fr ) @ #t1) ∧ (AskU( pw, fr ) @ #t2)) ∧ (¬(#t1 = #t2)))" + "∀ #t1 #t2 pw fr. + ((AskU( pw, fr ) @ #t1) ∧ (AskU( pw, fr ) @ #t2)) ⇒ (#t1 = #t2)" /* guarded formula characterizing all counter-examples: "∃ #t1 #t2 pw fr. (AskU( pw, fr ) @ #t1) ∧ (AskU( pw, fr ) @ #t2) ∧ ¬(#t1 = #t2)" */ simplify -solve( (#t1 < #t2) ∥ (#t2 < #t1) ) - case case_1 - solve( State_111111111121111111( code, cu, fr, pc, pw, skV ) ▶₀ #t1 ) - case newfr_0_11111111112111111 - solve( State_111111111121111111( code.1, cu.1, ~n, pc.1, pw, skV.1 - ) ▶₀ #t2 ) - case newfr_0_11111111112111111 - by contradiction /* cyclic */ - qed - qed -next - case case_2 - solve( State_111111111121111111( code, cu, fr, pc, pw, skV ) ▶₀ #t1 ) - case newfr_0_11111111112111111 - solve( State_111111111121111111( code.1, cu.1, ~n, pc.1, pw, skV.1 - ) ▶₀ #t2 ) - case newfr_0_11111111112111111 - by contradiction /* cyclic */ - qed - qed -qed +by contradiction /* from formulas */ lemma secrecy_chall [reuse]: all-traces @@ -183,103 +203,187 @@ guarded formula characterizing all counter-examples: (Ask( pw, chal, fr, k ) @ #t1) ∧ (!KU( chal ) @ #t2)" */ simplify -solve( State_111111111121211111111111( chal, code, cu, fr, kOTP, pc, pw, - k, skV +solve( State_111111111121211111111111111( cdcode, cu, pc, pw, skV, + skosenc, chal, cypher, fr, kOTP, k ) ▶₀ #t1 ) - case insencchallengesharedk_0_11111111112121111111111 - solve( State_11111111112111( code.1, ~n, pc, ~n.3, skV ) ▶₀ #vr.15 ) - case inpccode_0_1111111111211_case_1 - solve( State_111111111121211( cu, pc, pw, shared_k, ~n.5 ) ▶₀ #t2 ) - case newsharedk_0_11111111112121 - solve( !KU( senc(chal, ~n.4) ) @ #vk ) - case c_senc - solve( !KU( ~n.4 ) @ #vk.4 ) - case outcdecode_0_111111111121111 - solve( State_11111111112111( code.1, cu, pc, pw, skV ) ▶₀ #vr.59 ) - case inpccode_0_1111111111211_case_1 - by solve( (#vr.58, 0) ~~> (#vk.1, 0) ) + case letchallengesdeccyphersharedk_1_11111111112121111111111111 + solve( Let_111111111121111( code, ~n, pc, ~n.2, skV ) ▶₀ #vr.9 ) + case inpcchannelcode_0_11111111112111_case_1 + solve( !Semistate_11111111112121( cu, pc, pw, ~n.3 ) ▶₀ #t2 ) + case p_1_11111111112 + solve( splitEqs(1) ) + case split_case_1 + solve( !KU( senc(chal, ~n.4) ) @ #vk ) + case c_senc + solve( !KU( ~n.4 ) @ #vk.4 ) + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.32 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.31, 0) ~~> (#vk.1, 0) ) + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.31, 0) ~~> (#vk.1, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.38 ) + next + case d_0_snd + by solve( (#vr.39, 0) ~~> (#vk.1, 0) ) + qed + qed + next + case p_1_1111111111212_case_1 + by contradiction /* from formulas */ + next + case p_1_1111111111212_case_2 + by contradiction /* from formulas */ + qed + next + case eventProvScode_0_1111111111111111111111 + solve( !KU( ~n.5 ) @ #t2.1 ) + case eventProvScode_0_1111111111111111111111 + by contradiction /* from formulas */ + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.47 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.46, 0) ~~> (#t2.1, 0) ) + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.46, 0) ~~> (#t2.1, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.53 ) + next + case d_0_snd + by solve( (#vr.54, 0) ~~> (#t2.1, 0) ) + qed + qed + qed + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.32 ) + case inpcchannelcode_0_11111111112111_case_1 + by contradiction /* impossible chain */ next - case inpccode_0_1111111111211_case_2 - solve( (#vr.58, 0) ~~> (#vk.1, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.31, 0) ~~> (#vk, 0) ) case d_0_fst - by solve( State_11111111112111( code.1, ~n.2, pc, pw, skV ) ▶₀ #vr.72 ) + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.38 ) next case d_0_snd - by solve( (#vr.73, 0) ~~> (#vk.1, 0) ) + by contradiction /* impossible chain */ qed qed next - case outsharedaencsharedkpkskVreportaencsharedkpkskV_0_1111111111212111 - by contradiction /* from formulas */ - qed - next - case outcdecode_0_111111111121111 - solve( State_11111111112111( code.1, cu, pc, pw, skV ) ▶₀ #vr.59 ) - case inpccode_0_1111111111211_case_1 - by contradiction /* impossible chain */ - next - case inpccode_0_1111111111211_case_2 - solve( (#vr.58, 0) ~~> (#vk, 0) ) - case d_0_fst - by solve( State_11111111112111( code.1, ~n.2, pc, pw, skV ) ▶₀ #vr.72 ) + case p_1_1111111111111111111111111 + solve( !KU( ~n.5 ) @ #t2.1 ) + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.47 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.46, 0) ~~> (#t2.1, 0) ) + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.46, 0) ~~> (#t2.1, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.53 ) + next + case d_0_snd + by solve( (#vr.54, 0) ~~> (#t2.1, 0) ) + qed + qed next - case d_0_snd - by contradiction /* impossible chain */ + case p_1_1111111111111111111111111 + by contradiction /* from formulas */ qed qed next - case outsencchallengesharedk_0_11111111111111111111111 - solve( State_111111111121211( cu, pc, pw, ~n.5, ~n.6 ) ▶₀ #t2.1 ) - case newsharedk_0_11111111112121 - solve( !KU( ~n ) @ #t2.2 ) - case outcdecode_0_111111111121111 - solve( State_11111111112111( code.1, cu, pc, pw, skV ) ▶₀ #vr.81 ) - case inpccode_0_1111111111211_case_1 - by solve( (#vr.80, 0) ~~> (#t2.2, 0) ) + case split_case_2 + solve( !KU( senc(chal, ~n.4) ) @ #vk ) + case c_senc + solve( !KU( ~n.4 ) @ #vk.4 ) + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.32 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.31, 0) ~~> (#vk.1, 0) ) next - case inpccode_0_1111111111211_case_2 - solve( (#vr.80, 0) ~~> (#t2.2, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.31, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( State_11111111112111( code.1, ~n.3, pc, pw, skV ) ▶₀ #vr.94 ) + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.38 ) next case d_0_snd - by solve( (#vr.95, 0) ~~> (#t2.2, 0) ) + by solve( (#vr.39, 0) ~~> (#vk.1, 0) ) qed qed next - case outsencchallengesharedk_0_11111111111111111111111 + case p_1_1111111111212_case_1 + by contradiction /* from formulas */ + next + case p_1_1111111111212_case_2 by contradiction /* from formulas */ qed - qed - next - case outskosenckOTPsharedk_0_1111111111111111111 - solve( State_111111111121211( cu, pc, pw, ~n.5, ~n.6 ) ▶₀ #t2.1 ) - case newsharedk_0_11111111112121 - solve( !KU( ~n ) @ #t2.2 ) - case outcdecode_0_111111111121111 - solve( State_11111111112111( code.1, cu, pc, pw, skV ) ▶₀ #vr.77 ) - case inpccode_0_1111111111211_case_1 - by solve( (#vr.76, 0) ~~> (#t2.2, 0) ) + next + case eventProvScode_0_1111111111111111111111 + solve( !KU( ~n.5 ) @ #t2.1 ) + case eventProvScode_0_1111111111111111111111 + by contradiction /* from formulas */ + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.47 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.46, 0) ~~> (#t2.1, 0) ) + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.46, 0) ~~> (#t2.1, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.53 ) + next + case d_0_snd + by solve( (#vr.54, 0) ~~> (#t2.1, 0) ) + qed + qed + qed + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.32 ) + case inpcchannelcode_0_11111111112111_case_1 + by contradiction /* impossible chain */ + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.31, 0) ~~> (#vk, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.38 ) + next + case d_0_snd + by contradiction /* impossible chain */ + qed + qed + next + case p_1_1111111111111111111111111 + solve( !KU( ~n.5 ) @ #t2.1 ) + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.47 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.46, 0) ~~> (#t2.1, 0) ) next - case inpccode_0_1111111111211_case_2 - solve( (#vr.76, 0) ~~> (#t2.2, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.46, 0) ~~> (#t2.1, 0) ) case d_0_fst - by solve( State_11111111112111( code.1, ~n.3, pc, pw, skV ) ▶₀ #vr.90 ) + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.53 ) next case d_0_snd - by solve( (#vr.91, 0) ~~> (#t2.2, 0) ) + by solve( (#vr.54, 0) ~~> (#t2.1, 0) ) qed qed next - case outskosenckOTPsharedk_0_1111111111111111111 + case p_1_1111111111111111111111111 by contradiction /* from formulas */ qed qed qed qed next - case inpccode_0_1111111111211_case_2 - by solve( State_11111111112111( code.1, ~n.2, pc, pw, skV ) ▶₀ #vr.48 ) + case inpcchannelcode_0_11111111112111_case_2 + by solve( Let_111111111121111( code, ~n.1, pc, pw, skV ) ▶₀ #vr.23 ) qed qed @@ -287,128 +391,176 @@ lemma valid [reuse]: all-traces "∀ #t1 pw ch. (Accept( pw, ch ) @ #t1) ⇒ - (∃ #t2 fr k. (Ask( pw, ch, fr, k ) @ #t2) ∧ (#t2 < #t1))" + (∃ #t2 #t3 fr k. + ((Ask( pw, ch, fr, k ) @ #t2) ∧ (AskU( pw, fr ) @ #t3)) ∧ (#t2 < #t1))" /* guarded formula characterizing all counter-examples: "∃ #t1 pw ch. (Accept( pw, ch ) @ #t1) ∧ - ∀ #t2 fr k. (Ask( pw, ch, fr, k ) @ #t2) ⇒ ¬(#t2 < #t1)" + ∀ #t2 #t3 fr k. + (Ask( pw, ch, fr, k ) @ #t2) ∧ (AskU( pw, fr ) @ #t3) ⇒ ¬(#t2 < #t1)" */ simplify -solve( State_1111111111111111111111111( ch, code, cu, kOTP, pc, pw, - shared_k, signed, skV +solve( State_1111111111111111111111111111111( ch, code, codeb, cu, + cypher, hashed, kOTP, pc, pw, sccypher, share, shared_k, signed, + skV ) ▶₀ #t1 ) - case inhpwhashkOTPchallenge_0_111111111111111111111111 - solve( State_111111111121211( cu, pc, pw, shared_k, ~n.6 ) ▶₀ #t2 ) - case newsharedk_0_11111111112121 + case ifhashedhpwhashkOTPchallenge_0_111111111111111111111111111111 + solve( !Semistate_11111111112121( cu, pc, pw, ~n.4 ) ▶₀ #t2 ) + case p_1_11111111112 solve( !KU( h(~n.5) ) @ #vk.1 ) case c_h - solve( !KU( hash(~n.3, ~n) ) @ #vk.2 ) + solve( !KU( hash(~n.6, ~n) ) @ #vk.2 ) case c_hash - solve( !KU( ~n.3 ) @ #vk.6 ) - case outcdecode_0_111111111121111 - solve( State_11111111112111( code, cu, pc, pw, skV ) ▶₀ #vr.45 ) - case inpccode_0_1111111111211_case_1 - by solve( (#vr.44, 0) ~~> (#vk.2, 0) ) + solve( !KU( ~n.6 ) @ #vk.6 ) + case eventProvScode_0_1111111111111111111111 + by contradiction /* from formulas */ + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.25 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.24, 0) ~~> (#vk.2, 0) ) next - case inpccode_0_1111111111211_case_2 - solve( (#vr.44, 0) ~~> (#vk.2, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.24, 0) ~~> (#vk.2, 0) ) case d_0_fst - by solve( State_11111111112111( code, ~n.4, pc, pw, skV ) ▶₀ #vr.58 ) + by solve( Let_111111111121111( code, ~n.7, pc, pw, skV ) ▶₀ #vr.31 ) next case d_0_snd - by solve( (#vr.59, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.32, 0) ~~> (#vk.2, 0) ) qed qed - next - case outskosenckOTPsharedk_0_1111111111111111111 - by contradiction /* from formulas */ qed next - case outcdecode_0_111111111121111 - solve( State_11111111112111( code, cu, pc, pw, skV ) ▶₀ #vr.45 ) - case inpccode_0_1111111111211_case_1 + case eventAskpwchallengefrsharedk_0_111111111121211111111111111 + by contradiction /* from formulas */ + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.25 ) + case inpcchannelcode_0_11111111112111_case_1 by contradiction /* impossible chain */ next - case inpccode_0_1111111111211_case_2 - solve( (#vr.44, 0) ~~> (#vk.1, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.24, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( State_11111111112111( code, ~n.4, pc, pw, skV ) ▶₀ #vr.58 ) + by solve( Let_111111111121111( code, ~n.7, pc, pw, skV ) ▶₀ #vr.31 ) next case d_0_snd by contradiction /* impossible chain */ qed qed - next - case outhpwhashkOTPchallenge_0_1111111111212111111111111 - by contradiction /* from formulas */ qed next - case outcdecode_0_111111111121111 - solve( State_11111111112111( code, cu, pc, pw, skV ) ▶₀ #vr.45 ) - case inpccode_0_1111111111211_case_1 - by contradiction /* impossible chain */ - next - case inpccode_0_1111111111211_case_2 - solve( (#vr.44, 0) ~~> (#vk, 0) ) - case d_0_fst - by solve( State_11111111112111( code, ~n.4, pc, pw, skV ) ▶₀ #vr.58 ) - next - case d_0_snd - by contradiction /* impossible chain */ - qed - qed - next - case outhpwhashkOTPchallenge_0_1111111111212111111111111 - solve( State_11111111112111( code.1, ~n.2, pc, ~n.5, skV ) ▶₀ #vr.61 ) - case inpccode_0_1111111111211_case_1 - solve( State_111111111121211( cu, pc, pw, shared_k, ~n.7 ) ▶₀ #t2.1 ) - case newsharedk_0_11111111112121 - solve( !KU( hash(~n.3, ~n) ) @ #vk.2 ) - case c_hash - solve( !KU( ~n.3 ) @ #vk.9 ) - case outcdecode_0_111111111121111 - solve( State_11111111112111( code.1, cu, pc, pw, skV ) ▶₀ #vr.94 ) - case inpccode_0_1111111111211_case_1 - by solve( (#vr.93, 0) ~~> (#vk.2, 0) ) + case eventAskpwchallengefrsharedk_0_111111111121211111111111111 + solve( Let_111111111121111( code, ~n.2, pc, ~n.5, skV ) ▶₀ #vr.34 ) + case inpcchannelcode_0_11111111112111_case_1 + solve( !Semistate_11111111112121( cu, pc, pw, ~n.4 ) ▶₀ #t2.1 ) + case p_1_11111111112 + solve( splitEqs(2) ) + case split_case_1 + solve( !KU( hash(~n.6, ~n) ) @ #vk.2 ) + case c_hash + solve( !KU( ~n.6 ) @ #vk.9 ) + case eventProvScode_0_1111111111111111111111 + by contradiction /* from formulas */ next - case inpccode_0_1111111111211_case_2 - solve( (#vr.93, 0) ~~> (#vk.2, 0) ) - case d_0_fst - by solve( State_11111111112111( code.1, ~n.4, pc, pw, skV ) ▶₀ #vr.107 ) + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.53 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.52, 0) ~~> (#vk.2, 0) ) next - case d_0_snd - by solve( (#vr.108, 0) ~~> (#vk.2, 0) ) + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.52, 0) ~~> (#vk.2, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.7, pc, pw, skV ) ▶₀ #vr.59 ) + next + case d_0_snd + by solve( (#vr.60, 0) ~~> (#vk.2, 0) ) + qed qed qed next - case outskosenckOTPsharedk_0_1111111111111111111 + case eventAskpwchallengefrsharedk_0_111111111121211111111111111 by contradiction /* from formulas */ + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.53 ) + case inpcchannelcode_0_11111111112111_case_1 + by contradiction /* impossible chain */ + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.52, 0) ~~> (#vk.1, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.7, pc, pw, skV ) ▶₀ #vr.59 ) + next + case d_0_snd + by contradiction /* impossible chain */ + qed + qed qed next - case outcdecode_0_111111111121111 - solve( State_11111111112111( code.1, cu, pc, pw, skV ) ▶₀ #vr.94 ) - case inpccode_0_1111111111211_case_1 - by contradiction /* impossible chain */ - next - case inpccode_0_1111111111211_case_2 - solve( (#vr.93, 0) ~~> (#vk.1, 0) ) - case d_0_fst - by solve( State_11111111112111( code.1, ~n.4, pc, pw, skV ) ▶₀ #vr.107 ) + case split_case_2 + solve( !KU( hash(~n.6, ~n) ) @ #vk.2 ) + case c_hash + solve( !KU( ~n.6 ) @ #vk.9 ) + case eventProvScode_0_1111111111111111111111 + by contradiction /* from formulas */ next - case d_0_snd + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.53 ) + case inpcchannelcode_0_11111111112111_case_1 + by solve( (#vr.52, 0) ~~> (#vk.2, 0) ) + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.52, 0) ~~> (#vk.2, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.7, pc, pw, skV ) ▶₀ #vr.59 ) + next + case d_0_snd + by solve( (#vr.60, 0) ~~> (#vk.2, 0) ) + qed + qed + qed + next + case eventAskpwchallengefrsharedk_0_111111111121211111111111111 + by contradiction /* from formulas */ + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.53 ) + case inpcchannelcode_0_11111111112111_case_1 by contradiction /* impossible chain */ + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.52, 0) ~~> (#vk.1, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.7, pc, pw, skV ) ▶₀ #vr.59 ) + next + case d_0_snd + by contradiction /* impossible chain */ + qed qed qed - next - case outhpwhashkOTPchallenge_0_1111111111212111111111111 - by contradiction /* from formulas */ qed qed next - case inpccode_0_1111111111211_case_2 - by solve( State_11111111112111( code.1, ~n.4, pc, pw, skV ) ▶₀ #vr.83 ) + case inpcchannelcode_0_11111111112111_case_2 + by solve( Let_111111111121111( code, ~n.7, pc, pw, skV ) ▶₀ #vr.44 ) + qed + next + case eventProvUcode_0_111111111121111 + solve( Let_111111111121111( code, cu, pc, pw, skV ) ▶₀ #vr.25 ) + case inpcchannelcode_0_11111111112111_case_1 + by contradiction /* impossible chain */ + next + case inpcchannelcode_0_11111111112111_case_2 + solve( (#vr.24, 0) ~~> (#vk, 0) ) + case d_0_fst + by solve( Let_111111111121111( code, ~n.7, pc, pw, skV ) ▶₀ #vr.31 ) + next + case d_0_snd + by contradiction /* impossible chain */ + qed qed qed qed @@ -416,9 +568,9 @@ qed lemma unic_2 [reuse]: all-traces - "¬(∃ #t1 #t2 pw ch fr k. - ((Ask( pw, ch, fr, k ) @ #t1) ∧ (Ask( pw, ch, fr, k ) @ #t2)) ∧ - (¬(#t1 = #t2)))" + "∀ #t1 #t2 pw ch fr k. + ((Ask( pw, ch, fr, k ) @ #t1) ∧ (Ask( pw, ch, fr, k ) @ #t2)) ⇒ + (#t1 = #t2)" /* guarded formula characterizing all counter-examples: "∃ #t1 #t2 pw ch fr k. @@ -429,726 +581,1049 @@ guarded formula characterizing all counter-examples: simplify solve( (#t1 < #t2) ∥ (#t2 < #t1) ) case case_1 - solve( State_111111111121211111111111( ch, code, cu, fr, kOTP, pc, pw, k, - skV + solve( State_111111111121211111111111111( cdcode, cu, pc, pw, skV, + skosenc, ch, cypher, fr, kOTP, k ) ▶₀ #t1 ) - case insencchallengesharedk_0_11111111112121111111111 - solve( State_111111111121211111111111( ch, code.1, cu, ~n.1, kOTP.1, pc, - ~n.3, ~n.4, skV + case letchallengesdeccyphersharedk_1_11111111112121111111111111 + solve( State_111111111121211111111111111( cdcode.1, cu, pc, ~n.2, skV, + skosenc, ch, cypher, ~n.5, kOTP.1, ~n.4 ) ▶₀ #t2 ) - case insencchallengesharedk_0_11111111112121111111111 + case letchallengesdeccyphersharedk_1_11111111112121111111111111 by contradiction /* cyclic */ qed qed next case case_2 - solve( State_111111111121211111111111( ch, code, cu, fr, kOTP, pc, pw, k, - skV + solve( State_111111111121211111111111111( cdcode, cu, pc, pw, skV, + skosenc, ch, cypher, fr, kOTP, k ) ▶₀ #t1 ) - case insencchallengesharedk_0_11111111112121111111111 - solve( State_111111111121211111111111( ch, code.1, cu, ~n.1, kOTP.1, pc, - ~n.3, ~n.4, skV + case letchallengesdeccyphersharedk_1_11111111112121111111111111 + solve( State_111111111121211111111111111( cdcode.1, cu, pc, ~n.2, skV, + skosenc, ch, cypher, ~n.5, kOTP.1, ~n.4 ) ▶₀ #t2 ) - case insencchallengesharedk_0_11111111112121111111111 + case letchallengesdeccyphersharedk_1_11111111112121111111111111 by contradiction /* cyclic */ qed qed qed -lemma valid_final: - all-traces - "∀ #t1 pw ch. - (Accept( pw, ch ) @ #t1) ⇒ - (∃ #t2 #t3 fr k. - (((((Ask( pw, ch, fr, k ) @ #t2) ∧ (AskU( pw, fr ) @ #t3)) ∧ - (#t2 < #t1)) ∧ - (#t3 < #t2)) ∧ - (¬(∃ #t5. (Ask( pw, ch, fr, k ) @ #t5) ∧ (¬(#t2 = #t5))))) ∧ - (¬(∃ #t6. (AskU( pw, fr ) @ #t6) ∧ (¬(#t3 = #t6)))))" -/* -guarded formula characterizing all counter-examples: -"∃ #t1 pw ch. - (Accept( pw, ch ) @ #t1) - ∧ - ∀ #t2 #t3 fr k. - (Ask( pw, ch, fr, k ) @ #t2) ∧ (AskU( pw, fr ) @ #t3) - ⇒ - ((¬(#t2 < #t1)) ∨ - (¬(#t3 < #t2)) ∨ - (∃ #t5. (Ask( pw, ch, fr, k ) @ #t5) ∧ ¬(#t2 = #t5)) ∨ - (∃ #t6. (AskU( pw, fr ) @ #t6) ∧ ¬(#t3 = #t6)))" -*/ -simplify -solve( State_1111111111111111111111111( ch, code, cu, kOTP, pc, pw, - shared_k, signed, skV - ) ▶₀ #t1 ) - case inhpwhashkOTPchallenge_0_111111111111111111111111 - solve( State_111111111121211111111111( ~n, code, cu, fr, kOTP, pc, ~n.5, - k, skV - ) ▶₀ #t2 ) - case insencchallengesharedk_0_11111111112121111111111 - solve( (∃ #t5. (Ask( ~n.5, ~n, ~n.7, ~n.8 ) @ #t5) ∧ ¬(#t2 = #t5)) ∥ - (∃ #t6. (AskU( ~n.5, ~n.7 ) @ #t6) ∧ ¬(#vr.40 = #t6)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed -qed -restriction Restr_ReportRule_1: - "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'loc'))" - // safety formula -rule (modulo E) ReportRule[color=#ffffff, process="new skV;"]: - [ In( ) ] - --[ Restr_ReportRule_1( loc ) ]-> - [ Out( rep(x, loc) ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) Init[color=#ffffff, process="new skV;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newskV_0_[color=#ffffff, process="new skV;"]: - [ State_( ), Fr( skV ) ] --> [ State_1( skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newpc_0_1[color=#ffffff, process="new pc;"]: - [ State_1( skV ), Fr( pc ) ] --> [ State_11( pc, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newcu_0_11[color=#ffffff, process="new cu;"]: - [ State_11( pc, skV ), Fr( cu ) ] --> [ State_111( cu, pc, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newpw_0_111[color=#ffffff, process="new pw;"]: - [ State_111( cu, pc, skV ), Fr( pw ) ] - --> - [ State_1111( cu, pc, pw, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) eventChancu_0_1111[color=#ffffff, - process="event Chan( cu );"]: - [ State_1111( cu, pc, pw, skV ) ] - --[ Chan( cu ) ]-> - [ State_11111( cu, pc, pw, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) eventChanpc_0_11111[color=#ffffff, - process="event Chan( pc );"]: - [ State_11111( cu, pc, pw, skV ) ] - --[ Chan( pc ) ]-> - [ State_111111( cu, pc, pw, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) outpw_0_111111[color=#ffffff, process="out(pw);"]: - [ State_111111( cu, pc, pw, skV ) ] - --> - [ State_1111111( cu, pc, pw, skV ), Out( pw ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) eventKeyskV_0_1111111[color=#ffffff, - process="event Key( skV );"]: - [ State_1111111( cu, pc, pw, skV ) ] - --[ Key( skV ) ]-> - [ State_11111111( cu, pc, pw, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) outpkskV_0_11111111[color=#ffffff, - process="out(pk(skV));"]: - [ State_11111111( cu, pc, pw, skV ) ] - --> - [ State_111111111( cu, pc, pw, skV ), Out( pk(skV) ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111111111[color=#ffffff, process="!"]: - [ State_111111111( cu, pc, pw, skV ) ] - --> - [ !Semistate_1111111111( cu, pc, pw, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_111111111[color=#ffffff, process="!"]: - [ !Semistate_1111111111( cu, pc, pw, skV ) ] - --> - [ State_1111111111( cu, pc, pw, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1111111111[color=#ffffff, process="|"]: - [ State_1111111111( cu, pc, pw, skV ) ] - --> - [ - State_11111111111( cu, pc, pw, skV ), - State_11111111112( cu, pc, pw, skV ) - ] - /* has exactly the trivial AC variant */ -rule (modulo E) insharedaencsharedkpkskVsigned_0_11111111111[color=#658040, - process="in(shared());"]: - [ - State_11111111111( cu, pc, pw, skV ), - In( shared() ) - ] - --> - [ State_111111111111( cu, pc, pw, shared_k, signed, skV ) ] + + + + + + + + + + + + + + + + +restriction Restr_ReportRule_1: + "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'loc'))" + // safety formula + +rule (modulo E) ReportRule[color=#ffffff, process="new skV.1;"]: + [ In( ) ] + --[ Restr_ReportRule_1( loc ) ]-> + [ Out( rep(x, loc) ) ] /* has exactly the trivial AC variant */ -rule (modulo E) ifaencsharedkpkskVcheckrepsignedloc_0_111111111111[color=#658040, - process="if aenc(shared_k, pk(skV))=check_rep(signed, 'loc')"]: - [ State_111111111111( cu, pc, pw, shared_k, signed, skV ) ] - --[ Pred_Eq( aenc(shared_k, pk(skV)), check_rep(signed, 'loc') ) ]-> - [ State_1111111111111( cu, pc, pw, shared_k, signed, skV ) ] +rule (modulo E) Init[color=#ffffff, process="new skV.1;"]: + [ Fr( skV.1 ), Fr( pc.1 ), Fr( cu.1 ), Fr( pw.1 ) ] + --[ Init( ) ]-> + [ State_1111( cu.1, pc.1, pw.1, skV.1 ) ] /* - rule (modulo AC) ifaencsharedkpkskVcheckrepsignedloc_0_111111111111[color=#658040, - process="if aenc(shared_k, pk(skV))=check_rep(signed, 'loc')"]: - [ State_111111111111( cu, pc, pw, shared_k, signed, skV ) ] - --[ Pred_Eq( aenc(shared_k, pk(skV)), z ) ]-> - [ State_1111111111111( cu, pc, pw, shared_k, signed, skV ) ] - variants (modulo AC) - 1. signed - = signed.8 - z = check_rep(signed.8, 'loc') - - 2. signed - = rep(x.8, 'loc') - z = x.8 + rule (modulo AC) Init[color=#ffffff, process="new skV.1;"]: + [ Fr( skV ), Fr( pc ), Fr( cu ), Fr( pw ) ] + --[ Init( ) ]-> + [ State_1111( cu, pc, pw, skV ) ] */ -rule (modulo E) ifaencsharedkpkskVcheckrepsignedloc_1_111111111111[color=#658040, - process="if aenc(shared_k, pk(skV))=check_rep(signed, 'loc')"]: - [ State_111111111111( cu, pc, pw, shared_k, signed, skV ) ] - --[ Pred_Not_Eq( aenc(shared_k, pk(skV)), check_rep(signed, 'loc') ) ]-> - [ State_1111111111112( cu, pc, pw, shared_k, signed, skV ) ] +rule (modulo E) eventChancuchannel_0_1111[color=#ffffff, + process="event Chan( cu.1:channel );"]: + [ State_1111( cu.1, pc.1, pw.1, skV.1 ) ] + --[ Chan( cu.1 ) ]-> + [ State_11111( cu.1, pc.1, pw.1, skV.1 ) ] /* - rule (modulo AC) ifaencsharedkpkskVcheckrepsignedloc_1_111111111111[color=#658040, - process="if aenc(shared_k, pk(skV))=check_rep(signed, 'loc')"]: - [ State_111111111111( cu, pc, pw, shared_k, signed, skV ) ] - --[ Pred_Not_Eq( aenc(shared_k, pk(skV)), z ) ]-> - [ State_1111111111112( cu, pc, pw, shared_k, signed, skV ) ] - variants (modulo AC) - 1. signed - = signed.8 - z = check_rep(signed.8, 'loc') - - 2. signed - = rep(x.8, 'loc') - z = x.8 + rule (modulo AC) eventChancuchannel_0_1111[color=#ffffff, + process="event Chan( cu.1:channel );"]: + [ State_1111( cu, pc, pw, skV ) ] + --[ Chan( cu ) ]-> + [ State_11111( cu, pc, pw, skV ) ] */ -rule (modulo E) eventSessionVpkskVsharedk_0_1111111111111[color=#658040, - process="event SessionV( pk(skV), shared_k );"]: - [ State_1111111111111( cu, pc, pw, shared_k, signed, skV ) ] - --[ SessionV( pk(skV), shared_k ) ]-> - [ State_11111111111111( cu, pc, pw, shared_k, signed, skV ) ] +rule (modulo E) eventChanpcchannel_0_11111[color=#ffffff, + process="event Chan( pc.1:channel );"]: + [ State_11111( cu.1, pc.1, pw.1, skV.1 ) ] + --[ Chan( pc.1 ) ]-> + [ State_1111111( cu.1, pc.1, pw.1, skV.1 ), Out( pw.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventChanpcchannel_0_11111[color=#ffffff, + process="event Chan( pc.1:channel );"]: + [ State_11111( cu, pc, pw, skV ) ] + --[ Chan( pc ) ]-> + [ State_1111111( cu, pc, pw, skV ), Out( pw ) ] + */ -rule (modulo E) newcode_0_11111111111111[color=#658040, - process="new code;"]: - [ State_11111111111111( cu, pc, pw, shared_k, signed, skV ), Fr( code ) ] - --> - [ State_111111111111111( code, cu, pc, pw, shared_k, signed, skV ) ] +rule (modulo E) eventKeyskV_0_1111111[color=#ffffff, + process="event Key( skV.1 );"]: + [ State_1111111( cu.1, pc.1, pw.1, skV.1 ) ] + --[ Key( skV.1 ) ]-> + [ !Semistate_1111111111( cu.1, pc.1, pw.1, skV.1 ), Out( pk(skV.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventKeyskV_0_1111111[color=#ffffff, + process="event Key( skV.1 );"]: + [ State_1111111( cu, pc, pw, skV ) ] + --[ Key( skV ) ]-> + [ !Semistate_1111111111( cu, pc, pw, skV ), Out( pk(skV) ) ] + */ -rule (modulo E) outpccode_0_111111111111111[color=#658040, - process="out(pc,code);"]: - [ State_111111111111111( code, cu, pc, pw, shared_k, signed, skV ) ] +rule (modulo E) inshare_0_111111111111[color=#658040, + process="in(share.1);"]: + [ State_111111111111( cu.1, pc.1, pw.1, skV.1 ), In( share.1 ) ] --> [ - Message( pc, code ), - Semistate_1111111111111111( code, cu, pc, pw, shared_k, signed, skV ) + Let_11111111111111( dshared(share.1), cu.1, pc.1, pw.1, share.1, skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inshare_0_111111111111[color=#658040, + process="in(share.1);"]: + [ State_111111111111( cu, pc, pw, skV ), In( share ) ] + --> + [ Let_11111111111111( z, cu, pc, pw, share, skV ) ] + variants (modulo AC) + 1. share = share.8 + z = dshared(share.8) + + 2. share = shared(x.8) + z = x.8 + */ -rule (modulo E) outpccode_1_111111111111111[color=#658040, - process="out(pc,code);"]: +rule (modulo E) letcyphersigneddsharedshare_1_1111111111111[color=#ffffff, + process="let =dshared(share.1)"]: [ - Semistate_1111111111111111( code, cu, pc, pw, shared_k, signed, skV ), - Ack( pc, code ) + Let_11111111111111( , cu.1, pc.1, pw.1, share.1, + skV.1 + ) ] --> - [ State_1111111111111111( code, cu, pc, pw, shared_k, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inscodesenccodesharedk_0_1111111111111111[color=#658040, - process="in(scode(senc(code, shared_k)));"]: [ - State_1111111111111111( code, cu, pc, pw, shared_k, signed, skV ), - In( scode(senc(code, shared_k)) ) + State_11111111111111( cu.1, cypher.1, pc.1, pw.1, share.1, signed.1, + skV.1 + ) ] - --> - [ State_11111111111111111( code, cu, pc, pw, shared_k, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventProvScode_0_11111111111111111[color=#658040, - process="event ProvS( code );"]: - [ State_11111111111111111( code, cu, pc, pw, shared_k, signed, skV ) ] - --[ ProvS( code ) ]-> - [ State_111111111111111111( code, cu, pc, pw, shared_k, signed, skV ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letcyphersigneddsharedshare_1_1111111111111[color=#ffffff, + process="let =dshared(share.1)"]: + [ Let_11111111111111( , cu, pc, pw, share, skV ) ] + --> + [ State_11111111111111( cu, cypher, pc, pw, share, signed, skV ) ] + */ -rule (modulo E) newkOTP_0_111111111111111111[color=#658040, - process="new kOTP;"]: +rule (modulo E) letsharedkadeccypherskV_0_11111111111111[color=#ffffff, + process="let shared_k.1=adec(cypher.1, skV.1)"]: [ - State_111111111111111111( code, cu, pc, pw, shared_k, signed, skV ), - Fr( kOTP ) + State_11111111111111( cu.1, cypher.1, pc.1, pw.1, share.1, signed.1, + skV.1 + ) ] --> [ - State_1111111111111111111( code, cu, kOTP, pc, pw, shared_k, signed, skV + Let_111111111111111( , cu.1, cypher.1, pc.1, pw.1, + share.1, signed.1, skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letsharedkadeccypherskV_0_11111111111111[color=#ffffff, + process="let shared_k.1=adec(cypher.1, skV.1)"]: + [ State_11111111111111( cu, cypher, pc, pw, share, signed, skV ) ] + --> + [ + Let_111111111111111( , cu, cypher, pc, pw, share, signed, + skV + ) + ] + */ -rule (modulo E) outskosenckOTPsharedk_0_1111111111111111111[color=#658040, - process="out(sko(senc(kOTP, shared_k)));"]: +rule (modulo E) letsharedkadeccypherskV_1_11111111111111[color=#ffffff, + process="let shared_k.1=adec(cypher.1, skV.1)"]: [ - State_1111111111111111111( code, cu, kOTP, pc, pw, shared_k, signed, skV + Let_111111111111111( , cu.1, cypher.1, + pc.1, pw.1, share.1, signed.1, skV.1 ) ] --> [ - State_11111111111111111111( code, cu, kOTP, pc, pw, shared_k, signed, skV - ), - Out( sko(senc(kOTP, shared_k)) ) + State_111111111111111( cu.1, cypher.1, pc.1, pw.1, share.1, shared_k.1, + signed.1, skV.1 + ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letsharedkadeccypherskV_1_11111111111111[color=#ffffff, + process="let shared_k.1=adec(cypher.1, skV.1)"]: + [ + Let_111111111111111( , cu, cypher, pc, pw, + share, signed, skV + ) + ] + --> + [ + State_111111111111111( cu, cypher, pc, pw, share, shared_k, signed, skV ) + ] + */ -rule (modulo E) p_0_11111111111111111111[color=#658040, process="!"]: +rule (modulo E) ifaencsharedkpkskVcheckrepsignedloc_0_111111111111111[color=#658040, + process="if aenc(shared_k.1, pk(skV.1))=check_rep(signed.1, 'loc')"]: [ - State_11111111111111111111( code, cu, kOTP, pc, pw, shared_k, signed, skV + State_111111111111111( cu.1, cypher.1, pc.1, pw.1, share.1, shared_k.1, + signed.1, skV.1 ) ] - --> + --[ Pred_Eq( aenc(shared_k.1, pk(skV.1)), check_rep(signed.1, 'loc') ) + ]-> [ - !Semistate_111111111111111111111( code, cu, kOTP, pc, pw, shared_k, - signed, skV + State_1111111111111111( cu.1, cypher.1, pc.1, pw.1, share.1, shared_k.1, + signed.1, skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifaencsharedkpkskVcheckrepsignedloc_0_111111111111111[color=#658040, + process="if aenc(shared_k.1, pk(skV.1))=check_rep(signed.1, 'loc')"]: + [ + State_111111111111111( cu, cypher, pc, pw, share, shared_k, signed, skV ) + ] + --[ Pred_Eq( aenc(shared_k, pk(skV)), z ) ]-> + [ + State_1111111111111111( cu, cypher, pc, pw, share, shared_k, signed, skV + ) + ] + variants (modulo AC) + 1. signed + = signed.11 + z = check_rep(signed.11, 'loc') + + 2. signed + = rep(x.11, 'loc') + z = x.11 + */ -rule (modulo E) p_1_11111111111111111111[color=#658040, process="!"]: +rule (modulo E) eventSessionVpkskVsharedk_0_1111111111111111[color=#658040, + process="event SessionV( pk(skV.1), shared_k.1 );"]: [ - !Semistate_111111111111111111111( code, cu, kOTP, pc, pw, shared_k, - signed, skV - ) + State_1111111111111111( cu.1, cypher.1, pc.1, pw.1, share.1, shared_k.1, + signed.1, skV.1 + ), + Fr( code.1 ) ] - --> + --[ SessionV( pk(skV.1), shared_k.1 ) ]-> [ - State_111111111111111111111( code, cu, kOTP, pc, pw, shared_k, signed, - skV + Message( pc.1, code.1 ), + Semistate_1111111111111111111( code.1, cu.1, cypher.1, pc.1, pw.1, + share.1, shared_k.1, signed.1, skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSessionVpkskVsharedk_0_1111111111111111[color=#658040, + process="event SessionV( pk(skV.1), shared_k.1 );"]: + [ + State_1111111111111111( cu, cypher, pc, pw, share, shared_k, signed, skV + ), + Fr( code ) + ] + --[ SessionV( pk(skV), shared_k ) ]-> + [ + Message( pc, code ), + Semistate_1111111111111111111( code, cu, cypher, pc, pw, share, shared_k, + signed, skV + ) + ] + */ -rule (modulo E) newchallenge_0_111111111111111111111[color=#658040, - process="new challenge;"]: +rule (modulo E) outpcchannelcode_1_111111111111111111[color=#658040, + process="out(pc.1:channel,code.1);"]: [ - State_111111111111111111111( code, cu, kOTP, pc, pw, shared_k, signed, - skV + Semistate_1111111111111111111( code.1, cu.1, cypher.1, pc.1, pw.1, + share.1, shared_k.1, signed.1, skV.1 ), - Fr( challenge ) + Ack( pc.1, code.1 ), In( sccypher.1 ) ] --> [ - State_1111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + Let_111111111111111111111( , code.1, + cu.1, cypher.1, pc.1, pw.1, sccypher.1, share.1, shared_k.1, signed.1, + skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) outpcchannelcode_1_111111111111111111[color=#658040, + process="out(pc.1:channel,code.1);"]: + [ + Semistate_1111111111111111111( code, cu, cypher, pc, pw, share, shared_k, + signed, skV + ), + Ack( pc, code ), In( sccypher ) + ] + --> + [ + Let_111111111111111111111( , code, cu, cypher, pc, pw, + sccypher, share, shared_k, signed, skV + ) + ] + variants (modulo AC) + 1. sccypher + = sccypher.13 + z = dscode(sccypher.13) + + 2. sccypher + = scode(x.13) + z = x.13 + */ -rule (modulo E) eventChallchallengesharedk_0_1111111111111111111111[color=#658040, - process="event Chall( challenge, shared_k );"]: +rule (modulo E) letcodebsdecdscodesccyphersharedk_1_11111111111111111111[color=#ffffff, + process="let codeb.1=sdec(dscode(sccypher.1), shared_k.1)"]: [ - State_1111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + Let_111111111111111111111( , code.1, cu.1, + cypher.1, pc.1, pw.1, sccypher.1, share.1, shared_k.1, signed.1, skV.1 ) ] - --[ Chall( challenge, shared_k ) ]-> + --> [ - State_11111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + State_111111111111111111111( code.1, codeb.1, cu.1, cypher.1, pc.1, pw.1, + sccypher.1, share.1, shared_k.1, signed.1, skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letcodebsdecdscodesccyphersharedk_1_11111111111111111111[color=#ffffff, + process="let codeb.1=sdec(dscode(sccypher.1), shared_k.1)"]: + [ + Let_111111111111111111111( , code, cu, cypher, pc, pw, + sccypher, share, shared_k, signed, skV + ) + ] + --> + [ + State_111111111111111111111( code, codeb, cu, cypher, pc, pw, sccypher, + share, shared_k, signed, skV + ) + ] + */ -rule (modulo E) outsencchallengesharedk_0_11111111111111111111111[color=#658040, - process="out(senc(challenge, shared_k));"]: +rule (modulo E) ifcodebcode_0_111111111111111111111[color=#658040, + process="if codeb.1=code.1"]: [ - State_11111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + State_111111111111111111111( code.1, codeb.1, cu.1, cypher.1, pc.1, pw.1, + sccypher.1, share.1, shared_k.1, signed.1, skV.1 ) ] - --> + --[ Pred_Eq( codeb.1, code.1 ) ]-> + [ + State_1111111111111111111111( code.1, codeb.1, cu.1, cypher.1, pc.1, + pw.1, sccypher.1, share.1, shared_k.1, signed.1, skV.1 + ) + ] + + /* + rule (modulo AC) ifcodebcode_0_111111111111111111111[color=#658040, + process="if codeb.1=code.1"]: + [ + State_111111111111111111111( code, codeb, cu, cypher, pc, pw, sccypher, + share, shared_k, signed, skV + ) + ] + --[ Pred_Eq( codeb, code ) ]-> + [ + State_1111111111111111111111( code, codeb, cu, cypher, pc, pw, sccypher, + share, shared_k, signed, skV + ) + ] + */ + +rule (modulo E) eventProvScode_0_1111111111111111111111[color=#658040, + process="event ProvS( code.1 );"]: + [ + State_1111111111111111111111( code.1, codeb.1, cu.1, cypher.1, pc.1, + pw.1, sccypher.1, share.1, shared_k.1, signed.1, skV.1 + ), + Fr( kOTP.1 ) + ] + --[ ProvS( code.1 ) ]-> [ - State_111111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + !Semistate_11111111111111111111111111( code.1, codeb.1, cu.1, cypher.1, + kOTP.1, pc.1, pw.1, sccypher.1, share.1, shared_k.1, signed.1, skV.1 ), - Out( senc(challenge, shared_k) ) + Out( sko(senc(kOTP.1, shared_k.1)) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventProvScode_0_1111111111111111111111[color=#658040, + process="event ProvS( code.1 );"]: + [ + State_1111111111111111111111( code, codeb, cu, cypher, pc, pw, sccypher, + share, shared_k, signed, skV + ), + Fr( kOTP ) + ] + --[ ProvS( code ) ]-> + [ + !Semistate_11111111111111111111111111( code, codeb, cu, cypher, kOTP, pc, + pw, sccypher, share, shared_k, signed, skV + ), + Out( sko(senc(kOTP, shared_k)) ) + ] + */ + +rule (modulo E) p_1_1111111111111111111111111[color=#658040, + process="!"]: + [ + !Semistate_11111111111111111111111111( code.1, codeb.1, cu.1, cypher.1, + kOTP.1, pc.1, pw.1, sccypher.1, share.1, shared_k.1, signed.1, skV.1 + ), + Fr( challenge.1 ) + ] + --[ Chall( challenge.1, shared_k.1 ) ]-> + [ + State_11111111111111111111111111111( challenge.1, code.1, codeb.1, cu.1, + cypher.1, kOTP.1, pc.1, pw.1, sccypher.1, share.1, shared_k.1, + signed.1, skV.1 + ), + Out( senc(challenge.1, shared_k.1) ) + ] + + /* + rule (modulo AC) p_1_1111111111111111111111111[color=#658040, + process="!"]: + [ + !Semistate_11111111111111111111111111( code, codeb, cu, cypher, kOTP, pc, + pw, sccypher, share, shared_k, signed, skV + ), + Fr( challenge ) + ] + --[ Chall( challenge, shared_k ) ]-> + [ + State_11111111111111111111111111111( challenge, code, codeb, cu, cypher, + kOTP, pc, pw, sccypher, share, shared_k, signed, skV + ), + Out( senc(challenge, shared_k) ) + ] + */ -rule (modulo E) inhpwhashkOTPchallenge_0_111111111111111111111111[color=#658040, - process="in();"]: +rule (modulo E) inhashed_0_11111111111111111111111111111[color=#658040, + process="in(hashed.1);"]: [ - State_111111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + State_11111111111111111111111111111( challenge.1, code.1, codeb.1, cu.1, + cypher.1, kOTP.1, pc.1, pw.1, sccypher.1, share.1, shared_k.1, + signed.1, skV.1 ), - In( ) + In( hashed.1 ) ] --> [ - State_1111111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + State_111111111111111111111111111111( challenge.1, code.1, codeb.1, cu.1, + cypher.1, hashed.1, kOTP.1, pc.1, pw.1, sccypher.1, share.1, + shared_k.1, signed.1, skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhashed_0_11111111111111111111111111111[color=#658040, + process="in(hashed.1);"]: + [ + State_11111111111111111111111111111( challenge, code, codeb, cu, cypher, + kOTP, pc, pw, sccypher, share, shared_k, signed, skV + ), + In( hashed ) + ] + --> + [ + State_111111111111111111111111111111( challenge, code, codeb, cu, cypher, + hashed, kOTP, pc, pw, sccypher, share, shared_k, signed, skV + ) + ] + */ -rule (modulo E) eventAcceptpwchallenge_0_1111111111111111111111111[color=#658040, - process="event Accept( pw, challenge );"]: +rule (modulo E) ifhashedhpwhashkOTPchallenge_0_111111111111111111111111111111[color=#658040, + process="if hashed.1="]: [ - State_1111111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + State_111111111111111111111111111111( challenge.1, code.1, codeb.1, cu.1, + cypher.1, hashed.1, kOTP.1, pc.1, pw.1, sccypher.1, share.1, + shared_k.1, signed.1, skV.1 ) ] - --[ Accept( pw, challenge ) ]-> + --[ Pred_Eq( hashed.1, ) ]-> [ - State_11111111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + State_1111111111111111111111111111111( challenge.1, code.1, codeb.1, + cu.1, cypher.1, hashed.1, kOTP.1, pc.1, pw.1, sccypher.1, share.1, + shared_k.1, signed.1, skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifhashedhpwhashkOTPchallenge_0_111111111111111111111111111111[color=#658040, + process="if hashed.1="]: + [ + State_111111111111111111111111111111( challenge, code, codeb, cu, cypher, + hashed, kOTP, pc, pw, sccypher, share, shared_k, signed, skV + ) + ] + --[ Pred_Eq( hashed, ) ]-> + [ + State_1111111111111111111111111111111( challenge, code, codeb, cu, + cypher, hashed, kOTP, pc, pw, sccypher, share, shared_k, signed, + skV + ) + ] + */ -rule (modulo E) p_0_11111111111111111111111111[color=#658040, - process="0"]: +rule (modulo E) eventAcceptpwchallenge_0_1111111111111111111111111111111[color=#658040, + process="event Accept( pw.1, challenge.1 );"]: [ - State_11111111111111111111111111( challenge, code, cu, kOTP, pc, pw, - shared_k, signed, skV + State_1111111111111111111111111111111( challenge.1, code.1, codeb.1, + cu.1, cypher.1, hashed.1, kOTP.1, pc.1, pw.1, sccypher.1, share.1, + shared_k.1, signed.1, skV.1 ) ] - --> + --[ Accept( pw.1, challenge.1 ) ]-> [ ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111112[color=#658040, process="0"]: - [ State_1111111111112( cu, pc, pw, shared_k, signed, skV ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111112[color=#ffffff, process="!"]: - [ State_11111111112( cu, pc, pw, skV ) ] - --> - [ !Semistate_111111111121( cu, pc, pw, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_11111111112[color=#ffffff, process="!"]: - [ !Semistate_111111111121( cu, pc, pw, skV ) ] - --> - [ State_111111111121( cu, pc, pw, skV ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventAcceptpwchallenge_0_1111111111111111111111111111111[color=#658040, + process="event Accept( pw.1, challenge.1 );"]: + [ + State_1111111111111111111111111111111( challenge, code, codeb, cu, + cypher, hashed, kOTP, pc, pw, sccypher, share, shared_k, signed, + skV + ) + ] + --[ Accept( pw, challenge ) ]-> + [ ] + */ -rule (modulo E) p_0_111111111121[color=#ffffff, process="|"]: - [ State_111111111121( cu, pc, pw, skV ) ] - --> +rule (modulo E) ifhashedhpwhashkOTPchallenge_1_111111111111111111111111111111[color=#658040, + process="if hashed.1="]: [ - State_1111111111211( cu, pc, pw, skV ), - State_1111111111212( cu, pc, pw, skV ) + State_111111111111111111111111111111( challenge.1, code.1, codeb.1, cu.1, + cypher.1, hashed.1, kOTP.1, pc.1, pw.1, sccypher.1, share.1, + shared_k.1, signed.1, skV.1 + ) ] + --[ Pred_Not_Eq( hashed.1, ) ]-> + [ ] - /* has exactly the trivial AC variant */ - -rule (modulo E) inpccode_0_1111111111211[color=#504080, - process="in(pc,code);"]: - [ State_1111111111211( cu, pc, pw, skV ), Message( pc, code ) ] - --> - [ Ack( pc, code ), State_11111111112111( code, cu, pc, pw, skV ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifhashedhpwhashkOTPchallenge_1_111111111111111111111111111111[color=#658040, + process="if hashed.1="]: + [ + State_111111111111111111111111111111( challenge, code, codeb, cu, cypher, + hashed, kOTP, pc, pw, sccypher, share, shared_k, signed, skV + ) + ] + --[ Pred_Not_Eq( hashed, ) ]-> + [ ] + */ -rule (modulo E) eventProvUcode_0_11111111112111[color=#504080, - process="event ProvU( code );"]: - [ State_11111111112111( code, cu, pc, pw, skV ) ] - --[ ProvU( code ) ]-> - [ State_111111111121111( code, cu, pc, pw, skV ) ] +rule (modulo E) ifcodebcode_1_111111111111111111111[color=#658040, + process="if codeb.1=code.1"]: + [ + State_111111111111111111111( code.1, codeb.1, cu.1, cypher.1, pc.1, pw.1, + sccypher.1, share.1, shared_k.1, signed.1, skV.1 + ) + ] + --[ Pred_Not_Eq( codeb.1, code.1 ) ]-> + [ ] - // loop breaker: [0] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifcodebcode_1_111111111111111111111[color=#658040, + process="if codeb.1=code.1"]: + [ + State_111111111111111111111( code, codeb, cu, cypher, pc, pw, sccypher, + share, shared_k, signed, skV + ) + ] + --[ Pred_Not_Eq( codeb, code ) ]-> + [ ] + */ -rule (modulo E) outcdecode_0_111111111121111[color=#504080, - process="out(cde(code));"]: - [ State_111111111121111( code, cu, pc, pw, skV ) ] - --> - [ State_1111111111211111( code, cu, pc, pw, skV ), Out( cde(code) ) ] +rule (modulo E) ifaencsharedkpkskVcheckrepsignedloc_1_111111111111111[color=#658040, + process="if aenc(shared_k.1, pk(skV.1))=check_rep(signed.1, 'loc')"]: + [ + State_111111111111111( cu.1, cypher.1, pc.1, pw.1, share.1, shared_k.1, + signed.1, skV.1 + ) + ] + --[ + Pred_Not_Eq( aenc(shared_k.1, pk(skV.1)), check_rep(signed.1, 'loc') ) + ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifaencsharedkpkskVcheckrepsignedloc_1_111111111111111[color=#658040, + process="if aenc(shared_k.1, pk(skV.1))=check_rep(signed.1, 'loc')"]: + [ + State_111111111111111( cu, cypher, pc, pw, share, shared_k, signed, skV ) + ] + --[ Pred_Not_Eq( aenc(shared_k, pk(skV)), z ) ]-> + [ ] + variants (modulo AC) + 1. signed + = signed.11 + z = check_rep(signed.11, 'loc') + + 2. signed + = rep(x.11, 'loc') + z = x.11 + */ -rule (modulo E) p_0_1111111111211111[color=#504080, process="!"]: - [ State_1111111111211111( code, cu, pc, pw, skV ) ] +rule (modulo E) p_1_111111111[color=#ffffff, process="!"]: + [ !Semistate_1111111111( cu.1, pc.1, pw.1, skV.1 ) ] --> - [ !Semistate_11111111112111111( code, cu, pc, pw, skV ) ] + [ + !Semistate_111111111121( cu.1, pc.1, pw.1, skV.1 ), + State_111111111111( cu.1, pc.1, pw.1, skV.1 ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_111111111[color=#ffffff, process="!"]: + [ !Semistate_1111111111( cu, pc, pw, skV ) ] + --> + [ + !Semistate_111111111121( cu, pc, pw, skV ), + State_111111111111( cu, pc, pw, skV ) + ] + */ -rule (modulo E) p_1_1111111111211111[color=#504080, process="!"]: - [ !Semistate_11111111112111111( code, cu, pc, pw, skV ) ] +rule (modulo E) inpcchannelcode_0_11111111112111[color=#504080, + process="in(pc.1:channel,code.2);"]: + [ State_11111111112111( cu.1, pc.1, pw.1, skV.1 ), Message( pc.1, x.2 ) ] --> - [ State_11111111112111111( code, cu, pc, pw, skV ) ] + [ Let_111111111121111( x.2, cu.1, pc.1, pw.1, skV.1 ), Ack( pc.1, x.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inpcchannelcode_0_11111111112111[color=#504080, + process="in(pc.1:channel,code.2);"]: + [ State_11111111112111( cu, pc, pw, skV ), Message( pc, x ) ] + --> + [ Let_111111111121111( x, cu, pc, pw, skV ), Ack( pc, x ) ] + */ -rule (modulo E) newfr_0_11111111112111111[color=#504080, - process="new fr;"]: - [ State_11111111112111111( code, cu, pc, pw, skV ), Fr( fr ) ] +rule (modulo E) inpcchannelcode_1_11111111112111[color=#504080, + process="in(pc.1:channel,code.2);"]: + [ Let_111111111121111( code.2, cu.1, pc.1, pw.1, skV.1 ) ] --> - [ State_111111111121111111( code, cu, fr, pc, pw, skV ) ] + [ State_111111111121111( cu.1, pc.1, pw.1, skV.1, code.2 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) eventAskUpwfr_0_111111111121111111[color=#504080, - process="event AskU( pw, fr );"]: - [ State_111111111121111111( code, cu, fr, pc, pw, skV ) ] - --[ AskU( pw, fr ) ]-> - [ State_1111111111211111111( code, cu, fr, pc, pw, skV ) ] - - /* has exactly the trivial AC variant */ + // loop breaker: [0] + /* + rule (modulo AC) inpcchannelcode_1_11111111112111[color=#504080, + process="in(pc.1:channel,code.2);"]: + [ Let_111111111121111( code, cu, pc, pw, skV ) ] + --> + [ State_111111111121111( cu, pc, pw, skV, code ) ] + // loop breaker: [0] + */ -rule (modulo E) outcupwfr_0_1111111111211111111[color=#504080, - process="out(cu,);"]: - [ State_1111111111211111111( code, cu, fr, pc, pw, skV ) ] - --> +rule (modulo E) eventProvUcode_0_111111111121111[color=#504080, + process="event ProvU( code.2 );"]: + [ State_111111111121111( cu.1, pc.1, pw.1, skV.1, code.2 ) ] + --[ ProvU( code.2 ) ]-> [ - Message( cu, ), - Semistate_11111111112111111111( code, cu, fr, pc, pw, skV ) + !Semistate_111111111121111111( cu.1, pc.1, pw.1, skV.1, code.2 ), + Out( cde(code.2) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventProvUcode_0_111111111121111[color=#504080, + process="event ProvU( code.2 );"]: + [ State_111111111121111( cu, pc, pw, skV, code ) ] + --[ ProvU( code ) ]-> + [ + !Semistate_111111111121111111( cu, pc, pw, skV, code ), Out( cde(code) ) + ] + */ -rule (modulo E) outcupwfr_1_1111111111211111111[color=#504080, - process="out(cu,);"]: +rule (modulo E) p_1_11111111112111111[color=#504080, process="!"]: [ - Semistate_11111111112111111111( code, cu, fr, pc, pw, skV ), - Ack( cu, ) + !Semistate_111111111121111111( cu.1, pc.1, pw.1, skV.1, code.2 ), + Fr( fr.1 ) + ] + --[ AskU( pw.1, fr.1 ) ]-> + [ + Message( cu.1, ), + Semistate_111111111121111111111( cu.1, fr.1, pc.1, pw.1, skV.1, code.2 ) ] - --> - [ State_11111111112111111111( code, cu, fr, pc, pw, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111112111111111[color=#504080, process="0"]: - [ State_11111111112111111111( code, cu, fr, pc, pw, skV ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11111111112111111[color=#504080, process="!"]: + [ !Semistate_111111111121111111( cu, pc, pw, skV, code ), Fr( fr ) ] + --[ AskU( pw, fr ) ]-> + [ + Message( cu, ), + Semistate_111111111121111111111( cu, fr, pc, pw, skV, code ) + ] + */ -rule (modulo E) p_0_1111111111212[color=#ffffff, process="!"]: - [ State_1111111111212( cu, pc, pw, skV ) ] +rule (modulo E) p_1_11111111112[color=#ffffff, process="!"]: + [ !Semistate_111111111121( cu.1, pc.1, pw.1, skV.1 ) ] --> - [ !Semistate_11111111112121( cu, pc, pw, skV ) ] + [ + !Semistate_11111111112121( cu.1, pc.1, pw.1, skV.1 ), + State_11111111112111( cu.1, pc.1, pw.1, skV.1 ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11111111112[color=#ffffff, process="!"]: + [ !Semistate_111111111121( cu, pc, pw, skV ) ] + --> + [ + !Semistate_11111111112121( cu, pc, pw, skV ), + State_11111111112111( cu, pc, pw, skV ) + ] + */ rule (modulo E) p_1_1111111111212[color=#ffffff, process="!"]: - [ !Semistate_11111111112121( cu, pc, pw, skV ) ] - --> - [ State_11111111112121( cu, pc, pw, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newsharedk_0_11111111112121[color=#80407b, - process="new shared_k;"]: - [ State_11111111112121( cu, pc, pw, skV ), Fr( shared_k ) ] - --> - [ State_111111111121211( cu, pc, pw, shared_k, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSessionPpkskVsharedk_0_111111111121211[color=#80407b, - process="event SessionP( pk(skV), shared_k );"]: - [ State_111111111121211( cu, pc, pw, shared_k, skV ) ] - --[ SessionP( pk(skV), shared_k ) ]-> - [ State_1111111111212111( cu, pc, pw, shared_k, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsharedaencsharedkpkskVreportaencsharedkpkskV_0_1111111111212111[color=#80407b, - process="out(shared());"]: - [ State_1111111111212111( cu, pc, pw, shared_k, skV ) ] - --> + [ !Semistate_11111111112121( cu.1, pc.1, pw.1, skV.1 ), Fr( shared_k.2 ) + ] + --[ SessionP( pk(skV.1), shared_k.2 ) ]-> [ - State_11111111112121111( cu, pc, pw, shared_k, skV ), - Out( shared() ) + State_111111111121211111( cu.1, pc.1, pw.1, skV.1, shared_k.2 ), + Out( shared() + ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) incdecode_0_11111111112121111[color=#80407b, - process="in(cde(code));"]: - [ State_11111111112121111( cu, pc, pw, shared_k, skV ), In( cde(code) ) ] - --> - [ State_111111111121211111( code, cu, pc, pw, shared_k, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventProvEcode_0_111111111121211111[color=#80407b, - process="event ProvE( code );"]: - [ State_111111111121211111( code, cu, pc, pw, shared_k, skV ) ] - --[ ProvE( code ) ]-> - [ State_1111111111212111111( code, cu, pc, pw, shared_k, skV ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_1111111111212[color=#ffffff, process="!"]: + [ !Semistate_11111111112121( cu, pc, pw, skV ), Fr( shared_k ) ] + --[ SessionP( pk(skV), shared_k ) ]-> + [ + State_111111111121211111( cu, pc, pw, skV, shared_k ), + Out( shared() + ) + ] + */ -rule (modulo E) outdscodesenccodesharedk_0_1111111111212111111[color=#80407b, - process="out(dscode(senc(code, shared_k)));"]: - [ State_1111111111212111111( code, cu, pc, pw, shared_k, skV ) ] - --> +rule (modulo E) incdcode_0_111111111121211111[color=#80407b, + process="in(cdcode.1);"]: + [ + State_111111111121211111( cu.1, pc.1, pw.1, skV.1, shared_k.2 ), + In( cdcode.1 ) + ] + --[ ProvE( dcde(cdcode.1) ) ]-> [ - State_11111111112121111111( code, cu, pc, pw, shared_k, skV ), - Out( dscode(senc(code, shared_k)) ) + State_111111111121211111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + shared_k.2 + ), + Out( dscode(senc(dcde(cdcode.1), shared_k.2)) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incdcode_0_111111111121211111[color=#80407b, + process="in(cdcode.1);"]: + [ State_111111111121211111( cu, pc, pw, skV, shared_k ), In( cdcode ) ] + --[ ProvE( z ) ]-> + [ + State_111111111121211111111( cdcode, cu, pc, pw, skV, shared_k ), + Out( dscode(senc(z, shared_k)) ) + ] + variants (modulo AC) + 1. cdcode + = cdcode.14 + z = dcde(cdcode.14) + + 2. cdcode + = cde(z.14) + z = z.14 + */ -rule (modulo E) inskosenckOTPsharedk_0_11111111112121111111[color=#80407b, - process="in(sko(senc(kOTP, shared_k)));"]: +rule (modulo E) inskosenc_0_111111111121211111111[color=#80407b, + process="in(skosenc.1);"]: [ - State_11111111112121111111( code, cu, pc, pw, shared_k, skV ), - In( sko(senc(kOTP, shared_k)) ) + State_111111111121211111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + shared_k.2 + ), + In( skosenc.1 ) ] --> - [ State_111111111121211111111( code, cu, kOTP, pc, pw, shared_k, skV ) ] + [ + Let_11111111112121111111111( , cdcode.1, + cu.1, pc.1, pw.1, skV.1, skosenc.1, shared_k.2 + ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inskosenc_0_111111111121211111111[color=#80407b, + process="in(skosenc.1);"]: + [ + State_111111111121211111111( cdcode, cu, pc, pw, skV, shared_k ), + In( skosenc ) + ] + --> + [ + Let_11111111112121111111111( , cdcode, cu, pc, pw, skV, + skosenc, shared_k + ) + ] + variants (modulo AC) + 1. skosenc + = skosenc.11 + z = dsko(skosenc.11) + + 2. skosenc + = sko(x.11) + z = x.11 + */ -rule (modulo E) p_0_111111111121211111111[color=#80407b, process="!"]: - [ State_111111111121211111111( code, cu, kOTP, pc, pw, shared_k, skV ) ] +rule (modulo E) letkOTPsdecdskoskosencsharedk_1_1111111111212111111111[color=#ffffff, + process="let kOTP.2=sdec(dsko(skosenc.1), shared_k.2)"]: + [ + Let_11111111112121111111111( , cdcode.1, cu.1, + pc.1, pw.1, skV.1, skosenc.1, shared_k.2 + ) + ] --> [ - !Semistate_1111111111212111111111( code, cu, kOTP, pc, pw, shared_k, skV + State_11111111112121111111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, kOTP.2, shared_k.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letkOTPsdecdskoskosencsharedk_1_1111111111212111111111[color=#ffffff, + process="let kOTP.2=sdec(dsko(skosenc.1), shared_k.2)"]: + [ + Let_11111111112121111111111( , cdcode, cu, pc, pw, skV, + skosenc, shared_k + ) + ] + --> + [ + State_11111111112121111111111( cdcode, cu, pc, pw, skV, skosenc, kOTP, + shared_k + ) + ] + */ -rule (modulo E) p_1_111111111121211111111[color=#80407b, process="!"]: +rule (modulo E) p_0_11111111112121111111111[color=#80407b, process="!"]: [ - !Semistate_1111111111212111111111( code, cu, kOTP, pc, pw, shared_k, skV + State_11111111112121111111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, kOTP.2, shared_k.2 ) ] --> - [ State_1111111111212111111111( code, cu, kOTP, pc, pw, shared_k, skV ) ] + [ + !Semistate_111111111121211111111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, kOTP.2, shared_k.2 + ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_11111111112121111111111[color=#80407b, process="!"]: + [ + State_11111111112121111111111( cdcode, cu, pc, pw, skV, skosenc, kOTP, + shared_k + ) + ] + --> + [ + !Semistate_111111111121211111111111( cdcode, cu, pc, pw, skV, skosenc, + kOTP, shared_k + ) + ] + */ -rule (modulo E) incupwfr_0_1111111111212111111111[color=#80407b, - process="in(cu,);"]: +rule (modulo E) p_1_11111111112121111111111[color=#80407b, process="!"]: [ - State_1111111111212111111111( code, cu, kOTP, pc, pw, shared_k, skV ), - Message( cu, ) + !Semistate_111111111121211111111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, kOTP.2, shared_k.2 + ), + Message( cu.1, x.3 ) ] --> [ - Ack( cu, ), - State_11111111112121111111111( code, cu, fr, kOTP, pc, pw, shared_k, skV - ) + Let_1111111111212111111111111( x.3, cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, kOTP.2, shared_k.2 + ), + Ack( cu.1, x.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11111111112121111111111[color=#80407b, process="!"]: + [ + !Semistate_111111111121211111111111( cdcode, cu, pc, pw, skV, skosenc, + kOTP, shared_k + ), + Message( cu, x ) + ] + --> + [ + Let_1111111111212111111111111( x, cdcode, cu, pc, pw, skV, skosenc, kOTP, + shared_k + ), + Ack( cu, x ) + ] + */ -rule (modulo E) insencchallengesharedk_0_11111111112121111111111[color=#80407b, - process="in(senc(challenge, shared_k));"]: +rule (modulo E) incuchannelpwfr_1_111111111121211111111111[color=#80407b, + process="in(cu.1:channel,<=pw.1, fr.2>);"]: [ - State_11111111112121111111111( code, cu, fr, kOTP, pc, pw, shared_k, skV - ), - In( senc(challenge, shared_k) ) + Let_1111111111212111111111111( , cdcode.1, cu.1, pc.1, pw.1, + skV.1, skosenc.1, kOTP.2, shared_k.2 + ) ] --> [ - State_111111111121211111111111( challenge, code, cu, fr, kOTP, pc, pw, - shared_k, skV + State_1111111111212111111111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, fr.2, kOTP.2, shared_k.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incuchannelpwfr_1_111111111121211111111111[color=#80407b, + process="in(cu.1:channel,<=pw.1, fr.2>);"]: + [ + Let_1111111111212111111111111( , cdcode, cu, pc, pw, skV, + skosenc, kOTP, shared_k + ) + ] + --> + [ + State_1111111111212111111111111( cdcode, cu, pc, pw, skV, skosenc, fr, + kOTP, shared_k + ) + ] + */ -rule (modulo E) eventAskpwchallengefrsharedk_0_111111111121211111111111[color=#80407b, - process="event Ask( pw, challenge, fr, shared_k );"]: +rule (modulo E) incypher_0_1111111111212111111111111[color=#80407b, + process="in(cypher.2);"]: [ - State_111111111121211111111111( challenge, code, cu, fr, kOTP, pc, pw, - shared_k, skV - ) + State_1111111111212111111111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, fr.2, kOTP.2, shared_k.2 + ), + In( cypher.2 ) ] - --[ Ask( pw, challenge, fr, shared_k ) ]-> + --> [ - State_1111111111212111111111111( challenge, code, cu, fr, kOTP, pc, pw, - shared_k, skV + Let_111111111121211111111111111( , cdcode.1, cu.1, + pc.1, pw.1, skV.1, skosenc.1, cypher.2, fr.2, kOTP.2, shared_k.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incypher_0_1111111111212111111111111[color=#80407b, + process="in(cypher.2);"]: + [ + State_1111111111212111111111111( cdcode, cu, pc, pw, skV, skosenc, fr, + kOTP, shared_k + ), + In( cypher ) + ] + --> + [ + Let_111111111121211111111111111( , cdcode, cu, pc, pw, + skV, skosenc, cypher, fr, kOTP, shared_k + ) + ] + */ -rule (modulo E) outhpwhashkOTPchallenge_0_1111111111212111111111111[color=#80407b, - process="out();"]: +rule (modulo E) letchallengesdeccyphersharedk_1_11111111112121111111111111[color=#ffffff, + process="let challenge.2=sdec(cypher.2, shared_k.2)"]: [ - State_1111111111212111111111111( challenge, code, cu, fr, kOTP, pc, pw, - shared_k, skV + Let_111111111121211111111111111( , cdcode.1, + cu.1, pc.1, pw.1, skV.1, skosenc.1, cypher.2, fr.2, kOTP.2, shared_k.2 ) ] --> [ - State_11111111112121111111111111( challenge, code, cu, fr, kOTP, pc, pw, - shared_k, skV - ), - Out( ) + State_111111111121211111111111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, challenge.2, cypher.2, fr.2, kOTP.2, shared_k.2 + ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letchallengesdeccyphersharedk_1_11111111112121111111111111[color=#ffffff, + process="let challenge.2=sdec(cypher.2, shared_k.2)"]: + [ + Let_111111111121211111111111111( , cdcode, cu, pc, + pw, skV, skosenc, cypher, fr, kOTP, shared_k + ) + ] + --> + [ + State_111111111121211111111111111( cdcode, cu, pc, pw, skV, skosenc, + challenge, cypher, fr, kOTP, shared_k + ) + ] + */ -rule (modulo E) p_0_11111111112121111111111111[color=#80407b, - process="0"]: +rule (modulo E) eventAskpwchallengefrsharedk_0_111111111121211111111111111[color=#80407b, + process="event Ask( pw.1, challenge.2, fr.2, shared_k.2 );"]: [ - State_11111111112121111111111111( challenge, code, cu, fr, kOTP, pc, pw, - shared_k, skV + State_111111111121211111111111111( cdcode.1, cu.1, pc.1, pw.1, skV.1, + skosenc.1, challenge.2, cypher.2, fr.2, kOTP.2, shared_k.2 ) ] - --> - [ ] + --[ Ask( pw.1, challenge.2, fr.2, shared_k.2 ) ]-> + [ Out( ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventAskpwchallengefrsharedk_0_111111111121211111111111111[color=#80407b, + process="event Ask( pw.1, challenge.2, fr.2, shared_k.2 );"]: + [ + State_111111111121211111111111111( cdcode, cu, pc, pw, skV, skosenc, + challenge, cypher, fr, kOTP, shared_k + ) + ] + --[ Ask( pw, challenge, fr, shared_k ) ]-> + [ Out( ) ] + */ restriction predicate_eq: "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" @@ -1167,7 +1642,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -1177,15 +1652,15 @@ analyzing: examples/sapic/fast/feature-locations/OTP.spthy analyzed: examples/sapic/fast/feature-locations/OTP.spthy output: examples/sapic/fast/feature-locations/OTP.spthy.tmp - processing time: 12.546810481s + processing time: 11.930861027s + reachV (exists-trace): verified (4 steps) secrecy_key (all-traces): verified (8 steps) - key_ex (all-traces): verified (15 steps) + key_ex (all-traces): verified (17 steps) secrecy_ex (all-traces): verified (11 steps) - unic (all-traces): verified (8 steps) - secrecy_chall (all-traces): verified (34 steps) - valid (all-traces): verified (40 steps) + unic (all-traces): verified (2 steps) + secrecy_chall (all-traces): verified (62 steps) + valid (all-traces): verified (55 steps) unic_2 (all-traces): verified (8 steps) - valid_final (all-traces): verified (6 steps) ------------------------------------------------------------------------------ @@ -1195,15 +1670,15 @@ summary of summaries: analyzed: examples/sapic/fast/feature-locations/OTP.spthy output: examples/sapic/fast/feature-locations/OTP.spthy.tmp - processing time: 12.546810481s + processing time: 11.930861027s + reachV (exists-trace): verified (4 steps) secrecy_key (all-traces): verified (8 steps) - key_ex (all-traces): verified (15 steps) + key_ex (all-traces): verified (17 steps) secrecy_ex (all-traces): verified (11 steps) - unic (all-traces): verified (8 steps) - secrecy_chall (all-traces): verified (34 steps) - valid (all-traces): verified (40 steps) + unic (all-traces): verified (2 steps) + secrecy_chall (all-traces): verified (62 steps) + valid (all-traces): verified (55 steps) unic_2 (all-traces): verified (8 steps) - valid_final (all-traces): verified (6 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/feature-locations/SOC_analyzed.spthy b/case-studies-regression/sapic/fast/feature-locations/SOC_analyzed.spthy index 5726339b5..8a543c381 100644 --- a/case-studies-regression/sapic/fast/feature-locations/SOC_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-locations/SOC_analyzed.spthy @@ -2,8 +2,10 @@ theory SOC begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, check_rep/2, fst/1, get_rep/1, list/2, pair/2, - pk/1, prog/2, rep/2 [private], report/1, sdec/2, senc/2, snd/1 +functions: adec/2[destructor], aenc/2, check_rep/2[destructor], + fst/1[destructor], get_rep/1[destructor], pair/2, pk/1, prog/2, + rep/2[private,destructor], report/1, sdec/2[destructor], senc/2, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, check_rep(rep(x.1, x.2), x.2) = x.1, @@ -14,7 +16,19 @@ equations: heuristic: p -predicate: Report( x, y )<=>¬(∃ z. y = <'loc', z>) + + + + + + +predicate: Report( x, y )<=>¬(fst(y) = 'loc') + + + + + + lemma secrecy [reuse]: all-traces @@ -24,749 +38,33 @@ guarded formula characterizing all counter-examples: "∃ pka k #t1 #t2. (SessionV( pka, k ) @ #t1) ∧ (!KU( k ) @ #t2)" */ simplify -solve( State_121111111( init, k, signed, skV ) ▶₀ #t1 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( ~n.1 ) @ #t2 ) - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_1 - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_2 - by solve( !KU( ~n.2 ) @ #vk.4 ) - qed -qed - -lemma Input [use_induction, reuse]: - all-traces - "∀ #t1 ip shared_key. - (Input( senc(ip, shared_key) ) @ #t1) ⇒ - (∃ #t2 pk. (SessionV( pk, shared_key ) @ #t2) ∧ (#t2 < #t1))" -/* -guarded formula characterizing all counter-examples: -"∃ #t1 ip shared_key. - (Input( senc(ip, shared_key) ) @ #t1) - ∧ - ∀ #t2 pk. (SessionV( pk, shared_key ) @ #t2) ⇒ ¬(#t2 < #t1)" -*/ -induction - case empty_trace - by contradiction /* from formulas */ -next - case non_empty_trace - simplify - solve( (∀ #t1 ip shared_key. - (Input( senc(ip, shared_key) ) @ #t1) - ⇒ - ((last(#t1)) ∨ - (∃ #t2 pk. - (SessionV( pk, shared_key ) @ #t2) ∧ (¬(last(#t2))) ∧ (#t2 < #t1)))) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_0( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_1( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ) - case case_1 - solve( (last(#t1)) ∥ - (∃ #t2 pk. - (SessionV( pk, shared_key ) @ #t2) ∧ (¬(last(#t2))) ∧ (#t2 < #t1)) ) - case case_1 - solve( State_1211111111111111( init, ip, old_i, shared_key, signed, skV, - storeV, lock - ) ▶₀ #t1 ) - case newip_0_121111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#t1.1 = #t2) ∥ (#t2 < #t1.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t1.1 = #t3) ∥ (#t3 < #t1.1) ∥ - (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1.1 = #t2) ∨ - (#t2 < #t1.1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ - (¬(#t0 = #t1.1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1.1) ∥ (#t1.1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ - (¬(#t0 = #t1.1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1.1) ∥ (#t1.1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1.1) ∥ (#t1.1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_4 - solve( (#t1.1 = #t3) ∥ (#t3 < #t1.1) ∥ - (∀ #t2. - (Unlock_1( '1', ~n, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1.1 = #t2) ∨ - (#t2 < #t1.1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ - (¬(#t0 = #t1.1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1.1) ∥ (#t1.1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ - (¬(#t0 = #t1.1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1.1) ∥ (#t1.1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1.1) ∥ (#t1.1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed -qed - -lemma secrecy_computes2 [reuse]: - all-traces - "¬(∃ ip k #t2 #t3. (Input( senc(ip, k) ) @ #t2) ∧ (!KU( ip ) @ #t3))" -/* -guarded formula characterizing all counter-examples: -"∃ ip k #t2 #t3. (Input( senc(ip, k) ) @ #t2) ∧ (!KU( ip ) @ #t3)" -*/ -simplify -solve( State_1211111111111111( init, ip, old_i, k, signed, skV, storeV, - lock - ) ▶₀ #t2 ) - case newip_0_121111111111111 - solve( (#vr.5 < #t2.3) ∥ (#vr.5 = #t2.3) ) - case case_1 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2.1 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2.2 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( ~n.1 ) @ #t3 ) - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - qed - qed +solve( State_12111111111( init, skV, cypher, k, signed ) ▶₀ #t1 ) + case eventVoutputaencsharedkpkskVsigned_0_1211111111 + solve( !KU( ~n.2 ) @ #t2 ) + case eventPoutputaencsharedkpkVrepaencsharedkpkVlocpkV_0_11111111_case_1 + by solve( !KU( ~n.1 ) @ #vk.4 ) next - case case_2 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2.1 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2.2 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( ~n.1 ) @ #t3 ) - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - qed - qed + case eventPoutputaencsharedkpkVrepaencsharedkpkVlocpkV_0_11111111_case_2 + by solve( !KU( ~n.1 ) @ #vk.4 ) qed qed -lemma secrecy_computes3 [reuse]: - all-traces - "¬(∃ ip k old_i #t2 #t3. - (Input( senc(ip, k) ) @ #t2) ∧ (!KU( prog(ip, old_i) ) @ #t3))" +lemma Reach: + exists-trace "∃ #t1 h. Voutput( h ) @ #t1" /* -guarded formula characterizing all counter-examples: -"∃ ip k old_i #t2 #t3. - (Input( senc(ip, k) ) @ #t2) ∧ (!KU( prog(ip, old_i) ) @ #t3)" +guarded formula characterizing all satisfying traces: +"∃ #t1 h. (Voutput( h ) @ #t1)" */ simplify -solve( State_1211111111111111( init, ip, old_i, k, signed, skV, storeV, - lock - ) ▶₀ #t2 ) - case newip_0_121111111111111 - solve( (#vr.5 < #t2.3) ∥ (#vr.5 = #t2.3) ) - case case_1 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2.1 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2.2 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( prog(~n.1, old_i.1) ) @ #t3 ) - case c_prog - by contradiction /* from formulas */ - next - case outsencprogipoldioutputsharedk_0_1111111111111111 - solve( (#vr.37 < #t2.3) ∥ (#vr.37 = #t2.3) ) - case case_1 - solve( Insert( ~n.4, old_i ) @ #t2.2 ) - case insertstorePinit_0_1111111111 - by solve( State_1111111111( old_i, shared_k, skV, ~n.4 ) ▶₀ #t2.2 ) - next - case insertstorePlistipoldi_0_11111111111111111 - by solve( State_11111111111111111( init, ip, lock, old_i, shared_k, skV, - ~n.4 - ) ▶₀ #t2.2 ) - next - case insertstoreVinit_0_12111111111 - solve( State_12111111111( old_i, shared_k, signed, skV, ~n.4 ) ▶₀ #t2.2 ) - case newstoreV_0_1211111111 - by contradiction /* cyclic */ - qed - next - case insertstoreVlistipoldi_0_12111111111111111111 - solve( State_12111111111111111111( init, ip, old_i, shared_k, signed, - skV, ~n.4, lock - ) ▶₀ #t2.2 ) - case eventVoutputsencprogipoldioutputsharedk_0_1211111111111111111 - solve( ((#vr.2 < #vr.53) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, ~n.5 ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.53) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.6, ~n.5 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.5 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.5 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.53 < #vr.2) ∥ (#vr.2 = #vr.53) ) - case case_1 - solve( (#vr.5 < #t2.6) ∥ (#vr.5 = #t2.6) ) - case case_1 - solve( State_121111111( init, ~n.3, signed, skV ) ▶₀ #t2.3 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111111111111111( init, ip, old_i.2, shared_k, signed, - skV, ~n.5, ~n.6 - ) ▶₀ #t2.3 ) - case insertstoreVlistipoldi_0_12111111111111111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_121111111( init, ~n.3, signed, skV ) ▶₀ #t2.3 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111111111111111( init, ip, old_i.2, shared_k, signed, - skV, ~n.5, ~n.6 - ) ▶₀ #t2.3 ) - case insertstoreVlistipoldi_0_12111111111111111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_2 - solve( (#vr.5 < #t2.6) ∥ (#vr.5 = #t2.6) ) - case case_1 - solve( State_121111111( init, ~n.3, signed, skV ) ▶₀ #t2.3 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111111111111111( init, ip, old_i.2, shared_k, signed, - skV, ~n.5, ~n.8 - ) ▶₀ #t2.3 ) - case insertstoreVlistipoldi_0_12111111111111111111 - solve( (#vr.5 < #t2.7) ∥ (#vr.5 = #t2.7) ) - case case_1 - solve( (#t2.6 < #t2.7) ∥ (#t2.6 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_121111111( init, ~n.3, signed, skV ) ▶₀ #t2.4 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( ~n.7 ) @ #vk.4 ) - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_1 - solve( !KU( senc(<~n.1, 'input'>, ~n.7) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - next - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_2 - solve( !KU( senc(<~n.1, 'input'>, ~n.7) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( State_121111111( init, ~n.3, signed, skV ) ▶₀ #t2.3 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111111111111111( init, ip, old_i.2, shared_k, signed, - skV, ~n.5, ~n.8 - ) ▶₀ #t2.3 ) - case insertstoreVlistipoldi_0_12111111111111111111 - solve( (#vr.5 < #t2.6) ∥ (#vr.5 = #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_121111111( init, ~n.3, signed, skV ) ▶₀ #t2.4 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( ~n.7 ) @ #vk.4 ) - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_1 - solve( !KU( senc(<~n.1, 'input'>, ~n.7) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - next - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_2 - solve( !KU( senc(<~n.1, 'input'>, ~n.7) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( Insert( ~n.4, old_i ) @ #t2.3 ) - case insertstorePinit_0_1111111111 - by solve( State_1111111111( old_i, shared_k, skV.1, ~n.4 ) ▶₀ #t2.3 ) - next - case insertstorePlistipoldi_0_11111111111111111 - by solve( State_11111111111111111( init, ip, lock, old_i, shared_k, - skV.1, ~n.4 - ) ▶₀ #t2.3 ) - next - case insertstoreVinit_0_12111111111 - solve( State_12111111111( old_i, shared_k, signed, skV.1, ~n.4 - ) ▶₀ #t2.3 ) - case newstoreV_0_1211111111 - by contradiction /* cyclic */ - qed - next - case insertstoreVlistipoldi_0_12111111111111111111 - solve( State_12111111111111111111( init, ip, old_i, shared_k, signed, - skV.1, ~n.4, lock - ) ▶₀ #t2.3 ) - case eventVoutputsencprogipoldioutputsharedk_0_1211111111111111111 - solve( ((#vr.2 < #vr.52) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.6, ~n.5 ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.52) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.6, ~n.5 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.5 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.5 ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.52 < #vr.2) ∥ (#vr.2 = #vr.52) ) - case case_1 - solve( (#vr.5 < #t2.6) ∥ (#vr.5 = #t2.6) ) - case case_1 - solve( State_121111111( init, ~n.3, signed, skV.1 ) ▶₀ #t2.4 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111111111111111( init, ip, old_i.2, shared_k, signed, - skV.1, ~n.5, ~n.6 - ) ▶₀ #t2.4 ) - case insertstoreVlistipoldi_0_12111111111111111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_121111111( init, ~n.3, signed, skV.1 ) ▶₀ #t2.4 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111111111111111( init, ip, old_i.2, shared_k, signed, - skV.1, ~n.5, ~n.6 - ) ▶₀ #t2.4 ) - case insertstoreVlistipoldi_0_12111111111111111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_2 - solve( (#vr.5 < #t2.6) ∥ (#vr.5 = #t2.6) ) - case case_1 - solve( State_121111111( init, ~n.3, signed, skV.1 ) ▶₀ #t2.4 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111111111111111( init, ip, old_i.2, shared_k, signed, - skV.1, ~n.5, ~n.9 - ) ▶₀ #t2.4 ) - case insertstoreVlistipoldi_0_12111111111111111111 - solve( (#vr.5 < #t2.7) ∥ (#vr.5 = #t2.7) ) - case case_1 - solve( (#t2.6 < #t2.7) ∥ (#t2.6 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_121111111( init, ~n.3, signed, skV.1 ) ▶₀ #t2.5 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( ~n.7 ) @ #vk.4 ) - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_1 - solve( !KU( senc(<~n.1, 'input'>, ~n.7) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - next - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_2 - solve( !KU( senc(<~n.1, 'input'>, ~n.7) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( State_121111111( init, ~n.3, signed, skV.1 ) ▶₀ #t2.4 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111111111111111( init, ip, old_i.2, shared_k, signed, - skV.1, ~n.5, ~n.9 - ) ▶₀ #t2.4 ) - case insertstoreVlistipoldi_0_12111111111111111111 - solve( (#vr.5 < #t2.6) ∥ (#vr.5 = #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_121111111( init, ~n.3, signed, skV.1 ) ▶₀ #t2.5 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( ~n.7 ) @ #vk.4 ) - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_1 - solve( !KU( senc(<~n.1, 'input'>, ~n.7) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - next - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_2 - solve( !KU( senc(<~n.1, 'input'>, ~n.7) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2.1 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2.2 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( prog(~n.1, old_i.1) ) @ #t3 ) - case c_prog - by contradiction /* from formulas */ - next - case outsencprogipoldioutputsharedk_0_1111111111111111 - solve( (#vr.36 < #t2.3) ∥ (#vr.36 = #t2.3) ) - case case_1 - solve( Insert( ~n.4, old_i ) @ #t2.2 ) - case insertstoreVinit_0_12111111111 - solve( !KU( ~n.6 ) @ #vk.4 ) - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_1 - solve( !KU( senc(<~n.1, 'input'>, ~n.6) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - next - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_2 - solve( !KU( senc(<~n.1, 'input'>, ~n.6) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( Insert( ~n.4, old_i ) @ #t2.2 ) - case insertstoreVinit_0_12111111111 - solve( !KU( ~n.6 ) @ #vk.4 ) - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_1 - solve( !KU( senc(<~n.1, 'input'>, ~n.6) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - next - case outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111_case_2 - solve( !KU( senc(<~n.1, 'input'>, ~n.6) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencipinputsharedk_0_12111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed +solve( Voutput( h ) @ #t1 ) + case eventVoutputaencsharedkpkskVsigned_0_1211111111 + solve( State_1211111111( init, skV, cypher, shared_k, signed ) ▶₀ #t1 ) + case ifaencsharedkpkskVcheckrepsignedlocpkskV_0_121111111 + solve( !KU( aenc(~n.2, pk(~n.1)) ) @ #vk.2 ) + case eventPoutputaencsharedkpkVrepaencsharedkpkVlocpkV_0_11111111_case_1 + solve( !KU( pk(~n.1) ) @ #vk.3 ) + case p_1_12 + SOLVED // trace found qed qed qed @@ -783,700 +81,867 @@ guarded formula characterizing all counter-examples: */ simplify solve( Voutput( h ) @ #t1 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( State_12111111( init, shared_k, signed, skV ) ▶₀ #t1 ) - case ifaencsharedkpkskVcheckrepsignedlocpkskV_0_1211111 + case eventVoutputaencsharedkpkskVsigned_0_1211111111 + solve( State_1211111111( init, skV, cypher, shared_k, signed ) ▶₀ #t1 ) + case ifaencsharedkpkskVcheckrepsignedlocpkskV_0_121111111 by contradiction /* from formulas */ qed next - case eventVoutputsencprogipoldioutputsharedk_0_1211111111111111111 - solve( State_1211111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + case eventVoutputsencprogipoldioutputsharedk_0_121111111111111111111111 + solve( State_121111111111111111111111( cypher2, init, lock, mess, pr, + skV, storeV, cypher, ip, old_i, shared_k, signed ) ▶₀ #t1 ) - case insencprogipoldioutputsharedk_0_121111111111111111 - solve( (#vr.8 < #t2.1) ∥ (#vr.8 = #t2.1) ) + case ifprprogipoldi_0_12111111111111111111111 + solve( (#vr.8 < #t2) ∥ (#vr.8 = #t2) ) case case_1 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( senc(, ~n.2) ) @ #vk.2 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencprogipoldioutputsharedk_0_1111111111111111 - by contradiction /* from formulas */ - qed + solve( !KU( senc(, ~n.1) ) @ #vk.2 ) + case c_senc + by contradiction /* from formulas */ + next + case eventPoutputsencprogipoldioutputsharedk_0_11111111111111111 + by contradiction /* from formulas */ qed next case case_2 - solve( State_121111111( init, ~n.2, signed, skV ) ▶₀ #t2 ) - case eventVoutputaencsharedkpkskVsigned_0_12111111 - solve( !KU( senc(, ~n.2) ) @ #vk.2 ) - case c_senc - by contradiction /* from formulas */ - next - case outsencprogipoldioutputsharedk_0_1111111111111111 - by contradiction /* from formulas */ - qed + solve( !KU( senc(, ~n.1) ) @ #vk.2 ) + case c_senc + by contradiction /* from formulas */ + next + case eventPoutputsencprogipoldioutputsharedk_0_11111111111111111 + by contradiction /* from formulas */ qed qed qed qed -restriction Restr_ReportRule_1: - "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(∃ z. x = <'loc', z>))" - // safety formula -rule (modulo E) ReportRule[color=#ffffff, process="new init;"]: - [ In( ) ] - --[ Restr_ReportRule_1( loc ) ]-> - [ Out( rep(x, loc) ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) Init[color=#ffffff, process="new init;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newinit_0_[color=#ffffff, process="new init;"]: - [ State_( ), Fr( init ) ] --> [ State_1( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( init ) ] --> [ State_11( init ), State_12( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11[color=#ffffff, process="!"]: - [ State_11( init ) ] --> [ !Semistate_111( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_11[color=#ffffff, process="!"]: - [ !Semistate_111( init ) ] --> [ State_111( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) inpkskV_0_111[color=#405280, process="in(pk(skV));"]: - [ State_111( init ), In( pk(skV) ) ] --> [ State_1111( init, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1111[color=#405280, process="!"]: - [ State_1111( init, skV ) ] --> [ !Semistate_11111( init, skV ) ] - /* has exactly the trivial AC variant */ +restriction Restr_ReportRule_1: + "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'loc'))" + // safety formula -rule (modulo E) p_1_1111[color=#405280, process="!"]: - [ !Semistate_11111( init, skV ) ] --> [ State_11111( init, skV ) ] +rule (modulo E) ReportRule[color=#ffffff, process="new init.1;"]: + [ In( ) ] + --[ Restr_ReportRule_1( fst(loc) ) ]-> + [ Out( rep(x, loc) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ReportRule[color=#ffffff, process="new init.1;"]: + [ In( ) ] --[ Restr_ReportRule_1( z ) ]-> [ Out( rep(x, loc) ) ] + variants (modulo AC) + 1. loc = loc.4 + z = fst(loc.4) + + 2. loc = + z = x.4 + */ -rule (modulo E) newsharedk_0_11111[color=#405280, - process="new shared_k;"]: - [ State_11111( init, skV ), Fr( shared_k ) ] +rule (modulo E) p_1_11[color=#ffffff, process="!"]: + [ !Semistate_111( init.1 ), In( pkV.1 ) ] --> - [ State_111111( init, shared_k, skV ) ] + [ !Semistate_111111( init.1, pkV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11[color=#ffffff, process="!"]: + [ !Semistate_111( init ), In( pkV ) ] + --> + [ !Semistate_111111( init, pkV ) ] + */ -rule (modulo E) eventSessionPpkskVsharedk_0_111111[color=#405280, - process="event SessionP( pk(skV), shared_k );"]: - [ State_111111( init, shared_k, skV ) ] - --[ SessionP( pk(skV), shared_k ) ]-> - [ State_1111111( init, shared_k, skV ) ] +rule (modulo E) p_1_11111[color=#405280, process="!"]: + [ !Semistate_111111( init.1, pkV.1 ), Fr( shared_k.1 ) ] + --[ SessionP( pkV.1, shared_k.1 ) ]-> + [ State_11111111( init.1, pkV.1, shared_k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11111[color=#405280, process="!"]: + [ !Semistate_111111( init, pkV ), Fr( shared_k ) ] + --[ SessionP( pkV, shared_k ) ]-> + [ State_11111111( init, pkV, shared_k ) ] + */ -rule (modulo E) eventPoutputaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_1111111[color=#405280, - process="event Poutput( )> +rule (modulo E) eventPoutputaencsharedkpkVrepaencsharedkpkVlocpkV_0_11111111[color=#405280, + process="event Poutput( )> );"]: - [ State_1111111( init, shared_k, skV ) ] + [ State_11111111( init.1, pkV.1, shared_k.1 ) ] --[ - Poutput( )> + Poutput( )> ) ]-> - [ State_11111111( init, shared_k, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outaencsharedkpkskVrepaencsharedkpkskVlocpkskV_0_11111111[color=#405280, - process="out()>);"]: - [ State_11111111( init, shared_k, skV ) ] - --> [ - State_111111111( init, shared_k, skV ), - Out( )> + State_1111111111( init.1, pkV.1, shared_k.1 ), + Out( )> ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) newstoreP_0_111111111[color=#405280, - process="new storeP;"]: - [ State_111111111( init, shared_k, skV ), Fr( storeP ) ] - --> - [ State_1111111111( init, shared_k, skV, storeP ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertstorePinit_0_1111111111[color=#405280, - process="insert storeP,init;"]: - [ State_1111111111( init, shared_k, skV, storeP ) ] - --[ Insert( storeP, init ) ]-> - [ State_11111111111( init, shared_k, skV, storeP ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111[color=#405280, process="!"]: - [ State_11111111111( init, shared_k, skV, storeP ) ] - --> - [ !Semistate_111111111111( init, shared_k, skV, storeP ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_11111111111[color=#405280, process="!"]: - [ !Semistate_111111111111( init, shared_k, skV, storeP ) ] - --> - [ State_111111111111( init, shared_k, skV, storeP ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockstoreP_0_111111111111[color=#405280, - process="lock storeP;"]: - [ State_111111111111( init, shared_k, skV, storeP ), Fr( lock ) ] - --[ Lock_0( '0', lock, storeP ), Lock( '0', lock, storeP ) ]-> - [ State_1111111111111( init, lock, shared_k, skV, storeP ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupstorePasoldi_0_1111111111111[color=#405280, - process="lookup storeP as old_i"]: - [ State_1111111111111( init, lock, shared_k, skV, storeP ) ] - --[ IsIn( storeP, old_i ) ]-> - [ State_11111111111111( init, lock, old_i, shared_k, skV, storeP ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventPoutputaencsharedkpkVrepaencsharedkpkVlocpkV_0_11111111[color=#405280, + process="event Poutput( )> +);"]: + [ State_11111111( init, pkV, shared_k ) ] + --[ + Poutput( )> ) + ]-> + [ + State_1111111111( init, pkV, shared_k ), + Out( )> ) + ] + */ -rule (modulo E) lookupstorePasoldi_1_1111111111111[color=#405280, - process="lookup storeP as old_i"]: - [ State_1111111111111( init, lock, shared_k, skV, storeP ) ] - --[ IsNotSet( storeP ) ]-> - [ State_11111111111112( init, lock, shared_k, skV, storeP ) ] +rule (modulo E) newstoreP_0_1111111111[color=#405280, + process="new storeP.1;"]: + [ State_1111111111( init.1, pkV.1, shared_k.1 ), Fr( storeP.1 ) ] + --[ Insert( storeP.1, init.1 ) ]-> + [ !Semistate_1111111111111( init.1, pkV.1, shared_k.1, storeP.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newstoreP_0_1111111111[color=#405280, + process="new storeP.1;"]: + [ State_1111111111( init, pkV, shared_k ), Fr( storeP ) ] + --[ Insert( storeP, init ) ]-> + [ !Semistate_1111111111111( init, pkV, shared_k, storeP ) ] + */ -rule (modulo E) insencipinputsharedk_0_11111111111111[color=#405280, - process="in(senc(, shared_k));"]: +rule (modulo E) p_1_111111111111[color=#405280, process="!"]: [ - State_11111111111111( init, lock, old_i, shared_k, skV, storeP ), - In( senc(, shared_k) ) + !Semistate_1111111111111( init.1, pkV.1, shared_k.1, storeP.1 ), + Fr( lock ) ] - --> - [ State_111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) ] + --[ Lock_0( '0', lock, storeP.1 ), Lock( '0', lock, storeP.1 ) ]-> + [ State_11111111111111( lock, init.1, pkV.1, shared_k.1, storeP.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_111111111111[color=#405280, process="!"]: + [ !Semistate_1111111111111( init, pkV, shared_k, storeP ), Fr( lock ) ] + --[ Lock_0( '0', lock, storeP ), Lock( '0', lock, storeP ) ]-> + [ State_11111111111111( lock, init, pkV, shared_k, storeP ) ] + */ -rule (modulo E) eventPoutputsencprogipoldioutputsharedk_0_111111111111111[color=#405280, - process="event Poutput( senc(, shared_k) );"]: - [ State_111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) ] - --[ Poutput( senc(, shared_k) ) ]-> - [ State_1111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) +rule (modulo E) lookupstorePasoldi_0_11111111111111[color=#405280, + process="lookup storeP.1 as old_i.1"]: + [ + State_11111111111111( lock, init.1, pkV.1, shared_k.1, storeP.1 ), + In( cypher.1 ) + ] + --[ IsIn( storeP.1, old_i.1 ) ]-> + [ + Let_11111111111111111( sdec(cypher.1, shared_k.1), lock, cypher.1, + init.1, old_i.1, pkV.1, shared_k.1, storeP.1 + ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupstorePasoldi_0_11111111111111[color=#405280, + process="lookup storeP.1 as old_i.1"]: + [ State_11111111111111( lock, init, pkV, shared_k, storeP ), In( cypher ) + ] + --[ IsIn( storeP, old_i ) ]-> + [ + Let_11111111111111111( z, lock, cypher, init, old_i, pkV, shared_k, + storeP + ) + ] + variants (modulo AC) + 1. cypher + = cypher.11 + shared_k + = shared_k.11 + z = sdec(cypher.11, shared_k.11) + + 2. cypher + = senc(x.10, x.11) + shared_k + = x.11 + z = x.10 + */ -rule (modulo E) outsencprogipoldioutputsharedk_0_1111111111111111[color=#405280, - process="out(senc(, shared_k));"]: - [ State_1111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) +rule (modulo E) letipinputsdeccyphersharedk_1_1111111111111111[color=#ffffff, + process="let =sdec(cypher.1, shared_k.1)"]: + [ + Let_11111111111111111( , lock, cypher.1, init.1, old_i.1, + pkV.1, shared_k.1, storeP.1 + ) ] --> [ - State_11111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ), - Out( senc(, shared_k) ) + State_11111111111111111( lock, cypher.1, init.1, ip.1, old_i.1, pkV.1, + shared_k.1, storeP.1 + ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letipinputsdeccyphersharedk_1_1111111111111111[color=#ffffff, + process="let =sdec(cypher.1, shared_k.1)"]: + [ + Let_11111111111111111( , lock, cypher, init, old_i, pkV, + shared_k, storeP + ) + ] + --> + [ + State_11111111111111111( lock, cypher, init, ip, old_i, pkV, shared_k, + storeP + ) + ] + */ -rule (modulo E) insertstorePlistipoldi_0_11111111111111111[color=#405280, - process="insert storeP,list(ip, old_i);"]: - [ State_11111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) +rule (modulo E) eventPoutputsencprogipoldioutputsharedk_0_11111111111111111[color=#405280, + process="event Poutput( senc(, shared_k.1) );"]: + [ + State_11111111111111111( lock, cypher.1, init.1, ip.1, old_i.1, pkV.1, + shared_k.1, storeP.1 + ) ] - --[ Insert( storeP, list(ip, old_i) ) ]-> + --[ Poutput( senc(, shared_k.1) ) ]-> [ - State_111111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) + State_1111111111111111111( lock, cypher.1, init.1, ip.1, old_i.1, pkV.1, + shared_k.1, storeP.1 + ), + Out( senc(, shared_k.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventPoutputsencprogipoldioutputsharedk_0_11111111111111111[color=#405280, + process="event Poutput( senc(, shared_k.1) );"]: + [ + State_11111111111111111( lock, cypher, init, ip, old_i, pkV, shared_k, + storeP + ) + ] + --[ Poutput( senc(, shared_k) ) ]-> + [ + State_1111111111111111111( lock, cypher, init, ip, old_i, pkV, shared_k, + storeP + ), + Out( senc(, shared_k) ) + ] + */ -rule (modulo E) unlockstoreP_0_111111111111111111[color=#405280, - process="unlock storeP;"]: +rule (modulo E) insertstorePipoldi_0_1111111111111111111[color=#405280, + process="insert storeP.1,;"]: [ - State_111111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) + State_1111111111111111111( lock, cypher.1, init.1, ip.1, old_i.1, pkV.1, + shared_k.1, storeP.1 + ) ] - --[ Unlock_0( '0', lock, storeP ), Unlock( '0', lock, storeP ) ]-> + --[ Insert( storeP.1, ) ]-> [ - State_1111111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) + State_11111111111111111111( lock, cypher.1, init.1, ip.1, old_i.1, pkV.1, + shared_k.1, storeP.1 + ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertstorePipoldi_0_1111111111111111111[color=#405280, + process="insert storeP.1,;"]: + [ + State_1111111111111111111( lock, cypher, init, ip, old_i, pkV, shared_k, + storeP + ) + ] + --[ Insert( storeP, ) ]-> + [ + State_11111111111111111111( lock, cypher, init, ip, old_i, pkV, shared_k, + storeP + ) + ] + */ -rule (modulo E) p_0_1111111111111111111[color=#405280, process="0"]: +rule (modulo E) unlockstoreP_0_11111111111111111111[color=#405280, + process="unlock storeP.1;"]: [ - State_1111111111111111111( init, ip, lock, old_i, shared_k, skV, storeP ) + State_11111111111111111111( lock, cypher.1, init.1, ip.1, old_i.1, pkV.1, + shared_k.1, storeP.1 + ) ] - --> + --[ Unlock_0( '0', lock, storeP.1 ), Unlock( '0', lock, storeP.1 ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockstoreP_0_11111111111111111111[color=#405280, + process="unlock storeP.1;"]: + [ + State_11111111111111111111( lock, cypher, init, ip, old_i, pkV, shared_k, + storeP + ) + ] + --[ Unlock_0( '0', lock, storeP ), Unlock( '0', lock, storeP ) ]-> + [ ] + */ -rule (modulo E) p_0_11111111111112[color=#405280, process="0"]: - [ State_11111111111112( init, lock, shared_k, skV, storeP ) ] --> [ ] +rule (modulo E) lookupstorePasoldi_1_11111111111111[color=#405280, + process="lookup storeP.1 as old_i.1"]: + [ State_11111111111111( lock, init.1, pkV.1, shared_k.1, storeP.1 ) ] + --[ IsNotSet( storeP.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupstorePasoldi_1_11111111111111[color=#405280, + process="lookup storeP.1 as old_i.1"]: + [ State_11111111111111( lock, init, pkV, shared_k, storeP ) ] + --[ IsNotSet( storeP ) ]-> + [ ] + */ -rule (modulo E) p_0_12[color=#ffffff, process="!"]: - [ State_12( init ) ] --> [ !Semistate_121( init ) ] +rule (modulo E) Init[color=#ffffff, process="new init.1;"]: + [ Fr( init.1 ) ] + --[ Init( ) ]-> + [ !Semistate_121( init.1 ), !Semistate_111( init.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="new init.1;"]: + [ Fr( init ) ] + --[ Init( ) ]-> + [ !Semistate_121( init ), !Semistate_111( init ) ] + */ rule (modulo E) p_1_12[color=#ffffff, process="!"]: - [ !Semistate_121( init ) ] --> [ State_121( init ) ] + [ !Semistate_121( init.1 ), Fr( skV.1 ) ] + --[ HonestP( pk(skV.1) ) ]-> + [ State_1211111( init.1, skV.1 ), Out( pk(skV.1) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) newskV_0_121[color=#658040, process="new skV;"]: - [ State_121( init ), Fr( skV ) ] --> [ State_1211( init, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventHonestPpkskV_0_1211[color=#658040, - process="event HonestP( pk(skV) );"]: - [ State_1211( init, skV ) ] - --[ HonestP( pk(skV) ) ]-> - [ State_12111( init, skV ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_12[color=#ffffff, process="!"]: + [ !Semistate_121( init ), Fr( skV ) ] + --[ HonestP( pk(skV) ) ]-> + [ State_1211111( init, skV ), Out( pk(skV) ) ] + */ -rule (modulo E) outpkskV_0_12111[color=#658040, process="out(pk(skV));"]: - [ State_12111( init, skV ) ] +rule (modulo E) incyphersigned_0_1211111[color=#658040, + process="in();"]: + [ State_1211111( init.1, skV.1 ), In( ) ] --> - [ State_121111( init, skV ), Out( pk(skV) ) ] + [ Let_121111111( , init.1, skV.1, cypher.2, signed.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incyphersigned_0_1211111[color=#658040, + process="in();"]: + [ State_1211111( init, skV ), In( ) ] + --> + [ Let_121111111( , init, skV, cypher, signed ) ] + */ -rule (modulo E) inaencsharedkpkskVsigned_0_121111[color=#658040, - process="in();"]: - [ State_121111( init, skV ), In( ) ] +rule (modulo E) letsharedkadeccypherskV_1_12111111[color=#ffffff, + process="let shared_k.2=adec(cypher.2, skV.1)"]: + [ + Let_121111111( , init.1, skV.1, cypher.2, + signed.2 + ) + ] --> - [ State_1211111( init, shared_k, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifaencsharedkpkskVcheckrepsignedlocpkskV_0_1211111[color=#658040, - process="if aenc(shared_k, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_1211111( init, shared_k, signed, skV ) ] - --[ - Pred_Eq( aenc(shared_k, pk(skV)), check_rep(signed, <'loc', pk(skV)>) ) - ]-> - [ State_12111111( init, shared_k, signed, skV ) ] + [ State_121111111( init.1, skV.1, cypher.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) ifaencsharedkpkskVcheckrepsignedlocpkskV_0_1211111[color=#658040, - process="if aenc(shared_k, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_1211111( init, shared_k, signed, skV ) ] - --[ Pred_Eq( aenc(shared_k, pk(skV)), z ) ]-> - [ State_12111111( init, shared_k, signed, skV ) ] - variants (modulo AC) - 1. signed - = signed.6 - skV = skV.6 - z = check_rep(signed.6, <'loc', pk(skV.6)>) - - 2. signed - = rep(x.6, <'loc', pk(x.7)>) - skV = x.7 - z = x.6 + rule (modulo AC) letsharedkadeccypherskV_1_12111111[color=#ffffff, + process="let shared_k.2=adec(cypher.2, skV.1)"]: + [ Let_121111111( , init, skV, cypher, signed ) + ] + --> + [ State_121111111( init, skV, cypher, shared_k, signed ) ] */ -rule (modulo E) ifaencsharedkpkskVcheckrepsignedlocpkskV_1_1211111[color=#658040, - process="if aenc(shared_k, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_1211111( init, shared_k, signed, skV ) ] +rule (modulo E) ifaencsharedkpkskVcheckrepsignedlocpkskV_0_121111111[color=#658040, + process="if aenc(shared_k.2, pk(skV.1))=check_rep(signed.2, <'loc', pk(skV.1)>)"]: + [ State_121111111( init.1, skV.1, cypher.2, shared_k.2, signed.2 ) ] --[ - Pred_Not_Eq( aenc(shared_k, pk(skV)), check_rep(signed, <'loc', pk(skV)>) + Pred_Eq( aenc(shared_k.2, pk(skV.1)), + check_rep(signed.2, <'loc', pk(skV.1)>) ) ]-> - [ State_12111112( init, shared_k, signed, skV ) ] + [ State_1211111111( init.1, skV.1, cypher.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) ifaencsharedkpkskVcheckrepsignedlocpkskV_1_1211111[color=#658040, - process="if aenc(shared_k, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_1211111( init, shared_k, signed, skV ) ] - --[ Pred_Not_Eq( aenc(shared_k, pk(skV)), z ) ]-> - [ State_12111112( init, shared_k, signed, skV ) ] + rule (modulo AC) ifaencsharedkpkskVcheckrepsignedlocpkskV_0_121111111[color=#658040, + process="if aenc(shared_k.2, pk(skV.1))=check_rep(signed.2, <'loc', pk(skV.1)>)"]: + [ State_121111111( init, skV, cypher, shared_k, signed ) ] + --[ Pred_Eq( aenc(shared_k, pk(skV)), z ) ]-> + [ State_1211111111( init, skV, cypher, shared_k, signed ) ] variants (modulo AC) 1. signed - = signed.6 - skV = skV.6 - z = check_rep(signed.6, <'loc', pk(skV.6)>) + = signed.10 + skV = skV.9 + z = check_rep(signed.10, <'loc', pk(skV.9)>) 2. signed - = rep(x.6, <'loc', pk(x.7)>) - skV = x.7 - z = x.6 + = rep(x.12, <'loc', pk(x.9)>) + skV = x.9 + z = x.12 */ -rule (modulo E) eventVoutputaencsharedkpkskVsigned_0_12111111[color=#658040, - process="event Voutput( );"]: - [ State_12111111( init, shared_k, signed, skV ) ] - --[ Voutput( ) ]-> - [ State_121111111( init, shared_k, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSessionVpkskVsharedk_0_121111111[color=#658040, - process="event SessionV( pk(skV), shared_k );"]: - [ State_121111111( init, shared_k, signed, skV ) ] - --[ SessionV( pk(skV), shared_k ) ]-> - [ State_1211111111( init, shared_k, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newstoreV_0_1211111111[color=#658040, - process="new storeV;"]: - [ State_1211111111( init, shared_k, signed, skV ), Fr( storeV ) ] - --> - [ State_12111111111( init, shared_k, signed, skV, storeV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertstoreVinit_0_12111111111[color=#658040, - process="insert storeV,init;"]: - [ State_12111111111( init, shared_k, signed, skV, storeV ) ] - --[ Insert( storeV, init ) ]-> - [ State_121111111111( init, shared_k, signed, skV, storeV ) ] +rule (modulo E) eventVoutputaencsharedkpkskVsigned_0_1211111111[color=#658040, + process="event Voutput( );"]: + [ State_1211111111( init.1, skV.1, cypher.2, shared_k.2, signed.2 ) ] + --[ Voutput( ) ]-> + [ State_12111111111( init.1, skV.1, cypher.2, shared_k.2, signed.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventVoutputaencsharedkpkskVsigned_0_1211111111[color=#658040, + process="event Voutput( );"]: + [ State_1211111111( init, skV, cypher, shared_k, signed ) ] + --[ Voutput( ) ]-> + [ State_12111111111( init, skV, cypher, shared_k, signed ) ] + */ -rule (modulo E) p_0_121111111111[color=#658040, process="!"]: - [ State_121111111111( init, shared_k, signed, skV, storeV ) ] - --> - [ !Semistate_1211111111111( init, shared_k, signed, skV, storeV ) ] +rule (modulo E) eventSessionVpkskVsharedk_0_12111111111[color=#658040, + process="event SessionV( pk(skV.1), shared_k.2 );"]: + [ + State_12111111111( init.1, skV.1, cypher.2, shared_k.2, signed.2 ), + Fr( storeV.1 ) + ] + --[ SessionV( pk(skV.1), shared_k.2 ) ]-> + [ + State_1211111111111( init.1, skV.1, storeV.1, cypher.2, shared_k.2, + signed.2 + ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSessionVpkskVsharedk_0_12111111111[color=#658040, + process="event SessionV( pk(skV.1), shared_k.2 );"]: + [ State_12111111111( init, skV, cypher, shared_k, signed ), Fr( storeV ) + ] + --[ SessionV( pk(skV), shared_k ) ]-> + [ State_1211111111111( init, skV, storeV, cypher, shared_k, signed ) ] + */ -rule (modulo E) p_1_121111111111[color=#658040, process="!"]: - [ !Semistate_1211111111111( init, shared_k, signed, skV, storeV ) ] - --> - [ State_1211111111111( init, shared_k, signed, skV, storeV ) ] +rule (modulo E) insertstoreVinit_0_1211111111111[color=#658040, + process="insert storeV.1,init.1;"]: + [ + State_1211111111111( init.1, skV.1, storeV.1, cypher.2, shared_k.2, + signed.2 + ) + ] + --[ Insert( storeV.1, init.1 ) ]-> + [ + !Semistate_121111111111111( init.1, skV.1, storeV.1, cypher.2, + shared_k.2, signed.2 + ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertstoreVinit_0_1211111111111[color=#658040, + process="insert storeV.1,init.1;"]: + [ State_1211111111111( init, skV, storeV, cypher, shared_k, signed ) ] + --[ Insert( storeV, init ) ]-> + [ + !Semistate_121111111111111( init, skV, storeV, cypher, shared_k, signed ) + ] + */ -rule (modulo E) lockstoreV_0_1211111111111[color=#658040, - process="lock storeV;"]: +rule (modulo E) p_1_12111111111111[color=#658040, process="!"]: + [ + !Semistate_121111111111111( init.1, skV.1, storeV.1, cypher.2, + shared_k.2, signed.2 + ), + Fr( lock.1 ) + ] + --[ Lock_1( '1', lock.1, storeV.1 ), Lock( '1', lock.1, storeV.1 ) ]-> [ - State_1211111111111( init, shared_k, signed, skV, storeV ), Fr( lock.1 ) + State_1211111111111111( init.1, lock.1, skV.1, storeV.1, cypher.2, + shared_k.2, signed.2 + ) ] - --[ Lock_1( '1', lock.1, storeV ), Lock( '1', lock.1, storeV ) ]-> - [ State_12111111111111( init, shared_k, signed, skV, storeV, lock.1 ) ] /* - rule (modulo AC) lockstoreV_0_1211111111111[color=#658040, - process="lock storeV;"]: - [ State_1211111111111( init, shared_k, signed, skV, storeV ), Fr( lock ) + rule (modulo AC) p_1_12111111111111[color=#658040, process="!"]: + [ + !Semistate_121111111111111( init, skV, storeV, cypher, shared_k, signed + ), + Fr( lock ) ] --[ Lock_1( '1', lock, storeV ), Lock( '1', lock, storeV ) ]-> - [ State_12111111111111( init, shared_k, signed, skV, storeV, lock ) ] + [ + State_1211111111111111( init, lock, skV, storeV, cypher, shared_k, signed + ) + ] */ -rule (modulo E) lookupstoreVasoldi_0_12111111111111[color=#658040, - process="lookup storeV as old_i"]: - [ State_12111111111111( init, shared_k, signed, skV, storeV, lock.1 ) ] - --[ IsIn( storeV, old_i ) ]-> +rule (modulo E) lookupstoreVasoldi_0_1211111111111111[color=#658040, + process="lookup storeV.1 as old_i.2"]: + [ + State_1211111111111111( init.1, lock.1, skV.1, storeV.1, cypher.2, + shared_k.2, signed.2 + ), + Fr( ip.2 ) + ] + --[ IsIn( storeV.1, old_i.2 ) ]-> [ - State_121111111111111( init, old_i, shared_k, signed, skV, storeV, lock.1 + State_121111111111111111( init.1, lock.1, skV.1, storeV.1, cypher.2, + ip.2, old_i.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) lookupstoreVasoldi_0_12111111111111[color=#658040, - process="lookup storeV as old_i"]: - [ State_12111111111111( init, shared_k, signed, skV, storeV, lock ) ] + rule (modulo AC) lookupstoreVasoldi_0_1211111111111111[color=#658040, + process="lookup storeV.1 as old_i.2"]: + [ + State_1211111111111111( init, lock, skV, storeV, cypher, shared_k, signed + ), + Fr( ip ) + ] --[ IsIn( storeV, old_i ) ]-> [ - State_121111111111111( init, old_i, shared_k, signed, skV, storeV, lock ) + State_121111111111111111( init, lock, skV, storeV, cypher, ip, old_i, + shared_k, signed + ) ] */ -rule (modulo E) lookupstoreVasoldi_1_12111111111111[color=#658040, - process="lookup storeV as old_i"]: - [ State_12111111111111( init, shared_k, signed, skV, storeV, lock.1 ) ] - --[ IsNotSet( storeV ) ]-> - [ State_121111111111112( init, shared_k, signed, skV, storeV, lock.1 ) ] +rule (modulo E) eventInputsencipsharedk_0_121111111111111111[color=#658040, + process="event Input( senc(ip.2, shared_k.2) );"]: + [ + State_121111111111111111( init.1, lock.1, skV.1, storeV.1, cypher.2, + ip.2, old_i.2, shared_k.2, signed.2 + ) + ] + --[ Input( senc(ip.2, shared_k.2) ) ]-> + [ + State_12111111111111111111( init.1, lock.1, skV.1, storeV.1, cypher.2, + ip.2, old_i.2, shared_k.2, signed.2 + ), + Out( senc(, shared_k.2) ) + ] /* - rule (modulo AC) lookupstoreVasoldi_1_12111111111111[color=#658040, - process="lookup storeV as old_i"]: - [ State_12111111111111( init, shared_k, signed, skV, storeV, lock ) ] - --[ IsNotSet( storeV ) ]-> - [ State_121111111111112( init, shared_k, signed, skV, storeV, lock ) ] + rule (modulo AC) eventInputsencipsharedk_0_121111111111111111[color=#658040, + process="event Input( senc(ip.2, shared_k.2) );"]: + [ + State_121111111111111111( init, lock, skV, storeV, cypher, ip, old_i, + shared_k, signed + ) + ] + --[ Input( senc(ip, shared_k) ) ]-> + [ + State_12111111111111111111( init, lock, skV, storeV, cypher, ip, old_i, + shared_k, signed + ), + Out( senc(, shared_k) ) + ] */ -rule (modulo E) newip_0_121111111111111[color=#658040, - process="new ip;"]: +rule (modulo E) incypher_0_12111111111111111111[color=#658040, + process="in(cypher2.1);"]: [ - State_121111111111111( init, old_i, shared_k, signed, skV, storeV, lock.1 + State_12111111111111111111( init.1, lock.1, skV.1, storeV.1, cypher.2, + ip.2, old_i.2, shared_k.2, signed.2 ), - Fr( ip ) + In( cypher2.1 ) ] --> [ - State_1211111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock.1 + Let_1211111111111111111111( , cypher2.1, init.1, + lock.1, skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) newip_0_121111111111111[color=#658040, - process="new ip;"]: + rule (modulo AC) incypher_0_12111111111111111111[color=#658040, + process="in(cypher2.1);"]: [ - State_121111111111111( init, old_i, shared_k, signed, skV, storeV, lock + State_12111111111111111111( init, lock, skV, storeV, cypher, ip, old_i, + shared_k, signed ), - Fr( ip ) + In( cypher2 ) ] --> [ - State_1211111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock + Let_1211111111111111111111( , cypher2, init, lock, + skV, storeV, cypher, ip, old_i, shared_k, signed ) ] */ -rule (modulo E) eventInputsencipsharedk_0_1211111111111111[color=#658040, - process="event Input( senc(ip, shared_k) );"]: +rule (modulo E) letmesssdeccyphersharedk_1_121111111111111111111[color=#ffffff, + process="let mess.1=sdec(cypher2.1, shared_k.2)"]: [ - State_1211111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock.1 + Let_1211111111111111111111( , cypher2.1, init.1, + lock.1, skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] - --[ Input( senc(ip, shared_k) ) ]-> + --> [ - State_12111111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock.1 + State_1211111111111111111111( cypher2.1, init.1, lock.1, mess.1, skV.1, + storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) eventInputsencipsharedk_0_1211111111111111[color=#658040, - process="event Input( senc(ip, shared_k) );"]: + rule (modulo AC) letmesssdeccyphersharedk_1_121111111111111111111[color=#ffffff, + process="let mess.1=sdec(cypher2.1, shared_k.2)"]: [ - State_1211111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock + Let_1211111111111111111111( , cypher2, init, lock, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] - --[ Input( senc(ip, shared_k) ) ]-> + --> [ - State_12111111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock + State_1211111111111111111111( cypher2, init, lock, mess, skV, storeV, + cypher, ip, old_i, shared_k, signed ) ] */ -rule (modulo E) outsencipinputsharedk_0_12111111111111111[color=#658040, - process="out(senc(, shared_k));"]: +rule (modulo E) letproutputmess_0_1211111111111111111111[color=#ffffff, + process="let =mess.1"]: [ - State_12111111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock.1 + State_1211111111111111111111( cypher2.1, init.1, lock.1, mess.1, skV.1, + storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] --> [ - State_121111111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock.1 - ), - Out( senc(, shared_k) ) + Let_12111111111111111111111( mess.1, cypher2.1, init.1, lock.1, mess.1, + skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 + ) ] /* - rule (modulo AC) outsencipinputsharedk_0_12111111111111111[color=#658040, - process="out(senc(, shared_k));"]: + rule (modulo AC) letproutputmess_0_1211111111111111111111[color=#ffffff, + process="let =mess.1"]: [ - State_12111111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock + State_1211111111111111111111( cypher2, init, lock, mess, skV, storeV, + cypher, ip, old_i, shared_k, signed ) ] --> [ - State_121111111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock - ), - Out( senc(, shared_k) ) + Let_12111111111111111111111( mess, cypher2, init, lock, mess, skV, + storeV, cypher, ip, old_i, shared_k, signed + ) ] */ -rule (modulo E) insencprogipoldioutputsharedk_0_121111111111111111[color=#658040, - process="in(senc(, shared_k));"]: +rule (modulo E) letproutputmess_1_1211111111111111111111[color=#ffffff, + process="let =mess.1"]: [ - State_121111111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock.1 - ), - In( senc(, shared_k) ) + Let_12111111111111111111111( , cypher2.1, init.1, lock.1, + mess.1, skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 + ) ] --> [ - State_1211111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock.1 + State_12111111111111111111111( cypher2.1, init.1, lock.1, mess.1, pr.1, + skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) insencprogipoldioutputsharedk_0_121111111111111111[color=#658040, - process="in(senc(, shared_k));"]: + rule (modulo AC) letproutputmess_1_1211111111111111111111[color=#ffffff, + process="let =mess.1"]: [ - State_121111111111111111( init, ip, old_i, shared_k, signed, skV, storeV, - lock - ), - In( senc(, shared_k) ) + Let_12111111111111111111111( , cypher2, init, lock, mess, + skV, storeV, cypher, ip, old_i, shared_k, signed + ) ] --> [ - State_1211111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + State_12111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] */ -rule (modulo E) eventVoutputsencprogipoldioutputsharedk_0_1211111111111111111[color=#658040, - process="event Voutput( senc(, shared_k) );"]: +rule (modulo E) ifprprogipoldi_0_12111111111111111111111[color=#658040, + process="if pr.1=prog(ip.2, old_i.2)"]: [ - State_1211111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock.1 + State_12111111111111111111111( cypher2.1, init.1, lock.1, mess.1, pr.1, + skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] - --[ Voutput( senc(, shared_k) ) ]-> + --[ Pred_Eq( pr.1, prog(ip.2, old_i.2) ) ]-> [ - State_12111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock.1 + State_121111111111111111111111( cypher2.1, init.1, lock.1, mess.1, pr.1, + skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) eventVoutputsencprogipoldioutputsharedk_0_1211111111111111111[color=#658040, - process="event Voutput( senc(, shared_k) );"]: + rule (modulo AC) ifprprogipoldi_0_12111111111111111111111[color=#658040, + process="if pr.1=prog(ip.2, old_i.2)"]: [ - State_1211111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + State_12111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] - --[ Voutput( senc(, shared_k) ) ]-> + --[ Pred_Eq( pr, prog(ip, old_i) ) ]-> [ - State_12111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + State_121111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] */ -rule (modulo E) insertstoreVlistipoldi_0_12111111111111111111[color=#658040, - process="insert storeV,list(ip, old_i);"]: +rule (modulo E) eventVoutputsencprogipoldioutputsharedk_0_121111111111111111111111[color=#658040, + process="event Voutput( senc(, shared_k.2) );"]: [ - State_12111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock.1 + State_121111111111111111111111( cypher2.1, init.1, lock.1, mess.1, pr.1, + skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] - --[ Insert( storeV, list(ip, old_i) ) ]-> + --[ Voutput( senc(, shared_k.2) ) ]-> [ - State_121111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock.1 + State_1211111111111111111111111( cypher2.1, init.1, lock.1, mess.1, pr.1, + skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) insertstoreVlistipoldi_0_12111111111111111111[color=#658040, - process="insert storeV,list(ip, old_i);"]: + rule (modulo AC) eventVoutputsencprogipoldioutputsharedk_0_121111111111111111111111[color=#658040, + process="event Voutput( senc(, shared_k.2) );"]: [ - State_12111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + State_121111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] - --[ Insert( storeV, list(ip, old_i) ) ]-> + --[ Voutput( senc(, shared_k) ) ]-> [ - State_121111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + State_1211111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] */ -rule (modulo E) unlockstoreV_0_121111111111111111111[color=#658040, - process="unlock storeV;"]: +rule (modulo E) insertstoreVipoldi_0_1211111111111111111111111[color=#658040, + process="insert storeV.1,;"]: [ - State_121111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock.1 + State_1211111111111111111111111( cypher2.1, init.1, lock.1, mess.1, pr.1, + skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] - --[ Unlock_1( '1', lock.1, storeV ), Unlock( '1', lock.1, storeV ) ]-> + --[ Insert( storeV.1, ) ]-> [ - State_1211111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock.1 + State_12111111111111111111111111( cypher2.1, init.1, lock.1, mess.1, + pr.1, skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] /* - rule (modulo AC) unlockstoreV_0_121111111111111111111[color=#658040, - process="unlock storeV;"]: + rule (modulo AC) insertstoreVipoldi_0_1211111111111111111111111[color=#658040, + process="insert storeV.1,;"]: [ - State_121111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + State_1211111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] - --[ Unlock_1( '1', lock, storeV ), Unlock( '1', lock, storeV ) ]-> + --[ Insert( storeV, ) ]-> [ - State_1211111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + State_12111111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] */ -rule (modulo E) p_0_1211111111111111111111[color=#658040, process="0"]: +rule (modulo E) unlockstoreV_0_12111111111111111111111111[color=#658040, + process="unlock storeV.1;"]: [ - State_1211111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock.1 + State_12111111111111111111111111( cypher2.1, init.1, lock.1, mess.1, + pr.1, skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 ) ] - --> + --[ Unlock_1( '1', lock.1, storeV.1 ), Unlock( '1', lock.1, storeV.1 ) + ]-> [ ] /* - rule (modulo AC) p_0_1211111111111111111111[color=#658040, process="0"]: + rule (modulo AC) unlockstoreV_0_12111111111111111111111111[color=#658040, + process="unlock storeV.1;"]: [ - State_1211111111111111111111( init, ip, old_i, shared_k, signed, skV, - storeV, lock + State_12111111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed ) ] - --> + --[ Unlock_1( '1', lock, storeV ), Unlock( '1', lock, storeV ) ]-> [ ] */ -rule (modulo E) p_0_121111111111112[color=#658040, process="0"]: - [ State_121111111111112( init, shared_k, signed, skV, storeV, lock.1 ) ] - --> +rule (modulo E) ifprprogipoldi_1_12111111111111111111111[color=#658040, + process="if pr.1=prog(ip.2, old_i.2)"]: + [ + State_12111111111111111111111( cypher2.1, init.1, lock.1, mess.1, pr.1, + skV.1, storeV.1, cypher.2, ip.2, old_i.2, shared_k.2, signed.2 + ) + ] + --[ Pred_Not_Eq( pr.1, prog(ip.2, old_i.2) ) ]-> [ ] /* - rule (modulo AC) p_0_121111111111112[color=#658040, process="0"]: - [ State_121111111111112( init, shared_k, signed, skV, storeV, lock ) ] - --> + rule (modulo AC) ifprprogipoldi_1_12111111111111111111111[color=#658040, + process="if pr.1=prog(ip.2, old_i.2)"]: + [ + State_12111111111111111111111( cypher2, init, lock, mess, pr, skV, + storeV, cypher, ip, old_i, shared_k, signed + ) + ] + --[ Pred_Not_Eq( pr, prog(ip, old_i) ) ]-> [ ] */ -rule (modulo E) p_0_12111112[color=#658040, process="0"]: - [ State_12111112( init, shared_k, signed, skV ) ] --> [ ] +rule (modulo E) lookupstoreVasoldi_1_1211111111111111[color=#658040, + process="lookup storeV.1 as old_i.2"]: + [ + State_1211111111111111( init.1, lock.1, skV.1, storeV.1, cypher.2, + shared_k.2, signed.2 + ) + ] + --[ IsNotSet( storeV.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupstoreVasoldi_1_1211111111111111[color=#658040, + process="lookup storeV.1 as old_i.2"]: + [ + State_1211111111111111( init, lock, skV, storeV, cypher, shared_k, signed + ) + ] + --[ IsNotSet( storeV ) ]-> + [ ] + */ + +rule (modulo E) ifaencsharedkpkskVcheckrepsignedlocpkskV_1_121111111[color=#658040, + process="if aenc(shared_k.2, pk(skV.1))=check_rep(signed.2, <'loc', pk(skV.1)>)"]: + [ State_121111111( init.1, skV.1, cypher.2, shared_k.2, signed.2 ) ] + --[ + Pred_Not_Eq( aenc(shared_k.2, pk(skV.1)), + check_rep(signed.2, <'loc', pk(skV.1)>) + ) + ]-> + [ ] + + /* + rule (modulo AC) ifaencsharedkpkskVcheckrepsignedlocpkskV_1_121111111[color=#658040, + process="if aenc(shared_k.2, pk(skV.1))=check_rep(signed.2, <'loc', pk(skV.1)>)"]: + [ State_121111111( init, skV, cypher, shared_k, signed ) ] + --[ Pred_Not_Eq( aenc(shared_k, pk(skV)), z ) ]-> + [ ] + variants (modulo AC) + 1. signed + = signed.10 + skV = skV.9 + z = check_rep(signed.10, <'loc', pk(skV.9)>) + + 2. signed + = rep(x.12, <'loc', pk(x.9)>) + skV = x.9 + z = x.12 + */ restriction set_in: "∀ x y #t3. @@ -1540,7 +1005,7 @@ restriction locking_1: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -1550,12 +1015,10 @@ analyzing: examples/sapic/fast/feature-locations/SOC.spthy analyzed: examples/sapic/fast/feature-locations/SOC.spthy output: examples/sapic/fast/feature-locations/SOC.spthy.tmp - processing time: 13.197062219s + processing time: 1.805381794s secrecy (all-traces): verified (5 steps) - Input (all-traces): verified (41 steps) - secrecy_computes2 (all-traces): verified (11 steps) - secrecy_computes3 (all-traces): verified (111 steps) - attested_computation (all-traces): verified (14 steps) + Reach (exists-trace): verified (6 steps) + attested_computation (all-traces): verified (12 steps) ------------------------------------------------------------------------------ @@ -1565,12 +1028,10 @@ summary of summaries: analyzed: examples/sapic/fast/feature-locations/SOC.spthy output: examples/sapic/fast/feature-locations/SOC.spthy.tmp - processing time: 13.197062219s + processing time: 1.805381794s secrecy (all-traces): verified (5 steps) - Input (all-traces): verified (41 steps) - secrecy_computes2 (all-traces): verified (11 steps) - secrecy_computes3 (all-traces): verified (111 steps) - attested_computation (all-traces): verified (14 steps) + Reach (exists-trace): verified (6 steps) + attested_computation (all-traces): verified (12 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/feature-locations/licensing_analyzed.spthy b/case-studies-regression/sapic/fast/feature-locations/licensing_analyzed.spthy index fc64c0df1..710e7459e 100644 --- a/case-studies-regression/sapic/fast/feature-locations/licensing_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-locations/licensing_analyzed.spthy @@ -2,9 +2,10 @@ theory licensing begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, ask/2, check_rep/2, dec/1, dec1/1, dec2/1, - fst/1, get_rep/1, ok/2, pair/2, pk/1, prg/1, rep/2 [private], report/1, - run/2, sdec/2, senc/2, snd/1, tkn/1 +functions: adec/2[destructor], aenc/2, ask/2, check_rep/2[destructor], + dec/1, dec1/1, dec2/1, fst/1[destructor], get_rep/1[destructor], ok/2, + pair/2, pk/1, prg/1, rep/2[private,destructor], report/1, run/2, + sdec/2[destructor], senc/2, snd/1[destructor], tkn/1 equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, check_rep(rep(x.1, x.2), x.2) = x.1, @@ -15,7 +16,19 @@ equations: heuristic: s -predicate: Report( x, y )<=>¬(∃ z. y = <'loc', z>) + + + + + + +predicate: Report( x, y )<=>¬(fst(y) = 'loc') + + + + + + lemma attested_comput: all-traces @@ -29,12 +42,12 @@ guarded formula characterizing all counter-examples: simplify solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x ) ▶₀ #t1 ) - case insencokxtkntokensharedkey_0_11111111111111 + case p_1_1111111111 solve( !KU( senc(ok(~n.2, tkn(pk)), ~n.1) ) @ #vk ) case c_senc solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 - solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.2 ) + case p_1_111_case_1 + solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.3 ) case c_senc solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.4 ) case c_senc @@ -42,20 +55,20 @@ solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x case c_ok by solve( !KU( ~n.2 ) @ #vk.10 ) next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 by contradiction /* from formulas */ qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.10 ) qed next - case outsenctkntokensharedkey_0_11211111111111 + case p_1_112111111111 by contradiction /* from formulas */ qed next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 - solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.2 ) + case p_1_111_case_2 + solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.3 ) case c_senc solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.4 ) case c_senc @@ -63,20 +76,20 @@ solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x case c_ok by solve( !KU( ~n.2 ) @ #vk.10 ) next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 by contradiction /* from formulas */ qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.10 ) qed next - case outsenctkntokensharedkey_0_11211111111111 + case p_1_112111111111 by contradiction /* from formulas */ qed qed next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 by contradiction /* from formulas */ qed qed @@ -94,24 +107,24 @@ guarded formula characterizing all counter-examples: simplify solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x ) ▶₀ #t1 ) - case insencokxtkntokensharedkey_0_11111111111111 + case p_1_1111111111 solve( State_111111111111111( inp2, prog, prog2.1, shared_key, skV.1, pk, x ) ▶₀ #t2 ) - case insencokxtkntokensharedkey_0_11111111111111 + case p_1_1111111111 solve( !KU( senc(ok(~n.2, tkn(pk)), ~n.1) ) @ #vk ) case c_senc solve( !KU( ~n.1 ) @ #vk.11 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 - solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.2 ) + case p_1_111_case_1 + solve( !KU( senc(ok(~n.4, tkn(pk)), ~n.3) ) @ #vk.2 ) case c_senc - solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.4 ) - case c_senc - solve( !KU( senc(ok(~n.4, tkn(pk)), ~n.3) ) @ #vk.6 ) + solve( !KU( ~n.3 ) @ #vk.14 ) + case p_1_111_case_1 + solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.5 ) case c_senc - solve( !KU( ~n.3 ) @ #vk.16 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 - solve( !KU( senc(tkn(pk), ~n.3) ) @ #vk.8 ) + solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.6 ) + case c_senc + solve( !KU( senc(tkn(pk), ~n.3) ) @ #vk.9 ) case c_senc solve( !KU( senc(prg(prog2.1), ~n.3) ) @ #vk.10 ) case c_senc @@ -119,26 +132,38 @@ solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x case c_ok by solve( !KU( ~n.2 ) @ #vk.19 ) next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 solve( !KU( ~n.6 ) @ #vk.21 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 + case p_1_111_case_1 by solve( !KU( ~n.7 ) @ #vk.25 ) next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 + case p_1_111_case_2 by solve( !KU( ~n.7 ) @ #vk.25 ) qed qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.4 ) @ #vk.19 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.4 ) @ #vk.18 ) qed next - case outsenctkntokensharedkey_0_11211111111111 - by solve( !KU( ~n.5 ) @ #vk.19 ) + case p_1_112111111111 + by solve( !KU( ~n.5 ) @ #vk.18 ) qed next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 - solve( !KU( senc(tkn(pk), ~n.3) ) @ #vk.8 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.16 ) + qed + next + case p_1_112111111111 + by solve( !KU( ~n.2 ) @ #vk.16 ) + qed + next + case p_1_111_case_2 + solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.5 ) + case c_senc + solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.6 ) + case c_senc + solve( !KU( senc(tkn(pk), ~n.3) ) @ #vk.9 ) case c_senc solve( !KU( senc(prg(prog2.1), ~n.3) ) @ #vk.10 ) case c_senc @@ -146,62 +171,74 @@ solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x case c_ok by solve( !KU( ~n.2 ) @ #vk.19 ) next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 solve( !KU( ~n.6 ) @ #vk.21 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 + case p_1_111_case_1 by solve( !KU( ~n.7 ) @ #vk.25 ) next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 + case p_1_111_case_2 by solve( !KU( ~n.7 ) @ #vk.25 ) qed qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.4 ) @ #vk.19 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.4 ) @ #vk.18 ) qed next - case outsenctkntokensharedkey_0_11211111111111 - by solve( !KU( ~n.5 ) @ #vk.19 ) + case p_1_112111111111 + by solve( !KU( ~n.5 ) @ #vk.18 ) qed + next + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.16 ) qed next - case outsencokxtkntokensharedkey_0_11211111111111111 - solve( !KU( senc(prg(prog2.1), ~n.4) ) @ #vk.10 ) + case p_1_112111111111 + by solve( !KU( ~n.2 ) @ #vk.16 ) + qed + qed + next + case iftkntokentkntoken_0_11211111111111111 + solve( !KU( senc(tkn(~n.2), ~n.1) ) @ #vk.5 ) + case c_senc + solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.7 ) + case c_senc + solve( !KU( senc(prg(prog2.1), ~n.4) ) @ #vk.11 ) case c_senc solve( !KU( ~n.4 ) @ #vk.20 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 + case p_1_111_case_1 by solve( !KU( ~n.5 ) @ #vk.21 ) next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 + case p_1_111_case_2 by solve( !KU( ~n.5 ) @ #vk.21 ) qed next - case outsencprgprogsharedkey_0_1121111111 + case eventSessionVpkskVsharedkey_0_1121111111 solve( !KU( ok(~n.3, tkn(~n.2)) ) @ #vk.13 ) case c_ok by solve( !KU( ~n.3 ) @ #vk.19 ) qed qed + next + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.17 ) qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.2 ) @ #vk.14 ) + case p_1_112111111111 + by solve( !KU( ~n.2 ) @ #vk.12 ) qed - next - case outsenctkntokensharedkey_0_11211111111111 - by solve( !KU( ~n.2 ) @ #vk.14 ) qed next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 - solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.2 ) + case p_1_111_case_2 + solve( !KU( senc(ok(~n.4, tkn(pk)), ~n.3) ) @ #vk.2 ) case c_senc - solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.4 ) - case c_senc - solve( !KU( senc(ok(~n.4, tkn(pk)), ~n.3) ) @ #vk.6 ) + solve( !KU( ~n.3 ) @ #vk.14 ) + case p_1_111_case_1 + solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.5 ) case c_senc - solve( !KU( ~n.3 ) @ #vk.16 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 - solve( !KU( senc(tkn(pk), ~n.3) ) @ #vk.8 ) + solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.6 ) + case c_senc + solve( !KU( senc(tkn(pk), ~n.3) ) @ #vk.9 ) case c_senc solve( !KU( senc(prg(prog2.1), ~n.3) ) @ #vk.10 ) case c_senc @@ -209,26 +246,38 @@ solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x case c_ok by solve( !KU( ~n.2 ) @ #vk.19 ) next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 solve( !KU( ~n.6 ) @ #vk.21 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 + case p_1_111_case_1 by solve( !KU( ~n.7 ) @ #vk.25 ) next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 + case p_1_111_case_2 by solve( !KU( ~n.7 ) @ #vk.25 ) qed qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.4 ) @ #vk.19 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.4 ) @ #vk.18 ) qed next - case outsenctkntokensharedkey_0_11211111111111 - by solve( !KU( ~n.5 ) @ #vk.19 ) + case p_1_112111111111 + by solve( !KU( ~n.5 ) @ #vk.18 ) qed next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 - solve( !KU( senc(tkn(pk), ~n.3) ) @ #vk.8 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.16 ) + qed + next + case p_1_112111111111 + by solve( !KU( ~n.2 ) @ #vk.16 ) + qed + next + case p_1_111_case_2 + solve( !KU( senc(tkn(pk), ~n.1) ) @ #vk.5 ) + case c_senc + solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.6 ) + case c_senc + solve( !KU( senc(tkn(pk), ~n.3) ) @ #vk.9 ) case c_senc solve( !KU( senc(prg(prog2.1), ~n.3) ) @ #vk.10 ) case c_senc @@ -236,70 +285,82 @@ solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x case c_ok by solve( !KU( ~n.2 ) @ #vk.19 ) next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 solve( !KU( ~n.6 ) @ #vk.21 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 + case p_1_111_case_1 by solve( !KU( ~n.7 ) @ #vk.25 ) next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 + case p_1_111_case_2 by solve( !KU( ~n.7 ) @ #vk.25 ) qed qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.4 ) @ #vk.19 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.4 ) @ #vk.18 ) qed next - case outsenctkntokensharedkey_0_11211111111111 - by solve( !KU( ~n.5 ) @ #vk.19 ) + case p_1_112111111111 + by solve( !KU( ~n.5 ) @ #vk.18 ) qed + next + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.16 ) qed next - case outsencokxtkntokensharedkey_0_11211111111111111 - solve( !KU( senc(prg(prog2.1), ~n.4) ) @ #vk.10 ) + case p_1_112111111111 + by solve( !KU( ~n.2 ) @ #vk.16 ) + qed + qed + next + case iftkntokentkntoken_0_11211111111111111 + solve( !KU( senc(tkn(~n.2), ~n.1) ) @ #vk.5 ) + case c_senc + solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.7 ) + case c_senc + solve( !KU( senc(prg(prog2.1), ~n.4) ) @ #vk.11 ) case c_senc solve( !KU( ~n.4 ) @ #vk.20 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 + case p_1_111_case_1 by solve( !KU( ~n.5 ) @ #vk.21 ) next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 + case p_1_111_case_2 by solve( !KU( ~n.5 ) @ #vk.21 ) qed next - case outsencprgprogsharedkey_0_1121111111 + case eventSessionVpkskVsharedkey_0_1121111111 solve( !KU( ok(~n.3, tkn(~n.2)) ) @ #vk.13 ) case c_ok by solve( !KU( ~n.3 ) @ #vk.19 ) qed qed + next + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.17 ) qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.2 ) @ #vk.14 ) + case p_1_112111111111 + by solve( !KU( ~n.2 ) @ #vk.12 ) qed - next - case outsenctkntokensharedkey_0_11211111111111 - by solve( !KU( ~n.2 ) @ #vk.14 ) qed qed next - case outsencokxtkntokensharedkey_0_11211111111111111 - solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.4 ) + case iftkntokentkntoken_0_11211111111111111 + solve( !KU( senc(ok(~n.6, tkn(~n.3)), ~n.5) ) @ #vk.2 ) case c_senc - solve( !KU( ~n.1 ) @ #vk.15 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 - by solve( !KU( ~n.2 ) @ #vk.16 ) - next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 - by solve( !KU( ~n.2 ) @ #vk.16 ) - qed - next - case outsencprgprogsharedkey_0_1121111111 - solve( !KU( senc(ok(~n.6, tkn(~n.3)), ~n.5) ) @ #vk.7 ) - case c_senc - solve( !KU( ~n.5 ) @ #vk.15 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 - solve( !KU( senc(tkn(~n.3), ~n.5) ) @ #vk.9 ) + solve( !KU( ~n.5 ) @ #vk.15 ) + case p_1_111_case_1 + solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.7 ) + case c_senc + solve( !KU( ~n.1 ) @ #vk.18 ) + case p_1_111_case_1 + by solve( !KU( ~n.2 ) @ #vk.19 ) + next + case p_1_111_case_2 + by solve( !KU( ~n.2 ) @ #vk.19 ) + qed + next + case eventSessionVpkskVsharedkey_0_1121111111 + solve( !KU( senc(tkn(~n.3), ~n.5) ) @ #vk.10 ) case c_senc solve( !KU( senc(prg(prog2), ~n.5) ) @ #vk.11 ) case c_senc @@ -308,16 +369,28 @@ solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x by solve( !KU( ~n.6 ) @ #vk.19 ) qed next - case outsencprgprogsharedkey_0_1121111111 + case eventSessionVpkskVsharedkey_0_1121111111 by solve( !KU( ~n.6 ) @ #vk.18 ) qed next - case outsenctkntokensharedkey_0_11211111111111 + case p_1_112111111111 by solve( !KU( ~n.2 ) @ #vk.13 ) qed + qed + next + case p_1_111_case_2 + solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.7 ) + case c_senc + solve( !KU( ~n.1 ) @ #vk.18 ) + case p_1_111_case_1 + by solve( !KU( ~n.2 ) @ #vk.19 ) + next + case p_1_111_case_2 + by solve( !KU( ~n.2 ) @ #vk.19 ) + qed next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 - solve( !KU( senc(tkn(~n.3), ~n.5) ) @ #vk.9 ) + case eventSessionVpkskVsharedkey_0_1121111111 + solve( !KU( senc(tkn(~n.3), ~n.5) ) @ #vk.10 ) case c_senc solve( !KU( senc(prg(prog2), ~n.5) ) @ #vk.11 ) case c_senc @@ -326,18 +399,18 @@ solve( State_111111111111111( inp, prog, prog2, shared_key, skV, pk, x by solve( !KU( ~n.6 ) @ #vk.19 ) qed next - case outsencprgprogsharedkey_0_1121111111 + case eventSessionVpkskVsharedkey_0_1121111111 by solve( !KU( ~n.6 ) @ #vk.18 ) qed next - case outsenctkntokensharedkey_0_11211111111111 + case p_1_112111111111 by solve( !KU( ~n.2 ) @ #vk.13 ) qed qed - next - case outsencokxtkntokensharedkey_0_11211111111111111 - by contradiction /* from formulas */ qed + next + case iftkntokentkntoken_0_11211111111111111 + by contradiction /* from formulas */ qed qed qed @@ -365,17 +438,17 @@ guarded formula characterizing all counter-examples: */ simplify solve( State_1( prog ) ▶₀ #t2 ) - case newprog_0_ + case Init solve( !KU( run(~n, inp) ) @ #vk ) case c_run by solve( !KU( ~n ) @ #vk.1 ) next - case outrunproginput_0_1111111111111111 + case insencokxtkntokensharedkey_0_111111111111111 solve( !KU( senc(ok(~n.2, tkn(token)), ~n.1) ) @ #vk.1 ) case c_senc solve( !KU( ~n.2 ) @ #vk.7 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 - solve( !KU( senc(tkn(token), ~n.2) ) @ #vk.3 ) + case p_1_111_case_1 + solve( !KU( senc(tkn(token), ~n.2) ) @ #vk.4 ) case c_senc solve( !KU( senc(prg(~n), ~n.2) ) @ #vk.5 ) case c_senc @@ -383,35 +456,35 @@ solve( State_1( prog ) ▶₀ #t2 ) case c_ok by solve( !KU( ~n.1 ) @ #vk.11 ) next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 solve( State_111111111111111( inp2, prog, prog2, shared_key, skV.1, ~n.2, x ) ▶₀ #t5 ) - case insencokxtkntokensharedkey_0_11111111111111 + case p_1_1111111111 solve( !KU( ~n.6 ) @ #vk.13 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 + case p_1_111_case_1 by solve( !KU( ~n.7 ) @ #vk.22 ) next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 + case p_1_111_case_2 by solve( !KU( ~n.7 ) @ #vk.22 ) qed qed qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.3 ) @ #vk.10 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.3 ) @ #vk.11 ) qed next - case outsenctkntokensharedkey_0_11211111111111 + case p_1_112111111111 solve( State_111111111111111( inp2, prog, prog2, shared_key, skV, ~n.2, x ) ▶₀ #t5 ) - case insencokxtkntokensharedkey_0_11111111111111 - by solve( !KU( ~n.6 ) @ #vk.10 ) + case p_1_1111111111 + by solve( !KU( ~n.6 ) @ #vk.11 ) qed qed next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 - solve( !KU( senc(tkn(token), ~n.2) ) @ #vk.3 ) + case p_1_111_case_2 + solve( !KU( senc(tkn(token), ~n.2) ) @ #vk.4 ) case c_senc solve( !KU( senc(prg(~n), ~n.2) ) @ #vk.5 ) case c_senc @@ -419,43 +492,43 @@ solve( State_1( prog ) ▶₀ #t2 ) case c_ok by solve( !KU( ~n.1 ) @ #vk.11 ) next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 solve( State_111111111111111( inp2, prog, prog2, shared_key, skV.1, ~n.2, x ) ▶₀ #t5 ) - case insencokxtkntokensharedkey_0_11111111111111 + case p_1_1111111111 solve( !KU( ~n.6 ) @ #vk.13 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 + case p_1_111_case_1 by solve( !KU( ~n.7 ) @ #vk.22 ) next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 + case p_1_111_case_2 by solve( !KU( ~n.7 ) @ #vk.22 ) qed qed qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.3 ) @ #vk.10 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.3 ) @ #vk.11 ) qed next - case outsenctkntokensharedkey_0_11211111111111 + case p_1_112111111111 solve( State_111111111111111( inp2, prog, prog2, shared_key, skV, ~n.2, x ) ▶₀ #t5 ) - case insencokxtkntokensharedkey_0_11111111111111 - by solve( !KU( ~n.6 ) @ #vk.10 ) + case p_1_1111111111 + by solve( !KU( ~n.6 ) @ #vk.11 ) qed qed qed next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 solve( State_111111111111111( inp2, prog, prog2, shared_key, skV, ~n.2, x ) ▶₀ #t5 ) - case insencokxtkntokensharedkey_0_11111111111111 + case p_1_1111111111 solve( !KU( senc(ok(~n.3, tkn(~n.2)), ~n.1) ) @ #vk.10 ) case c_senc solve( !KU( ~n.1 ) @ #vk.16 ) - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_1 - solve( !KU( senc(tkn(~n.2), ~n.1) ) @ #vk.12 ) + case p_1_111_case_1 + solve( !KU( senc(tkn(~n.2), ~n.1) ) @ #vk.13 ) case c_senc solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.14 ) case c_senc @@ -464,16 +537,16 @@ solve( State_1( prog ) ▶₀ #t2 ) by solve( !KU( ~n.3 ) @ #vk.20 ) qed next - case outsencprgprogsharedkey_0_1121111111 - by solve( !KU( ~n.2 ) @ #vk.19 ) + case eventSessionVpkskVsharedkey_0_1121111111 + by solve( !KU( ~n.2 ) @ #vk.20 ) qed next - case outsenctkntokensharedkey_0_11211111111111 + case p_1_112111111111 by solve( !KU( ~n.2 ) @ #vk.14 ) qed next - case outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111_case_2 - solve( !KU( senc(tkn(~n.2), ~n.1) ) @ #vk.12 ) + case p_1_111_case_2 + solve( !KU( senc(tkn(~n.2), ~n.1) ) @ #vk.13 ) case c_senc solve( !KU( senc(prg(prog2), ~n.1) ) @ #vk.14 ) case c_senc @@ -482,16 +555,16 @@ solve( State_1( prog ) ▶₀ #t2 ) by solve( !KU( ~n.3 ) @ #vk.20 ) qed next - case outsencprgprogsharedkey_0_1121111111 + case eventSessionVpkskVsharedkey_0_1121111111 by solve( !KU( ~n.2 ) @ #vk.19 ) qed next - case outsenctkntokensharedkey_0_11211111111111 + case p_1_112111111111 by solve( !KU( ~n.2 ) @ #vk.14 ) qed qed next - case outsencokxtkntokensharedkey_0_11211111111111111 + case iftkntokentkntoken_0_11211111111111111 by contradiction /* from formulas */ qed qed @@ -499,421 +572,360 @@ solve( State_1( prog ) ▶₀ #t2 ) qed qed -restriction Restr_ReportRule_1: - "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(∃ z. x = <'loc', z>))" - // safety formula -rule (modulo E) ReportRule[color=#ffffff, process="new prog;"]: - [ In( ) ] - --[ Restr_ReportRule_1( loc ) ]-> - [ Out( rep(x, loc) ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) Init[color=#ffffff, process="new prog;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newprog_0_[color=#ffffff, process="new prog;"]: - [ State_( ), Fr( prog ) ] --> [ State_1( prog ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) eventAuthprog_0_1[color=#ffffff, - process="event Auth( prog );"]: - [ State_1( prog ) ] --[ Auth( prog ) ]-> [ State_11( prog ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( prog ) ] --> [ State_111( prog ), State_112( prog ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="!"]: - [ State_111( prog ) ] --> [ !Semistate_1111( prog ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_111[color=#ffffff, process="!"]: - [ !Semistate_1111( prog ) ] --> [ State_1111( prog ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) inpkskV_0_1111[color=#804046, process="in(pk(skV));"]: - [ State_1111( prog ), In( pk(skV) ) ] --> [ State_11111( prog, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newsharedkey_0_11111[color=#804046, - process="new shared_key;"]: - [ State_11111( prog, skV ), Fr( shared_key ) ] - --> - [ State_111111( prog, shared_key, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) eventSessionPpkskVsharedkey_0_111111[color=#804046, - process="event SessionP( pk(skV), shared_key );"]: - [ State_111111( prog, shared_key, skV ) ] - --[ SessionP( pk(skV), shared_key ) ]-> - [ State_1111111( prog, shared_key, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) outaencsharedkeypkskVrepaencsharedkeypkskVlocpkskV_0_1111111[color=#804046, - process="out()>);"]: - [ State_1111111( prog, shared_key, skV ) ] - --> - [ - State_11111111( prog, shared_key, skV ), - Out( )> - ) - ] - /* has exactly the trivial AC variant */ -rule (modulo E) insencprgprogsharedkey_0_11111111[color=#804046, - process="in(senc(prg(prog2), shared_key));"]: - [ - State_11111111( prog, shared_key, skV ), - In( senc(prg(prog2), shared_key) ) - ] - --> - [ State_111111111( prog, prog2, shared_key, skV ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111111111[color=#804046, process="!"]: - [ State_111111111( prog, prog2, shared_key, skV ) ] - --> - [ !Semistate_1111111111( prog, prog2, shared_key, skV ) ] - /* has exactly the trivial AC variant */ +restriction Restr_ReportRule_1: + "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'loc'))" + // safety formula -rule (modulo E) p_1_111111111[color=#804046, process="!"]: - [ !Semistate_1111111111( prog, prog2, shared_key, skV ) ] - --> - [ State_1111111111( prog, prog2, shared_key, skV ) ] +rule (modulo E) ReportRule[color=#ffffff, process="new prog.1;"]: + [ In( ) ] + --[ Restr_ReportRule_1( fst(loc) ) ]-> + [ Out( rep(x, loc) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ReportRule[color=#ffffff, process="new prog.1;"]: + [ In( ) ] --[ Restr_ReportRule_1( z ) ]-> [ Out( rep(x, loc) ) ] + variants (modulo AC) + 1. loc = loc.4 + z = fst(loc.4) + + 2. loc = + z = x.4 + */ -rule (modulo E) ininput_0_1111111111[color=#804046, - process="in(input);"]: - [ State_1111111111( prog, prog2, shared_key, skV ), In( input ) ] - --> - [ State_11111111111( input, prog, prog2, shared_key, skV ) ] +rule (modulo E) Init[color=#ffffff, process="new prog.1;"]: + [ Fr( prog.1 ) ] --[ Init( ) ]-> [ State_1( prog.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="new prog.1;"]: + [ Fr( prog ) ] --[ Init( ) ]-> [ State_1( prog ) ] + */ -rule (modulo E) insenctkntokensharedkey_0_11111111111[color=#804046, - process="in(senc(tkn(token), shared_key));"]: +rule (modulo E) p_1_111[color=#ffffff, process="!"]: + [ !Semistate_1111( prog.1 ), In( pk(skV.1) ), Fr( shared_key.1 ) ] + --[ SessionP( pk(skV.1), shared_key.1 ) ]-> [ - State_11111111111( input, prog, prog2, shared_key, skV ), - In( senc(tkn(token), shared_key) ) + State_111111111( prog.1, shared_key.1, skV.1 ), + Out( )> + ) ] - --> - [ State_111111111111( input, prog, prog2, shared_key, skV, token ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_111[color=#ffffff, process="!"]: + [ !Semistate_1111( prog ), In( pk(skV) ), Fr( shared_key ) ] + --[ SessionP( pk(skV), shared_key ) ]-> + [ + State_111111111( prog, shared_key, skV ), + Out( )> + ) + ] + */ -rule (modulo E) newx_0_111111111111[color=#804046, process="new x;"]: +rule (modulo E) insencprgprogsharedkey_0_111111111[color=#804046, + process="in(senc(prg(prog2.1), =shared_key.1));"]: [ - State_111111111111( input, prog, prog2, shared_key, skV, token ), Fr( x ) + State_111111111( prog.1, shared_key.1, skV.1 ), + In( senc(prg(prog2.1), shared_key.1) ) ] --> - [ State_1111111111111( input, prog, prog2, shared_key, skV, token, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsencaskxtkntokensharedkey_0_1111111111111[color=#804046, - process="out(senc(ask(x, tkn(token)), shared_key));"]: - [ State_1111111111111( input, prog, prog2, shared_key, skV, token, x ) ] - --> - [ - State_11111111111111( input, prog, prog2, shared_key, skV, token, x ), - Out( senc(ask(x, tkn(token)), shared_key) ) - ] + [ !Semistate_11111111111( prog.1, prog2.1, shared_key.1, skV.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insencprgprogsharedkey_0_111111111[color=#804046, + process="in(senc(prg(prog2.1), =shared_key.1));"]: + [ + State_111111111( prog, shared_key, skV ), + In( senc(prg(prog2), shared_key) ) + ] + --> + [ !Semistate_11111111111( prog, prog2, shared_key, skV ) ] + */ -rule (modulo E) insencokxtkntokensharedkey_0_11111111111111[color=#804046, - process="in(senc(ok(x, tkn(token)), shared_key));"]: +rule (modulo E) p_1_1111111111[color=#804046, process="!"]: [ - State_11111111111111( input, prog, prog2, shared_key, skV, token, x ), - In( senc(ok(x, tkn(token)), shared_key) ) - ] - --> - [ State_111111111111111( input, prog, prog2, shared_key, skV, token, x ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventPoutputinputtoken_0_111111111111111[color=#804046, - process="event Poutput( input, token );"]: - [ State_111111111111111( input, prog, prog2, shared_key, skV, token, x ) - ] - --[ Poutput( input, token ) ]-> - [ State_1111111111111111( input, prog, prog2, shared_key, skV, token, x ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outrunproginput_0_1111111111111111[color=#804046, - process="out(run(prog2, input));"]: - [ State_1111111111111111( input, prog, prog2, shared_key, skV, token, x ) + !Semistate_11111111111( prog.1, prog2.1, shared_key.1, skV.1 ), + In( input.1 ), In( senc(tkn(token.1), shared_key.1) ), Fr( x.1 ) ] --> [ - State_11111111111111111( input, prog, prog2, shared_key, skV, token, x ), - Out( run(prog2, input) ) + State_111111111111111( input.1, prog.1, prog2.1, shared_key.1, skV.1, + token.1, x.1 + ), + Out( senc(ask(x.1, tkn(token.1)), shared_key.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_1111111111[color=#804046, process="!"]: + [ + !Semistate_11111111111( prog, prog2, shared_key, skV ), In( input ), + In( senc(tkn(token), shared_key) ), Fr( x ) + ] + --> + [ + State_111111111111111( input, prog, prog2, shared_key, skV, token, x ), + Out( senc(ask(x, tkn(token)), shared_key) ) + ] + */ -rule (modulo E) p_0_11111111111111111[color=#804046, process="0"]: +rule (modulo E) insencokxtkntokensharedkey_0_111111111111111[color=#804046, + process="in(senc(ok(=x.1, tkn(=token.1)), =shared_key.1));"]: [ - State_11111111111111111( input, prog, prog2, shared_key, skV, token, x ) + State_111111111111111( input.1, prog.1, prog2.1, shared_key.1, skV.1, + token.1, x.1 + ), + In( senc(ok(x.1, tkn(token.1)), shared_key.1) ) ] - --> - [ ] + --[ Poutput( input.1, token.1 ) ]-> + [ Out( run(prog2.1, input.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insencokxtkntokensharedkey_0_111111111111111[color=#804046, + process="in(senc(ok(=x.1, tkn(=token.1)), =shared_key.1));"]: + [ + State_111111111111111( input, prog, prog2, shared_key, skV, token, x ), + In( senc(ok(x, tkn(token)), shared_key) ) + ] + --[ Poutput( input, token ) ]-> + [ Out( run(prog2, input) ) ] + */ -rule (modulo E) p_0_112[color=#ffffff, process="!"]: - [ State_112( prog ) ] --> [ !Semistate_1121( prog ) ] +rule (modulo E) eventAuthprog_0_1[color=#ffffff, + process="event Auth( prog.1 );"]: + [ State_1( prog.1 ) ] + --[ Auth( prog.1 ) ]-> + [ !Semistate_1121( prog.1 ), !Semistate_1111( prog.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventAuthprog_0_1[color=#ffffff, + process="event Auth( prog.1 );"]: + [ State_1( prog ) ] + --[ Auth( prog ) ]-> + [ !Semistate_1121( prog ), !Semistate_1111( prog ) ] + */ rule (modulo E) p_1_112[color=#ffffff, process="!"]: - [ !Semistate_1121( prog ) ] --> [ State_1121( prog ) ] + [ !Semistate_1121( prog.1 ), Fr( skV.2 ) ] + --[ HonestP( pk(skV.2) ) ]-> + [ State_11211111( prog.1, skV.2 ), Out( pk(skV.2) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) newskV_0_1121[color=#406880, process="new skV;"]: - [ State_1121( prog ), Fr( skV ) ] --> [ State_11211( prog, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventHonestPpkskV_0_11211[color=#406880, - process="event HonestP( pk(skV) );"]: - [ State_11211( prog, skV ) ] - --[ HonestP( pk(skV) ) ]-> - [ State_112111( prog, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outpkskV_0_112111[color=#406880, - process="out(pk(skV));"]: - [ State_112111( prog, skV ) ] - --> - [ State_1121111( prog, skV ), Out( pk(skV) ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_112[color=#ffffff, process="!"]: + [ !Semistate_1121( prog ), Fr( skV ) ] + --[ HonestP( pk(skV) ) ]-> + [ State_11211111( prog, skV ), Out( pk(skV) ) ] + */ -rule (modulo E) inaencsharedkeypkskVsigned_0_1121111[color=#406880, - process="in();"]: - [ State_1121111( prog, skV ), In( ) ] +rule (modulo E) inaencsharedkeypkskVsigned_0_11211111[color=#406880, + process="in();"]: + [ + State_11211111( prog.1, skV.2 ), + In( ) + ] --> - [ State_11211111( prog, shared_key, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifaencsharedkeypkskVcheckrepsignedlocpkskV_0_11211111[color=#406880, - process="if aenc(shared_key, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_11211111( prog, shared_key, signed, skV ) ] - --[ - Pred_Eq( aenc(shared_key, pk(skV)), check_rep(signed, <'loc', pk(skV)>) ) - ]-> - [ State_112111111( prog, shared_key, signed, skV ) ] + [ State_112111111( prog.1, signed.1, shared_key.2, skV.2 ) ] /* - rule (modulo AC) ifaencsharedkeypkskVcheckrepsignedlocpkskV_0_11211111[color=#406880, - process="if aenc(shared_key, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_11211111( prog, shared_key, signed, skV ) ] - --[ Pred_Eq( aenc(shared_key, pk(skV)), z ) ]-> - [ State_112111111( prog, shared_key, signed, skV ) ] - variants (modulo AC) - 1. signed - = signed.6 - skV = skV.6 - z = check_rep(signed.6, <'loc', pk(skV.6)>) - - 2. signed - = rep(x.6, <'loc', pk(x.7)>) - skV = x.7 - z = x.6 + rule (modulo AC) inaencsharedkeypkskVsigned_0_11211111[color=#406880, + process="in();"]: + [ State_11211111( prog, skV ), In( ) + ] + --> + [ State_112111111( prog, signed, shared_key, skV ) ] */ -rule (modulo E) ifaencsharedkeypkskVcheckrepsignedlocpkskV_1_11211111[color=#406880, - process="if aenc(shared_key, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_11211111( prog, shared_key, signed, skV ) ] +rule (modulo E) ifaencsharedkeypkskVcheckrepsignedlocpkskV_0_112111111[color=#406880, + process="if aenc(shared_key.2, pk(skV.2))=check_rep(signed.1, <'loc', pk(skV.2)>)"]: + [ State_112111111( prog.1, signed.1, shared_key.2, skV.2 ) ] --[ - Pred_Not_Eq( aenc(shared_key, pk(skV)), - check_rep(signed, <'loc', pk(skV)>) + Pred_Eq( aenc(shared_key.2, pk(skV.2)), + check_rep(signed.1, <'loc', pk(skV.2)>) ) ]-> - [ State_112111112( prog, shared_key, signed, skV ) ] + [ State_1121111111( prog.1, signed.1, shared_key.2, skV.2 ) ] /* - rule (modulo AC) ifaencsharedkeypkskVcheckrepsignedlocpkskV_1_11211111[color=#406880, - process="if aenc(shared_key, pk(skV))=check_rep(signed, <'loc', pk(skV)>)"]: - [ State_11211111( prog, shared_key, signed, skV ) ] - --[ Pred_Not_Eq( aenc(shared_key, pk(skV)), z ) ]-> - [ State_112111112( prog, shared_key, signed, skV ) ] + rule (modulo AC) ifaencsharedkeypkskVcheckrepsignedlocpkskV_0_112111111[color=#406880, + process="if aenc(shared_key.2, pk(skV.2))=check_rep(signed.1, <'loc', pk(skV.2)>)"]: + [ State_112111111( prog, signed, shared_key, skV ) ] + --[ Pred_Eq( aenc(shared_key, pk(skV)), z ) ]-> + [ State_1121111111( prog, signed, shared_key, skV ) ] variants (modulo AC) 1. signed - = signed.6 - skV = skV.6 - z = check_rep(signed.6, <'loc', pk(skV.6)>) + = signed.8 + skV = skV.9 + z = check_rep(signed.8, <'loc', pk(skV.9)>) 2. signed - = rep(x.6, <'loc', pk(x.7)>) - skV = x.7 - z = x.6 + = rep(x.8, <'loc', pk(x.9)>) + skV = x.9 + z = x.8 */ -rule (modulo E) eventSessionVpkskVsharedkey_0_112111111[color=#406880, - process="event SessionV( pk(skV), shared_key );"]: - [ State_112111111( prog, shared_key, signed, skV ) ] - --[ SessionV( pk(skV), shared_key ) ]-> - [ State_1121111111( prog, shared_key, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsencprgprogsharedkey_0_1121111111[color=#406880, - process="out(senc(prg(prog), shared_key));"]: - [ State_1121111111( prog, shared_key, signed, skV ) ] - --> +rule (modulo E) eventSessionVpkskVsharedkey_0_1121111111[color=#406880, + process="event SessionV( pk(skV.2), shared_key.2 );"]: + [ State_1121111111( prog.1, signed.1, shared_key.2, skV.2 ) ] + --[ SessionV( pk(skV.2), shared_key.2 ) ]-> [ - State_11211111111( prog, shared_key, signed, skV ), - Out( senc(prg(prog), shared_key) ) + !Semistate_1121111111111( prog.1, signed.1, shared_key.2, skV.2 ), + Out( senc(prg(prog.1), shared_key.2) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11211111111[color=#406880, process="!"]: - [ State_11211111111( prog, shared_key, signed, skV ) ] - --> - [ !Semistate_112111111111( prog, shared_key, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_11211111111[color=#406880, process="!"]: - [ !Semistate_112111111111( prog, shared_key, signed, skV ) ] - --> - [ State_112111111111( prog, shared_key, signed, skV ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newtoken_0_112111111111[color=#406880, - process="new token;"]: - [ State_112111111111( prog, shared_key, signed, skV ), Fr( token ) ] - --> - [ State_1121111111111( prog, shared_key, signed, skV, token ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventTokentoken_0_1121111111111[color=#406880, - process="event Token( token );"]: - [ State_1121111111111( prog, shared_key, signed, skV, token ) ] - --[ Token( token ) ]-> - [ State_11211111111111( prog, shared_key, signed, skV, token ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsenctkntokensharedkey_0_11211111111111[color=#406880, - process="out(senc(tkn(token), shared_key));"]: - [ State_11211111111111( prog, shared_key, signed, skV, token ) ] - --> - [ - State_112111111111111( prog, shared_key, signed, skV, token ), - Out( senc(tkn(token), shared_key) ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insencaskxtkntokensharedkey_0_112111111111111[color=#406880, - process="in(senc(ask(x, tkn(token2)), shared_key));"]: - [ - State_112111111111111( prog, shared_key, signed, skV, token ), - In( senc(ask(x, tkn(token2)), shared_key) ) - ] - --> - [ - State_1121111111111111( prog, shared_key, signed, skV, token, token2, x ) - ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSessionVpkskVsharedkey_0_1121111111[color=#406880, + process="event SessionV( pk(skV.2), shared_key.2 );"]: + [ State_1121111111( prog, signed, shared_key, skV ) ] + --[ SessionV( pk(skV), shared_key ) ]-> + [ + !Semistate_1121111111111( prog, signed, shared_key, skV ), + Out( senc(prg(prog), shared_key) ) + ] + */ -rule (modulo E) iftkntokentkntoken_0_1121111111111111[color=#406880, - process="if tkn(token)=tkn(token2)"]: +rule (modulo E) p_1_112111111111[color=#406880, process="!"]: [ - State_1121111111111111( prog, shared_key, signed, skV, token, token2, x ) + !Semistate_1121111111111( prog.1, signed.1, shared_key.2, skV.2 ), + Fr( token.2 ) ] - --[ Pred_Eq( tkn(token), tkn(token2) ) ]-> + --[ Token( token.2 ) ]-> [ - State_11211111111111111( prog, shared_key, signed, skV, token, token2, x - ) + State_1121111111111111( prog.1, signed.1, shared_key.2, skV.2, token.2 ), + Out( senc(tkn(token.2), shared_key.2) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_112111111111[color=#406880, process="!"]: + [ !Semistate_1121111111111( prog, signed, shared_key, skV ), Fr( token ) + ] + --[ Token( token ) ]-> + [ + State_1121111111111111( prog, signed, shared_key, skV, token ), + Out( senc(tkn(token), shared_key) ) + ] + */ -rule (modulo E) iftkntokentkntoken_1_1121111111111111[color=#406880, - process="if tkn(token)=tkn(token2)"]: +rule (modulo E) insencaskxtkntokensharedkey_0_1121111111111111[color=#406880, + process="in(senc(ask(x.2, tkn(token2.1)), =shared_key.2));"]: [ - State_1121111111111111( prog, shared_key, signed, skV, token, token2, x ) + State_1121111111111111( prog.1, signed.1, shared_key.2, skV.2, token.2 ), + In( senc(ask(x.2, tkn(token2.1)), shared_key.2) ) ] - --[ Pred_Not_Eq( tkn(token), tkn(token2) ) ]-> + --> [ - State_11211111111111112( prog, shared_key, signed, skV, token, token2, x + State_11211111111111111( prog.1, signed.1, token2.1, shared_key.2, skV.2, + token.2, x.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insencaskxtkntokensharedkey_0_1121111111111111[color=#406880, + process="in(senc(ask(x.2, tkn(token2.1)), =shared_key.2));"]: + [ + State_1121111111111111( prog, signed, shared_key, skV, token ), + In( senc(ask(x, tkn(token2)), shared_key) ) + ] + --> + [ + State_11211111111111111( prog, signed, token2, shared_key, skV, token, x + ) + ] + */ -rule (modulo E) outsencokxtkntokensharedkey_0_11211111111111111[color=#406880, - process="out(senc(ok(x, tkn(token)), shared_key));"]: +rule (modulo E) iftkntokentkntoken_0_11211111111111111[color=#406880, + process="if tkn(token.2)=tkn(token2.1)"]: [ - State_11211111111111111( prog, shared_key, signed, skV, token, token2, x + State_11211111111111111( prog.1, signed.1, token2.1, shared_key.2, skV.2, + token.2, x.2 ) ] - --> - [ - State_112111111111111111( prog, shared_key, signed, skV, token, token2, x - ), - Out( senc(ok(x, tkn(token)), shared_key) ) - ] + --[ Pred_Eq( tkn(token.2), tkn(token2.1) ) ]-> + [ Out( senc(ok(x.2, tkn(token.2)), shared_key.2) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) iftkntokentkntoken_0_11211111111111111[color=#406880, + process="if tkn(token.2)=tkn(token2.1)"]: + [ + State_11211111111111111( prog, signed, token2, shared_key, skV, token, x + ) + ] + --[ Pred_Eq( tkn(token), tkn(token2) ) ]-> + [ Out( senc(ok(x, tkn(token)), shared_key) ) ] + */ -rule (modulo E) p_0_112111111111111111[color=#406880, process="0"]: +rule (modulo E) iftkntokentkntoken_1_11211111111111111[color=#406880, + process="if tkn(token.2)=tkn(token2.1)"]: [ - State_112111111111111111( prog, shared_key, signed, skV, token, token2, x + State_11211111111111111( prog.1, signed.1, token2.1, shared_key.2, skV.2, + token.2, x.2 ) ] - --> + --[ Pred_Not_Eq( tkn(token.2), tkn(token2.1) ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) iftkntokentkntoken_1_11211111111111111[color=#406880, + process="if tkn(token.2)=tkn(token2.1)"]: + [ + State_11211111111111111( prog, signed, token2, shared_key, skV, token, x + ) + ] + --[ Pred_Not_Eq( tkn(token), tkn(token2) ) ]-> + [ ] + */ -rule (modulo E) p_0_11211111111111112[color=#406880, process="0"]: - [ - State_11211111111111112( prog, shared_key, signed, skV, token, token2, x - ) - ] - --> +rule (modulo E) ifaencsharedkeypkskVcheckrepsignedlocpkskV_1_112111111[color=#406880, + process="if aenc(shared_key.2, pk(skV.2))=check_rep(signed.1, <'loc', pk(skV.2)>)"]: + [ State_112111111( prog.1, signed.1, shared_key.2, skV.2 ) ] + --[ + Pred_Not_Eq( aenc(shared_key.2, pk(skV.2)), + check_rep(signed.1, <'loc', pk(skV.2)>) + ) + ]-> [ ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_112111112[color=#406880, process="0"]: - [ State_112111112( prog, shared_key, signed, skV ) ] --> [ ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifaencsharedkeypkskVcheckrepsignedlocpkskV_1_112111111[color=#406880, + process="if aenc(shared_key.2, pk(skV.2))=check_rep(signed.1, <'loc', pk(skV.2)>)"]: + [ State_112111111( prog, signed, shared_key, skV ) ] + --[ Pred_Not_Eq( aenc(shared_key, pk(skV)), z ) ]-> + [ ] + variants (modulo AC) + 1. signed + = signed.8 + skV = skV.9 + z = check_rep(signed.8, <'loc', pk(skV.9)>) + + 2. signed + = rep(x.8, <'loc', pk(x.9)>) + skV = x.9 + z = x.8 + */ restriction predicate_eq: "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" @@ -932,7 +944,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -942,9 +954,9 @@ analyzing: examples/sapic/fast/feature-locations/licensing.spthy analyzed: examples/sapic/fast/feature-locations/licensing.spthy output: examples/sapic/fast/feature-locations/licensing.spthy.tmp - processing time: 8.395902552s + processing time: 4.633126128s attested_comput (all-traces): verified (19 steps) - unique (all-traces): verified (84 steps) + unique (all-traces): verified (104 steps) final (all-traces): verified (44 steps) ------------------------------------------------------------------------------ @@ -955,9 +967,9 @@ summary of summaries: analyzed: examples/sapic/fast/feature-locations/licensing.spthy output: examples/sapic/fast/feature-locations/licensing.spthy.tmp - processing time: 8.395902552s + processing time: 4.633126128s attested_comput (all-traces): verified (19 steps) - unique (all-traces): verified (84 steps) + unique (all-traces): verified (104 steps) final (all-traces): verified (44 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-locking-restriction/locking-restriction_analyzed.spthy b/case-studies-regression/sapic/fast/feature-locking-restriction/locking-restriction_analyzed.spthy index 43507a442..79b60f671 100644 --- a/case-studies-regression/sapic/fast/feature-locking-restriction/locking-restriction_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-locking-restriction/locking-restriction_analyzed.spthy @@ -2,11 +2,15 @@ theory LockingRestriction begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + + + lemma ANotReachable: all-traces "¬(∃ #t. A( ) @ #t)" /* @@ -14,7 +18,7 @@ guarded formula characterizing all counter-examples: "∃ #t. (A( ) @ #t)" */ simplify -by solve( State_11( lock, lock.1 ) ▶₀ #t ) +by solve( State_111( lock, lock.1 ) ▶₀ #t ) rule (modulo E) Init[color=#ffffff, process="lock 'P';"]: [ ] --[ Init( ) ]-> [ State_( ) ] @@ -24,31 +28,26 @@ rule (modulo E) Init[color=#ffffff, process="lock 'P';"]: rule (modulo E) lockP_0_[color=#ffffff, process="lock 'P';"]: [ State_( ), Fr( lock ) ] --[ Lock_0( '0', lock, 'P' ), Lock( '0', lock, 'P' ) ]-> - [ State_1( lock ) ] + [ State_11( lock ) ] /* has exactly the trivial AC variant */ -rule (modulo E) lockP_0_1[color=#6c8040, process="lock 'P';"]: - [ State_1( lock ), Fr( lock.1 ) ] +rule (modulo E) lockP_0_11[color=#6c8040, process="lock 'P';"]: + [ State_11( lock ), Fr( lock.1 ) ] --[ Lock_1( '1', lock.1, 'P' ), Lock( '1', lock.1, 'P' ) ]-> - [ State_11( lock, lock.1 ) ] + [ State_111( lock, lock.1 ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventA_0_11[color=#6c8040, process="event A( );"]: - [ State_11( lock, lock.1 ) ] --[ A( ) ]-> [ State_111( lock, lock.1 ) ] +rule (modulo E) eventA_0_111[color=#6c8040, process="event A( );"]: + [ State_111( lock, lock.1 ) ] --[ A( ) ]-> [ State_1111( lock, lock.1 ) ] /* has exactly the trivial AC variant */ -rule (modulo E) unlockP_0_111[color=#6c8040, process="unlock 'P';"]: - [ State_111( lock, lock.1 ) ] - --[ Unlock_1( '1', lock.1, 'P' ), Unlock( '1', lock.1, 'P' ) ]-> +rule (modulo E) unlockP_0_1111[color=#6c8040, process="unlock 'P';"]: [ State_1111( lock, lock.1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#6c8040, process="0"]: - [ State_1111( lock, lock.1 ) ] --> [ ] + --[ Unlock_1( '1', lock.1, 'P' ), Unlock( '1', lock.1, 'P' ) ]-> + [ ] /* has exactly the trivial AC variant */ @@ -83,7 +82,7 @@ restriction locking_0: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -93,7 +92,7 @@ analyzing: examples/sapic/fast/feature-locking-restriction/locking-restriction.s analyzed: examples/sapic/fast/feature-locking-restriction/locking-restriction.spthy output: examples/sapic/fast/feature-locking-restriction/locking-restriction.spthy.tmp - processing time: 0.062385388s + processing time: 0.018212607s ANotReachable (all-traces): verified (2 steps) ------------------------------------------------------------------------------ @@ -104,7 +103,7 @@ summary of summaries: analyzed: examples/sapic/fast/feature-locking-restriction/locking-restriction.spthy output: examples/sapic/fast/feature-locking-restriction/locking-restriction.spthy.tmp - processing time: 0.062385388s + processing time: 0.018212607s ANotReachable (all-traces): verified (2 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-predicates/binding_analyzed.spthy b/case-studies-regression/sapic/fast/feature-predicates/binding_analyzed.spthy index 77143cadf..d25c7db9e 100644 --- a/case-studies-regression/sapic/fast/feature-predicates/binding_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-predicates/binding_analyzed.spthy @@ -2,13 +2,15 @@ theory PredicatesBinding begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p predicate: Added( x )<=>∃ #a. (A( x ) @ #a) ∧ (#a < #NOW) + + lemma C_exists: exists-trace "∃ #i. C( ) @ #i" /* @@ -16,10 +18,10 @@ guarded formula characterizing all satisfying traces: "∃ #i. (C( ) @ #i)" */ simplify -solve( State_121( a ) ▶₀ #i ) - case ifAddeda_0_12 +solve( State_12( a ) ▶₀ #i ) + case Init solve( State_11( ~n ) ▶₀ #a ) - case p_0_1 + case Init SOLVED // trace found qed qed @@ -31,71 +33,36 @@ guarded formula characterizing all counter-examples: "∃ #c. (C( ) @ #c) ∧ ∀ #a a.1. (A( a.1 ) @ #a) ⇒ ⊥" */ simplify -solve( State_121( a ) ▶₀ #c ) - case ifAddeda_0_12 - by contradiction /* from formulas */ -qed - -rule (modulo E) Init[color=#ffffff, process="new a;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ +by contradiction /* from formulas */ -rule (modulo E) newa_0_[color=#ffffff, process="new a;"]: - [ State_( ), Fr( a ) ] --> [ State_1( a ) ] +rule (modulo E) eventAa_0_11[color=#ffffff, process="event A( a.1 );"]: + [ State_11( a.1 ) ] --[ A( a.1 ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventAa_0_11[color=#ffffff, process="event A( a.1 );"]: + [ State_11( a ) ] --[ A( a ) ]-> [ ] + */ -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( a ) ] --> [ State_11( a ), State_12( a ) ] +rule (modulo E) Init[color=#ffffff, process="new a.1;"]: + [ Fr( a.1 ) ] --[ Init( ) ]-> [ State_11( a.1 ), State_12( a.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) eventAa_0_11[color=#ffffff, process="event A( a );"]: - [ State_11( a ) ] --[ A( a ) ]-> [ State_111( a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( a ) ] --> [ ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="new a.1;"]: + [ Fr( a ) ] --[ Init( ) ]-> [ State_11( a ), State_12( a ) ] + */ restriction Restr_ifAddeda_0_12_1: "∀ x #NOW. (Restr_ifAddeda_0_12_1( x ) @ #NOW) ⇒ (∃ #a. (A( x ) @ #a) ∧ (#a < #NOW))" -rule (modulo E) ifAddeda_0_12[color=#ffffff, process="if Added( a )"]: - [ State_12( a ) ] --[ Restr_ifAddeda_0_12_1( a ) ]-> [ State_121( a ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifAddeda_1_12_1: - "∀ x #NOW. - (Restr_ifAddeda_1_12_1( x ) @ #NOW) ⇒ - (¬(∃ #a. (A( x ) @ #a) ∧ (#a < #NOW)))" - // safety formula - -rule (modulo E) ifAddeda_1_12[color=#ffffff, process="if Added( a )"]: - [ State_12( a ) ] --[ Restr_ifAddeda_1_12_1( a ) ]-> [ State_122( a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventC_0_121[color=#ffffff, process="event C( );"]: - [ State_121( a ) ] --[ C( ) ]-> [ State_1211( a ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1211[color=#ffffff, process="0"]: - [ State_1211( a ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_122[color=#ffffff, process="0"]: - [ State_122( a ) ] --> [ ] +rule (modulo E) ifAddeda_0_12[color=#ffffff, process="if Added( a.1 )"]: + [ State_12( a.1 ) ] --[ C( ), Restr_ifAddeda_0_12_1( a.1 ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifAddeda_0_12[color=#ffffff, process="if Added( a.1 )"]: + [ State_12( a ) ] --[ C( ), Restr_ifAddeda_0_12_1( a ) ]-> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -106,7 +73,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -116,9 +83,9 @@ analyzing: examples/sapic/fast/feature-predicates/binding.spthy analyzed: examples/sapic/fast/feature-predicates/binding.spthy output: examples/sapic/fast/feature-predicates/binding.spthy.tmp - processing time: 0.069346372s + processing time: 0.015730467s C_exists (exists-trace): verified (4 steps) - A_before_C (all-traces): verified (3 steps) + A_before_C (all-traces): verified (2 steps) ------------------------------------------------------------------------------ @@ -128,9 +95,9 @@ summary of summaries: analyzed: examples/sapic/fast/feature-predicates/binding.spthy output: examples/sapic/fast/feature-predicates/binding.spthy.tmp - processing time: 0.069346372s + processing time: 0.015730467s C_exists (exists-trace): verified (4 steps) - A_before_C (all-traces): verified (3 steps) + A_before_C (all-traces): verified (2 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-manual_analyzed.spthy b/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-manual_analyzed.spthy index 401717afc..292af03ee 100644 --- a/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-manual_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-manual_analyzed.spthy @@ -2,7 +2,8 @@ theory DecWrapDestr begin // Function signature and definition of the equational theory E -functions: encSucc/2, fst/1, pair/2, sdec/2, senc/2, snd/1, true/0 +functions: encSucc/2, fst/1[destructor], pair/2, sdec/2[destructor], + senc/2, snd/1[destructor], true/0 equations: encSucc(senc(x, y), y) = true, fst() = x.1, @@ -11,6 +12,10 @@ equations: heuristic: p + + + + restriction True_is_true: "∀ x #i. (IsTrue( x ) @ #i) ⇒ (x = true)" // safety formula @@ -22,8 +27,8 @@ guarded formula characterizing all satisfying traces: "∃ #t h k. (NewKey( h, k ) @ #t)" */ simplify -solve( State_111111( h, k ) ▶₀ #t ) - case newk_0_11111 +solve( State_1111( ) ▶₀ #t ) + case p_1_ SOLVED // trace found qed @@ -39,19 +44,19 @@ solve( State_1211111( a1, h1, h2, k1, k2 ) ▶₀ #t ) solve( Insert( <'key', h2>, k2 ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'att', ~n>, 'wrap' ) @ #t2.2 ) case insertatthwrap_0_111211 - solve( State_111211( ~n, lock ) ▶₀ #t2.2 ) - case lockh_0_11121 + solve( State_111211( lock, ~n ) ▶₀ #t2.2 ) + case inh_0_1112 solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 + case insertatthdec_0_11111111 solve( !KU( ~n ) @ #vk.2 ) - case outh_0_111111111 + case insertatthdec_0_11111111 SOLVED // trace found qed qed @@ -151,26 +156,26 @@ next ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)) ) case case_1 - solve( State_11211111( a, c, h, k ) ▶₀ #t1 ) + solve( State_11211111( a, c, k, h ) ▶₀ #t1 ) case eventIsTrueencSuccck_0_1121111 solve( !KU( senc(m, k) ) @ #vk.2 ) case c_senc solve( Insert( <'key', h>, k ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 by contradiction /* from formulas */ qed qed next - case outsdecck_0_112111111 + case eventDecUsingksdecck_0_11211111 by contradiction /* from formulas */ next - case outsenckk_0_12111111_case_1 + case eventWrapkk_0_1211111_case_1 solve( Insert( <'key', h>, k ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) case insertatthdec_0_11111111 solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) @@ -178,12 +183,12 @@ next solve( Insert( <'key', h2>, m ) @ #t2.2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, m ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_111111 - solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.15 < #t2.1) ) + case newh_0_1111 + solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.11 < #t2.1) ) case case_1 by contradiction /* from formulas */ next @@ -193,38 +198,38 @@ next case case_3 solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.3 ) case insertatthwrap_0_111211 - solve( State_111211( ~n.2, lock ) ▶₀ #t2.3 ) - case lockh_0_11121 + solve( State_111211( lock, ~n.2 ) ▶₀ #t2.3 ) + case inh_0_1112 solve( !KU( ~n.2 ) @ #vk.2 ) - case outh_0_111111111 - by contradiction /* cyclic */ - next - case outsdecck_0_112111111 + case eventDecUsingksdecck_0_11211111 by contradiction /* from formulas */ next - case outsenckk_0_12111111 + case eventWrapkk_0_1211111 solve( !KU( ~n.3 ) @ #vk.4 ) - case outh_0_111111111 + case eventDecUsingksdecck_0_11211111 + by contradiction /* from formulas */ + next + case eventWrapkk_0_1211111 solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) - case eventNewKeyhk_0_111111 - by solve( (#vr.40, 0) ~~> (#vk.1, 0) ) + case newh_0_1111 + by solve( (#vr.21, 0) ~~> (#vk.1, 0) ) qed qed next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 + case insertatthdec_0_11111111 solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) - case eventNewKeyhk_0_111111 - by solve( (#vr.40, 0) ~~> (#vk.1, 0) ) + case newh_0_1111 + by solve( (#vr.21, 0) ~~> (#vk.1, 0) ) qed qed qed + next + case insertatthdec_0_11111111 + by contradiction /* cyclic */ qed qed qed @@ -238,11 +243,11 @@ next qed qed next - case outsenckk_0_12111111_case_2 + case eventWrapkk_0_1211111_case_2 solve( Insert( <'key', h>, k ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) case insertatthdec_0_11111111 solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) @@ -250,7 +255,7 @@ next solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 by contradiction /* impossible chain */ qed qed @@ -421,23 +426,23 @@ next case case_1 solve( (last(#j)) ∥ (last(#i)) ) case case_1 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 + solve( State_1111( ) ▶₀ #i ) + case p_1_ solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 + case eventDecUsingksdecck_0_11211111 by contradiction /* from formulas */ next - case outsenckk_0_12111111 + case eventWrapkk_0_1211111 solve( Insert( <'key', h2>, k2 ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) + case newh_0_1111 + solve( (#vr.3, 0) ~~> (#j, 0) ) case Var_fresh_3_n solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 by contradiction /* from formulas */ qed qed @@ -448,23 +453,14 @@ next qed next case case_2 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 + solve( State_1111( ) ▶₀ #i ) + case p_1_ solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 + case eventDecUsingksdecck_0_11211111 by contradiction /* from formulas */ next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - by contradiction /* from formulas */ - qed - qed - qed + case eventWrapkk_0_1211111 + by contradiction /* node #j after last node #i */ qed qed qed @@ -481,7 +477,7 @@ next case case_3 solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.2, x ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -489,7 +485,7 @@ next (#t2 = #t3) ∨ (#t3 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.2, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. (Lock( pp, lpp, x ) @ #t0) ∧ @@ -517,7 +513,7 @@ next next case case_2 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ + (Unlock( pp, ~n.2, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ (∃ pp lpp #t0. (Lock( pp, lpp, x ) @ #t0) ∧ @@ -567,354 +563,339 @@ guarded formula characterizing all counter-examples: simplify by contradiction /* from formulas */ -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( ) ] --> [ State_111( ), State_112( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( ) ] --> [ State_1111( ), State_1112( ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) newh_0_1111[color=#ffffff, process="new h;"]: - [ State_1111( ), Fr( h ) ] --> [ State_11111( h ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newk_0_11111[color=#ffffff, process="new k;"]: - [ State_11111( h ), Fr( k ) ] --> [ State_111111( h, k ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventNewKeyhk_0_111111[color=#ffffff, - process="event NewKey( h, k );"]: - [ State_111111( h, k ) ] --[ NewKey( h, k ) ]-> [ State_1111111( h, k ) ] +rule (modulo E) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h.1 ), Fr( k.1 ) ] + --[ NewKey( h.1, k.1 ) ]-> + [ State_1111111( h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h ), Fr( k ) ] + --[ NewKey( h, k ) ]-> + [ State_1111111( h, k ) ] + */ rule (modulo E) insertkeyhk_0_1111111[color=#ffffff, - process="insert <'key', h>,k;"]: - [ State_1111111( h, k ) ] - --[ Insert( <'key', h>, k ) ]-> - [ State_11111111( h, k ) ] + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h.1, k.1 ) ] + --[ Insert( <'key', h.1>, k.1 ) ]-> + [ State_11111111( h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertkeyhk_0_1111111[color=#ffffff, + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h, k ) ] + --[ Insert( <'key', h>, k ) ]-> + [ State_11111111( h, k ) ] + */ rule (modulo E) insertatthdec_0_11111111[color=#ffffff, - process="insert <'att', h>,'dec';"]: - [ State_11111111( h, k ) ] - --[ Insert( <'att', h>, 'dec' ) ]-> - [ State_111111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outh_0_111111111[color=#ffffff, process="out(h);"]: - [ State_111111111( h, k ) ] --> [ State_1111111111( h, k ), Out( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111[color=#ffffff, process="0"]: - [ State_1111111111( h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inh_0_1112[color=#ffffff, process="in(h);"]: - [ State_1112( ), In( h ) ] --> [ State_11121( h ) ] + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h.1, k.1 ) ] + --[ Insert( <'att', h.1>, 'dec' ) ]-> + [ Out( h.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertatthdec_0_11111111[color=#ffffff, + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h, k ) ] + --[ Insert( <'att', h>, 'dec' ) ]-> + [ Out( h ) ] + */ -rule (modulo E) lockh_0_11121[color=#ffffff, process="lock h;"]: - [ State_11121( h ), Fr( lock ) ] - --[ Lock_0( '0', lock, h ), Lock( '0', lock, h ) ]-> - [ State_111211( h, lock ) ] +rule (modulo E) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h.2 ), Fr( lock ) ] + --[ Lock_0( '0', lock, h.2 ), Lock( '0', lock, h.2 ) ]-> + [ State_111211( lock, h.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h ), Fr( lock ) ] + --[ Lock_0( '0', lock, h ), Lock( '0', lock, h ) ]-> + [ State_111211( lock, h ) ] + */ rule (modulo E) insertatthwrap_0_111211[color=#ffffff, - process="insert <'att', h>,'wrap';"]: - [ State_111211( h, lock ) ] - --[ Insert( <'att', h>, 'wrap' ) ]-> - [ State_1112111( h, lock ) ] - - /* has exactly the trivial AC variant */ + process="insert <'att', h.2>,'wrap';"]: + [ State_111211( lock, h.2 ) ] + --[ Insert( <'att', h.2>, 'wrap' ) ]-> + [ State_1112111( lock, h.2 ) ] -rule (modulo E) unlockh_0_1112111[color=#ffffff, process="unlock h;"]: - [ State_1112111( h, lock ) ] - --[ Unlock_0( '0', lock, h ), Unlock( '0', lock, h ) ]-> - [ State_11121111( h, lock ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertatthwrap_0_111211[color=#ffffff, + process="insert <'att', h.2>,'wrap';"]: + [ State_111211( lock, h ) ] + --[ Insert( <'att', h>, 'wrap' ) ]-> + [ State_1112111( lock, h ) ] + */ -rule (modulo E) p_0_11121111[color=#ffffff, process="0"]: - [ State_11121111( h, lock ) ] --> [ ] +rule (modulo E) unlockh_0_1112111[color=#ffffff, process="unlock h.2;"]: + [ State_1112111( lock, h.2 ) ] + --[ Unlock_0( '0', lock, h.2 ), Unlock( '0', lock, h.2 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockh_0_1112111[color=#ffffff, process="unlock h.2;"]: + [ State_1112111( lock, h ) ] + --[ Unlock_0( '0', lock, h ), Unlock( '0', lock, h ) ]-> + [ ] + */ -rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: - [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] +rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] + */ rule (modulo E) lookupatthasa_0_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_11211( a, c, h ) ] + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] + --[ IsIn( <'att', h.3>, a.1 ) ]-> + [ State_11211( a.1, c.1, h.3 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_11212( c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Eq( a, 'dec' ) ]-> - [ State_112111( a, c, h ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_0_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_11211( a, c, h ) ] + */ -rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Not_Eq( a, 'dec' ) ]-> - [ State_112112( a, c, h ) ] +rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] + --[ Pred_Eq( a.1, 'dec' ) ]-> + [ State_112111( a.1, c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] + --[ Pred_Eq( a, 'dec' ) ]-> + [ State_112111( a, c, h ) ] + */ rule (modulo E) lookupkeyhask_0_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsIn( <'key', h>, k ) ]-> - [ State_1121111( a, c, h, k ) ] + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] + --[ IsIn( <'key', h.3>, k.2 ) ]-> + [ State_1121111( a.1, c.1, k.2, h.3 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsNotSet( <'key', h> ) ]-> - [ State_1121112( a, c, h ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] + --[ IsIn( <'key', h>, k ) ]-> + [ State_1121111( a, c, k, h ) ] + */ rule (modulo E) eventIsTrueencSuccck_0_1121111[color=#ffffff, - process="event IsTrue( encSucc(c, k) );"]: - [ State_1121111( a, c, h, k ) ] - --[ IsTrue( encSucc(c, k) ) ]-> - [ State_11211111( a, c, h, k ) ] + process="event IsTrue( encSucc(c.1, k.2) );"]: + [ State_1121111( a.1, c.1, k.2, h.3 ) ] + --[ IsTrue( encSucc(c.1, k.2) ) ]-> + [ State_11211111( a.1, c.1, k.2, h.3 ) ] /* rule (modulo AC) eventIsTrueencSuccck_0_1121111[color=#ffffff, - process="event IsTrue( encSucc(c, k) );"]: - [ State_1121111( a, c, h, k ) ] + process="event IsTrue( encSucc(c.1, k.2) );"]: + [ State_1121111( a, c, k, h ) ] --[ IsTrue( z ) ]-> - [ State_11211111( a, c, h, k ) ] + [ State_11211111( a, c, k, h ) ] variants (modulo AC) - 1. c = c.6 - k = k.6 - z = encSucc(c.6, k.6) + 1. c = c.9 + k = k.10 + z = encSucc(c.9, k.10) - 2. c = senc(x.6, x.7) - k = x.7 + 2. c = senc(x.9, x.10) + k = x.10 z = true */ rule (modulo E) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, sdec(c, k) ) ]-> - [ State_112111111( a, c, h, k ) ] + process="event DecUsing( k.2, sdec(c.1, k.2) );"]: + [ State_11211111( a.1, c.1, k.2, h.3 ) ] + --[ DecUsing( k.2, sdec(c.1, k.2) ) ]-> + [ Out( sdec(c.1, k.2) ) ] /* rule (modulo AC) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, z ) ]-> - [ State_112111111( a, c, h, k ) ] + process="event DecUsing( k.2, sdec(c.1, k.2) );"]: + [ State_11211111( a, c, k, h ) ] --[ DecUsing( k, z ) ]-> [ Out( z ) ] variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) + 1. c = c.9 + k = k.10 + z = sdec(c.9, k.10) - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 + 2. c = senc(x.9, x.10) + k = x.10 + z = x.9 */ -rule (modulo E) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( sdec(c, k) ) ] +rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] --[ IsNotSet( <'key', h.3> ) ]-> [ ] /* - rule (modulo AC) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( z ) ] - variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) - - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 + rule (modulo AC) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] --[ IsNotSet( <'key', h> ) ]-> [ ] */ -rule (modulo E) p_0_1121111111[color=#ffffff, process="0"]: - [ State_1121111111( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1121112[color=#ffffff, process="0"]: - [ State_1121112( a, c, h ) ] --> [ ] +rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] --[ Pred_Not_Eq( a.1, 'dec' ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] --[ Pred_Not_Eq( a, 'dec' ) ]-> [ ] + */ -rule (modulo E) p_0_112112[color=#ffffff, process="0"]: - [ State_112112( a, c, h ) ] --> [ ] +rule (modulo E) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] --[ IsNotSet( <'att', h.3> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] + */ -rule (modulo E) p_0_11212[color=#ffffff, process="0"]: - [ State_11212( c, h ) ] --> [ ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] + --> + [ State_1111( ), State_1112( ), State_112( ), State_12( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: - [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] +rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] + */ rule (modulo E) lookupatthasa_0_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsIn( <'att', h1>, a1 ) ]-> - [ State_1211( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] + --[ IsIn( <'att', h1.1>, a1.1 ) ]-> + [ State_1211( a1.1, h1.1, h2.1 ) ] -rule (modulo E) lookupatthasa_1_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsNotSet( <'att', h1> ) ]-> - [ State_1212( h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Eq( a1, 'wrap' ) ]-> - [ State_12111( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_0_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] + --[ IsIn( <'att', h1>, a1 ) ]-> + [ State_1211( a1, h1, h2 ) ] + */ -rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Not_Eq( a1, 'wrap' ) ]-> - [ State_12112( a1, h1, h2 ) ] +rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Eq( a1.1, 'wrap' ) ]-> + [ State_12111( a1.1, h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] + --[ Pred_Eq( a1, 'wrap' ) ]-> + [ State_12111( a1, h1, h2 ) ] + */ rule (modulo E) lookupkeyhask_0_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsIn( <'key', h1>, k1 ) ]-> - [ State_121111( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsNotSet( <'key', h1> ) ]-> - [ State_121112( a1, h1, h2 ) ] + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] + --[ IsIn( <'key', h1.1>, k1.1 ) ]-> + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] + --[ IsIn( <'key', h1>, k1 ) ]-> + [ State_121111( a1, h1, h2, k1 ) ] + */ rule (modulo E) lookupkeyhask_0_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsIn( <'key', h2>, k2 ) ]-> - [ State_1211111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsIn( <'key', h2.1>, k2.1 ) ]-> + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] -rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsNotSet( <'key', h2> ) ]-> - [ State_1211112( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] + --[ IsIn( <'key', h2>, k2 ) ]-> + [ State_1211111( a1, h1, h2, k1, k2 ) ] + */ rule (modulo E) eventWrapkk_0_1211111[color=#ffffff, - process="event Wrap( k1, k2 );"]: - [ State_1211111( a1, h1, h2, k1, k2 ) ] - --[ Wrap( k1, k2 ) ]-> - [ State_12111111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsenckk_0_12111111[color=#ffffff, - process="out(senc(k2, k1));"]: - [ State_12111111( a1, h1, h2, k1, k2 ) ] - --> - [ State_121111111( a1, h1, h2, k1, k2 ), Out( senc(k2, k1) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_121111111[color=#ffffff, process="0"]: - [ State_121111111( a1, h1, h2, k1, k2 ) ] --> [ ] + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] + --[ Wrap( k1.1, k2.1 ) ]-> + [ Out( senc(k2.1, k1.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventWrapkk_0_1211111[color=#ffffff, + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1, h1, h2, k1, k2 ) ] + --[ Wrap( k1, k2 ) ]-> + [ Out( senc(k2, k1) ) ] + */ -rule (modulo E) p_0_1211112[color=#ffffff, process="0"]: - [ State_1211112( a1, h1, h2, k1 ) ] --> [ ] +rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsNotSet( <'key', h2.1> ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] --[ IsNotSet( <'key', h2> ) ]-> [ ] + */ -rule (modulo E) p_0_121112[color=#ffffff, process="0"]: - [ State_121112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] --[ IsNotSet( <'key', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] --[ IsNotSet( <'key', h1> ) ]-> [ ] + */ -rule (modulo E) p_0_12112[color=#ffffff, process="0"]: - [ State_12112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Not_Eq( a1.1, 'wrap' ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] --[ Pred_Not_Eq( a1, 'wrap' ) ]-> [ ] + */ -rule (modulo E) p_0_1212[color=#ffffff, process="0"]: - [ State_1212( h1, h2 ) ] --> [ ] +rule (modulo E) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] --[ IsNotSet( <'att', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] --[ IsNotSet( <'att', h1> ) ]-> [ ] + */ restriction set_in: "∀ x y #t3. @@ -962,7 +943,7 @@ restriction locking_0: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -972,11 +953,11 @@ analyzing: examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy analyzed: examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy output: examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy.tmp - processing time: 2.778045421s + processing time: 6.205374228s can_create_key (exists-trace): verified (3 steps) can_obtain_wrapping (exists-trace): verified (11 steps) dec_limits (all-traces): verified (59 steps) - cannot_obtain_key_ind (all-traces): verified (37 steps) + cannot_obtain_key_ind (all-traces): verified (34 steps) cannot_obtain_key (all-traces): verified (2 steps) ------------------------------------------------------------------------------ @@ -987,11 +968,11 @@ summary of summaries: analyzed: examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy output: examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy.tmp - processing time: 2.778045421s + processing time: 6.205374228s can_create_key (exists-trace): verified (3 steps) can_obtain_wrapping (exists-trace): verified (11 steps) dec_limits (all-traces): verified (59 steps) - cannot_obtain_key_ind (all-traces): verified (37 steps) + cannot_obtain_key_ind (all-traces): verified (34 steps) cannot_obtain_key (all-traces): verified (2 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-restrict-variant_analyzed.spthy b/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-restrict-variant_analyzed.spthy index de4dd6dc0..1859d47d5 100644 --- a/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-restrict-variant_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-restrict-variant_analyzed.spthy @@ -2,7 +2,8 @@ theory DecWrapDestr begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,8 +11,12 @@ equations: heuristic: p + + predicate: EncSucc( c, k )<=>∃ m. senc(m, k) = c + + lemma can_create_key: exists-trace "∃ #t h k. NewKey( h, k ) @ #t" /* @@ -19,8 +24,8 @@ guarded formula characterizing all satisfying traces: "∃ #t h k. (NewKey( h, k ) @ #t)" */ simplify -solve( State_111111( h, k ) ▶₀ #t ) - case newk_0_11111 +solve( State_1111( ) ▶₀ #t ) + case p_1_ SOLVED // trace found qed @@ -36,19 +41,19 @@ solve( State_1211111( a1, h1, h2, k1, k2 ) ▶₀ #t ) solve( Insert( <'key', h2>, k2 ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'att', ~n>, 'wrap' ) @ #t2.2 ) case insertatthwrap_0_111211 - solve( State_111211( ~n, lock ) ▶₀ #t2.2 ) - case lockh_0_11121 + solve( State_111211( lock, ~n ) ▶₀ #t2.2 ) + case inh_0_1112 solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 + case insertatthdec_0_11111111 solve( !KU( ~n ) @ #vk.2 ) - case outh_0_111111111 + case insertatthdec_0_11111111 SOLVED // trace found qed qed @@ -152,77 +157,77 @@ next ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)) ) case case_1 - solve( State_11211111( a, c, h, k ) ▶₀ #t1 ) - case ifEncSuccck_0_1121111 - solve( Insert( <'key', h>, k ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) - case insertatthdec_0_11111111 - solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) - case insertkeyhk_0_1111111 - solve( !KU( senc(m, ~n) ) @ #vk.2 ) - case c_senc - by contradiction /* from formulas */ - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111_case_1 - solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 - solve( Insert( <'key', h2>, m ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, m ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_111111 - solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.1 ) - qed - qed - qed - qed - qed - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, m ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, m ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_111111 - solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.22 < #t2.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.1 ) - next - case case_3 - solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.3 ) - case insertatthwrap_0_111211 - solve( State_111211( ~n.2, lock ) ▶₀ #t2.3 ) - case lockh_0_11121 - solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) - case eventNewKeyhk_0_111111 - by solve( (#vr.27, 0) ~~> (#vk.1, 0) ) + solve( State_1121111( a, senc(m, k), k, h ) ▶₀ #t1 ) + case lookupkeyhask_0_112111 + solve( !KU( senc(m, k) ) @ #vk.2 ) + case c_senc + solve( Insert( <'key', h>, k ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h, k ) ▶₀ #t2 ) + case newh_0_1111 + by contradiction /* from formulas */ + qed + qed + next + case eventWrapkk_0_1211111_case_1 + solve( Insert( <'key', h>, k ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h, k ) ▶₀ #t2 ) + case newh_0_1111 + solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) + case insertatthdec_0_11111111 + solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) + case insertkeyhk_0_1111111 + solve( Insert( <'key', h2>, m ) @ #t2.2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, m ) ▶₀ #t2.2 ) + case newh_0_1111 + solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) + case newh_0_1111 + solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.10 < #t2.1) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.1 ) + next + case case_3 + solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.3 ) + case insertatthwrap_0_111211 + solve( State_111211( lock, ~n.2 ) ▶₀ #t2.3 ) + case inh_0_1112 + solve( !KU( ~n.2 ) @ #vk.2 ) + case eventWrapkk_0_1211111 + solve( !KU( ~n.3 ) @ #vk.4 ) + case eventWrapkk_0_1211111 + solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) + case newh_0_1111 + by solve( (#vr.20, 0) ~~> (#vk.1, 0) ) + qed + qed + next + case ifEncSuccck_0_1121111 + by contradiction /* from formulas */ + next + case insertatthdec_0_11111111 + solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) + case newh_0_1111 + by solve( (#vr.20, 0) ~~> (#vk.1, 0) ) + qed qed qed + next + case ifEncSuccck_0_1121111 + by contradiction /* from formulas */ + next + case insertatthdec_0_11111111 + by contradiction /* cyclic */ qed qed qed @@ -231,34 +236,34 @@ next qed qed qed - next - case outsenckk_0_12111111_case_2 - solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 - solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - by contradiction /* impossible chain */ - qed - qed - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 - by contradiction /* impossible chain */ - qed + qed + qed + qed + qed + next + case eventWrapkk_0_1211111_case_2 + solve( Insert( <'key', h>, k ) @ #t2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h, k ) ▶₀ #t2 ) + case newh_0_1111 + solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) + case insertatthdec_0_11111111 + solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) + case insertkeyhk_0_1111111 + solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) + case insertkeyhk_0_1111111 + solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) + case newh_0_1111 + by contradiction /* impossible chain */ qed qed qed qed qed qed + next + case ifEncSuccck_0_1121111 + by contradiction /* from formulas */ qed qed next @@ -429,50 +434,41 @@ next case case_1 solve( (last(#j)) ∥ (last(#i)) ) case case_1 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 + solve( State_1111( ) ▶₀ #i ) + case p_1_ solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 + case eventWrapkk_0_1211111 solve( Insert( <'key', h2>, k2 ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) + case newh_0_1111 + solve( (#vr.3, 0) ~~> (#j, 0) ) case Var_fresh_3_n solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 by contradiction /* from formulas */ qed qed qed qed qed + next + case ifEncSuccck_0_1121111 + by contradiction /* from formulas */ qed qed next case case_2 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 + solve( State_1111( ) ▶₀ #i ) + case p_1_ solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 - by contradiction /* from formulas */ + case eventWrapkk_0_1211111 + by contradiction /* node #j after last node #i */ next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - by contradiction /* from formulas */ - qed - qed - qed + case ifEncSuccck_0_1121111 + by contradiction /* from formulas */ qed qed qed @@ -492,7 +488,7 @@ next case case_4 solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.2, x ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -500,7 +496,7 @@ next (#t2 = #t3) ∨ (#t3 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.2, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. (Lock( pp, lpp, x ) @ #t0) ∧ @@ -528,7 +524,7 @@ next next case case_2 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ + (Unlock( pp, ~n.2, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ (∃ pp lpp #t0. (Lock( pp, lpp, x ) @ #t0) ∧ @@ -578,160 +574,140 @@ guarded formula characterizing all counter-examples: simplify by contradiction /* from formulas */ -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( ) ] --> [ State_111( ), State_112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( ) ] --> [ State_1111( ), State_1112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newh_0_1111[color=#ffffff, process="new h;"]: - [ State_1111( ), Fr( h ) ] --> [ State_11111( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_11111[color=#ffffff, process="new k;"]: - [ State_11111( h ), Fr( k ) ] --> [ State_111111( h, k ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventNewKeyhk_0_111111[color=#ffffff, - process="event NewKey( h, k );"]: - [ State_111111( h, k ) ] --[ NewKey( h, k ) ]-> [ State_1111111( h, k ) ] +rule (modulo E) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h.1 ), Fr( k.1 ) ] + --[ NewKey( h.1, k.1 ) ]-> + [ State_1111111( h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h ), Fr( k ) ] + --[ NewKey( h, k ) ]-> + [ State_1111111( h, k ) ] + */ rule (modulo E) insertkeyhk_0_1111111[color=#ffffff, - process="insert <'key', h>,k;"]: - [ State_1111111( h, k ) ] - --[ Insert( <'key', h>, k ) ]-> - [ State_11111111( h, k ) ] + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h.1, k.1 ) ] + --[ Insert( <'key', h.1>, k.1 ) ]-> + [ State_11111111( h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertkeyhk_0_1111111[color=#ffffff, + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h, k ) ] + --[ Insert( <'key', h>, k ) ]-> + [ State_11111111( h, k ) ] + */ rule (modulo E) insertatthdec_0_11111111[color=#ffffff, - process="insert <'att', h>,'dec';"]: - [ State_11111111( h, k ) ] - --[ Insert( <'att', h>, 'dec' ) ]-> - [ State_111111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outh_0_111111111[color=#ffffff, process="out(h);"]: - [ State_111111111( h, k ) ] --> [ State_1111111111( h, k ), Out( h ) ] - - /* has exactly the trivial AC variant */ + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h.1, k.1 ) ] + --[ Insert( <'att', h.1>, 'dec' ) ]-> + [ Out( h.1 ) ] -rule (modulo E) p_0_1111111111[color=#ffffff, process="0"]: - [ State_1111111111( h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inh_0_1112[color=#ffffff, process="in(h);"]: - [ State_1112( ), In( h ) ] --> [ State_11121( h ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertatthdec_0_11111111[color=#ffffff, + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h, k ) ] + --[ Insert( <'att', h>, 'dec' ) ]-> + [ Out( h ) ] + */ -rule (modulo E) lockh_0_11121[color=#ffffff, process="lock h;"]: - [ State_11121( h ), Fr( lock ) ] - --[ Lock_0( '0', lock, h ), Lock( '0', lock, h ) ]-> - [ State_111211( h, lock ) ] +rule (modulo E) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h.2 ), Fr( lock ) ] + --[ Lock_0( '0', lock, h.2 ), Lock( '0', lock, h.2 ) ]-> + [ State_111211( lock, h.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h ), Fr( lock ) ] + --[ Lock_0( '0', lock, h ), Lock( '0', lock, h ) ]-> + [ State_111211( lock, h ) ] + */ rule (modulo E) insertatthwrap_0_111211[color=#ffffff, - process="insert <'att', h>,'wrap';"]: - [ State_111211( h, lock ) ] - --[ Insert( <'att', h>, 'wrap' ) ]-> - [ State_1112111( h, lock ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockh_0_1112111[color=#ffffff, process="unlock h;"]: - [ State_1112111( h, lock ) ] - --[ Unlock_0( '0', lock, h ), Unlock( '0', lock, h ) ]-> - [ State_11121111( h, lock ) ] + process="insert <'att', h.2>,'wrap';"]: + [ State_111211( lock, h.2 ) ] + --[ Insert( <'att', h.2>, 'wrap' ) ]-> + [ State_1112111( lock, h.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertatthwrap_0_111211[color=#ffffff, + process="insert <'att', h.2>,'wrap';"]: + [ State_111211( lock, h ) ] + --[ Insert( <'att', h>, 'wrap' ) ]-> + [ State_1112111( lock, h ) ] + */ -rule (modulo E) p_0_11121111[color=#ffffff, process="0"]: - [ State_11121111( h, lock ) ] --> [ ] +rule (modulo E) unlockh_0_1112111[color=#ffffff, process="unlock h.2;"]: + [ State_1112111( lock, h.2 ) ] + --[ Unlock_0( '0', lock, h.2 ), Unlock( '0', lock, h.2 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockh_0_1112111[color=#ffffff, process="unlock h.2;"]: + [ State_1112111( lock, h ) ] + --[ Unlock_0( '0', lock, h ), Unlock( '0', lock, h ) ]-> + [ ] + */ -rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: - [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] +rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] + */ rule (modulo E) lookupatthasa_0_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_11211( a, c, h ) ] + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] + --[ IsIn( <'att', h.3>, a.1 ) ]-> + [ State_11211( a.1, c.1, h.3 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_11212( c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Eq( a, 'dec' ) ]-> - [ State_112111( a, c, h ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_0_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_11211( a, c, h ) ] + */ -rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Not_Eq( a, 'dec' ) ]-> - [ State_112112( a, c, h ) ] +rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] + --[ Pred_Eq( a.1, 'dec' ) ]-> + [ State_112111( a.1, c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] + --[ Pred_Eq( a, 'dec' ) ]-> + [ State_112111( a, c, h ) ] + */ rule (modulo E) lookupkeyhask_0_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsIn( <'key', h>, k ) ]-> - [ State_1121111( a, c, h, k ) ] + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] + --[ IsIn( <'key', h.3>, k.2 ) ]-> + [ State_1121111( a.1, c.1, k.2, h.3 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsNotSet( <'key', h> ) ]-> - [ State_1121112( a, c, h ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] + --[ IsIn( <'key', h>, k ) ]-> + [ State_1121111( a, c, k, h ) ] + */ restriction Restr_ifEncSuccck_0_1121111_1: "∀ x #NOW x.1. @@ -739,203 +715,182 @@ restriction Restr_ifEncSuccck_0_1121111_1: (∃ m. senc(m, x) = x.1)" rule (modulo E) ifEncSuccck_0_1121111[color=#ffffff, - process="if EncSucc( c, k )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifEncSuccck_0_1121111_1( k, c ) ]-> - [ State_11211111( a, c, h, k ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifEncSuccck_1_1121111_1: - "∀ x #NOW x.1. - (Restr_ifEncSuccck_1_1121111_1( x, x.1 ) @ #NOW) ⇒ - (¬(∃ m. senc(m, x) = x.1))" - // safety formula - -rule (modulo E) ifEncSuccck_1_1121111[color=#ffffff, - process="if EncSucc( c, k )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifEncSuccck_1_1121111_1( k, c ) ]-> - [ State_11211112( a, c, h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, sdec(c, k) ) ]-> - [ State_112111111( a, c, h, k ) ] + process="if EncSucc( c.1, k.2 )"]: + [ State_1121111( a.1, c.1, k.2, h.3 ) ] + --[ + DecUsing( k.2, sdec(c.1, k.2) ), + Restr_ifEncSuccck_0_1121111_1( k.2, c.1 ) + ]-> + [ Out( sdec(c.1, k.2) ) ] /* - rule (modulo AC) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, z ) ]-> - [ State_112111111( a, c, h, k ) ] + rule (modulo AC) ifEncSuccck_0_1121111[color=#ffffff, + process="if EncSucc( c.1, k.2 )"]: + [ State_1121111( a, c, k, h ) ] + --[ DecUsing( k, z ), Restr_ifEncSuccck_0_1121111_1( k, c ) ]-> + [ Out( z ) ] variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) + 1. c = c.9 + k = k.10 + z = sdec(c.9, k.10) - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 + 2. c = senc(x.9, x.10) + k = x.10 + z = x.9 */ -rule (modulo E) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( sdec(c, k) ) ] +rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] --[ IsNotSet( <'key', h.3> ) ]-> [ ] /* - rule (modulo AC) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( z ) ] - variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) - - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 + rule (modulo AC) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] --[ IsNotSet( <'key', h> ) ]-> [ ] */ -rule (modulo E) p_0_1121111111[color=#ffffff, process="0"]: - [ State_1121111111( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ +rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] --[ Pred_Not_Eq( a.1, 'dec' ) ]-> [ ] -rule (modulo E) p_0_11211112[color=#ffffff, process="0"]: - [ State_11211112( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1121112[color=#ffffff, process="0"]: - [ State_1121112( a, c, h ) ] --> [ ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] --[ Pred_Not_Eq( a, 'dec' ) ]-> [ ] + */ -rule (modulo E) p_0_112112[color=#ffffff, process="0"]: - [ State_112112( a, c, h ) ] --> [ ] +rule (modulo E) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] --[ IsNotSet( <'att', h.3> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] + */ -rule (modulo E) p_0_11212[color=#ffffff, process="0"]: - [ State_11212( c, h ) ] --> [ ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] + --> + [ State_1111( ), State_1112( ), State_112( ), State_12( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: - [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] +rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] + */ rule (modulo E) lookupatthasa_0_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsIn( <'att', h1>, a1 ) ]-> - [ State_1211( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] + --[ IsIn( <'att', h1.1>, a1.1 ) ]-> + [ State_1211( a1.1, h1.1, h2.1 ) ] -rule (modulo E) lookupatthasa_1_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsNotSet( <'att', h1> ) ]-> - [ State_1212( h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Eq( a1, 'wrap' ) ]-> - [ State_12111( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_0_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] + --[ IsIn( <'att', h1>, a1 ) ]-> + [ State_1211( a1, h1, h2 ) ] + */ -rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Not_Eq( a1, 'wrap' ) ]-> - [ State_12112( a1, h1, h2 ) ] +rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Eq( a1.1, 'wrap' ) ]-> + [ State_12111( a1.1, h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] + --[ Pred_Eq( a1, 'wrap' ) ]-> + [ State_12111( a1, h1, h2 ) ] + */ rule (modulo E) lookupkeyhask_0_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsIn( <'key', h1>, k1 ) ]-> - [ State_121111( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] + --[ IsIn( <'key', h1.1>, k1.1 ) ]-> + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] -rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsNotSet( <'key', h1> ) ]-> - [ State_121112( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] + --[ IsIn( <'key', h1>, k1 ) ]-> + [ State_121111( a1, h1, h2, k1 ) ] + */ rule (modulo E) lookupkeyhask_0_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsIn( <'key', h2>, k2 ) ]-> - [ State_1211111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsNotSet( <'key', h2> ) ]-> - [ State_1211112( a1, h1, h2, k1 ) ] + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsIn( <'key', h2.1>, k2.1 ) ]-> + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] + --[ IsIn( <'key', h2>, k2 ) ]-> + [ State_1211111( a1, h1, h2, k1, k2 ) ] + */ rule (modulo E) eventWrapkk_0_1211111[color=#ffffff, - process="event Wrap( k1, k2 );"]: - [ State_1211111( a1, h1, h2, k1, k2 ) ] - --[ Wrap( k1, k2 ) ]-> - [ State_12111111( a1, h1, h2, k1, k2 ) ] + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] + --[ Wrap( k1.1, k2.1 ) ]-> + [ Out( senc(k2.1, k1.1) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) outsenckk_0_12111111[color=#ffffff, - process="out(senc(k2, k1));"]: - [ State_12111111( a1, h1, h2, k1, k2 ) ] - --> - [ State_121111111( a1, h1, h2, k1, k2 ), Out( senc(k2, k1) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_121111111[color=#ffffff, process="0"]: - [ State_121111111( a1, h1, h2, k1, k2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventWrapkk_0_1211111[color=#ffffff, + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1, h1, h2, k1, k2 ) ] + --[ Wrap( k1, k2 ) ]-> + [ Out( senc(k2, k1) ) ] + */ -rule (modulo E) p_0_1211112[color=#ffffff, process="0"]: - [ State_1211112( a1, h1, h2, k1 ) ] --> [ ] +rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsNotSet( <'key', h2.1> ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] --[ IsNotSet( <'key', h2> ) ]-> [ ] + */ -rule (modulo E) p_0_121112[color=#ffffff, process="0"]: - [ State_121112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] --[ IsNotSet( <'key', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] --[ IsNotSet( <'key', h1> ) ]-> [ ] + */ -rule (modulo E) p_0_12112[color=#ffffff, process="0"]: - [ State_12112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Not_Eq( a1.1, 'wrap' ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] --[ Pred_Not_Eq( a1, 'wrap' ) ]-> [ ] + */ -rule (modulo E) p_0_1212[color=#ffffff, process="0"]: - [ State_1212( h1, h2 ) ] --> [ ] +rule (modulo E) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] --[ IsNotSet( <'att', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] --[ IsNotSet( <'att', h1> ) ]-> [ ] + */ restriction set_in: "∀ x y #t3. @@ -983,7 +938,7 @@ restriction locking_0: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -993,11 +948,11 @@ analyzing: examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant analyzed: examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant.spthy output: examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant.spthy.tmp - processing time: 3.362289948s + processing time: 5.75865197s can_create_key (exists-trace): verified (3 steps) can_obtain_wrapping (exists-trace): verified (11 steps) dec_limits (all-traces): verified (60 steps) - cannot_obtain_key_ind (all-traces): verified (38 steps) + cannot_obtain_key_ind (all-traces): verified (35 steps) cannot_obtain_key (all-traces): verified (2 steps) ------------------------------------------------------------------------------ @@ -1008,11 +963,11 @@ summary of summaries: analyzed: examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant.spthy output: examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant.spthy.tmp - processing time: 3.362289948s + processing time: 5.75865197s can_create_key (exists-trace): verified (3 steps) can_obtain_wrapping (exists-trace): verified (11 steps) dec_limits (all-traces): verified (60 steps) - cannot_obtain_key_ind (all-traces): verified (38 steps) + cannot_obtain_key_ind (all-traces): verified (35 steps) cannot_obtain_key (all-traces): verified (2 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-restrict_analyzed.spthy b/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-restrict_analyzed.spthy index 01a0c1e9a..f01f736dc 100644 --- a/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-restrict_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-predicates/decwrap-destr-restrict_analyzed.spthy @@ -2,7 +2,8 @@ theory DecWrapDestr begin // Function signature and definition of the equational theory E -functions: encSucc/2, fst/1, pair/2, sdec/2, senc/2, snd/1, true/0 +functions: encSucc/2, fst/1[destructor], pair/2, sdec/2[destructor], + senc/2, snd/1[destructor], true/0 equations: encSucc(senc(x, y), y) = true, fst() = x.1, @@ -11,8 +12,12 @@ equations: heuristic: p + + predicate: IsTrue( x )<=>x = true + + lemma can_create_key: exists-trace "∃ #t h k. NewKey( h, k ) @ #t" /* @@ -20,8 +25,8 @@ guarded formula characterizing all satisfying traces: "∃ #t h k. (NewKey( h, k ) @ #t)" */ simplify -solve( State_111111( h, k ) ▶₀ #t ) - case newk_0_11111 +solve( State_1111( ) ▶₀ #t ) + case p_1_ SOLVED // trace found qed @@ -37,19 +42,19 @@ solve( State_1211111( a1, h1, h2, k1, k2 ) ▶₀ #t ) solve( Insert( <'key', h2>, k2 ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'att', ~n>, 'wrap' ) @ #t2.2 ) case insertatthwrap_0_111211 - solve( State_111211( ~n, lock ) ▶₀ #t2.2 ) - case lockh_0_11121 + solve( State_111211( lock, ~n ) ▶₀ #t2.2 ) + case inh_0_1112 solve( !KU( ~n.1 ) @ #vk.2 ) - case outh_0_111111111 + case insertatthdec_0_11111111 solve( !KU( ~n ) @ #vk.2 ) - case outh_0_111111111 + case insertatthdec_0_11111111 SOLVED // trace found qed qed @@ -149,26 +154,23 @@ next ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)) ) case case_1 - solve( State_11211111( a, c, h, k ) ▶₀ #t1 ) - case ifIsTrueencSuccck_0_1121111 + solve( State_1121111( a, senc(m, k), k, h ) ▶₀ #t1 ) + case lookupkeyhask_0_112111 solve( !KU( senc(m, k) ) @ #vk.2 ) case c_senc solve( Insert( <'key', h>, k ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 by contradiction /* from formulas */ qed qed next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111_case_1 + case eventWrapkk_0_1211111_case_1 solve( Insert( <'key', h>, k ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) case insertatthdec_0_11111111 solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) @@ -176,12 +178,12 @@ next solve( Insert( <'key', h2>, m ) @ #t2.2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, m ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'key', h1>, ~n.1 ) @ #t2.3 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, ~n.1 ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_111111 - solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.15 < #t2.1) ) + case newh_0_1111 + solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ∥ (#vr.10 < #t2.1) ) case case_1 by contradiction /* from formulas */ next @@ -191,38 +193,38 @@ next case case_3 solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.3 ) case insertatthwrap_0_111211 - solve( State_111211( ~n.2, lock ) ▶₀ #t2.3 ) - case lockh_0_11121 + solve( State_111211( lock, ~n.2 ) ▶₀ #t2.3 ) + case inh_0_1112 solve( !KU( ~n.2 ) @ #vk.2 ) - case outh_0_111111111 - by contradiction /* cyclic */ - next - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 + case eventWrapkk_0_1211111 solve( !KU( ~n.3 ) @ #vk.4 ) - case outh_0_111111111 + case eventWrapkk_0_1211111 solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) - case eventNewKeyhk_0_111111 - by solve( (#vr.40, 0) ~~> (#vk.1, 0) ) + case newh_0_1111 + by solve( (#vr.20, 0) ~~> (#vk.1, 0) ) qed qed next - case outsdecck_0_112111111 + case ifIsTrueencSuccck_0_1121111 by contradiction /* from formulas */ next - case outsenckk_0_12111111 + case insertatthdec_0_11111111 solve( Insert( <'key', h2>, k2 ) @ #t2.4 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2.4 ) - case eventNewKeyhk_0_111111 - by solve( (#vr.40, 0) ~~> (#vk.1, 0) ) + case newh_0_1111 + by solve( (#vr.20, 0) ~~> (#vk.1, 0) ) qed qed qed + next + case ifIsTrueencSuccck_0_1121111 + by contradiction /* from formulas */ + next + case insertatthdec_0_11111111 + by contradiction /* cyclic */ qed qed qed @@ -236,11 +238,11 @@ next qed qed next - case outsenckk_0_12111111_case_2 + case eventWrapkk_0_1211111_case_2 solve( Insert( <'key', h>, k ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 solve( Insert( <'att', ~n.1>, 'dec' ) @ #t2.1 ) case insertatthdec_0_11111111 solve( State_11111111( ~n.1, k ) ▶₀ #t2.1 ) @@ -248,7 +250,7 @@ next solve( Insert( <'key', h2>, k2 ) @ #t2.2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2.2 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 by contradiction /* impossible chain */ qed qed @@ -256,6 +258,9 @@ next qed qed qed + next + case ifIsTrueencSuccck_0_1121111 + by contradiction /* from formulas */ qed qed next @@ -419,50 +424,41 @@ next case case_1 solve( (last(#j)) ∥ (last(#i)) ) case case_1 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 + solve( State_1111( ) ▶₀ #i ) + case p_1_ solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 - by contradiction /* from formulas */ - next - case outsenckk_0_12111111 + case eventWrapkk_0_1211111 solve( Insert( <'key', h2>, k2 ) @ #t2 ) case insertkeyhk_0_1111111 solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) + case newh_0_1111 + solve( (#vr.3, 0) ~~> (#j, 0) ) case Var_fresh_3_n solve( Insert( <'key', h1>, k1 ) @ #t2.1 ) case insertkeyhk_0_1111111 solve( State_1111111( h1, k1 ) ▶₀ #t2.1 ) - case eventNewKeyhk_0_111111 + case newh_0_1111 by contradiction /* from formulas */ qed qed qed qed qed + next + case ifIsTrueencSuccck_0_1121111 + by contradiction /* from formulas */ qed qed next case case_2 - solve( State_111111( h, k ) ▶₀ #i ) - case newk_0_11111 + solve( State_1111( ) ▶₀ #i ) + case p_1_ solve( !KU( ~n.1 ) @ #j ) - case outsdecck_0_112111111 - by contradiction /* from formulas */ + case eventWrapkk_0_1211111 + by contradiction /* node #j after last node #i */ next - case outsenckk_0_12111111 - solve( Insert( <'key', h2>, k2 ) @ #t2 ) - case insertkeyhk_0_1111111 - solve( State_1111111( h2, k2 ) ▶₀ #t2 ) - case eventNewKeyhk_0_111111 - solve( (#vr.9, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - by contradiction /* from formulas */ - qed - qed - qed + case ifIsTrueencSuccck_0_1121111 + by contradiction /* from formulas */ qed qed qed @@ -479,7 +475,7 @@ next case case_3 solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.2, x ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -487,7 +483,7 @@ next (#t2 = #t3) ∨ (#t3 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.2, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. (Lock( pp, lpp, x ) @ #t0) ∧ @@ -515,7 +511,7 @@ next next case case_2 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ + (Unlock( pp, ~n.2, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ (∃ pp lpp #t0. (Lock( pp, lpp, x ) @ #t0) ∧ @@ -565,160 +561,144 @@ guarded formula characterizing all counter-examples: simplify by contradiction /* from formulas */ -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( ) ] --> [ State_111( ), State_112( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( ) ] --> [ State_1111( ), State_1112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newh_0_1111[color=#ffffff, process="new h;"]: - [ State_1111( ), Fr( h ) ] --> [ State_11111( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_11111[color=#ffffff, process="new k;"]: - [ State_11111( h ), Fr( k ) ] --> [ State_111111( h, k ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventNewKeyhk_0_111111[color=#ffffff, - process="event NewKey( h, k );"]: - [ State_111111( h, k ) ] --[ NewKey( h, k ) ]-> [ State_1111111( h, k ) ] +rule (modulo E) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h.1 ), Fr( k.1 ) ] + --[ NewKey( h.1, k.1 ) ]-> + [ State_1111111( h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newh_0_1111[color=#ffffff, process="new h.1;"]: + [ State_1111( ), Fr( h ), Fr( k ) ] + --[ NewKey( h, k ) ]-> + [ State_1111111( h, k ) ] + */ rule (modulo E) insertkeyhk_0_1111111[color=#ffffff, - process="insert <'key', h>,k;"]: - [ State_1111111( h, k ) ] - --[ Insert( <'key', h>, k ) ]-> - [ State_11111111( h, k ) ] + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h.1, k.1 ) ] + --[ Insert( <'key', h.1>, k.1 ) ]-> + [ State_11111111( h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertkeyhk_0_1111111[color=#ffffff, + process="insert <'key', h.1>,k.1;"]: + [ State_1111111( h, k ) ] + --[ Insert( <'key', h>, k ) ]-> + [ State_11111111( h, k ) ] + */ rule (modulo E) insertatthdec_0_11111111[color=#ffffff, - process="insert <'att', h>,'dec';"]: - [ State_11111111( h, k ) ] - --[ Insert( <'att', h>, 'dec' ) ]-> - [ State_111111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outh_0_111111111[color=#ffffff, process="out(h);"]: - [ State_111111111( h, k ) ] --> [ State_1111111111( h, k ), Out( h ) ] + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h.1, k.1 ) ] + --[ Insert( <'att', h.1>, 'dec' ) ]-> + [ Out( h.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111[color=#ffffff, process="0"]: - [ State_1111111111( h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inh_0_1112[color=#ffffff, process="in(h);"]: - [ State_1112( ), In( h ) ] --> [ State_11121( h ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertatthdec_0_11111111[color=#ffffff, + process="insert <'att', h.1>,'dec';"]: + [ State_11111111( h, k ) ] + --[ Insert( <'att', h>, 'dec' ) ]-> + [ Out( h ) ] + */ -rule (modulo E) lockh_0_11121[color=#ffffff, process="lock h;"]: - [ State_11121( h ), Fr( lock ) ] - --[ Lock_0( '0', lock, h ), Lock( '0', lock, h ) ]-> - [ State_111211( h, lock ) ] +rule (modulo E) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h.2 ), Fr( lock ) ] + --[ Lock_0( '0', lock, h.2 ), Lock( '0', lock, h.2 ) ]-> + [ State_111211( lock, h.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inh_0_1112[color=#ffffff, process="in(h.2);"]: + [ State_1112( ), In( h ), Fr( lock ) ] + --[ Lock_0( '0', lock, h ), Lock( '0', lock, h ) ]-> + [ State_111211( lock, h ) ] + */ rule (modulo E) insertatthwrap_0_111211[color=#ffffff, - process="insert <'att', h>,'wrap';"]: - [ State_111211( h, lock ) ] - --[ Insert( <'att', h>, 'wrap' ) ]-> - [ State_1112111( h, lock ) ] + process="insert <'att', h.2>,'wrap';"]: + [ State_111211( lock, h.2 ) ] + --[ Insert( <'att', h.2>, 'wrap' ) ]-> + [ State_1112111( lock, h.2 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockh_0_1112111[color=#ffffff, process="unlock h;"]: - [ State_1112111( h, lock ) ] - --[ Unlock_0( '0', lock, h ), Unlock( '0', lock, h ) ]-> - [ State_11121111( h, lock ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertatthwrap_0_111211[color=#ffffff, + process="insert <'att', h.2>,'wrap';"]: + [ State_111211( lock, h ) ] + --[ Insert( <'att', h>, 'wrap' ) ]-> + [ State_1112111( lock, h ) ] + */ -rule (modulo E) p_0_11121111[color=#ffffff, process="0"]: - [ State_11121111( h, lock ) ] --> [ ] +rule (modulo E) unlockh_0_1112111[color=#ffffff, process="unlock h.2;"]: + [ State_1112111( lock, h.2 ) ] + --[ Unlock_0( '0', lock, h.2 ), Unlock( '0', lock, h.2 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockh_0_1112111[color=#ffffff, process="unlock h.2;"]: + [ State_1112111( lock, h ) ] + --[ Unlock_0( '0', lock, h ), Unlock( '0', lock, h ) ]-> + [ ] + */ -rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: - [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] +rule (modulo E) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhc_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( c, h ) ] + */ rule (modulo E) lookupatthasa_0_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_11211( a, c, h ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] + --[ IsIn( <'att', h.3>, a.1 ) ]-> + [ State_11211( a.1, c.1, h.3 ) ] -rule (modulo E) lookupatthasa_1_1121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1121( c, h ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_11212( c, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Eq( a, 'dec' ) ]-> - [ State_112111( a, c, h ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_0_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_11211( a, c, h ) ] + */ -rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a='dec'"]: - [ State_11211( a, c, h ) ] - --[ Pred_Not_Eq( a, 'dec' ) ]-> - [ State_112112( a, c, h ) ] +rule (modulo E) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] + --[ Pred_Eq( a.1, 'dec' ) ]-> + [ State_112111( a.1, c.1, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifadec_0_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] + --[ Pred_Eq( a, 'dec' ) ]-> + [ State_112111( a, c, h ) ] + */ rule (modulo E) lookupkeyhask_0_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsIn( <'key', h>, k ) ]-> - [ State_1121111( a, c, h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_112111( a, c, h ) ] - --[ IsNotSet( <'key', h> ) ]-> - [ State_1121112( a, c, h ) ] + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] + --[ IsIn( <'key', h.3>, k.2 ) ]-> + [ State_1121111( a.1, c.1, k.2, h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] + --[ IsIn( <'key', h>, k ) ]-> + [ State_1121111( a, c, k, h ) ] + */ restriction Restr_ifIsTrueencSuccck_0_1121111_1: "∀ x #NOW. @@ -726,230 +706,184 @@ restriction Restr_ifIsTrueencSuccck_0_1121111_1: // safety formula rule (modulo E) ifIsTrueencSuccck_0_1121111[color=#ffffff, - process="if IsTrue( encSucc(c, k) )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifIsTrueencSuccck_0_1121111_1( encSucc(c, k) ) ]-> - [ State_11211111( a, c, h, k ) ] + process="if IsTrue( encSucc(c.1, k.2) )"]: + [ State_1121111( a.1, c.1, k.2, h.3 ) ] + --[ + DecUsing( k.2, sdec(c.1, k.2) ), + Restr_ifIsTrueencSuccck_0_1121111_1( encSucc(c.1, k.2) ) + ]-> + [ Out( sdec(c.1, k.2) ) ] /* rule (modulo AC) ifIsTrueencSuccck_0_1121111[color=#ffffff, - process="if IsTrue( encSucc(c, k) )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifIsTrueencSuccck_0_1121111_1( z ) ]-> - [ State_11211111( a, c, h, k ) ] + process="if IsTrue( encSucc(c.1, k.2) )"]: + [ State_1121111( a, c, k, h ) ] + --[ DecUsing( k, z ), Restr_ifIsTrueencSuccck_0_1121111_1( z.1 ) ]-> + [ Out( z ) ] variants (modulo AC) - 1. c = c.6 - k = k.6 - z = encSucc(c.6, k.6) + 1. c = c.10 + k = k.11 + z = sdec(c.10, k.11) + z.1 = encSucc(c.10, k.11) - 2. c = senc(x.6, x.7) - k = x.7 - z = true + 2. c = senc(x.10, x.11) + k = x.11 + z = x.10 + z.1 = true */ -restriction Restr_ifIsTrueencSuccck_1_1121111_1: - "∀ x #NOW. - (Restr_ifIsTrueencSuccck_1_1121111_1( x ) @ #NOW) ⇒ (¬(x = true))" - // safety formula - -rule (modulo E) ifIsTrueencSuccck_1_1121111[color=#ffffff, - process="if IsTrue( encSucc(c, k) )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifIsTrueencSuccck_1_1121111_1( encSucc(c, k) ) ]-> - [ State_11211112( a, c, h, k ) ] +rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a.1, c.1, h.3 ) ] --[ IsNotSet( <'key', h.3> ) ]-> [ ] /* - rule (modulo AC) ifIsTrueencSuccck_1_1121111[color=#ffffff, - process="if IsTrue( encSucc(c, k) )"]: - [ State_1121111( a, c, h, k ) ] - --[ Restr_ifIsTrueencSuccck_1_1121111_1( z ) ]-> - [ State_11211112( a, c, h, k ) ] - variants (modulo AC) - 1. c = c.6 - k = k.6 - z = encSucc(c.6, k.6) - - 2. c = senc(x.6, x.7) - k = x.7 - z = true + rule (modulo AC) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h.3> as k.2"]: + [ State_112111( a, c, h ) ] --[ IsNotSet( <'key', h> ) ]-> [ ] */ -rule (modulo E) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, sdec(c, k) ) ]-> - [ State_112111111( a, c, h, k ) ] +rule (modulo E) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a.1, c.1, h.3 ) ] --[ Pred_Not_Eq( a.1, 'dec' ) ]-> [ ] /* - rule (modulo AC) eventDecUsingksdecck_0_11211111[color=#ffffff, - process="event DecUsing( k, sdec(c, k) );"]: - [ State_11211111( a, c, h, k ) ] - --[ DecUsing( k, z ) ]-> - [ State_112111111( a, c, h, k ) ] - variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) - - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 + rule (modulo AC) ifadec_1_11211[color=#ffffff, process="if a.1='dec'"]: + [ State_11211( a, c, h ) ] --[ Pred_Not_Eq( a, 'dec' ) ]-> [ ] */ -rule (modulo E) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( sdec(c, k) ) ] +rule (modulo E) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c.1, h.3 ) ] --[ IsNotSet( <'att', h.3> ) ]-> [ ] /* - rule (modulo AC) outsdecck_0_112111111[color=#ffffff, - process="out(sdec(c, k));"]: - [ State_112111111( a, c, h, k ) ] - --> - [ State_1121111111( a, c, h, k ), Out( z ) ] - variants (modulo AC) - 1. c = c.6 - k = k.6 - z = sdec(c.6, k.6) - - 2. c = senc(x.6, x.7) - k = x.7 - z = x.6 + rule (modulo AC) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h.3> as a.1"]: + [ State_1121( c, h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] */ -rule (modulo E) p_0_1121111111[color=#ffffff, process="0"]: - [ State_1121111111( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11211112[color=#ffffff, process="0"]: - [ State_11211112( a, c, h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1121112[color=#ffffff, process="0"]: - [ State_1121112( a, c, h ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_112112[color=#ffffff, process="0"]: - [ State_112112( a, c, h ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11212[color=#ffffff, process="0"]: - [ State_11212( c, h ) ] --> [ ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] + --> + [ State_1111( ), State_1112( ), State_112( ), State_12( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: - [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] +rule (modulo E) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhh_0_12[color=#ffffff, process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1, h2 ) ] + */ rule (modulo E) lookupatthasa_0_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsIn( <'att', h1>, a1 ) ]-> - [ State_1211( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, h2 ) ] - --[ IsNotSet( <'att', h1> ) ]-> - [ State_1212( h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Eq( a1, 'wrap' ) ]-> - [ State_12111( a1, h1, h2 ) ] + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] + --[ IsIn( <'att', h1.1>, a1.1 ) ]-> + [ State_1211( a1.1, h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_0_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] + --[ IsIn( <'att', h1>, a1 ) ]-> + [ State_1211( a1, h1, h2 ) ] + */ -rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, h2 ) ] - --[ Pred_Not_Eq( a1, 'wrap' ) ]-> - [ State_12112( a1, h1, h2 ) ] +rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Eq( a1.1, 'wrap' ) ]-> + [ State_12111( a1.1, h1.1, h2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifawrap_0_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] + --[ Pred_Eq( a1, 'wrap' ) ]-> + [ State_12111( a1, h1, h2 ) ] + */ rule (modulo E) lookupkeyhask_0_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsIn( <'key', h1>, k1 ) ]-> - [ State_121111( a1, h1, h2, k1 ) ] + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] + --[ IsIn( <'key', h1.1>, k1.1 ) ]-> + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, h2 ) ] - --[ IsNotSet( <'key', h1> ) ]-> - [ State_121112( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] + --[ IsIn( <'key', h1>, k1 ) ]-> + [ State_121111( a1, h1, h2, k1 ) ] + */ rule (modulo E) lookupkeyhask_0_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsIn( <'key', h2>, k2 ) ]-> - [ State_1211111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsIn( <'key', h2.1>, k2.1 ) ]-> + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] -rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_121111( a1, h1, h2, k1 ) ] - --[ IsNotSet( <'key', h2> ) ]-> - [ State_1211112( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_0_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] + --[ IsIn( <'key', h2>, k2 ) ]-> + [ State_1211111( a1, h1, h2, k1, k2 ) ] + */ rule (modulo E) eventWrapkk_0_1211111[color=#ffffff, - process="event Wrap( k1, k2 );"]: - [ State_1211111( a1, h1, h2, k1, k2 ) ] - --[ Wrap( k1, k2 ) ]-> - [ State_12111111( a1, h1, h2, k1, k2 ) ] + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] + --[ Wrap( k1.1, k2.1 ) ]-> + [ Out( senc(k2.1, k1.1) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) outsenckk_0_12111111[color=#ffffff, - process="out(senc(k2, k1));"]: - [ State_12111111( a1, h1, h2, k1, k2 ) ] - --> - [ State_121111111( a1, h1, h2, k1, k2 ), Out( senc(k2, k1) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_121111111[color=#ffffff, process="0"]: - [ State_121111111( a1, h1, h2, k1, k2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventWrapkk_0_1211111[color=#ffffff, + process="event Wrap( k1.1, k2.1 );"]: + [ State_1211111( a1, h1, h2, k1, k2 ) ] + --[ Wrap( k1, k2 ) ]-> + [ Out( senc(k2, k1) ) ] + */ -rule (modulo E) p_0_1211112[color=#ffffff, process="0"]: - [ State_1211112( a1, h1, h2, k1 ) ] --> [ ] +rule (modulo E) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsNotSet( <'key', h2.1> ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_1_121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_121111( a1, h1, h2, k1 ) ] --[ IsNotSet( <'key', h2> ) ]-> [ ] + */ -rule (modulo E) p_0_121112[color=#ffffff, process="0"]: - [ State_121112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1.1, h1.1, h2.1 ) ] --[ IsNotSet( <'key', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_12111( a1, h1, h2 ) ] --[ IsNotSet( <'key', h1> ) ]-> [ ] + */ -rule (modulo E) p_0_12112[color=#ffffff, process="0"]: - [ State_12112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Not_Eq( a1.1, 'wrap' ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifawrap_1_1211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_1211( a1, h1, h2 ) ] --[ Pred_Not_Eq( a1, 'wrap' ) ]-> [ ] + */ -rule (modulo E) p_0_1212[color=#ffffff, process="0"]: - [ State_1212( h1, h2 ) ] --> [ ] +rule (modulo E) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1.1, h2.1 ) ] --[ IsNotSet( <'att', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_121( h1, h2 ) ] --[ IsNotSet( <'att', h1> ) ]-> [ ] + */ restriction set_in: "∀ x y #t3. @@ -997,7 +931,7 @@ restriction locking_0: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -1007,11 +941,11 @@ analyzing: examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy analyzed: examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy output: examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy.tmp - processing time: 3.038948841s + processing time: 6.022777896s can_create_key (exists-trace): verified (3 steps) can_obtain_wrapping (exists-trace): verified (11 steps) dec_limits (all-traces): verified (59 steps) - cannot_obtain_key_ind (all-traces): verified (37 steps) + cannot_obtain_key_ind (all-traces): verified (34 steps) cannot_obtain_key (all-traces): verified (2 steps) ------------------------------------------------------------------------------ @@ -1022,11 +956,11 @@ summary of summaries: analyzed: examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy output: examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy.tmp - processing time: 3.038948841s + processing time: 6.022777896s can_create_key (exists-trace): verified (3 steps) can_obtain_wrapping (exists-trace): verified (11 steps) dec_limits (all-traces): verified (59 steps) - cannot_obtain_key_ind (all-traces): verified (37 steps) + cannot_obtain_key_ind (all-traces): verified (34 steps) cannot_obtain_key (all-traces): verified (2 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-predicates/pub_analyzed.spthy b/case-studies-regression/sapic/fast/feature-predicates/pub_analyzed.spthy index 605ef66c2..eba0d0992 100644 --- a/case-studies-regression/sapic/fast/feature-predicates/pub_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-predicates/pub_analyzed.spthy @@ -2,7 +2,7 @@ theory pubInRestr begin // Function signature and definition of the equational theory E -functions: eq/2, fst/1, pair/2, snd/1, true/0 +functions: eq/2, fst/1[destructor], pair/2, snd/1[destructor], true/0 equations: eq(x, x) = true, fst() = x.1, snd() = x.2 heuristic: p @@ -11,6 +11,8 @@ predicate: True( x )<=>x = true predicate: And2( x, y )<=>(x = true) ∧ (y = true) + + restriction Restr_testA_1: "∀ #NOW. (Restr_testA_1( ) @ #NOW) ⇒ ('true' = true)" // safety formula @@ -29,33 +31,29 @@ rule (modulo E) testB: /* has exactly the trivial AC variant */ -rule (modulo E) Init[color=#ffffff, process="in(x);"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) inx_0_[color=#ffffff, process="in(x);"]: - [ State_( ), In( x ) ] --> [ State_1( x ) ] - /* has exactly the trivial AC variant */ -restriction Restr_ifTruex_0_1_1: - "∀ x #NOW. (Restr_ifTruex_0_1_1( x ) @ #NOW) ⇒ (x = true)" - // safety formula +rule (modulo E) Init[color=#ffffff, process="in(x.1);"]: + [ In( x.1 ) ] --[ Init( ) ]-> [ State_1( x.1 ) ] -rule (modulo E) ifTruex_0_1[color=#ffffff, process="if True( x )"]: - [ State_1( x ) ] --[ Restr_ifTruex_0_1_1( x ) ]-> [ State_11( x ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="in(x.1);"]: + [ In( x ) ] --[ Init( ) ]-> [ State_1( x ) ] + */ -restriction Restr_ifTruex_1_1_1: - "∀ x #NOW. (Restr_ifTruex_1_1_1( x ) @ #NOW) ⇒ (¬(x = true))" +restriction Restr_ifTruex_0_1_1: + "∀ x #NOW. (Restr_ifTruex_0_1_1( x ) @ #NOW) ⇒ (x = true)" // safety formula -rule (modulo E) ifTruex_1_1[color=#ffffff, process="if True( x )"]: - [ State_1( x ) ] --[ Restr_ifTruex_1_1_1( x ) ]-> [ State_12( x ) ] +rule (modulo E) ifTruex_0_1[color=#ffffff, process="if True( x.1 )"]: + [ State_1( x.1 ) ] --[ Restr_ifTruex_0_1_1( x.1 ) ]-> [ State_11( x.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifTruex_0_1[color=#ffffff, process="if True( x.1 )"]: + [ State_1( x ) ] --[ Restr_ifTruex_0_1_1( x ) ]-> [ State_11( x ) ] + */ restriction Restr_ifTruetrue_0_11_1: "∀ #NOW. (Restr_ifTruetrue_0_11_1( ) @ #NOW) ⇒ (true = true)" @@ -63,69 +61,47 @@ restriction Restr_ifTruetrue_0_11_1: rule (modulo E) ifTruetrue_0_11[color=#ffffff, process="if True( true )"]: - [ State_11( x ) ] --[ Restr_ifTruetrue_0_11_1( ) ]-> [ State_111( x ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifTruetrue_1_11_1: - "∀ #NOW. (Restr_ifTruetrue_1_11_1( ) @ #NOW) ⇒ (¬(true = true))" - // safety formula - -rule (modulo E) ifTruetrue_1_11[color=#ffffff, - process="if True( true )"]: - [ State_11( x ) ] --[ Restr_ifTruetrue_1_11_1( ) ]-> [ State_112( x ) ] + [ State_11( x.1 ) ] + --[ Restr_ifTruetrue_0_11_1( ) ]-> + [ State_111( x.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifTruetrue_0_11[color=#ffffff, + process="if True( true )"]: + [ State_11( x ) ] --[ Restr_ifTruetrue_0_11_1( ) ]-> [ State_111( x ) ] + */ restriction Restr_ifTrueeqxx_0_111_1: "∀ x #NOW. (Restr_ifTrueeqxx_0_111_1( x ) @ #NOW) ⇒ (x = true)" // safety formula rule (modulo E) ifTrueeqxx_0_111[color=#ffffff, - process="if True( eq(x, x) )"]: - [ State_111( x ) ] - --[ Restr_ifTrueeqxx_0_111_1( eq(x, x) ) ]-> - [ State_1111( x ) ] + process="if True( eq(x.1, x.1) )"]: + [ State_111( x.1 ) ] + --[ Restr_ifTrueeqxx_0_111_1( eq(x.1, x.1) ) ]-> + [ State_1111( x.1 ) ] /* rule (modulo AC) ifTrueeqxx_0_111[color=#ffffff, - process="if True( eq(x, x) )"]: + process="if True( eq(x.1, x.1) )"]: [ State_111( x ) ] --[ Restr_ifTrueeqxx_0_111_1( true ) ]-> [ State_1111( x ) ] */ -restriction Restr_ifTrueeqxx_1_111_1: - "∀ x #NOW. (Restr_ifTrueeqxx_1_111_1( x ) @ #NOW) ⇒ (¬(x = true))" - // safety formula - -rule (modulo E) ifTrueeqxx_1_111[color=#ffffff, - process="if True( eq(x, x) )"]: - [ State_111( x ) ] - --[ Restr_ifTrueeqxx_1_111_1( eq(x, x) ) ]-> - [ State_1112( x ) ] - - /* - rule (modulo AC) ifTrueeqxx_1_111[color=#ffffff, - process="if True( eq(x, x) )"]: - [ State_111( x ) ] - --[ Restr_ifTrueeqxx_1_111_1( true ) ]-> - [ State_1112( x ) ] - */ - restriction Restr_ifTrueeqxtest_0_1111_1: "∀ x #NOW. (Restr_ifTrueeqxtest_0_1111_1( x ) @ #NOW) ⇒ (x = true)" // safety formula rule (modulo E) ifTrueeqxtest_0_1111[color=#ffffff, - process="if True( eq(x, 'test') )"]: - [ State_1111( x ) ] - --[ Restr_ifTrueeqxtest_0_1111_1( eq(x, 'test') ) ]-> - [ State_11111( x ) ] + process="if True( eq(x.1, 'test') )"]: + [ State_1111( x.1 ) ] + --[ Restr_ifTrueeqxtest_0_1111_1( eq(x.1, 'test') ) ]-> + [ State_11111( x.1 ) ] /* rule (modulo AC) ifTrueeqxtest_0_1111[color=#ffffff, - process="if True( eq(x, 'test') )"]: + process="if True( eq(x.1, 'test') )"]: [ State_1111( x ) ] --[ Restr_ifTrueeqxtest_0_1111_1( z ) ]-> [ State_11111( x ) ] @@ -133,32 +109,8 @@ rule (modulo E) ifTrueeqxtest_0_1111[color=#ffffff, 1. x = 'test' z = true - 2. x = x.3 - z = eq(x.3, 'test') - */ - -restriction Restr_ifTrueeqxtest_1_1111_1: - "∀ x #NOW. (Restr_ifTrueeqxtest_1_1111_1( x ) @ #NOW) ⇒ (¬(x = true))" - // safety formula - -rule (modulo E) ifTrueeqxtest_1_1111[color=#ffffff, - process="if True( eq(x, 'test') )"]: - [ State_1111( x ) ] - --[ Restr_ifTrueeqxtest_1_1111_1( eq(x, 'test') ) ]-> - [ State_11112( x ) ] - - /* - rule (modulo AC) ifTrueeqxtest_1_1111[color=#ffffff, - process="if True( eq(x, 'test') )"]: - [ State_1111( x ) ] - --[ Restr_ifTrueeqxtest_1_1111_1( z ) ]-> - [ State_11112( x ) ] - variants (modulo AC) - 1. x = 'test' - z = true - - 2. x = x.3 - z = eq(x.3, 'test') + 2. x = x.4 + z = eq(x.4, 'test') */ restriction Restr_ifAndeqxtesttrue_0_11111_1: @@ -168,14 +120,14 @@ restriction Restr_ifAndeqxtesttrue_0_11111_1: // safety formula rule (modulo E) ifAndeqxtesttrue_0_11111[color=#ffffff, - process="if And2( eq(x, 'test'), true )"]: - [ State_11111( x ) ] - --[ Restr_ifAndeqxtesttrue_0_11111_1( eq(x, 'test') ) ]-> - [ State_111111( x ) ] + process="if And2( eq(x.1, 'test'), true )"]: + [ State_11111( x.1 ) ] + --[ Restr_ifAndeqxtesttrue_0_11111_1( eq(x.1, 'test') ) ]-> + [ State_111111( x.1 ) ] /* rule (modulo AC) ifAndeqxtesttrue_0_11111[color=#ffffff, - process="if And2( eq(x, 'test'), true )"]: + process="if And2( eq(x.1, 'test'), true )"]: [ State_11111( x ) ] --[ Restr_ifAndeqxtesttrue_0_11111_1( z ) ]-> [ State_111111( x ) ] @@ -183,119 +135,10 @@ rule (modulo E) ifAndeqxtesttrue_0_11111[color=#ffffff, 1. x = 'test' z = true - 2. x = x.3 - z = eq(x.3, 'test') - */ - -restriction Restr_ifAndeqxtesttrue_1_11111_1: - "∀ x #NOW. - (Restr_ifAndeqxtesttrue_1_11111_1( x ) @ #NOW) ⇒ - (¬((x = true) ∧ (true = true)))" - // safety formula - -rule (modulo E) ifAndeqxtesttrue_1_11111[color=#ffffff, - process="if And2( eq(x, 'test'), true )"]: - [ State_11111( x ) ] - --[ Restr_ifAndeqxtesttrue_1_11111_1( eq(x, 'test') ) ]-> - [ State_111112( x ) ] - - /* - rule (modulo AC) ifAndeqxtesttrue_1_11111[color=#ffffff, - process="if And2( eq(x, 'test'), true )"]: - [ State_11111( x ) ] - --[ Restr_ifAndeqxtesttrue_1_11111_1( z ) ]-> - [ State_111112( x ) ] - variants (modulo AC) - 1. x = 'test' - z = true - - 2. x = x.3 - z = eq(x.3, 'test') - */ - -restriction Restr_ifTrueeqxtest_0_111111_1: - "∀ x #NOW. (Restr_ifTrueeqxtest_0_111111_1( x ) @ #NOW) ⇒ (x = true)" - // safety formula - -rule (modulo E) ifTrueeqxtest_0_111111[color=#ffffff, - process="if True( eq(x, 'test') )"]: - [ State_111111( x ) ] - --[ Restr_ifTrueeqxtest_0_111111_1( eq(x, 'test') ) ]-> - [ State_1111111( x ) ] - - /* - rule (modulo AC) ifTrueeqxtest_0_111111[color=#ffffff, - process="if True( eq(x, 'test') )"]: - [ State_111111( x ) ] - --[ Restr_ifTrueeqxtest_0_111111_1( z ) ]-> - [ State_1111111( x ) ] - variants (modulo AC) - 1. x = 'test' - z = true - - 2. x = x.3 - z = eq(x.3, 'test') + 2. x = x.4 + z = eq(x.4, 'test') */ -restriction Restr_ifTrueeqxtest_1_111111_1: - "∀ x #NOW. (Restr_ifTrueeqxtest_1_111111_1( x ) @ #NOW) ⇒ (¬(x = true))" - // safety formula - -rule (modulo E) ifTrueeqxtest_1_111111[color=#ffffff, - process="if True( eq(x, 'test') )"]: - [ State_111111( x ) ] - --[ Restr_ifTrueeqxtest_1_111111_1( eq(x, 'test') ) ]-> - [ State_1111112( x ) ] - - /* - rule (modulo AC) ifTrueeqxtest_1_111111[color=#ffffff, - process="if True( eq(x, 'test') )"]: - [ State_111111( x ) ] - --[ Restr_ifTrueeqxtest_1_111111_1( z ) ]-> - [ State_1111112( x ) ] - variants (modulo AC) - 1. x = 'test' - z = true - - 2. x = x.3 - z = eq(x.3, 'test') - */ - -rule (modulo E) p_0_1111111[color=#ffffff, process="0"]: - [ State_1111111( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111112[color=#ffffff, process="0"]: - [ State_1111112( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111112[color=#ffffff, process="0"]: - [ State_111112( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11112[color=#ffffff, process="0"]: - [ State_11112( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1112[color=#ffffff, process="0"]: - [ State_1112( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_112[color=#ffffff, process="0"]: - [ State_112( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12[color=#ffffff, process="0"]: - [ State_12( x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" // safety formula @@ -305,7 +148,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -315,7 +158,7 @@ analyzing: examples/sapic/fast/feature-predicates/pub.spthy analyzed: examples/sapic/fast/feature-predicates/pub.spthy output: examples/sapic/fast/feature-predicates/pub.spthy.tmp - processing time: 0.160996163s + processing time: 0.017079493s ------------------------------------------------------------------------------ @@ -326,7 +169,7 @@ summary of summaries: analyzed: examples/sapic/fast/feature-predicates/pub.spthy output: examples/sapic/fast/feature-predicates/pub.spthy.tmp - processing time: 0.160996163s + processing time: 0.017079493s ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-predicates/simple_example_analyzed.spthy b/case-studies-regression/sapic/fast/feature-predicates/simple_example_analyzed.spthy index 8f7705439..5f4938710 100644 --- a/case-studies-regression/sapic/fast/feature-predicates/simple_example_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-predicates/simple_example_analyzed.spthy @@ -2,13 +2,15 @@ theory SimpleIf begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p predicate: Equal( h1, h2 )<=>h1 = h2 + + lemma bogus_exists: exists-trace "∃ #i. Bogus( ) @ #i" /* @@ -16,54 +18,34 @@ guarded formula characterizing all satisfying traces: "∃ #i. (Bogus( ) @ #i)" */ simplify -solve( State_11( h ) ▶₀ #i ) - case ifEqualhh_0_1 +solve( State_1( h ) ▶₀ #i ) + case Init SOLVED // trace found qed -rule (modulo E) Init[color=#ffffff, process="new h;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newh_0_[color=#ffffff, process="new h;"]: - [ State_( ), Fr( h ) ] --> [ State_1( h ) ] +rule (modulo E) Init[color=#ffffff, process="new h.1;"]: + [ Fr( h.1 ) ] --[ Init( ) ]-> [ State_1( h.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="new h.1;"]: + [ Fr( h ) ] --[ Init( ) ]-> [ State_1( h ) ] + */ restriction Restr_ifEqualhh_0_1_1: "∀ x #NOW x.1. (Restr_ifEqualhh_0_1_1( x, x.1 ) @ #NOW) ⇒ (x = x.1)" // safety formula -rule (modulo E) ifEqualhh_0_1[color=#ffffff, process="if Equal( h, h )"]: - [ State_1( h ) ] --[ Restr_ifEqualhh_0_1_1( h, h ) ]-> [ State_11( h ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifEqualhh_1_1_1: - "∀ x #NOW x.1. (Restr_ifEqualhh_1_1_1( x, x.1 ) @ #NOW) ⇒ (¬(x = x.1))" - // safety formula - -rule (modulo E) ifEqualhh_1_1[color=#ffffff, process="if Equal( h, h )"]: - [ State_1( h ) ] --[ Restr_ifEqualhh_1_1_1( h, h ) ]-> [ State_12( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventBogus_0_11[color=#ffffff, - process="event Bogus( );"]: - [ State_11( h ) ] --[ Bogus( ) ]-> [ State_111( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( h ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12[color=#ffffff, process="0"]: - [ State_12( h ) ] --> [ ] +rule (modulo E) ifEqualhh_0_1[color=#ffffff, + process="if Equal( h.1, h.1 )"]: + [ State_1( h.1 ) ] + --[ Bogus( ), Restr_ifEqualhh_0_1_1( h.1, h.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifEqualhh_0_1[color=#ffffff, + process="if Equal( h.1, h.1 )"]: + [ State_1( h ) ] --[ Bogus( ), Restr_ifEqualhh_0_1_1( h, h ) ]-> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -74,7 +56,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -84,7 +66,7 @@ analyzing: examples/sapic/fast/feature-predicates/simple_example.spthy analyzed: examples/sapic/fast/feature-predicates/simple_example.spthy output: examples/sapic/fast/feature-predicates/simple_example.spthy.tmp - processing time: 0.116265553s + processing time: 0.015751675s bogus_exists (exists-trace): verified (3 steps) ------------------------------------------------------------------------------ @@ -95,7 +77,7 @@ summary of summaries: analyzed: examples/sapic/fast/feature-predicates/simple_example.spthy output: examples/sapic/fast/feature-predicates/simple_example.spthy.tmp - processing time: 0.116265553s + processing time: 0.015751675s bogus_exists (exists-trace): verified (3 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-predicates/timepoints_analyzed.spthy b/case-studies-regression/sapic/fast/feature-predicates/timepoints_analyzed.spthy index 51d5ca360..984fbd28c 100644 --- a/case-studies-regression/sapic/fast/feature-predicates/timepoints_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-predicates/timepoints_analyzed.spthy @@ -2,7 +2,7 @@ theory TestPredicate begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, snd/1 +functions: fst/1[destructor], pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 @@ -14,6 +14,8 @@ rule (modulo E) ActionRule: predicate: Exists( #time )<=>∃ val. Action( val ) @ #time +predicate: ExistsVal( val )<=>∃ #time. Action( val ) @ #time + lemma hi: exists-trace "∃ #t val. Action( val ) @ #t" /* @@ -23,12 +25,21 @@ guarded formula characterizing all satisfying traces: simplify SOLVED // trace found +lemma ho: + exists-trace "∃ a #time. Action( a ) @ #time" +/* +guarded formula characterizing all satisfying traces: +"∃ a #time. (Action( a ) @ #time)" +*/ +simplify +SOLVED // trace found + /* All well-formedness checks were successful. */ end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -38,8 +49,9 @@ analyzing: examples/sapic/fast/feature-predicates/timepoints.spthy analyzed: examples/sapic/fast/feature-predicates/timepoints.spthy output: examples/sapic/fast/feature-predicates/timepoints.spthy.tmp - processing time: 0.068770351s + processing time: 0.009450979s hi (exists-trace): verified (2 steps) + ho (exists-trace): verified (2 steps) ------------------------------------------------------------------------------ @@ -49,8 +61,9 @@ summary of summaries: analyzed: examples/sapic/fast/feature-predicates/timepoints.spthy output: examples/sapic/fast/feature-predicates/timepoints.spthy.tmp - processing time: 0.068770351s + processing time: 0.009450979s hi (exists-trace): verified (2 steps) + ho (exists-trace): verified (2 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini10_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini10_analyzed.spthy similarity index 64% rename from case-studies-regression/sapic/fast/fairexchange-mini/mini10_analyzed.spthy rename to case-studies-regression/sapic/fast/feature-progress/mini10_analyzed.spthy index cd876db78..9a9a2d63a 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini10_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-progress/mini10_analyzed.spthy @@ -2,7 +2,8 @@ theory mini10 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_enforced: all-traces "∃ #t. A( ) @ #t" /* @@ -58,24 +67,37 @@ rule (modulo E) eventA_0_[color=#ffffff, process="event A( );"]: /* has exactly the trivial AC variant */ -rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m);"]: - [ Fr( ~prog_11 ), State_1( ~prog_ ), In( m ), MID_Receiver( ~mid_1 ) ] - --[ ProgressFrom_11( ~prog_11 ), Receive( ~mid_1, m ) ]-> - [ State_11( ~prog_, ~prog_11, m ) ] +rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ Fr( ~prog_11 ), State_1( ~prog_ ), In( m.1 ), MID_Receiver( ~mid_1 ) ] + --[ ProgressFrom_11( ~prog_11 ), Receive( ~mid_1, m.1 ) ]-> + [ State_11( ~prog_, ~prog_11, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ Fr( ~prog_11 ), State_1( ~prog_ ), In( m ), MID_Receiver( ~mid_1 ) ] + --[ ProgressFrom_11( ~prog_11 ), Receive( ~mid_1, m ) ]-> + [ State_11( ~prog_, ~prog_11, m ) ] + */ rule (modulo E) eventB_0_11[color=#ffffff, process="event B( );"]: - [ State_11( ~prog_, ~prog_11, m ) ] + [ State_11( ~prog_, ~prog_11, m.1 ) ] --[ ProgressTo_111( ~prog_11 ), B( ) ]-> - [ State_111( ~prog_, ~prog_11, m ) ] + [ State_111( ~prog_, ~prog_11, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventB_0_11[color=#ffffff, process="event B( );"]: + [ State_11( ~prog_, ~prog_11, m ) ] + --[ ProgressTo_111( ~prog_11 ), B( ) ]-> + [ State_111( ~prog_, ~prog_11, m ) ] + */ rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ~prog_, ~prog_11, m ) ] --> [ ] + [ State_111( ~prog_, ~prog_11, m.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_111[color=#ffffff, process="0"]: + [ State_111( ~prog_, ~prog_11, m ) ] --> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -98,17 +120,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/mini10.spthy +analyzing: examples/sapic/fast/feature-progress/mini10.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/mini10.spthy +analyzed: examples/sapic/fast/feature-progress/mini10.spthy - output: examples/sapic/fast/fairexchange-mini/mini10.spthy.tmp - processing time: 0.067849581s + output: examples/sapic/fast/feature-progress/mini10.spthy.tmp + processing time: 0.036278019s A_enforced (all-traces): verified (2 steps) B_not_enforced (exists-trace): verified (5 steps) @@ -117,10 +139,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/mini10.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/mini10.spthy +analyzed: examples/sapic/fast/feature-progress/mini10.spthy - output: examples/sapic/fast/fairexchange-mini/mini10.spthy.tmp - processing time: 0.067849581s + output: examples/sapic/fast/feature-progress/mini10.spthy.tmp + processing time: 0.036278019s A_enforced (all-traces): verified (2 steps) B_not_enforced (exists-trace): verified (5 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini1_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini1_analyzed.spthy similarity index 54% rename from case-studies-regression/sapic/fast/fairexchange-mini/mini1_analyzed.spthy rename to case-studies-regression/sapic/fast/feature-progress/mini1_analyzed.spthy index 4bedd70b8..062e769fc 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini1_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-progress/mini1_analyzed.spthy @@ -2,7 +2,8 @@ theory mini1 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -58,48 +67,77 @@ rule (modulo E) Init[color=#ffffff, process="+"]: /* has exactly the trivial AC variant */ -rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m);"]: - [ State_( ~prog_ ), In( m ), MID_Receiver( ~mid_1 ) ] - --[ Receive( ~mid_1, m ) ]-> - [ State_11( ~prog_, m ) ] +rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ State_( ~prog_ ), In( m.1 ), MID_Receiver( ~mid_1 ) ] + --[ Receive( ~mid_1, m.1 ) ]-> + [ State_11( ~prog_, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ State_( ~prog_ ), In( m ), MID_Receiver( ~mid_1 ) ] + --[ Receive( ~mid_1, m ) ]-> + [ State_11( ~prog_, m ) ] + */ rule (modulo E) eventA_0_11[color=#ffffff, process="event A( );"]: - [ State_11( ~prog_, m ) ] + [ State_11( ~prog_, m.1 ) ] --[ ProgressTo_111( ~prog_ ), A( ) ]-> - [ State_111( ~prog_, m ) ] + [ State_111( ~prog_, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventA_0_11[color=#ffffff, process="event A( );"]: + [ State_11( ~prog_, m ) ] + --[ ProgressTo_111( ~prog_ ), A( ) ]-> + [ State_111( ~prog_, m ) ] + */ rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ~prog_, m ) ] --> [ ] + [ State_111( ~prog_, m.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_111[color=#ffffff, process="0"]: + [ State_111( ~prog_, m ) ] --> [ ] + */ -rule (modulo E) newn_0_2[color=#ffffff, process="new n;"]: - [ State_( ~prog_ ), Fr( n ) ] --> [ State_21( ~prog_, n ) ] +rule (modulo E) newn_0_2[color=#ffffff, process="new n.1;"]: + [ State_( ~prog_ ), Fr( n.1 ) ] --> [ State_21( ~prog_, n.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newn_0_2[color=#ffffff, process="new n.1;"]: + [ State_( ~prog_ ), Fr( n ) ] --> [ State_21( ~prog_, n ) ] + */ -rule (modulo E) outrn_0_21[color=#ffffff, process="out('r',n);"]: - [ MID_Sender( ~mid_21 ), State_21( ~prog_, n ) ] - --[ Send( ~mid_21, n ) ]-> - [ Out( n ), State_211( ~prog_, n ) ] +rule (modulo E) outrn_0_21[color=#ffffff, process="out('r',n.1);"]: + [ MID_Sender( ~mid_21 ), State_21( ~prog_, n.1 ) ] + --[ Send( ~mid_21, n.1 ) ]-> + [ Out( n.1 ), State_211( ~prog_, n.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) outrn_0_21[color=#ffffff, process="out('r',n.1);"]: + [ MID_Sender( ~mid_21 ), State_21( ~prog_, n ) ] + --[ Send( ~mid_21, n ) ]-> + [ Out( n ), State_211( ~prog_, n ) ] + */ rule (modulo E) eventB_0_211[color=#ffffff, process="event B( );"]: - [ State_211( ~prog_, n ) ] + [ State_211( ~prog_, n.1 ) ] --[ ProgressTo_2111( ~prog_ ), B( ) ]-> - [ State_2111( ~prog_, n ) ] + [ State_2111( ~prog_, n.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventB_0_211[color=#ffffff, process="event B( );"]: + [ State_211( ~prog_, n ) ] + --[ ProgressTo_2111( ~prog_ ), B( ) ]-> + [ State_2111( ~prog_, n ) ] + */ rule (modulo E) p_0_2111[color=#ffffff, process="0"]: - [ State_2111( ~prog_, n ) ] --> [ ] + [ State_2111( ~prog_, n.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_2111[color=#ffffff, process="0"]: + [ State_2111( ~prog_, n ) ] --> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -123,17 +161,17 @@ restriction reliable: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/mini1.spthy +analyzing: examples/sapic/fast/feature-progress/mini1.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/mini1.spthy +analyzed: examples/sapic/fast/feature-progress/mini1.spthy - output: examples/sapic/fast/fairexchange-mini/mini1.spthy.tmp - processing time: 0.091312662s + output: examples/sapic/fast/feature-progress/mini1.spthy.tmp + processing time: 0.070445154s A_possible (exists-trace): verified (5 steps) B_impossible (all-traces): verified (4 steps) @@ -142,10 +180,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/mini1.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/mini1.spthy +analyzed: examples/sapic/fast/feature-progress/mini1.spthy - output: examples/sapic/fast/fairexchange-mini/mini1.spthy.tmp - processing time: 0.091312662s + output: examples/sapic/fast/feature-progress/mini1.spthy.tmp + processing time: 0.070445154s A_possible (exists-trace): verified (5 steps) B_impossible (all-traces): verified (4 steps) diff --git a/case-studies-regression/sapic/fast/feature-progress/mini2_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini2_analyzed.spthy new file mode 100644 index 000000000..378ed389c --- /dev/null +++ b/case-studies-regression/sapic/fast/feature-progress/mini2_analyzed.spthy @@ -0,0 +1,223 @@ +theory mini2 begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] +equations: + fst() = x.1, + snd() = x.2, + verify(sign(x.1, x.2), x.1, pk(x.2)) = true + +heuristic: p + +section{* small example for progression function *} + + + + + + + + + +lemma A_impossible: + all-traces "¬(∃ #t. A( ) @ #t)" +/* +guarded formula characterizing all counter-examples: +"∃ #t. (A( ) @ #t)" +*/ +simplify +by solve( State_111( ~prog_, ~prog_111, k, m ) ▶₀ #t ) + +lemma B_possible: + exists-trace "∃ #t. B( ) @ #t" +/* +guarded formula characterizing all satisfying traces: +"∃ #t. (B( ) @ #t)" +*/ +simplify +solve( State_1211( ~prog_, ~prog_121, m, k ) ▶₀ #t ) + case outcm_0_121 + solve( State_( ~prog_ ) ▶₀ #t.2 ) + case Init + solve( State_( ~prog_ ) ▶₀ #t.3 ) + case Init + solve( State_1211( ~prog_.1, ~prog_121, m.1, k ) ▶₀ #t.3 ) + case outcm_0_121 + solve( State_( ~prog_ ) ▶₀ #t.3 ) + case Init + SOLVED // trace found + qed + qed + qed + qed +qed + + + +rule (modulo E) MessageIDRule[color=#ffffff, process="new k.1;"]: + [ Fr( ~mid_ ) ] --> [ MID_Receiver( ~mid_ ), MID_Sender( ~mid_ ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) Init[color=#ffffff, process="new k.1;"]: + [ Fr( ~prog_ ) ] + --[ ProgressFrom_( ~prog_ ), Init( ) ]-> + [ State_( ~prog_ ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) newk_0_[color=#ffffff, process="new k.1;"]: + [ State_( ~prog_ ), Fr( k.1 ) ] + --[ ProgressTo_1( ~prog_ ) ]-> + [ State_1( ~prog_, k.1 ) ] + + /* + rule (modulo AC) newk_0_[color=#ffffff, process="new k.1;"]: + [ State_( ~prog_ ), Fr( k ) ] + --[ ProgressTo_1( ~prog_ ) ]-> + [ State_1( ~prog_, k ) ] + */ + +rule (modulo E) inrsignmk_0_11[color=#ffffff, + process="in('r',sign(m.1, =k.1));"]: + [ + Fr( ~prog_111 ), State_1( ~prog_, k.1 ), In( sign(m.1, k.1) ), + MID_Receiver( ~mid_11 ) + ] + --[ ProgressFrom_111( ~prog_111 ), Receive( ~mid_11, sign(m.1, k.1) ) ]-> + [ State_111( ~prog_, ~prog_111, k.1, m.1 ) ] + + /* + rule (modulo AC) inrsignmk_0_11[color=#ffffff, + process="in('r',sign(m.1, =k.1));"]: + [ + Fr( ~prog_111 ), State_1( ~prog_, k ), In( sign(m, k) ), + MID_Receiver( ~mid_11 ) + ] + --[ ProgressFrom_111( ~prog_111 ), Receive( ~mid_11, sign(m, k) ) ]-> + [ State_111( ~prog_, ~prog_111, k, m ) ] + */ + +rule (modulo E) eventA_0_111[color=#ffffff, process="event A( );"]: + [ State_111( ~prog_, ~prog_111, k.1, m.1 ) ] + --[ ProgressTo_1111( ~prog_111 ), A( ) ]-> + [ State_1111( ~prog_, ~prog_111, k.1, m.1 ) ] + + /* + rule (modulo AC) eventA_0_111[color=#ffffff, process="event A( );"]: + [ State_111( ~prog_, ~prog_111, k, m ) ] + --[ ProgressTo_1111( ~prog_111 ), A( ) ]-> + [ State_1111( ~prog_, ~prog_111, k, m ) ] + */ + +rule (modulo E) p_0_1111[color=#ffffff, process="0"]: + [ State_1111( ~prog_, ~prog_111, k.1, m.1 ) ] --> [ ] + + /* + rule (modulo AC) p_0_1111[color=#ffffff, process="0"]: + [ State_1111( ~prog_, ~prog_111, k, m ) ] --> [ ] + */ + +rule (modulo E) inrm_0_12[color=#ffffff, process="in('r',=m);"]: + [ + Fr( ~prog_121 ), State_1( ~prog_, k.1 ), In( m ), MID_Receiver( ~mid_12 ) + ] + --[ ProgressFrom_121( ~prog_121 ), Receive( ~mid_12, m ) ]-> + [ State_121( ~prog_, ~prog_121, m, k.1 ) ] + + /* + rule (modulo AC) inrm_0_12[color=#ffffff, process="in('r',=m);"]: + [ Fr( ~prog_121 ), State_1( ~prog_, k ), In( m ), MID_Receiver( ~mid_12 ) + ] + --[ ProgressFrom_121( ~prog_121 ), Receive( ~mid_12, m ) ]-> + [ State_121( ~prog_, ~prog_121, m, k ) ] + */ + +rule (modulo E) outcm_0_121[color=#ffffff, process="out('c',m);"]: + [ State_121( ~prog_, ~prog_121, m, k.1 ), In( 'c' ) ] + --[ ChannelIn( 'c' ) ]-> + [ State_1211( ~prog_, ~prog_121, m, k.1 ), Out( m ) ] + + /* + rule (modulo AC) outcm_0_121[color=#ffffff, process="out('c',m);"]: + [ State_121( ~prog_, ~prog_121, m, k ), In( 'c' ) ] + --[ ChannelIn( 'c' ) ]-> + [ State_1211( ~prog_, ~prog_121, m, k ), Out( m ) ] + */ + +rule (modulo E) eventB_0_1211[color=#ffffff, process="event B( );"]: + [ State_1211( ~prog_, ~prog_121, m, k.1 ) ] + --[ ProgressTo_12111( ~prog_121 ), B( ) ]-> + [ State_12111( ~prog_, ~prog_121, m, k.1 ) ] + + /* + rule (modulo AC) eventB_0_1211[color=#ffffff, process="event B( );"]: + [ State_1211( ~prog_, ~prog_121, m, k ) ] + --[ ProgressTo_12111( ~prog_121 ), B( ) ]-> + [ State_12111( ~prog_, ~prog_121, m, k ) ] + */ + +rule (modulo E) p_0_12111[color=#ffffff, process="0"]: + [ State_12111( ~prog_, ~prog_121, m, k.1 ) ] --> [ ] + + /* + rule (modulo AC) p_0_12111[color=#ffffff, process="0"]: + [ State_12111( ~prog_, ~prog_121, m, k ) ] --> [ ] + */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +restriction Progress__to_1: + "∀ prog_ #t. + (ProgressFrom_( prog_ ) @ #t) ⇒ (∃ #t.1. ProgressTo_1( prog_ ) @ #t.1)" + +restriction Progress_111_to_1111: + "∀ prog_111 #t. + (ProgressFrom_111( prog_111 ) @ #t) ⇒ + (∃ #t.1. ProgressTo_1111( prog_111 ) @ #t.1)" + +restriction Progress_121_to_12111: + "∀ prog_121 #t. + (ProgressFrom_121( prog_121 ) @ #t) ⇒ + (∃ #t.1. ProgressTo_12111( prog_121 ) @ #t.1)" + +restriction progressInit: + "∃ #t. Init( ) @ #t" + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/feature-progress/mini2.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/feature-progress/mini2.spthy + + output: examples/sapic/fast/feature-progress/mini2.spthy.tmp + processing time: 0.1040641s + A_impossible (all-traces): verified (2 steps) + B_possible (exists-trace): verified (7 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/feature-progress/mini2.spthy + + output: examples/sapic/fast/feature-progress/mini2.spthy.tmp + processing time: 0.1040641s + A_impossible (all-traces): verified (2 steps) + B_possible (exists-trace): verified (7 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini3_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini3_analyzed.spthy similarity index 65% rename from case-studies-regression/sapic/fast/fairexchange-mini/mini3_analyzed.spthy rename to case-studies-regression/sapic/fast/feature-progress/mini3_analyzed.spthy index a64d71f3c..be8aef8d6 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini3_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-progress/mini3_analyzed.spthy @@ -2,7 +2,8 @@ theory mini3 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -103,24 +112,37 @@ rule (modulo E) Init[color=#ffffff, process="+"]: /* has exactly the trivial AC variant */ -rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m);"]: - [ Fr( ~prog_11 ), State_( ), In( m ), MID_Receiver( ~mid_1 ) ] - --[ ProgressFrom_11( ~prog_11 ), Receive( ~mid_1, m ) ]-> - [ State_11( ~prog_11, m ) ] +rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ Fr( ~prog_11 ), State_( ), In( m.1 ), MID_Receiver( ~mid_1 ) ] + --[ ProgressFrom_11( ~prog_11 ), Receive( ~mid_1, m.1 ) ]-> + [ State_11( ~prog_11, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ Fr( ~prog_11 ), State_( ), In( m ), MID_Receiver( ~mid_1 ) ] + --[ ProgressFrom_11( ~prog_11 ), Receive( ~mid_1, m ) ]-> + [ State_11( ~prog_11, m ) ] + */ rule (modulo E) eventA_0_11[color=#ffffff, process="event A( );"]: - [ State_11( ~prog_11, m ) ] + [ State_11( ~prog_11, m.1 ) ] --[ ProgressTo_111( ~prog_11 ), A( ) ]-> - [ State_111( ~prog_11, m ) ] + [ State_111( ~prog_11, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventA_0_11[color=#ffffff, process="event A( );"]: + [ State_11( ~prog_11, m ) ] + --[ ProgressTo_111( ~prog_11 ), A( ) ]-> + [ State_111( ~prog_11, m ) ] + */ rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ~prog_11, m ) ] --> [ ] + [ State_111( ~prog_11, m.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_111[color=#ffffff, process="0"]: + [ State_111( ~prog_11, m ) ] --> [ ] + */ rule (modulo E) p_0_2[color=#ffffff, process="!"]: [ State_( ) ] --> [ !Semistate_21( ) ] @@ -132,24 +154,37 @@ rule (modulo E) p_1_2[color=#ffffff, process="!"]: /* has exactly the trivial AC variant */ -rule (modulo E) inrm_0_21[color=#ffffff, process="in('r',m);"]: - [ Fr( ~prog_211 ), State_21( ), In( m ), MID_Receiver( ~mid_21 ) ] - --[ ProgressFrom_211( ~prog_211 ), Receive( ~mid_21, m ) ]-> - [ State_211( ~prog_211, m ) ] +rule (modulo E) inrm_0_21[color=#ffffff, process="in('r',m.2);"]: + [ Fr( ~prog_211 ), State_21( ), In( m.2 ), MID_Receiver( ~mid_21 ) ] + --[ ProgressFrom_211( ~prog_211 ), Receive( ~mid_21, m.2 ) ]-> + [ State_211( ~prog_211, m.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inrm_0_21[color=#ffffff, process="in('r',m.2);"]: + [ Fr( ~prog_211 ), State_21( ), In( m ), MID_Receiver( ~mid_21 ) ] + --[ ProgressFrom_211( ~prog_211 ), Receive( ~mid_21, m ) ]-> + [ State_211( ~prog_211, m ) ] + */ rule (modulo E) eventB_0_211[color=#ffffff, process="event B( );"]: - [ State_211( ~prog_211, m ) ] + [ State_211( ~prog_211, m.2 ) ] --[ ProgressTo_2111( ~prog_211 ), B( ) ]-> - [ State_2111( ~prog_211, m ) ] + [ State_2111( ~prog_211, m.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventB_0_211[color=#ffffff, process="event B( );"]: + [ State_211( ~prog_211, m ) ] + --[ ProgressTo_2111( ~prog_211 ), B( ) ]-> + [ State_2111( ~prog_211, m ) ] + */ rule (modulo E) p_0_2111[color=#ffffff, process="0"]: - [ State_2111( ~prog_211, m ) ] --> [ ] + [ State_2111( ~prog_211, m.2 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_2111[color=#ffffff, process="0"]: + [ State_2111( ~prog_211, m ) ] --> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -173,17 +208,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/mini3.spthy +analyzing: examples/sapic/fast/feature-progress/mini3.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/mini3.spthy +analyzed: examples/sapic/fast/feature-progress/mini3.spthy - output: examples/sapic/fast/fairexchange-mini/mini3.spthy.tmp - processing time: 0.132866951s + output: examples/sapic/fast/feature-progress/mini3.spthy.tmp + processing time: 0.091898642s A_possible (exists-trace): verified (4 steps) B_possible (exists-trace): verified (4 steps) A_once (all-traces): verified (8 steps) @@ -194,10 +229,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/mini3.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/mini3.spthy +analyzed: examples/sapic/fast/feature-progress/mini3.spthy - output: examples/sapic/fast/fairexchange-mini/mini3.spthy.tmp - processing time: 0.132866951s + output: examples/sapic/fast/feature-progress/mini3.spthy.tmp + processing time: 0.091898642s A_possible (exists-trace): verified (4 steps) B_possible (exists-trace): verified (4 steps) A_once (all-traces): verified (8 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini4_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini4_analyzed.spthy similarity index 54% rename from case-studies-regression/sapic/fast/fairexchange-mini/mini4_analyzed.spthy rename to case-studies-regression/sapic/fast/feature-progress/mini4_analyzed.spthy index f9af9bba2..b0fdd1a5e 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini4_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-progress/mini4_analyzed.spthy @@ -2,7 +2,8 @@ theory mini4 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -58,48 +67,77 @@ rule (modulo E) Init[color=#ffffff, process="+"]: /* has exactly the trivial AC variant */ -rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m);"]: - [ State_( ~prog_ ), In( m ), MID_Receiver( ~mid_1 ) ] - --[ Receive( ~mid_1, m ) ]-> - [ State_11( ~prog_, m ) ] +rule (modulo E) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ State_( ~prog_ ), In( m.1 ), MID_Receiver( ~mid_1 ) ] + --[ Receive( ~mid_1, m.1 ) ]-> + [ State_11( ~prog_, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inrm_0_1[color=#ffffff, process="in('r',m.1);"]: + [ State_( ~prog_ ), In( m ), MID_Receiver( ~mid_1 ) ] + --[ Receive( ~mid_1, m ) ]-> + [ State_11( ~prog_, m ) ] + */ rule (modulo E) eventA_0_11[color=#ffffff, process="event A( );"]: - [ State_11( ~prog_, m ) ] + [ State_11( ~prog_, m.1 ) ] --[ ProgressTo_111( ~prog_ ), A( ) ]-> - [ State_111( ~prog_, m ) ] + [ State_111( ~prog_, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventA_0_11[color=#ffffff, process="event A( );"]: + [ State_11( ~prog_, m ) ] + --[ ProgressTo_111( ~prog_ ), A( ) ]-> + [ State_111( ~prog_, m ) ] + */ rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ~prog_, m ) ] --> [ ] + [ State_111( ~prog_, m.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_111[color=#ffffff, process="0"]: + [ State_111( ~prog_, m ) ] --> [ ] + */ -rule (modulo E) newn_0_2[color=#ffffff, process="new n;"]: - [ State_( ~prog_ ), Fr( n ) ] --> [ State_21( ~prog_, n ) ] +rule (modulo E) newn_0_2[color=#ffffff, process="new n.1;"]: + [ State_( ~prog_ ), Fr( n.1 ) ] --> [ State_21( ~prog_, n.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newn_0_2[color=#ffffff, process="new n.1;"]: + [ State_( ~prog_ ), Fr( n ) ] --> [ State_21( ~prog_, n ) ] + */ -rule (modulo E) outrn_0_21[color=#ffffff, process="out('r',n);"]: - [ MID_Sender( ~mid_21 ), State_21( ~prog_, n ) ] - --[ Send( ~mid_21, n ) ]-> - [ Out( n ), State_211( ~prog_, n ) ] +rule (modulo E) outrn_0_21[color=#ffffff, process="out('r',n.1);"]: + [ MID_Sender( ~mid_21 ), State_21( ~prog_, n.1 ) ] + --[ Send( ~mid_21, n.1 ) ]-> + [ Out( n.1 ), State_211( ~prog_, n.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) outrn_0_21[color=#ffffff, process="out('r',n.1);"]: + [ MID_Sender( ~mid_21 ), State_21( ~prog_, n ) ] + --[ Send( ~mid_21, n ) ]-> + [ Out( n ), State_211( ~prog_, n ) ] + */ rule (modulo E) eventB_0_211[color=#ffffff, process="event B( );"]: - [ State_211( ~prog_, n ) ] + [ State_211( ~prog_, n.1 ) ] --[ ProgressTo_2111( ~prog_ ), B( ) ]-> - [ State_2111( ~prog_, n ) ] + [ State_2111( ~prog_, n.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventB_0_211[color=#ffffff, process="event B( );"]: + [ State_211( ~prog_, n ) ] + --[ ProgressTo_2111( ~prog_ ), B( ) ]-> + [ State_2111( ~prog_, n ) ] + */ rule (modulo E) p_0_2111[color=#ffffff, process="0"]: - [ State_2111( ~prog_, n ) ] --> [ ] + [ State_2111( ~prog_, n.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_2111[color=#ffffff, process="0"]: + [ State_2111( ~prog_, n ) ] --> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -123,17 +161,17 @@ restriction reliable: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/mini4.spthy +analyzing: examples/sapic/fast/feature-progress/mini4.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/mini4.spthy +analyzed: examples/sapic/fast/feature-progress/mini4.spthy - output: examples/sapic/fast/fairexchange-mini/mini4.spthy.tmp - processing time: 0.102002336s + output: examples/sapic/fast/feature-progress/mini4.spthy.tmp + processing time: 0.059386277s A_possible (exists-trace): verified (5 steps) B_impossible (all-traces): verified (4 steps) @@ -142,10 +180,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/mini4.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/mini4.spthy +analyzed: examples/sapic/fast/feature-progress/mini4.spthy - output: examples/sapic/fast/fairexchange-mini/mini4.spthy.tmp - processing time: 0.102002336s + output: examples/sapic/fast/feature-progress/mini4.spthy.tmp + processing time: 0.059386277s A_possible (exists-trace): verified (5 steps) B_impossible (all-traces): verified (4 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini5_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini5_analyzed.spthy similarity index 51% rename from case-studies-regression/sapic/fast/fairexchange-mini/mini5_analyzed.spthy rename to case-studies-regression/sapic/fast/feature-progress/mini5_analyzed.spthy index b6d2fea8a..d3bfc1d22 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini5_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-progress/mini5_analyzed.spthy @@ -2,7 +2,8 @@ theory mini5 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -82,106 +91,171 @@ solve( State_122( ~prog_, s ) ▶₀ #t ) qed qed -rule (modulo E) MessageIDRule[color=#ffffff, process="new s;"]: +rule (modulo E) MessageIDRule[color=#ffffff, process="new s.1;"]: [ Fr( ~mid_ ) ] --> [ MID_Receiver( ~mid_ ), MID_Sender( ~mid_ ) ] /* has exactly the trivial AC variant */ -rule (modulo E) Init[color=#ffffff, process="new s;"]: +rule (modulo E) Init[color=#ffffff, process="new s.1;"]: [ Fr( ~prog_ ) ] --[ ProgressFrom_( ~prog_ ), Init( ) ]-> [ State_( ~prog_ ) ] /* has exactly the trivial AC variant */ -rule (modulo E) news_0_[color=#ffffff, process="new s;"]: - [ State_( ~prog_ ), Fr( s ) ] --> [ State_1( ~prog_, s ) ] +rule (modulo E) news_0_[color=#ffffff, process="new s.1;"]: + [ State_( ~prog_ ), Fr( s.1 ) ] --> [ State_1( ~prog_, s.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) news_0_[color=#ffffff, process="new s.1;"]: + [ State_( ~prog_ ), Fr( s ) ] --> [ State_1( ~prog_, s ) ] + */ rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ~prog_, s ) ] + [ State_1( ~prog_, s.1 ) ] --> - [ State_11( ~prog_, s ), State_12( ~prog_, s ) ] + [ State_11( ~prog_, s.1 ), State_12( ~prog_, s.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_1[color=#ffffff, process="|"]: + [ State_1( ~prog_, s ) ] + --> + [ State_11( ~prog_, s ), State_12( ~prog_, s ) ] + */ rule (modulo E) insertsHELLO_0_11[color=#ffffff, - process="insert s,'HELLO';"]: - [ State_11( ~prog_, s ) ] - --[ ProgressTo_111( ~prog_ ), Insert( s, 'HELLO' ) ]-> - [ State_111( ~prog_, s ) ] - - /* has exactly the trivial AC variant */ + process="insert s.1,'HELLO';"]: + [ State_11( ~prog_, s.1 ) ] + --[ ProgressTo_111( ~prog_ ), Insert( s.1, 'HELLO' ) ]-> + [ State_111( ~prog_, s.1 ) ] + + /* + rule (modulo AC) insertsHELLO_0_11[color=#ffffff, + process="insert s.1,'HELLO';"]: + [ State_11( ~prog_, s ) ] + --[ ProgressTo_111( ~prog_ ), Insert( s, 'HELLO' ) ]-> + [ State_111( ~prog_, s ) ] + */ rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ~prog_, s ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupsasx_0_12[color=#ffffff, process="lookup s as x"]: - [ State_12( ~prog_, s ) ] - --[ IsIn( s, x ) ]-> - [ State_121( ~prog_, s, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupsasx_1_12[color=#ffffff, process="lookup s as x"]: - [ State_12( ~prog_, s ) ] - --[ IsNotSet( s ) ]-> - [ State_122( ~prog_, s ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifxHELLO_0_121[color=#ffffff, process="if x='HELLO'"]: - [ State_121( ~prog_, s, x ) ] - --[ Pred_Eq( x, 'HELLO' ) ]-> - [ State_1211( ~prog_, s, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifxHELLO_1_121[color=#ffffff, process="if x='HELLO'"]: - [ State_121( ~prog_, s, x ) ] - --[ Pred_Not_Eq( x, 'HELLO' ) ]-> - [ State_1212( ~prog_, s, x ) ] - - /* has exactly the trivial AC variant */ + [ State_111( ~prog_, s.1 ) ] --> [ ] + + /* + rule (modulo AC) p_0_111[color=#ffffff, process="0"]: + [ State_111( ~prog_, s ) ] --> [ ] + */ + +rule (modulo E) lookupsasx_0_12[color=#ffffff, + process="lookup s.1 as x.1"]: + [ State_12( ~prog_, s.1 ) ] + --[ IsIn( s.1, x.1 ) ]-> + [ State_121( ~prog_, s.1, x.1 ) ] + + /* + rule (modulo AC) lookupsasx_0_12[color=#ffffff, + process="lookup s.1 as x.1"]: + [ State_12( ~prog_, s ) ] + --[ IsIn( s, x ) ]-> + [ State_121( ~prog_, s, x ) ] + */ + +rule (modulo E) lookupsasx_1_12[color=#ffffff, + process="lookup s.1 as x.1"]: + [ State_12( ~prog_, s.1 ) ] + --[ IsNotSet( s.1 ) ]-> + [ State_122( ~prog_, s.1 ) ] + + /* + rule (modulo AC) lookupsasx_1_12[color=#ffffff, + process="lookup s.1 as x.1"]: + [ State_12( ~prog_, s ) ] + --[ IsNotSet( s ) ]-> + [ State_122( ~prog_, s ) ] + */ + +rule (modulo E) ifxHELLO_0_121[color=#ffffff, process="if x.1='HELLO'"]: + [ State_121( ~prog_, s.1, x.1 ) ] + --[ Pred_Eq( x.1, 'HELLO' ) ]-> + [ State_1211( ~prog_, s.1, x.1 ) ] + + /* + rule (modulo AC) ifxHELLO_0_121[color=#ffffff, process="if x.1='HELLO'"]: + [ State_121( ~prog_, s, x ) ] + --[ Pred_Eq( x, 'HELLO' ) ]-> + [ State_1211( ~prog_, s, x ) ] + */ + +rule (modulo E) ifxHELLO_1_121[color=#ffffff, process="if x.1='HELLO'"]: + [ State_121( ~prog_, s.1, x.1 ) ] + --[ Pred_Not_Eq( x.1, 'HELLO' ) ]-> + [ State_1212( ~prog_, s.1, x.1 ) ] + + /* + rule (modulo AC) ifxHELLO_1_121[color=#ffffff, process="if x.1='HELLO'"]: + [ State_121( ~prog_, s, x ) ] + --[ Pred_Not_Eq( x, 'HELLO' ) ]-> + [ State_1212( ~prog_, s, x ) ] + */ rule (modulo E) eventA_0_1211[color=#ffffff, process="event A( );"]: - [ State_1211( ~prog_, s, x ) ] + [ State_1211( ~prog_, s.1, x.1 ) ] --[ ProgressTo_12111( ~prog_ ), A( ) ]-> - [ State_12111( ~prog_, s, x ) ] + [ State_12111( ~prog_, s.1, x.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventA_0_1211[color=#ffffff, process="event A( );"]: + [ State_1211( ~prog_, s, x ) ] + --[ ProgressTo_12111( ~prog_ ), A( ) ]-> + [ State_12111( ~prog_, s, x ) ] + */ rule (modulo E) p_0_12111[color=#ffffff, process="0"]: - [ State_12111( ~prog_, s, x ) ] --> [ ] + [ State_12111( ~prog_, s.1, x.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_12111[color=#ffffff, process="0"]: + [ State_12111( ~prog_, s, x ) ] --> [ ] + */ rule (modulo E) eventB_0_1212[color=#ffffff, process="event B( );"]: - [ State_1212( ~prog_, s, x ) ] + [ State_1212( ~prog_, s.1, x.1 ) ] --[ ProgressTo_12121( ~prog_ ), B( ) ]-> - [ State_12121( ~prog_, s, x ) ] + [ State_12121( ~prog_, s.1, x.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventB_0_1212[color=#ffffff, process="event B( );"]: + [ State_1212( ~prog_, s, x ) ] + --[ ProgressTo_12121( ~prog_ ), B( ) ]-> + [ State_12121( ~prog_, s, x ) ] + */ rule (modulo E) p_0_12121[color=#ffffff, process="0"]: - [ State_12121( ~prog_, s, x ) ] --> [ ] + [ State_12121( ~prog_, s.1, x.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_12121[color=#ffffff, process="0"]: + [ State_12121( ~prog_, s, x ) ] --> [ ] + */ rule (modulo E) eventC_0_122[color=#ffffff, process="event C( );"]: - [ State_122( ~prog_, s ) ] + [ State_122( ~prog_, s.1 ) ] --[ ProgressTo_1221( ~prog_ ), C( ) ]-> - [ State_1221( ~prog_, s ) ] + [ State_1221( ~prog_, s.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventC_0_122[color=#ffffff, process="event C( );"]: + [ State_122( ~prog_, s ) ] + --[ ProgressTo_1221( ~prog_ ), C( ) ]-> + [ State_1221( ~prog_, s ) ] + */ rule (modulo E) p_0_1221[color=#ffffff, process="0"]: - [ State_1221( ~prog_, s ) ] --> [ ] + [ State_1221( ~prog_, s.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_1221[color=#ffffff, process="0"]: + [ State_1221( ~prog_, s ) ] --> [ ] + */ restriction set_in: "∀ x y #t3. @@ -227,17 +301,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/mini5.spthy +analyzing: examples/sapic/fast/feature-progress/mini5.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/mini5.spthy +analyzed: examples/sapic/fast/feature-progress/mini5.spthy - output: examples/sapic/fast/fairexchange-mini/mini5.spthy.tmp - processing time: 0.200768352s + output: examples/sapic/fast/feature-progress/mini5.spthy.tmp + processing time: 0.248448523s A_possible (exists-trace): verified (9 steps) B_impossible (all-traces): verified (3 steps) C_possible (exists-trace): verified (7 steps) @@ -247,10 +321,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/mini5.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/mini5.spthy +analyzed: examples/sapic/fast/feature-progress/mini5.spthy - output: examples/sapic/fast/fairexchange-mini/mini5.spthy.tmp - processing time: 0.200768352s + output: examples/sapic/fast/feature-progress/mini5.spthy.tmp + processing time: 0.248448523s A_possible (exists-trace): verified (9 steps) B_impossible (all-traces): verified (3 steps) C_possible (exists-trace): verified (7 steps) diff --git a/case-studies-regression/sapic/fast/feature-progress/mini6_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini6_analyzed.spthy new file mode 100644 index 000000000..f14c932cc --- /dev/null +++ b/case-studies-regression/sapic/fast/feature-progress/mini6_analyzed.spthy @@ -0,0 +1,255 @@ +theory mini6 begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] +equations: + fst() = x.1, + snd() = x.2, + verify(sign(x.1, x.2), x.1, pk(x.2)) = true + +heuristic: p + +section{* small example for progression function *} + + + + + + + + + +lemma A_possible: + exists-trace "∃ #t. A( ) @ #t" +/* +guarded formula characterizing all satisfying traces: +"∃ #t. (A( ) @ #t)" +*/ +simplify +solve( State_1111( ~prog_, ~prog_11, ~prog_1111, a, m ) ▶₀ #t ) + case inrm_0_111 + solve( State_( ~prog_ ) ▶₀ #t.2 ) + case Init + solve( State_( ~prog_ ) ▶₀ #t.3 ) + case Init + solve( State_1111( ~prog_.1, ~prog_11.1, ~prog_1111, a, m.1 ) ▶₀ #t.3 ) + case inrm_0_111 + solve( State_( ~prog_ ) ▶₀ #t.3 ) + case Init + solve( (∃ #t. (ProgressTo_111( ~prog_11 ) @ #t)) ∥ + (∃ #t. (ProgressTo_1121( ~prog_11 ) @ #t)) ) + case case_1 + solve( State_11( ~prog_.1, ~prog_11, a ) ▶₀ #t.3 ) + case p_1_1 + solve( State_( ~prog_ ) ▶₀ #t.3 ) + case Init + SOLVED // trace found + qed + qed + qed + qed + qed + qed + qed +qed + +lemma B_impossible: + all-traces "¬(∃ #t. B( ) @ #t)" +/* +guarded formula characterizing all counter-examples: +"∃ #t. (B( ) @ #t)" +*/ +simplify +by solve( State_112( ~prog_, ~prog_11, a ) ▶₀ #t ) + +rule (modulo E) MessageIDRule[color=#ffffff, process="new a.1;"]: + [ Fr( ~mid_ ) ] --> [ MID_Receiver( ~mid_ ), MID_Sender( ~mid_ ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) Init[color=#ffffff, process="new a.1;"]: + [ Fr( ~prog_ ) ] + --[ ProgressFrom_( ~prog_ ), Init( ) ]-> + [ State_( ~prog_ ) ] + + /* has exactly the trivial AC variant */ + +rule (modulo E) newa_0_[color=#ffffff, process="new a.1;"]: + [ State_( ~prog_ ), Fr( a.1 ) ] + --[ ProgressTo_1( ~prog_ ) ]-> + [ State_1( ~prog_, a.1 ) ] + + /* + rule (modulo AC) newa_0_[color=#ffffff, process="new a.1;"]: + [ State_( ~prog_ ), Fr( a ) ] + --[ ProgressTo_1( ~prog_ ) ]-> + [ State_1( ~prog_, a ) ] + */ + +rule (modulo E) p_0_1[color=#ffffff, process="!"]: + [ State_1( ~prog_, a.1 ) ] --> [ !Semistate_11( ~prog_, a.1 ) ] + + /* + rule (modulo AC) p_0_1[color=#ffffff, process="!"]: + [ State_1( ~prog_, a ) ] --> [ !Semistate_11( ~prog_, a ) ] + */ + +rule (modulo E) p_1_1[color=#ffffff, process="!"]: + [ Fr( ~prog_11 ), !Semistate_11( ~prog_, a.1 ) ] + --[ ProgressFrom_11( ~prog_11 ) ]-> + [ State_11( ~prog_, ~prog_11, a.1 ) ] + + /* + rule (modulo AC) p_1_1[color=#ffffff, process="!"]: + [ Fr( ~prog_11 ), !Semistate_11( ~prog_, a ) ] + --[ ProgressFrom_11( ~prog_11 ) ]-> + [ State_11( ~prog_, ~prog_11, a ) ] + */ + +rule (modulo E) ifaa_0_11[color=#ffffff, process="if a.1=a.1"]: + [ State_11( ~prog_, ~prog_11, a.1 ) ] + --[ ProgressTo_111( ~prog_11 ), Pred_Eq( a.1, a.1 ) ]-> + [ State_111( ~prog_, ~prog_11, a.1 ) ] + + /* + rule (modulo AC) ifaa_0_11[color=#ffffff, process="if a.1=a.1"]: + [ State_11( ~prog_, ~prog_11, a ) ] + --[ ProgressTo_111( ~prog_11 ), Pred_Eq( a, a ) ]-> + [ State_111( ~prog_, ~prog_11, a ) ] + */ + +rule (modulo E) ifaa_1_11[color=#ffffff, process="if a.1=a.1"]: + [ State_11( ~prog_, ~prog_11, a.1 ) ] + --[ Pred_Not_Eq( a.1, a.1 ) ]-> + [ State_112( ~prog_, ~prog_11, a.1 ) ] + + /* + rule (modulo AC) ifaa_1_11[color=#ffffff, process="if a.1=a.1"]: + [ State_11( ~prog_, ~prog_11, a ) ] + --[ Pred_Not_Eq( a, a ) ]-> + [ State_112( ~prog_, ~prog_11, a ) ] + */ + +rule (modulo E) inrm_0_111[color=#ffffff, process="in('r',m.1);"]: + [ + Fr( ~prog_1111 ), State_111( ~prog_, ~prog_11, a.1 ), In( m.1 ), + MID_Receiver( ~mid_111 ) + ] + --[ ProgressFrom_1111( ~prog_1111 ), Receive( ~mid_111, m.1 ) ]-> + [ State_1111( ~prog_, ~prog_11, ~prog_1111, a.1, m.1 ) ] + + /* + rule (modulo AC) inrm_0_111[color=#ffffff, process="in('r',m.1);"]: + [ + Fr( ~prog_1111 ), State_111( ~prog_, ~prog_11, a ), In( m ), + MID_Receiver( ~mid_111 ) + ] + --[ ProgressFrom_1111( ~prog_1111 ), Receive( ~mid_111, m ) ]-> + [ State_1111( ~prog_, ~prog_11, ~prog_1111, a, m ) ] + */ + +rule (modulo E) eventA_0_1111[color=#ffffff, process="event A( );"]: + [ State_1111( ~prog_, ~prog_11, ~prog_1111, a.1, m.1 ) ] + --[ ProgressTo_11111( ~prog_1111 ), A( ) ]-> + [ State_11111( ~prog_, ~prog_11, ~prog_1111, a.1, m.1 ) ] + + /* + rule (modulo AC) eventA_0_1111[color=#ffffff, process="event A( );"]: + [ State_1111( ~prog_, ~prog_11, ~prog_1111, a, m ) ] + --[ ProgressTo_11111( ~prog_1111 ), A( ) ]-> + [ State_11111( ~prog_, ~prog_11, ~prog_1111, a, m ) ] + */ + +rule (modulo E) p_0_11111[color=#ffffff, process="0"]: + [ State_11111( ~prog_, ~prog_11, ~prog_1111, a.1, m.1 ) ] --> [ ] + + /* + rule (modulo AC) p_0_11111[color=#ffffff, process="0"]: + [ State_11111( ~prog_, ~prog_11, ~prog_1111, a, m ) ] --> [ ] + */ + +rule (modulo E) eventB_0_112[color=#ffffff, process="event B( );"]: + [ State_112( ~prog_, ~prog_11, a.1 ) ] + --[ ProgressTo_1121( ~prog_11 ), B( ) ]-> + [ State_1121( ~prog_, ~prog_11, a.1 ) ] + + /* + rule (modulo AC) eventB_0_112[color=#ffffff, process="event B( );"]: + [ State_112( ~prog_, ~prog_11, a ) ] + --[ ProgressTo_1121( ~prog_11 ), B( ) ]-> + [ State_1121( ~prog_, ~prog_11, a ) ] + */ + +rule (modulo E) p_0_1121[color=#ffffff, process="0"]: + [ State_1121( ~prog_, ~prog_11, a.1 ) ] --> [ ] + + /* + rule (modulo AC) p_0_1121[color=#ffffff, process="0"]: + [ State_1121( ~prog_, ~prog_11, a ) ] --> [ ] + */ + +restriction predicate_eq: + "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" + // safety formula + +restriction predicate_not_eq: + "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" + // safety formula + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +restriction Progress__to_1: + "∀ prog_ #t. + (ProgressFrom_( prog_ ) @ #t) ⇒ (∃ #t.1. ProgressTo_1( prog_ ) @ #t.1)" + +restriction Progress_11_to_111_or_1121: + "∀ prog_11 #t. + (ProgressFrom_11( prog_11 ) @ #t) ⇒ + ((∃ #t.1. ProgressTo_111( prog_11 ) @ #t.1) ∨ + (∃ #t.1. ProgressTo_1121( prog_11 ) @ #t.1))" + +restriction Progress_1111_to_11111: + "∀ prog_1111 #t. + (ProgressFrom_1111( prog_1111 ) @ #t) ⇒ + (∃ #t.1. ProgressTo_11111( prog_1111 ) @ #t.1)" + +restriction progressInit: + "∃ #t. Init( ) @ #t" + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/feature-progress/mini6.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/feature-progress/mini6.spthy + + output: examples/sapic/fast/feature-progress/mini6.spthy.tmp + processing time: 0.164903898s + A_possible (exists-trace): verified (10 steps) + B_impossible (all-traces): verified (2 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/feature-progress/mini6.spthy + + output: examples/sapic/fast/feature-progress/mini6.spthy.tmp + processing time: 0.164903898s + A_possible (exists-trace): verified (10 steps) + B_impossible (all-traces): verified (2 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini7_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini7_analyzed.spthy similarity index 92% rename from case-studies-regression/sapic/fast/fairexchange-mini/mini7_analyzed.spthy rename to case-studies-regression/sapic/fast/feature-progress/mini7_analyzed.spthy index 15451cf7d..11655b19c 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini7_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-progress/mini7_analyzed.spthy @@ -2,7 +2,8 @@ theory mini7 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -220,17 +229,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/mini7.spthy +analyzing: examples/sapic/fast/feature-progress/mini7.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/mini7.spthy +analyzed: examples/sapic/fast/feature-progress/mini7.spthy - output: examples/sapic/fast/fairexchange-mini/mini7.spthy.tmp - processing time: 0.117587324s + output: examples/sapic/fast/feature-progress/mini7.spthy.tmp + processing time: 0.093616557s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (8 steps) C_possible (exists-trace): verified (8 steps) @@ -242,10 +251,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/mini7.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/mini7.spthy +analyzed: examples/sapic/fast/feature-progress/mini7.spthy - output: examples/sapic/fast/fairexchange-mini/mini7.spthy.tmp - processing time: 0.117587324s + output: examples/sapic/fast/feature-progress/mini7.spthy.tmp + processing time: 0.093616557s A_possible (exists-trace): verified (5 steps) B_possible (exists-trace): verified (8 steps) C_possible (exists-trace): verified (8 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini8_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini8_analyzed.spthy similarity index 64% rename from case-studies-regression/sapic/fast/fairexchange-mini/mini8_analyzed.spthy rename to case-studies-regression/sapic/fast/feature-progress/mini8_analyzed.spthy index 427f8648b..ddd7cde0b 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini8_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-progress/mini8_analyzed.spthy @@ -2,7 +2,8 @@ theory mini8 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_enforced: all-traces "∃ #t. A( ) @ #t" /* @@ -58,24 +67,37 @@ rule (modulo E) eventA_0_[color=#ffffff, process="event A( );"]: /* has exactly the trivial AC variant */ -rule (modulo E) incm_0_1[color=#ffffff, process="in('c',m);"]: - [ Fr( ~prog_11 ), State_1( ~prog_ ), In( <'c', m> ) ] - --[ ProgressFrom_11( ~prog_11 ), ChannelIn( <'c', m> ) ]-> - [ State_11( ~prog_, ~prog_11, m ) ] +rule (modulo E) incm_0_1[color=#ffffff, process="in('c',m.1);"]: + [ Fr( ~prog_11 ), State_1( ~prog_ ), In( <'c', m.1> ) ] + --[ ProgressFrom_11( ~prog_11 ), ChannelIn( <'c', m.1> ) ]-> + [ State_11( ~prog_, ~prog_11, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incm_0_1[color=#ffffff, process="in('c',m.1);"]: + [ Fr( ~prog_11 ), State_1( ~prog_ ), In( <'c', m> ) ] + --[ ProgressFrom_11( ~prog_11 ), ChannelIn( <'c', m> ) ]-> + [ State_11( ~prog_, ~prog_11, m ) ] + */ rule (modulo E) eventB_0_11[color=#ffffff, process="event B( );"]: - [ State_11( ~prog_, ~prog_11, m ) ] + [ State_11( ~prog_, ~prog_11, m.1 ) ] --[ ProgressTo_111( ~prog_11 ), B( ) ]-> - [ State_111( ~prog_, ~prog_11, m ) ] + [ State_111( ~prog_, ~prog_11, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventB_0_11[color=#ffffff, process="event B( );"]: + [ State_11( ~prog_, ~prog_11, m ) ] + --[ ProgressTo_111( ~prog_11 ), B( ) ]-> + [ State_111( ~prog_, ~prog_11, m ) ] + */ rule (modulo E) p_0_111[color=#ffffff, process="0"]: - [ State_111( ~prog_, ~prog_11, m ) ] --> [ ] + [ State_111( ~prog_, ~prog_11, m.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_111[color=#ffffff, process="0"]: + [ State_111( ~prog_, ~prog_11, m ) ] --> [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -98,17 +120,17 @@ restriction progressInit: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/mini8.spthy +analyzing: examples/sapic/fast/feature-progress/mini8.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/mini8.spthy +analyzed: examples/sapic/fast/feature-progress/mini8.spthy - output: examples/sapic/fast/fairexchange-mini/mini8.spthy.tmp - processing time: 0.058462667s + output: examples/sapic/fast/feature-progress/mini8.spthy.tmp + processing time: 0.030931229s A_enforced (all-traces): verified (2 steps) B_not_enforced (exists-trace): verified (5 steps) @@ -117,10 +139,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/mini8.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/mini8.spthy +analyzed: examples/sapic/fast/feature-progress/mini8.spthy - output: examples/sapic/fast/fairexchange-mini/mini8.spthy.tmp - processing time: 0.058462667s + output: examples/sapic/fast/feature-progress/mini8.spthy.tmp + processing time: 0.030931229s A_enforced (all-traces): verified (2 steps) B_not_enforced (exists-trace): verified (5 steps) diff --git a/case-studies-regression/sapic/fast/fairexchange-mini/mini9_analyzed.spthy b/case-studies-regression/sapic/fast/feature-progress/mini9_analyzed.spthy similarity index 83% rename from case-studies-regression/sapic/fast/fairexchange-mini/mini9_analyzed.spthy rename to case-studies-regression/sapic/fast/feature-progress/mini9_analyzed.spthy index 992e66f3b..580d88776 100644 --- a/case-studies-regression/sapic/fast/fairexchange-mini/mini9_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-progress/mini9_analyzed.spthy @@ -2,7 +2,8 @@ theory mini9 begin // Function signature and definition of the equational theory E -functions: fst/1, h/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], h/1, pair/2, pk/1, sign/2, + snd/1[destructor], true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -12,6 +13,14 @@ heuristic: p section{* small example for progression function *} + + + + + + + + lemma A_possible: exists-trace "∃ #t. A( ) @ #t" /* @@ -150,24 +159,37 @@ rule (modulo E) p_0_1111[color=#ffffff, process="0"]: /* has exactly the trivial AC variant */ -rule (modulo E) incm_0_112[color=#ffffff, process="in('c',m);"]: - [ State_11( ~prog_ ), In( <'c', m> ) ] - --[ ChannelIn( <'c', m> ) ]-> - [ State_1121( ~prog_, m ) ] +rule (modulo E) incm_0_112[color=#ffffff, process="in('c',m.1);"]: + [ State_11( ~prog_ ), In( <'c', m.1> ) ] + --[ ChannelIn( <'c', m.1> ) ]-> + [ State_1121( ~prog_, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incm_0_112[color=#ffffff, process="in('c',m.1);"]: + [ State_11( ~prog_ ), In( <'c', m> ) ] + --[ ChannelIn( <'c', m> ) ]-> + [ State_1121( ~prog_, m ) ] + */ rule (modulo E) eventB_0_1121[color=#ffffff, process="event B( );"]: - [ State_1121( ~prog_, m ) ] + [ State_1121( ~prog_, m.1 ) ] --[ ProgressTo_11211( ~prog_ ), B( ) ]-> - [ State_11211( ~prog_, m ) ] + [ State_11211( ~prog_, m.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventB_0_1121[color=#ffffff, process="event B( );"]: + [ State_1121( ~prog_, m ) ] + --[ ProgressTo_11211( ~prog_ ), B( ) ]-> + [ State_11211( ~prog_, m ) ] + */ rule (modulo E) p_0_11211[color=#ffffff, process="0"]: - [ State_11211( ~prog_, m ) ] --> [ ] + [ State_11211( ~prog_, m.1 ) ] --> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_0_11211[color=#ffffff, process="0"]: + [ State_11211( ~prog_, m ) ] --> [ ] + */ rule (modulo E) inrHelp_0_12[color=#ffffff, process="in('r','Help');"]: [ @@ -222,17 +244,17 @@ restriction reliable: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. -analyzing: examples/sapic/fast/fairexchange-mini/mini9.spthy +analyzing: examples/sapic/fast/feature-progress/mini9.spthy ------------------------------------------------------------------------------ -analyzed: examples/sapic/fast/fairexchange-mini/mini9.spthy +analyzed: examples/sapic/fast/feature-progress/mini9.spthy - output: examples/sapic/fast/fairexchange-mini/mini9.spthy.tmp - processing time: 0.180402583s + output: examples/sapic/fast/feature-progress/mini9.spthy.tmp + processing time: 0.221098187s A_possible (exists-trace): verified (15 steps) B_possible (exists-trace): verified (7 steps) A_or_B (all-traces): verified (7 steps) @@ -242,10 +264,10 @@ analyzed: examples/sapic/fast/fairexchange-mini/mini9.spthy ============================================================================== summary of summaries: -analyzed: examples/sapic/fast/fairexchange-mini/mini9.spthy +analyzed: examples/sapic/fast/feature-progress/mini9.spthy - output: examples/sapic/fast/fairexchange-mini/mini9.spthy.tmp - processing time: 0.180402583s + output: examples/sapic/fast/feature-progress/mini9.spthy.tmp + processing time: 0.221098187s A_possible (exists-trace): verified (15 steps) B_possible (exists-trace): verified (7 steps) A_or_B (all-traces): verified (7 steps) diff --git a/case-studies-regression/sapic/fast/feature-secret-channel/U2F_analyzed.spthy b/case-studies-regression/sapic/fast/feature-secret-channel/U2F_analyzed.spthy new file mode 100644 index 000000000..ae9d91c42 --- /dev/null +++ b/case-studies-regression/sapic/fast/feature-secret-channel/U2F_analyzed.spthy @@ -0,0 +1,8443 @@ +theory U2F begin + +// Function signature and definition of the equational theory E + +functions: checksign/2, fst/1[destructor], getmess/1, pair/2, pk/1, + sign/2, snd/1[destructor], succ/1 +equations: + checksign(sign(m, k), pk(k)) = m, + fst() = x.1, + getmess(sign(m, k)) = m, + snd() = x.2 + +heuristic: p + + + + + + + + + + + +lemma auth [reuse, use_induction]: + all-traces + "∀ #i cnt. + (ServerAccept( cnt ) @ #i) ⇒ (∃ #j cntb. UserInit( cntb ) @ #j)" +/* +guarded formula characterizing all counter-examples: +"∃ #i cnt. + (ServerAccept( cnt ) @ #i) ∧ ∀ #j cntb. (UserInit( cntb ) @ #j) ⇒ ⊥" +*/ +induction + case empty_trace + by contradiction /* from formulas */ +next + case non_empty_trace + simplify + solve( (∀ #i cnt. + (ServerAccept( cnt ) @ #i) + ⇒ + ((last(#i)) ∨ (∃ #j cntb. (UserInit( cntb ) @ #j) ∧ ¬(last(#j))))) ∥ + (∃ x y #t3. + (IsIn( x, y ) @ #t3) + ∧ + (¬(last(#t3))) ∧ + (∀ #t2. + (Insert( x, y ) @ #t2) + ⇒ + ((last(#t2)) ∨ + (#t2 = #t3) ∨ + (#t3 < #t2) ∨ + (∃ #t1 yp. + (Insert( x, yp ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ + (¬(#t1 = #t2)) ∧ + (((#t3 = #t1) ∨ (#t1 < #t3))))))) ∥ + (∃ p pp l x lp #t1 #t3. + (Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) + ∧ + (¬(last(#t3))) ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t3) ∨ + (#t3 < #t1) ∨ + (∀ #t2. + (Unlock_0( p, l, x ) @ #t2) + ⇒ + ((last(#t2)) ∨ + (#t1 = #t2) ∨ + (#t2 < #t1) ∨ + (#t2 = #t3) ∨ + (#t3 < #t2) ∨ + (∃ #t0 pp.1. + (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (∃ pp.1 lpp #t0. + (Lock( pp.1, lpp, x ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (¬(#t0 = #t1)) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ + (∃ pp.1 lpp #t0. + (Unlock( pp.1, lpp, x ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ + (¬(#t2 = #t0))))))) ∧ + (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ + (¬(#t1 = #t3))) ∥ + (∃ p pp l x lp #t1 #t3. + (Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) + ∧ + (¬(last(#t3))) ∧ + (¬(last(#t1))) ∧ + (((#t1 = #t3) ∨ + (#t3 < #t1) ∨ + (∀ #t2. + (Unlock_1( p, l, x ) @ #t2) + ⇒ + ((last(#t2)) ∨ + (#t1 = #t2) ∨ + (#t2 < #t1) ∨ + (#t2 = #t3) ∨ + (#t3 < #t2) ∨ + (∃ #t0 pp.1. + (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (∃ pp.1 lpp #t0. + (Lock( pp.1, lpp, x ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (¬(#t0 = #t1)) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ + (∃ pp.1 lpp #t0. + (Unlock( pp.1, lpp, x ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ + (¬(#t2 = #t0))))))) ∧ + (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ + (¬(#t1 = #t3))) ) + case case_1 + solve( (last(#i)) ∥ (∃ #j cntb. (UserInit( cntb ) @ #j) ∧ ¬(last(#j))) ) + case case_1 + solve( State_111111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, + cnt, log, pass, signed, u2fkey + ) ▶₀ #i ) + case lookupEvServerascnt_0_11111111111111111111_case_1 + solve( (#vr.13 < #t2) ∥ (#vr.13 = #t2) ) + case case_1 + solve( Ack( ~tls, ~n.1 ) ▶₁ #vr.4 ) + case inufchannelpayloadbitstring_0_1111111111121 + by solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, ~n.2 + ) ▶₀ #vr.5 ) + next + case outtlschannelchallbitstring_1_1111111111111111 + by solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, ~n.2 + ) ▶₀ #vr.5 ) + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + by solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, ~n.2 + ) ▶₀ #vr.5 ) + qed + next + case case_2 + solve( Ack( ~tls, ~n.1 ) ▶₁ #vr.4 ) + case inufchannelpayloadbitstring_0_1111111111121 + by solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, ~n.2 + ) ▶₀ #vr.5 ) + next + case outtlschannelchallbitstring_1_1111111111111111 + by solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, ~n.2 + ) ▶₀ #vr.5 ) + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + by solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, ~n.2 + ) ▶₀ #vr.5 ) + qed + qed + next + case lookupEvServerascnt_0_11111111111111111111_case_2 + solve( (#vr.16 < #t2) ∥ (#vr.16 = #t2) ) + case case_1 + solve( Ack( ~tls, ~n.1 ) ▶₁ #vr.4 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + solve( Ack( ~tls, ~n.1 ) ▶₁ #vr.4 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey + ) ▶₀ #vr.5 ) + case intlschannellogpass_1_11111111111111_case_1 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case intlschannellogpass_1_11111111111111_case_2 + solve( Ack( ~u2f, ) ▶₁ #vr.8 ) + case inufchannelpayloadbitstring_0_1111111111121 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111 + solve( Message( ~u2f, sign(<~n.2, ~n.3, ~n.1>, ~n.4) ) ▶₂ #vr.8 ) + case outufchannelsignpayloadbitstringufkey_0_1111111111121111 + solve( Ack( ~tls, ) ▶₁ #vr.11 ) + case intlschannellogpass_0_11111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case intlschannellogpass_0_11111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_1 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannelchallbitstring_1_1111111111111111_case_2 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + next + case outtlschannellgbitstringpssbitstring_1_1111111111211 + solve( Message( ~tls, chall ) ▶₂ #vr.11 ) + case newchallbitstring_0_111111111111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannellgbitstringpssbitstring_0_1111111111211 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + next + case outtlschannelsignedbitstring_0_11111111112111111 + solve( Message( ~kb, ) ▶₁ #vr.14 ) + case unlockEvToken_0_111111111111211111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (#t1 = #t2) ∥ (#t2 < #t1) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + next + case case_3 + solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ + (∀ #t2. + (Unlock_0( '0', ~n, 'EvServer' ) @ #t2) + ⇒ + ((last(#t2)) ∨ + (#t1 = #t2) ∨ + (#t2 < #t1) ∨ + (#t2 = #t3) ∨ + (#t3 < #t2) ∨ + (∃ #t0 pp. + (Unlock( pp, ~n, 'EvServer' ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (∃ pp lpp #t0. + (Lock( pp, lpp, 'EvServer' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (¬(#t0 = #t1)) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ + (∃ pp lpp #t0. + (Unlock( pp, lpp, 'EvServer' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ + (¬(#t2 = #t0))))) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t3 = #t1) ∥ (#t1 < #t3) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (∃ #t0 pp. + (Unlock( pp, ~n, 'EvServer' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ + (∃ pp lpp #t0. + (Lock( pp, lpp, 'EvServer' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (¬(#t0 = #t1)) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ + (∃ pp lpp #t0. + (Unlock( pp, lpp, 'EvServer' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ + (¬(#t2 = #t0))) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t0 = #t1) ∥ (#t1 < #t0) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + next + case case_3 + solve( (#t0 = #t1) ∥ (#t1 < #t0) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2 = #t0) ∥ (#t0 < #t2) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case case_4 + solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ + (∀ #t2. + (Unlock_1( '1', ~n, 'EvToken' ) @ #t2) + ⇒ + ((last(#t2)) ∨ + (#t1 = #t2) ∨ + (#t2 < #t1) ∨ + (#t2 = #t3) ∨ + (#t3 < #t2) ∨ + (∃ #t0 pp. + (Unlock( pp, ~n, 'EvToken' ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (∃ pp lpp #t0. + (Lock( pp, lpp, 'EvToken' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (¬(#t0 = #t1)) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ + (∃ pp lpp #t0. + (Unlock( pp, lpp, 'EvToken' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ + (¬(#t2 = #t0))))) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t3 = #t1) ∥ (#t1 < #t3) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (∃ #t0 pp. + (Unlock( pp, ~n, 'EvToken' ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ + (∃ pp lpp #t0. + (Lock( pp, lpp, 'EvToken' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (¬(#t0 = #t1)) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ + (∃ pp lpp #t0. + (Unlock( pp, lpp, 'EvToken' ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ + (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ + (¬(#t2 = #t0))) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t0 = #t1) ∥ (#t1 < #t0) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + next + case case_3 + solve( (#t0 = #t1) ∥ (#t1 < #t0) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2 = #t0) ∥ (#t0 < #t2) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed +qed + + + + + + + + + + + +rule (modulo E) Init[color=#ffffff, process="new ~tls.1:channel;"]: + [ + Fr( ~tls.1 ), Fr( ~u2f.1 ), Fr( ~kb.1 ), Fr( ~btn.1 ), Fr( log.1 ), + Fr( pass.1 ), Fr( u2fkey.1 ) + ] + --[ Init( ) ]-> + [ State_1111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, u2fkey.1 ) + ] + + /* + rule (modulo AC) Init[color=#ffffff, process="new ~tls.1:channel;"]: + [ + Fr( ~tls ), Fr( ~u2f ), Fr( ~kb ), Fr( ~btn ), Fr( log ), Fr( pass ), + Fr( u2fkey ) + ] + --[ Init( ) ]-> + [ State_1111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) ] + */ + +rule (modulo E) insertEvTokenzero_0_1111111[color=#ffffff, + process="insert 'EvToken','zero';"]: + [ State_1111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, u2fkey.1 ) + ] + --[ Insert( 'EvToken', 'zero' ) ]-> + [ + State_11111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, u2fkey.1 ) + ] + + /* + rule (modulo AC) insertEvTokenzero_0_1111111[color=#ffffff, + process="insert 'EvToken','zero';"]: + [ State_1111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) ] + --[ Insert( 'EvToken', 'zero' ) ]-> + [ State_11111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) ] + */ + +rule (modulo E) insertEvServerzero_0_11111111[color=#ffffff, + process="insert 'EvServer','zero';"]: + [ + State_11111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, u2fkey.1 ) + ] + --[ Insert( 'EvServer', 'zero' ) ]-> + [ + !Semistate_1111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ) + ] + + /* + rule (modulo AC) insertEvServerzero_0_11111111[color=#ffffff, + process="insert 'EvServer','zero';"]: + [ State_11111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) ] + --[ Insert( 'EvServer', 'zero' ) ]-> + [ !Semistate_1111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) ] + */ + +rule (modulo E) intlschannellogpass_0_11111111111111[color=#40805b, + process="in(~tls.1:channel,<=log.1, =pass.1>);"]: + [ + State_11111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + Message( ~tls.1, x.2 ) + ] + --> + [ + Let_111111111111111( x.2, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + Ack( ~tls.1, x.2 ) + ] + + /* + rule (modulo AC) intlschannellogpass_0_11111111111111[color=#40805b, + process="in(~tls.1:channel,<=log.1, =pass.1>);"]: + [ + State_11111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + Message( ~tls, x ) + ] + --> + [ + Let_111111111111111( x, ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + Ack( ~tls, x ) + ] + */ + +rule (modulo E) intlschannellogpass_1_11111111111111[color=#40805b, + process="in(~tls.1:channel,<=log.1, =pass.1>);"]: + [ + Let_111111111111111( , ~btn.1, ~kb.1, ~tls.1, ~u2f.1, + log.1, pass.1, u2fkey.1 + ) + ] + --> + [ + State_111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ) + ] + + /* + rule (modulo AC) intlschannellogpass_1_11111111111111[color=#40805b, + process="in(~tls.1:channel,<=log.1, =pass.1>);"]: + [ + Let_111111111111111( , ~btn, ~kb, ~tls, ~u2f, log, pass, + u2fkey + ) + ] + --> + [ State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) ] + */ + +rule (modulo E) newchallbitstring_0_111111111111111[color=#40805b, + process="new chall.1:bitstring;"]: + [ + State_111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + Fr( chall.1 ) + ] + --> + [ + Message( ~tls.1, chall.1 ), + Semistate_11111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, + log.1, pass.1, u2fkey.1 + ) + ] + + // loop breaker: [0] + /* + rule (modulo AC) newchallbitstring_0_111111111111111[color=#40805b, + process="new chall.1:bitstring;"]: + [ + State_111111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + Fr( chall ) + ] + --> + [ + Message( ~tls, chall ), + Semistate_11111111111111111( ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + u2fkey + ) + ] + // loop breaker: [0] + */ + +rule (modulo E) outtlschannelchallbitstring_1_1111111111111111[color=#40805b, + process="out(~tls.1:channel,chall.1:bitstring);"]: + [ + Semistate_11111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, + log.1, pass.1, u2fkey.1 + ), + Ack( ~tls.1, chall.1 ), Message( ~tls.1, x.2 ) + ] + --> + [ + Let_111111111111111111( x.2, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, + log.1, pass.1, u2fkey.1 + ), + Ack( ~tls.1, x.2 ) + ] + + // loop breaker: [1] + /* + rule (modulo AC) outtlschannelchallbitstring_1_1111111111111111[color=#40805b, + process="out(~tls.1:channel,chall.1:bitstring);"]: + [ + Semistate_11111111111111111( ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + u2fkey + ), + Ack( ~tls, chall ), Message( ~tls, x ) + ] + --> + [ + Let_111111111111111111( x, ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + u2fkey + ), + Ack( ~tls, x ) + ] + // loop breaker: [1] + */ + +rule (modulo E) intlschannelsignedbitstring_1_11111111111111111[color=#40805b, + process="in(~tls.1:channel,signed.1:bitstring);"]: + [ + Let_111111111111111111( signed.1, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, + log.1, pass.1, u2fkey.1 + ) + ] + --> + [ + State_111111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, log.1, + pass.1, signed.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) intlschannelsignedbitstring_1_11111111111111111[color=#40805b, + process="in(~tls.1:channel,signed.1:bitstring);"]: + [ + Let_111111111111111111( signed, ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + u2fkey + ) + ] + --> + [ + State_111111111111111111( ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + signed, u2fkey + ) + ] + */ + +rule (modulo E) ifchecksignsignedbitstringpkufkeylogpasschallbitstring_0_111111111111111111[color=#40805b, + process="if checksign(signed.1:bitstring, pk(u2fkey.1))="]: + [ + State_111111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, log.1, + pass.1, signed.1, u2fkey.1 + ) + ] + --[ + Pred_Eq( checksign(signed.1, pk(u2fkey.1)), ) + ]-> + [ + State_1111111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, log.1, + pass.1, signed.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) ifchecksignsignedbitstringpkufkeylogpasschallbitstring_0_111111111111111111[color=#40805b, + process="if checksign(signed.1:bitstring, pk(u2fkey.1))="]: + [ + State_111111111111111111( ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + signed, u2fkey + ) + ] + --[ Pred_Eq( z, ) ]-> + [ + State_1111111111111111111( ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + signed, u2fkey + ) + ] + variants (modulo AC) + 1. signed + = signed.12 + u2fkey + = u2fkey.12 + z = checksign(signed.12, pk(u2fkey.12)) + + 2. signed + = sign(x.12, x.13) + u2fkey + = x.13 + z = x.12 + */ + +rule (modulo E) lockEvServer_0_1111111111111111111[color=#40805b, + process="lock 'EvServer';"]: + [ + State_1111111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, log.1, + pass.1, signed.1, u2fkey.1 + ), + Fr( lock ) + ] + --[ Lock_0( '0', lock, 'EvServer' ), Lock( '0', lock, 'EvServer' ) ]-> + [ + State_11111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, + log.1, pass.1, signed.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) lockEvServer_0_1111111111111111111[color=#40805b, + process="lock 'EvServer';"]: + [ + State_1111111111111111111( ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + signed, u2fkey + ), + Fr( lock ) + ] + --[ Lock_0( '0', lock, 'EvServer' ), Lock( '0', lock, 'EvServer' ) ]-> + [ + State_11111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, log, + pass, signed, u2fkey + ) + ] + */ + +rule (modulo E) lookupEvServerascnt_0_11111111111111111111[color=#40805b, + process="lookup 'EvServer' as cnt.1"]: + [ + State_11111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, + log.1, pass.1, signed.1, u2fkey.1 + ) + ] + --[ IsIn( 'EvServer', cnt.1 ) ]-> + [ + State_111111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, + chall.1, cnt.1, log.1, pass.1, signed.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) lookupEvServerascnt_0_11111111111111111111[color=#40805b, + process="lookup 'EvServer' as cnt.1"]: + [ + State_11111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, log, + pass, signed, u2fkey + ) + ] + --[ IsIn( 'EvServer', cnt ) ]-> + [ + State_111111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, cnt, + log, pass, signed, u2fkey + ) + ] + */ + +rule (modulo E) eventServerAcceptcnt_0_111111111111111111111[color=#40805b, + process="event ServerAccept( cnt.1 );"]: + [ + State_111111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, + chall.1, cnt.1, log.1, pass.1, signed.1, u2fkey.1 + ) + ] + --[ ServerAccept( cnt.1 ) ]-> + [ + State_1111111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, + chall.1, cnt.1, log.1, pass.1, signed.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) eventServerAcceptcnt_0_111111111111111111111[color=#40805b, + process="event ServerAccept( cnt.1 );"]: + [ + State_111111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, cnt, + log, pass, signed, u2fkey + ) + ] + --[ ServerAccept( cnt ) ]-> + [ + State_1111111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, cnt, + log, pass, signed, u2fkey + ) + ] + */ + +rule (modulo E) insertEvServersucccnt_0_1111111111111111111111[color=#40805b, + process="insert 'EvServer',succ(cnt.1);"]: + [ + State_1111111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, + chall.1, cnt.1, log.1, pass.1, signed.1, u2fkey.1 + ) + ] + --[ Insert( 'EvServer', succ(cnt.1) ) ]-> + [ + State_11111111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, + chall.1, cnt.1, log.1, pass.1, signed.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) insertEvServersucccnt_0_1111111111111111111111[color=#40805b, + process="insert 'EvServer',succ(cnt.1);"]: + [ + State_1111111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, cnt, + log, pass, signed, u2fkey + ) + ] + --[ Insert( 'EvServer', succ(cnt) ) ]-> + [ + State_11111111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, cnt, + log, pass, signed, u2fkey + ) + ] + */ + +rule (modulo E) unlockEvServer_0_11111111111111111111111[color=#40805b, + process="unlock 'EvServer';"]: + [ + State_11111111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, + chall.1, cnt.1, log.1, pass.1, signed.1, u2fkey.1 + ) + ] + --[ Unlock_0( '0', lock, 'EvServer' ), Unlock( '0', lock, 'EvServer' ) + ]-> + [ ] + + /* + rule (modulo AC) unlockEvServer_0_11111111111111111111111[color=#40805b, + process="unlock 'EvServer';"]: + [ + State_11111111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, cnt, + log, pass, signed, u2fkey + ) + ] + --[ Unlock_0( '0', lock, 'EvServer' ), Unlock( '0', lock, 'EvServer' ) + ]-> + [ ] + */ + +rule (modulo E) lookupEvServerascnt_1_11111111111111111111[color=#40805b, + process="lookup 'EvServer' as cnt.1"]: + [ + State_11111111111111111111( lock, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, + log.1, pass.1, signed.1, u2fkey.1 + ) + ] + --[ IsNotSet( 'EvServer' ) ]-> + [ ] + + /* + rule (modulo AC) lookupEvServerascnt_1_11111111111111111111[color=#40805b, + process="lookup 'EvServer' as cnt.1"]: + [ + State_11111111111111111111( lock, ~btn, ~kb, ~tls, ~u2f, chall, log, + pass, signed, u2fkey + ) + ] + --[ IsNotSet( 'EvServer' ) ]-> + [ ] + */ + +rule (modulo E) ifchecksignsignedbitstringpkufkeylogpasschallbitstring_1_111111111111111111[color=#40805b, + process="if checksign(signed.1:bitstring, pk(u2fkey.1))="]: + [ + State_111111111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, chall.1, log.1, + pass.1, signed.1, u2fkey.1 + ) + ] + --[ + Pred_Not_Eq( checksign(signed.1, pk(u2fkey.1)), + ) + ]-> + [ ] + + /* + rule (modulo AC) ifchecksignsignedbitstringpkufkeylogpasschallbitstring_1_111111111111111111[color=#40805b, + process="if checksign(signed.1:bitstring, pk(u2fkey.1))="]: + [ + State_111111111111111111( ~btn, ~kb, ~tls, ~u2f, chall, log, pass, + signed, u2fkey + ) + ] + --[ Pred_Not_Eq( z, ) ]-> + [ ] + variants (modulo AC) + 1. signed + = signed.12 + u2fkey + = u2fkey.12 + z = checksign(signed.12, pk(u2fkey.12)) + + 2. signed + = sign(x.12, x.13) + u2fkey + = x.13 + z = x.12 + */ + +rule (modulo E) lockEvToken_0_11111111111121[color=#804067, + process="lock 'EvToken';"]: + [ + State_11111111111121( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + Fr( lock.1 ) + ] + --[ Lock_1( '1', lock.1, 'EvToken' ), Lock( '1', lock.1, 'EvToken' ) ]-> + [ + State_111111111111211( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) lockEvToken_0_11111111111121[color=#804067, + process="lock 'EvToken';"]: + [ + State_11111111111121( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + Fr( lock ) + ] + --[ Lock_1( '1', lock, 'EvToken' ), Lock( '1', lock, 'EvToken' ) ]-> + [ State_111111111111211( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey ) + ] + */ + +rule (modulo E) lookupEvTokenascnt_0_111111111111211[color=#804067, + process="lookup 'EvToken' as cnt.2"]: + [ + State_111111111111211( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1 + ) + ] + --[ IsIn( 'EvToken', cnt.2 ) ]-> + [ + State_1111111111112111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1, cnt.2 + ) + ] + + /* + rule (modulo AC) lookupEvTokenascnt_0_111111111111211[color=#804067, + process="lookup 'EvToken' as cnt.2"]: + [ State_111111111111211( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey ) + ] + --[ IsIn( 'EvToken', cnt ) ]-> + [ + State_1111111111112111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey, + cnt + ) + ] + */ + +rule (modulo E) eventUserInitcnt_0_1111111111112111[color=#804067, + process="event UserInit( cnt.2 );"]: + [ + State_1111111111112111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1, cnt.2 + ) + ] + --[ UserInit( cnt.2 ) ]-> + [ + State_11111111111121111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1, cnt.2 + ) + ] + + /* + rule (modulo AC) eventUserInitcnt_0_1111111111112111[color=#804067, + process="event UserInit( cnt.2 );"]: + [ + State_1111111111112111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey, + cnt + ) + ] + --[ UserInit( cnt ) ]-> + [ + State_11111111111121111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey, + cnt + ) + ] + */ + +rule (modulo E) insertEvTokensucccnt_0_11111111111121111[color=#804067, + process="insert 'EvToken',succ(cnt.2);"]: + [ + State_11111111111121111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1, cnt.2 + ) + ] + --[ Insert( 'EvToken', succ(cnt.2) ) ]-> + [ + State_111111111111211111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1, cnt.2 + ) + ] + + /* + rule (modulo AC) insertEvTokensucccnt_0_11111111111121111[color=#804067, + process="insert 'EvToken',succ(cnt.2);"]: + [ + State_11111111111121111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey, + cnt + ) + ] + --[ Insert( 'EvToken', succ(cnt) ) ]-> + [ + State_111111111111211111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey, + cnt + ) + ] + */ + +rule (modulo E) unlockEvToken_0_111111111111211111[color=#804067, + process="unlock 'EvToken';"]: + [ + State_111111111111211111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1, cnt.2 + ) + ] + --[ Unlock_1( '1', lock.1, 'EvToken' ), Unlock( '1', lock.1, 'EvToken' ) + ]-> + [ + Message( ~kb.1, ), + Semistate_11111111111121111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, + log.1, pass.1, u2fkey.1, cnt.2 + ) + ] + + /* + rule (modulo AC) unlockEvToken_0_111111111111211111[color=#804067, + process="unlock 'EvToken';"]: + [ + State_111111111111211111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey, + cnt + ) + ] + --[ Unlock_1( '1', lock, 'EvToken' ), Unlock( '1', lock, 'EvToken' ) ]-> + [ + Message( ~kb, ), + Semistate_11111111111121111111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, + u2fkey, cnt + ) + ] + */ + +rule (modulo E) outkbchannellogpass_1_1111111111112111111[color=#804067, + process="out(~kb.1:channel,);"]: + [ + Semistate_11111111111121111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, + log.1, pass.1, u2fkey.1, cnt.2 + ), + Ack( ~kb.1, ), Message( ~btn.1, x.3 ) + ] + --> + [ + Let_111111111111211111111( x.3, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, + log.1, pass.1, u2fkey.1, cnt.2 + ), + Ack( ~btn.1, x.3 ) + ] + + // loop breakers: [1,2] + /* + rule (modulo AC) outkbchannellogpass_1_1111111111112111111[color=#804067, + process="out(~kb.1:channel,);"]: + [ + Semistate_11111111111121111111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, + u2fkey, cnt + ), + Ack( ~kb, ), Message( ~btn, x ) + ] + --> + [ + Let_111111111111211111111( x, ~btn, ~kb, ~tls, ~u2f, lock, log, pass, + u2fkey, cnt + ), + Ack( ~btn, x ) + ] + // loop breakers: [1,2] + */ + +rule (modulo E) inbtnchannelaskpress_1_11111111111121111111[color=#804067, + process="in(~btn.1:channel,'askpress');"]: + [ + Let_111111111111211111111( 'askpress', ~btn.1, ~kb.1, ~tls.1, ~u2f.1, + lock.1, log.1, pass.1, u2fkey.1, cnt.2 + ) + ] + --> + [ + State_111111111111211111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, + log.1, pass.1, u2fkey.1, cnt.2 + ) + ] + + /* + rule (modulo AC) inbtnchannelaskpress_1_11111111111121111111[color=#804067, + process="in(~btn.1:channel,'askpress');"]: + [ + Let_111111111111211111111( 'askpress', ~btn, ~kb, ~tls, ~u2f, lock, log, + pass, u2fkey, cnt + ) + ] + --> + [ + State_111111111111211111111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, + u2fkey, cnt + ) + ] + */ + +rule (modulo E) outbtnchannelpressed_0_111111111111211111111[color=#804067, + process="out(~btn.1:channel,'pressed');"]: + [ + State_111111111111211111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, + log.1, pass.1, u2fkey.1, cnt.2 + ) + ] + --> + [ + Message( ~btn.1, 'pressed' ), + Semistate_1111111111112111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, + log.1, pass.1, u2fkey.1, cnt.2 + ) + ] + + /* + rule (modulo AC) outbtnchannelpressed_0_111111111111211111111[color=#804067, + process="out(~btn.1:channel,'pressed');"]: + [ + State_111111111111211111111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, + u2fkey, cnt + ) + ] + --> + [ + Message( ~btn, 'pressed' ), + Semistate_1111111111112111111111( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, + u2fkey, cnt + ) + ] + */ + +rule (modulo E) lookupEvTokenascnt_1_111111111111211[color=#804067, + process="lookup 'EvToken' as cnt.2"]: + [ + State_111111111111211( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lock.1, log.1, + pass.1, u2fkey.1 + ) + ] + --[ IsNotSet( 'EvToken' ) ]-> + [ ] + + /* + rule (modulo AC) lookupEvTokenascnt_1_111111111111211[color=#804067, + process="lookup 'EvToken' as cnt.2"]: + [ State_111111111111211( ~btn, ~kb, ~tls, ~u2f, lock, log, pass, u2fkey ) + ] + --[ IsNotSet( 'EvToken' ) ]-> + [ ] + */ + +rule (modulo E) inufchannelpayloadbitstring_0_1111111111121[color=#405080, + process="in(~u2f.1:channel,payload.1:bitstring);"]: + [ + State_1111111111121( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + Message( ~u2f.1, x.2 ) + ] + --> + [ + Let_11111111111211( x.2, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + Ack( ~u2f.1, x.2 ) + ] + + // loop breaker: [1] + /* + rule (modulo AC) inufchannelpayloadbitstring_0_1111111111121[color=#405080, + process="in(~u2f.1:channel,payload.1:bitstring);"]: + [ + State_1111111111121( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + Message( ~u2f, x ) + ] + --> + [ + Let_11111111111211( x, ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + Ack( ~u2f, x ) + ] + // loop breaker: [1] + */ + +rule (modulo E) inufchannelpayloadbitstring_1_1111111111121[color=#405080, + process="in(~u2f.1:channel,payload.1:bitstring);"]: + [ + Let_11111111111211( payload.1, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, + pass.1, u2fkey.1 + ) + ] + --> + [ + State_11111111111211( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + payload.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) inufchannelpayloadbitstring_1_1111111111121[color=#405080, + process="in(~u2f.1:channel,payload.1:bitstring);"]: + [ Let_11111111111211( payload, ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) + ] + --> + [ + State_11111111111211( ~btn, ~kb, ~tls, ~u2f, log, pass, payload, u2fkey ) + ] + */ + +rule (modulo E) outbtnchannelaskpress_0_11111111111211[color=#405080, + process="out(~btn.1:channel,'askpress');"]: + [ + State_11111111111211( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + payload.1, u2fkey.1 + ) + ] + --> + [ + Message( ~btn.1, 'askpress' ), + Semistate_111111111112111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + payload.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) outbtnchannelaskpress_0_11111111111211[color=#405080, + process="out(~btn.1:channel,'askpress');"]: + [ + State_11111111111211( ~btn, ~kb, ~tls, ~u2f, log, pass, payload, u2fkey ) + ] + --> + [ + Message( ~btn, 'askpress' ), + Semistate_111111111112111( ~btn, ~kb, ~tls, ~u2f, log, pass, payload, + u2fkey + ) + ] + */ + +rule (modulo E) outbtnchannelaskpress_1_11111111111211[color=#405080, + process="out(~btn.1:channel,'askpress');"]: + [ + Semistate_111111111112111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + payload.1, u2fkey.1 + ), + Ack( ~btn.1, 'askpress' ), Message( ~btn.1, x.2 ) + ] + --> + [ + Let_1111111111121111( x.2, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + payload.1, u2fkey.1 + ), + Ack( ~btn.1, x.2 ) + ] + + // loop breakers: [1,2] + /* + rule (modulo AC) outbtnchannelaskpress_1_11111111111211[color=#405080, + process="out(~btn.1:channel,'askpress');"]: + [ + Semistate_111111111112111( ~btn, ~kb, ~tls, ~u2f, log, pass, payload, + u2fkey + ), + Ack( ~btn, 'askpress' ), Message( ~btn, x ) + ] + --> + [ + Let_1111111111121111( x, ~btn, ~kb, ~tls, ~u2f, log, pass, payload, + u2fkey + ), + Ack( ~btn, x ) + ] + // loop breakers: [1,2] + */ + +rule (modulo E) inbtnchannelpressed_1_111111111112111[color=#405080, + process="in(~btn.1:channel,'pressed');"]: + [ + Let_1111111111121111( 'pressed', ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, + pass.1, payload.1, u2fkey.1 + ) + ] + --> + [ + State_1111111111121111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + payload.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) inbtnchannelpressed_1_111111111112111[color=#405080, + process="in(~btn.1:channel,'pressed');"]: + [ + Let_1111111111121111( 'pressed', ~btn, ~kb, ~tls, ~u2f, log, pass, + payload, u2fkey + ) + ] + --> + [ + State_1111111111121111( ~btn, ~kb, ~tls, ~u2f, log, pass, payload, u2fkey + ) + ] + */ + +rule (modulo E) outufchannelsignpayloadbitstringufkey_0_1111111111121111[color=#405080, + process="out(~u2f.1:channel,sign(payload.1:bitstring, u2fkey.1));"]: + [ + State_1111111111121111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + payload.1, u2fkey.1 + ) + ] + --> + [ + Message( ~u2f.1, sign(payload.1, u2fkey.1) ), + Semistate_11111111111211111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, + pass.1, payload.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) outufchannelsignpayloadbitstringufkey_0_1111111111121111[color=#405080, + process="out(~u2f.1:channel,sign(payload.1:bitstring, u2fkey.1));"]: + [ + State_1111111111121111( ~btn, ~kb, ~tls, ~u2f, log, pass, payload, u2fkey + ) + ] + --> + [ + Message( ~u2f, sign(payload, u2fkey) ), + Semistate_11111111111211111( ~btn, ~kb, ~tls, ~u2f, log, pass, payload, + u2fkey + ) + ] + */ + +rule (modulo E) p_1_111111111[color=#ffffff, process="!"]: + [ + !Semistate_1111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ) + ] + --> + [ + State_111111111121( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + State_1111111111121( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + State_11111111111121( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + State_11111111111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ) + ] + + /* + rule (modulo AC) p_1_111111111[color=#ffffff, process="!"]: + [ !Semistate_1111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) ] + --> + [ + State_111111111121( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + State_1111111111121( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + State_11111111111121( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + State_11111111111111( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) + ] + */ + +rule (modulo E) inkbchannellgbitstringpssbitstring_0_111111111121[color=#6c8040, + process="in(~kb.1:channel,);"]: + [ + State_111111111121( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + Message( ~kb.1, x.2 ) + ] + --> + [ + Let_1111111111211( x.2, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, pass.1, + u2fkey.1 + ), + Ack( ~kb.1, x.2 ) + ] + + // loop breaker: [1] + /* + rule (modulo AC) inkbchannellgbitstringpssbitstring_0_111111111121[color=#6c8040, + process="in(~kb.1:channel,);"]: + [ + State_111111111121( ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + Message( ~kb, x ) + ] + --> + [ + Let_1111111111211( x, ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ), + Ack( ~kb, x ) + ] + // loop breaker: [1] + */ + +rule (modulo E) inkbchannellgbitstringpssbitstring_1_111111111121[color=#6c8040, + process="in(~kb.1:channel,);"]: + [ + Let_1111111111211( , ~btn.1, ~kb.1, ~tls.1, ~u2f.1, log.1, + pass.1, u2fkey.1 + ) + ] + --> + [ + State_1111111111211( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, pass.1, + pss.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) inkbchannellgbitstringpssbitstring_1_111111111121[color=#6c8040, + process="in(~kb.1:channel,);"]: + [ + Let_1111111111211( , ~btn, ~kb, ~tls, ~u2f, log, pass, u2fkey ) + ] + --> + [ + State_1111111111211( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, u2fkey ) + ] + */ + +rule (modulo E) outtlschannellgbitstringpssbitstring_0_1111111111211[color=#6c8040, + process="out(~tls.1:channel,);"]: + [ + State_1111111111211( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, pass.1, + pss.1, u2fkey.1 + ) + ] + --> + [ + Message( ~tls.1, ), + Semistate_11111111112111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1 + ) + ] + + /* + rule (modulo AC) outtlschannellgbitstringpssbitstring_0_1111111111211[color=#6c8040, + process="out(~tls.1:channel,);"]: + [ + State_1111111111211( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, u2fkey ) + ] + --> + [ + Message( ~tls, ), + Semistate_11111111112111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey + ) + ] + */ + +rule (modulo E) outtlschannellgbitstringpssbitstring_1_1111111111211[color=#6c8040, + process="out(~tls.1:channel,);"]: + [ + Semistate_11111111112111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1 + ), + Ack( ~tls.1, ), Message( ~tls.1, x.2 ) + ] + --> + [ + Let_111111111121111( x.2, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1 + ), + Ack( ~tls.1, x.2 ) + ] + + // loop breakers: [1,2] + /* + rule (modulo AC) outtlschannellgbitstringpssbitstring_1_1111111111211[color=#6c8040, + process="out(~tls.1:channel,);"]: + [ + Semistate_11111111112111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey + ), + Ack( ~tls, ), Message( ~tls, x ) + ] + --> + [ + Let_111111111121111( x, ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, u2fkey + ), + Ack( ~tls, x ) + ] + // loop breakers: [1,2] + */ + +rule (modulo E) intlschannelchallbitstring_1_11111111112111[color=#6c8040, + process="in(~tls.1:channel,chall.2:bitstring);"]: + [ + Let_111111111121111( chall.2, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1 + ) + ] + --> + [ + State_111111111121111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1, chall.2 + ) + ] + + /* + rule (modulo AC) intlschannelchallbitstring_1_11111111112111[color=#6c8040, + process="in(~tls.1:channel,chall.2:bitstring);"]: + [ + Let_111111111121111( chall, ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey + ) + ] + --> + [ + State_111111111121111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, u2fkey, + chall + ) + ] + */ + +rule (modulo E) outufchannellgbitstringpssbitstringchallbitstring_0_111111111121111[color=#6c8040, + process="out(~u2f.1:channel,);"]: + [ + State_111111111121111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1, chall.2 + ) + ] + --> + [ + Message( ~u2f.1, ), + Semistate_1111111111211111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1, chall.2 + ) + ] + + /* + rule (modulo AC) outufchannellgbitstringpssbitstringchallbitstring_0_111111111121111[color=#6c8040, + process="out(~u2f.1:channel,);"]: + [ + State_111111111121111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, u2fkey, + chall + ) + ] + --> + [ + Message( ~u2f, ), + Semistate_1111111111211111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey, chall + ) + ] + */ + +rule (modulo E) outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111[color=#6c8040, + process="out(~u2f.1:channel,);"]: + [ + Semistate_1111111111211111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1, chall.2 + ), + Ack( ~u2f.1, ), Message( ~u2f.1, x.3 ) + ] + --> + [ + Let_11111111112111111( x.3, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1, chall.2 + ), + Ack( ~u2f.1, x.3 ) + ] + + // loop breakers: [1,2] + /* + rule (modulo AC) outufchannellgbitstringpssbitstringchallbitstring_1_111111111121111[color=#6c8040, + process="out(~u2f.1:channel,);"]: + [ + Semistate_1111111111211111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey, chall + ), + Ack( ~u2f, ), Message( ~u2f, x ) + ] + --> + [ + Let_11111111112111111( x, ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey, chall + ), + Ack( ~u2f, x ) + ] + // loop breakers: [1,2] + */ + +rule (modulo E) inufchannelsignedbitstring_1_1111111111211111[color=#6c8040, + process="in(~u2f.1:channel,signed.2:bitstring);"]: + [ + Let_11111111112111111( signed.2, ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, + log.1, pass.1, pss.1, u2fkey.1, chall.2 + ) + ] + --> + [ + State_11111111112111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1, chall.2, signed.2 + ) + ] + + /* + rule (modulo AC) inufchannelsignedbitstring_1_1111111111211111[color=#6c8040, + process="in(~u2f.1:channel,signed.2:bitstring);"]: + [ + Let_11111111112111111( signed, ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey, chall + ) + ] + --> + [ + State_11111111112111111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey, chall, signed + ) + ] + */ + +rule (modulo E) outtlschannelsignedbitstring_0_11111111112111111[color=#6c8040, + process="out(~tls.1:channel,signed.2:bitstring);"]: + [ + State_11111111112111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1, chall.2, signed.2 + ) + ] + --> + [ + Message( ~tls.1, signed.2 ), + Semistate_111111111121111111( ~btn.1, ~kb.1, ~tls.1, ~u2f.1, lg.1, log.1, + pass.1, pss.1, u2fkey.1, chall.2, signed.2 + ) + ] + + /* + rule (modulo AC) outtlschannelsignedbitstring_0_11111111112111111[color=#6c8040, + process="out(~tls.1:channel,signed.2:bitstring);"]: + [ + State_11111111112111111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey, chall, signed + ) + ] + --> + [ + Message( ~tls, signed ), + Semistate_111111111121111111( ~btn, ~kb, ~tls, ~u2f, lg, log, pass, pss, + u2fkey, chall, signed + ) + ] + */ + +restriction set_in: + "∀ x y #t3. + (IsIn( x, y ) @ #t3) ⇒ + (∃ #t2. + ((Insert( x, y ) @ #t2) ∧ (#t2 < #t3)) ∧ + (∀ #t1 yp. + (Insert( x, yp ) @ #t1) ⇒ (((#t1 < #t2) ∨ (#t1 = #t2)) ∨ (#t3 < #t1))))" + +restriction set_notin: + "∀ x #t3. + (IsNotSet( x ) @ #t3) ⇒ (∀ #t1 y. (Insert( x, y ) @ #t1) ⇒ (#t3 < #t1))" + // safety formula + +restriction predicate_eq: + "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" + // safety formula + +restriction predicate_not_eq: + "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" + // safety formula + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +restriction locking_0: + "∀ p pp l x lp #t1 #t3. + ((Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ + ((((#t1 < #t3) ∧ + (∃ #t2. + (((((Unlock_0( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ + (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ + (∀ pp.1 lpp #t0. + (Lock( pp.1, lpp, x ) @ #t0) ⇒ + (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ + (∀ pp.1 lpp #t0. + (Unlock( pp.1, lpp, x ) @ #t0) ⇒ + (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ + (#t3 < #t1)) ∨ + (#t1 = #t3))" + +restriction locking_1: + "∀ p pp l x lp #t1 #t3. + ((Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ + ((((#t1 < #t3) ∧ + (∃ #t2. + (((((Unlock_1( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ + (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ + (∀ pp.1 lpp #t0. + (Lock( pp.1, lpp, x ) @ #t0) ⇒ + (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ + (∀ pp.1 lpp #t0. + (Unlock( pp.1, lpp, x ) @ #t0) ⇒ + (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ + (#t3 < #t1)) ∨ + (#t1 = #t3))" + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/feature-secret-channel/U2F.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/feature-secret-channel/U2F.spthy + + output: examples/sapic/fast/feature-secret-channel/U2F.spthy.tmp + processing time: 254.126516093s + auth (all-traces): verified (2302 steps) + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/feature-secret-channel/U2F.spthy + + output: examples/sapic/fast/feature-secret-channel/U2F.spthy.tmp + processing time: 254.126516093s + auth (all-traces): verified (2302 steps) + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/feature-secret-channel/secret-channel_analyzed.spthy b/case-studies-regression/sapic/fast/feature-secret-channel/secret-channel_analyzed.spthy index 932a4f901..7a2b3d5df 100644 --- a/case-studies-regression/sapic/fast/feature-secret-channel/secret-channel_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-secret-channel/secret-channel_analyzed.spthy @@ -2,7 +2,8 @@ theory ChannelsTestOne begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, pk/1, sign/2, snd/1, true/0, verify/3 +functions: fst/1[destructor], pair/2, pk/1, sign/2, snd/1[destructor], + true/0, verify/3[destructor] equations: fst() = x.1, snd() = x.2, @@ -10,6 +11,20 @@ equations: heuristic: p + + + + + + + + + + + + + + lemma secret: all-traces "∀ x #i. (Secret( x ) @ #i) ⇒ (¬(∃ #j. K( x ) @ #j))" /* @@ -17,8 +32,8 @@ guarded formula characterizing all counter-examples: "∃ x #i. (Secret( x ) @ #i) ∧ ∃ #j. (K( x ) @ #j)" */ simplify -solve( State_11111111( c1, c2, x, skP2 ) ▶₀ #i ) - case p_0_1111111 +solve( State_111111111( c1, c2, x, skP2 ) ▶₀ #i ) + case Init by solve( !KU( ~n.2 ) @ #vk ) qed @@ -31,12 +46,12 @@ guarded formula characterizing all counter-examples: */ simplify solve( State_1111121( c1, c2, x, skP2 ) ▶₀ #i ) - case insigntestskP_0_111112 + case Init solve( !KU( sign('test', ~n.2) ) @ #vk ) case c_sign by solve( !KU( ~n.2 ) @ #vk.2 ) next - case outsigntestx_0_1111111211 + case eventReceivedx_0_1111111211 by contradiction /* from formulas */ qed qed @@ -50,12 +65,12 @@ guarded formula characterizing all counter-examples: */ simplify solve( State_111121( c1, c2, skP1, x ) ▶₀ #i ) - case insigntestskP_0_11112 + case Init solve( !KU( sign('test', ~n.3) ) @ #vk ) case c_sign by solve( !KU( ~n.3 ) @ #vk.2 ) next - case outsigntestx_0_111111211 + case eventReceivedx_0_111111211 by contradiction /* from formulas */ qed qed @@ -68,9 +83,9 @@ guarded formula characterizing all satisfying traces: */ simplify solve( State_1111121( c1, c2, x, skP2 ) ▶₀ #i ) - case insigntestskP_0_111112 + case Init solve( !KU( sign('test', ~n.2) ) @ #vk ) - case outsigntestx_0_1111111211 + case eventReceivedx_0_1111111211 SOLVED // trace found qed qed @@ -83,220 +98,186 @@ guarded formula characterizing all satisfying traces: */ simplify solve( State_111121( c1, c2, skP1, x ) ▶₀ #i ) - case insigntestskP_0_11112 + case Init solve( !KU( sign('test', ~n.3) ) @ #vk ) - case outsigntestx_0_111111211 - solve( Ack( ~n, ~n.2 ) ▶₁ #vr.13 ) - case incx_0_11111112 + case eventReceivedx_0_111111211 + solve( Ack( ~n, ~n.2 ) ▶₁ #vr.4 ) + case incx_0_111111121 SOLVED // trace found qed qed qed -rule (modulo E) Init[color=#ffffff, process="new skP1;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newskP_0_[color=#ffffff, process="new skP1;"]: - [ State_( ), Fr( skP1 ) ] --> [ State_1( skP1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newskP_0_1[color=#ffffff, process="new skP2;"]: - [ State_1( skP1 ), Fr( skP2 ) ] --> [ State_11( skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newc_0_11[color=#ffffff, process="new c1;"]: - [ State_11( skP1, skP2 ), Fr( c1 ) ] --> [ State_111( c1, skP1, skP2 ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newc_0_111[color=#ffffff, process="new c2;"]: - [ State_111( c1, skP1, skP2 ), Fr( c2 ) ] - --> - [ State_1111( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#ffffff, process="|"]: - [ State_1111( c1, c2, skP1, skP2 ) ] - --> - [ State_11111( c1, c2, skP1, skP2 ), State_11112( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111[color=#ffffff, process="|"]: - [ State_11111( c1, c2, skP1, skP2 ) ] - --> - [ State_111111( c1, c2, skP1, skP2 ), State_111112( c1, c2, skP1, skP2 ) +rule (modulo E) eventSecretskP_0_111111111[color=#6c8040, + process="event Secret( skP1.1 );"]: + [ State_111111111( c1.1, c2.1, skP1.1, skP2.1 ) ] + --[ Secret( skP1.1 ) ]-> + [ + Message( c1.1, skP1.1 ), + Semistate_11111111111( c1.1, c2.1, skP1.1, skP2.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSecretskP_0_111111111[color=#6c8040, + process="event Secret( skP1.1 );"]: + [ State_111111111( c1, c2, skP1, skP2 ) ] + --[ Secret( skP1 ) ]-> + [ Message( c1, skP1 ), Semistate_11111111111( c1, c2, skP1, skP2 ) ] + */ -rule (modulo E) p_0_111111[color=#ffffff, process="|"]: - [ State_111111( c1, c2, skP1, skP2 ) ] - --> +rule (modulo E) outcskP_1_1111111111[color=#6c8040, + process="out(c1.1,skP1.1);"]: [ - State_1111111( c1, c2, skP1, skP2 ), State_1111112( c1, c2, skP1, skP2 ) + Semistate_11111111111( c1.1, c2.1, skP1.1, skP2.1 ), Ack( c1.1, skP1.1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111[color=#ffffff, process="|"]: - [ State_1111111( c1, c2, skP1, skP2 ) ] --> [ - State_11111111( c1, c2, skP1, skP2 ), - State_11111112( c1, c2, skP1, skP2 ) + Message( c2.1, skP2.1 ), + Semistate_111111111111( c1.1, c2.1, skP1.1, skP2.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSecretskP_0_11111111[color=#6c8040, - process="event Secret( skP1 );"]: - [ State_11111111( c1, c2, skP1, skP2 ) ] - --[ Secret( skP1 ) ]-> - [ State_111111111( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outcskP_0_111111111[color=#6c8040, - process="out(c1,skP1);"]: - [ State_111111111( c1, c2, skP1, skP2 ) ] - --> - [ Message( c1, skP1 ), Semistate_1111111111( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outcskP_1_111111111[color=#6c8040, - process="out(c1,skP1);"]: - [ Semistate_1111111111( c1, c2, skP1, skP2 ), Ack( c1, skP1 ) ] - --> - [ State_1111111111( c1, c2, skP1, skP2 ) ] - // loop breaker: [1] - /* has exactly the trivial AC variant */ - -rule (modulo E) outcskP_0_1111111111[color=#6c8040, - process="out(c2,skP2);"]: - [ State_1111111111( c1, c2, skP1, skP2 ) ] - --> - [ Message( c2, skP2 ), Semistate_11111111111( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outcskP_1_1111111111[color=#6c8040, - process="out(c2,skP2);"]: - [ Semistate_11111111111( c1, c2, skP1, skP2 ), Ack( c2, skP2 ) ] - --> - [ State_11111111111( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111[color=#6c8040, process="0"]: - [ State_11111111111( c1, c2, skP1, skP2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) incx_0_11111112[color=#807140, process="in(c1,x);"]: - [ State_11111112( c1, c2, skP1, skP2 ), Message( c1, x ) ] + /* + rule (modulo AC) outcskP_1_1111111111[color=#6c8040, + process="out(c1.1,skP1.1);"]: + [ Semistate_11111111111( c1, c2, skP1, skP2 ), Ack( c1, skP1 ) ] + --> + [ Message( c2, skP2 ), Semistate_111111111111( c1, c2, skP1, skP2 ) ] + // loop breaker: [1] + */ + +rule (modulo E) incx_0_111111121[color=#807140, process="in(c1.1,x.1);"]: + [ State_111111121( c1.1, c2.1, skP1.1, skP2.1 ), Message( c1.1, x.2 ) ] --> - [ Ack( c1, x ), State_111111121( c1, c2, skP1, skP2, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventReceivedx_0_111111121[color=#807140, - process="event Received( x );"]: - [ State_111111121( c1, c2, skP1, skP2, x ) ] - --[ Received( x ) ]-> - [ State_1111111211( c1, c2, skP1, skP2, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsigntestx_0_1111111211[color=#807140, - process="out(sign('test', x));"]: - [ State_1111111211( c1, c2, skP1, skP2, x ) ] + [ Let_1111111211( x.2, c1.1, c2.1, skP1.1, skP2.1 ), Ack( c1.1, x.2 ) ] + + /* + rule (modulo AC) incx_0_111111121[color=#807140, + process="in(c1.1,x.1);"]: + [ State_111111121( c1, c2, skP1, skP2 ), Message( c1, x ) ] + --> + [ Let_1111111211( x, c1, c2, skP1, skP2 ), Ack( c1, x ) ] + */ + +rule (modulo E) incx_1_111111121[color=#807140, process="in(c1.1,x.1);"]: + [ Let_1111111211( x.1, c1.1, c2.1, skP1.1, skP2.1 ) ] --> - [ State_11111112111( c1, c2, skP1, skP2, x ), Out( sign('test', x) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111112111[color=#807140, process="0"]: - [ State_11111112111( c1, c2, skP1, skP2, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) incx_0_1111112[color=#408073, process="in(c2,x);"]: - [ State_1111112( c1, c2, skP1, skP2 ), Message( c2, x ) ] + [ State_1111111211( c1.1, c2.1, skP1.1, skP2.1, x.1 ) ] + + /* + rule (modulo AC) incx_1_111111121[color=#807140, + process="in(c1.1,x.1);"]: + [ Let_1111111211( x, c1, c2, skP1, skP2 ) ] + --> + [ State_1111111211( c1, c2, skP1, skP2, x ) ] + */ + +rule (modulo E) eventReceivedx_0_1111111211[color=#807140, + process="event Received( x.1 );"]: + [ State_1111111211( c1.1, c2.1, skP1.1, skP2.1, x.1 ) ] + --[ Received( x.1 ) ]-> + [ Out( sign('test', x.1) ) ] + + /* + rule (modulo AC) eventReceivedx_0_1111111211[color=#807140, + process="event Received( x.1 );"]: + [ State_1111111211( c1, c2, skP1, skP2, x ) ] + --[ Received( x ) ]-> + [ Out( sign('test', x) ) ] + */ + +rule (modulo E) incx_0_11111121[color=#408073, process="in(c2.1,x.2);"]: + [ State_11111121( c1.1, c2.1, skP1.1, skP2.1 ), Message( c2.1, x.2 ) ] --> - [ Ack( c2, x ), State_11111121( c1, c2, skP1, skP2, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventReceivedx_0_11111121[color=#408073, - process="event Received2( x );"]: - [ State_11111121( c1, c2, skP1, skP2, x ) ] - --[ Received2( x ) ]-> - [ State_111111211( c1, c2, skP1, skP2, x ) ] + [ Let_111111211( x.2, c1.1, c2.1, skP1.1, skP2.1 ), Ack( c2.1, x.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) incx_0_11111121[color=#408073, process="in(c2.1,x.2);"]: + [ State_11111121( c1, c2, skP1, skP2 ), Message( c2, x ) ] + --> + [ Let_111111211( x, c1, c2, skP1, skP2 ), Ack( c2, x ) ] + */ -rule (modulo E) outsigntestx_0_111111211[color=#408073, - process="out(sign('test', x));"]: - [ State_111111211( c1, c2, skP1, skP2, x ) ] +rule (modulo E) incx_1_11111121[color=#408073, process="in(c2.1,x.2);"]: + [ Let_111111211( x.2, c1.1, c2.1, skP1.1, skP2.1 ) ] --> - [ State_1111112111( c1, c2, skP1, skP2, x ), Out( sign('test', x) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111112111[color=#408073, process="0"]: - [ State_1111112111( c1, c2, skP1, skP2, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insigntestskP_0_111112[color=#407e80, - process="in(sign('test', skP1));"]: - [ State_111112( c1, c2, skP1, skP2 ), In( sign('test', skP1) ) ] - --> - [ State_1111121( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventAcceptskP_0_1111121[color=#407e80, - process="event Accept( skP1 );"]: - [ State_1111121( c1, c2, skP1, skP2 ) ] - --[ Accept( skP1 ) ]-> - [ State_11111211( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111211[color=#407e80, process="0"]: - [ State_11111211( c1, c2, skP1, skP2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insigntestskP_0_11112[color=#806640, - process="in(sign('test', skP2));"]: - [ State_11112( c1, c2, skP1, skP2 ), In( sign('test', skP2) ) ] - --> - [ State_111121( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventAcceptskP_0_111121[color=#806640, - process="event Accept2( skP2 );"]: - [ State_111121( c1, c2, skP1, skP2 ) ] - --[ Accept2( skP2 ) ]-> - [ State_1111211( c1, c2, skP1, skP2 ) ] - - /* has exactly the trivial AC variant */ + [ State_111111211( c1.1, c2.1, skP1.1, skP2.1, x.2 ) ] + + /* + rule (modulo AC) incx_1_11111121[color=#408073, process="in(c2.1,x.2);"]: + [ Let_111111211( x, c1, c2, skP1, skP2 ) ] + --> + [ State_111111211( c1, c2, skP1, skP2, x ) ] + */ + +rule (modulo E) eventReceivedx_0_111111211[color=#408073, + process="event Received2( x.2 );"]: + [ State_111111211( c1.1, c2.1, skP1.1, skP2.1, x.2 ) ] + --[ Received2( x.2 ) ]-> + [ Out( sign('test', x.2) ) ] + + /* + rule (modulo AC) eventReceivedx_0_111111211[color=#408073, + process="event Received2( x.2 );"]: + [ State_111111211( c1, c2, skP1, skP2, x ) ] + --[ Received2( x ) ]-> + [ Out( sign('test', x) ) ] + */ + +rule (modulo E) insigntestskP_0_1111121[color=#407e80, + process="in(sign('test', =skP1.1));"]: + [ State_1111121( c1.1, c2.1, skP1.1, skP2.1 ), In( sign('test', skP1.1) ) + ] + --[ Accept( skP1.1 ) ]-> + [ ] + + /* + rule (modulo AC) insigntestskP_0_1111121[color=#407e80, + process="in(sign('test', =skP1.1));"]: + [ State_1111121( c1, c2, skP1, skP2 ), In( sign('test', skP1) ) ] + --[ Accept( skP1 ) ]-> + [ ] + */ + +rule (modulo E) Init[color=#ffffff, process="new skP1.1;"]: + [ Fr( skP1.1 ), Fr( skP2.1 ), Fr( c1.1 ), Fr( c2.1 ) ] + --[ Init( ) ]-> + [ + State_111121( c1.1, c2.1, skP1.1, skP2.1 ), + State_1111121( c1.1, c2.1, skP1.1, skP2.1 ), + State_11111121( c1.1, c2.1, skP1.1, skP2.1 ), + State_111111121( c1.1, c2.1, skP1.1, skP2.1 ), + State_111111111( c1.1, c2.1, skP1.1, skP2.1 ) + ] -rule (modulo E) p_0_1111211[color=#806640, process="0"]: - [ State_1111211( c1, c2, skP1, skP2 ) ] --> [ ] + /* + rule (modulo AC) Init[color=#ffffff, process="new skP1.1;"]: + [ Fr( skP1 ), Fr( skP2 ), Fr( c1 ), Fr( c2 ) ] + --[ Init( ) ]-> + [ + State_111121( c1, c2, skP1, skP2 ), State_1111121( c1, c2, skP1, skP2 ), + State_11111121( c1, c2, skP1, skP2 ), + State_111111121( c1, c2, skP1, skP2 ), + State_111111111( c1, c2, skP1, skP2 ) + ] + */ + +rule (modulo E) insigntestskP_0_111121[color=#806640, + process="in(sign('test', =skP2.1));"]: + [ State_111121( c1.1, c2.1, skP1.1, skP2.1 ), In( sign('test', skP2.1) ) + ] + --[ Accept2( skP2.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insigntestskP_0_111121[color=#806640, + process="in(sign('test', =skP2.1));"]: + [ State_111121( c1, c2, skP1, skP2 ), In( sign('test', skP2) ) ] + --[ Accept2( skP2 ) ]-> + [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -307,7 +288,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -317,7 +298,7 @@ analyzing: examples/sapic/fast/feature-secret-channel/secret-channel.spthy analyzed: examples/sapic/fast/feature-secret-channel/secret-channel.spthy output: examples/sapic/fast/feature-secret-channel/secret-channel.spthy.tmp - processing time: 1.231358503s + processing time: 0.197641575s secret (all-traces): verified (3 steps) auth (all-traces): verified (5 steps) auth2 (all-traces): verified (5 steps) @@ -332,7 +313,7 @@ summary of summaries: analyzed: examples/sapic/fast/feature-secret-channel/secret-channel.spthy output: examples/sapic/fast/feature-secret-channel/secret-channel.spthy.tmp - processing time: 1.231358503s + processing time: 0.197641575s secret (all-traces): verified (3 steps) auth (all-traces): verified (5 steps) auth2 (all-traces): verified (5 steps) diff --git a/case-studies-regression/sapic/fast/feature-xor/CH07_analyzed.spthy b/case-studies-regression/sapic/fast/feature-xor/CH07_analyzed.spthy index e73442a60..e00d4e4ca 100644 --- a/case-studies-regression/sapic/fast/feature-xor/CH07_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-xor/CH07_analyzed.spthy @@ -3,11 +3,22 @@ theory CH07 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, lh/1, pair/2, rh/1, rot/2, snd/1 +functions: fst/1[destructor], h/1, lh/1, pair/2, rh/1, rot/2, + snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + + + + + + + + + lemma recentalive_tag_attack: exists-trace "¬(∀ x #i. @@ -28,11 +39,11 @@ guarded formula characterizing all satisfying traces: */ simplify solve( Alive( x, 'Tag' ) @ #i ) - case eventAlivekTag_0_1111111111 - solve( State_1111111111( ~id, ~k, ~r1, r2, x ) ▶₀ #i ) - case ifxlhhkrrrotidhkrr_0_111111111 + case eventAlivekTag_0_11111111111 + solve( State_11111111111( ~id, ~k, ~r1, r2, x ) ▶₀ #i ) + case ifxlhhkrrrotidhkrr_0_1111111111 solve( !KU( lh((h(x)⊕rot(~id, h(x)))) ) @ #vk.2 ) - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( splitEqs(1) ) case split_case_7 solve( !KU( (~r1⊕x) ) @ #vk.2 ) @@ -40,9 +51,9 @@ solve( Alive( x, 'Tag' ) @ #i ) solve( splitEqs(2) ) case split_case_1 solve( !KU( ~r1 ) @ #vk.5 ) - case outr_0_1111111 - solve( !KU( ~x ) @ #vk.5 ) - case outrlhhkrrrotidhkrr_0_1111211111 + case newr_0_111111 + solve( !KU( ~r2 ) @ #vk.5 ) + case eventRunningRTkrr_0_1111211111 SOLVED // trace found qed qed @@ -73,9 +84,9 @@ guarded formula characterizing all counter-examples: */ simplify solve( Alive( x, 'Reader' ) @ #i ) - case eventAlivekReader_0_111121111111 + case inrhhkrrrotidhkrr_0_111121111111 solve( State_111121111111( ~id, ~k, ~r2, r1 ) ▶₀ #i ) - case inrhhkrrrotidhkrr_0_11112111111 + case eventRunningRTkrr_0_1111211111 solve( !KU( rh((h(x)⊕rot(~id, h(x)))) ) @ #vk ) case c_rh solve( !KU( (h(x)⊕rot(~id, h(x))) ) @ #vk.2 ) @@ -87,27 +98,27 @@ solve( Alive( x, 'Reader' ) @ #i ) next case coerce solve( !KD( (h(x)⊕rot(~id, h(x))) ) ▶₀ #vk.1 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl, 0) ~~> (#vk.1, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.16, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.7, 0) ~~> (#vk.1, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed next - case outrhhkrrrotidhkrr_0_11111111111111 - solve( !KU( lh((h(x.2)⊕rot(~id, h(x.2)))) ) @ #vk.4 ) + case eventCommitRTkrr_0_11111111111111 + solve( !KU( lh((h(x.1)⊕rot(~id, h(x.1)))) ) @ #vk.4 ) case c_lh - solve( !KU( (h(x.2)⊕rot(~id, h(x.2))) ) @ #vk.5 ) + solve( !KU( (h(x.1)⊕rot(~id, h(x.1))) ) @ #vk.5 ) case c_xor solve( !KU( rot(~id, h(x.1)) ) @ #vk.6 ) case c_rot @@ -116,24 +127,24 @@ solve( Alive( x, 'Reader' ) @ #i ) next case coerce solve( !KD( (h(x.1)⊕rot(~id, h(x.1))) ) ▶₀ #vk.2 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl.1, 0) ~~> (#vk.2, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl.1, 0) ~~> (#vk.2, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.28, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.15, 0) ~~> (#vk.2, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 by contradiction /* from formulas */ qed qed @@ -153,9 +164,9 @@ guarded formula characterizing all counter-examples: */ simplify solve( Commit( <'T', 'R', t> ) @ #i ) - case eventCommitTRkrr_0_1111211111111 - solve( State_1111211111111( ~id, ~k, ~r2, r1 ) ▶₀ #i ) - case eventAlivekReader_0_111121111111 + case eventCommitTRkrr_0_11112111111111 + solve( State_11112111111111( ~id, ~k, ~r2, r1 ) ▶₀ #i ) + case inrhhkrrrotidhkrr_0_111121111111 solve( !KU( rh((h(x)⊕rot(~id, h(x)))) ) @ #vk ) case c_rh solve( !KU( (h(x)⊕rot(~id, h(x))) ) @ #vk.2 ) @@ -167,27 +178,27 @@ solve( Commit( <'T', 'R', t> ) @ #i ) next case coerce solve( !KD( (h(x)⊕rot(~id, h(x))) ) ▶₀ #vk.1 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl, 0) ~~> (#vk.1, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.17, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.8, 0) ~~> (#vk.1, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed next - case outrhhkrrrotidhkrr_0_11111111111111 - solve( !KU( lh((h(x.2)⊕rot(~id, h(x.2)))) ) @ #vk.4 ) + case eventCommitRTkrr_0_11111111111111 + solve( !KU( lh((h(x.1)⊕rot(~id, h(x.1)))) ) @ #vk.4 ) case c_lh - solve( !KU( (h(x.2)⊕rot(~id, h(x.2))) ) @ #vk.5 ) + solve( !KU( (h(x.1)⊕rot(~id, h(x.1))) ) @ #vk.5 ) case c_xor solve( !KU( rot(~id, h(x.1)) ) @ #vk.6 ) case c_rot @@ -196,24 +207,24 @@ solve( Commit( <'T', 'R', t> ) @ #i ) next case coerce solve( !KD( (h(x.1)⊕rot(~id, h(x.1))) ) ▶₀ #vk.2 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl.1, 0) ~~> (#vk.2, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl.1, 0) ~~> (#vk.2, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.29, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.16, 0) ~~> (#vk.2, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( splitEqs(0) ) case split_case_1 by solve( !KU( ~k ) @ #vk.3 ) @@ -222,9 +233,9 @@ solve( Commit( <'T', 'R', t> ) @ #i ) by contradiction /* cyclic */ next case split_case_3 - solve( splitEqs(4) ) + solve( splitEqs(3) ) case split_case_1 - solve( splitEqs(7) ) + solve( splitEqs(5) ) case split_case_1 by contradiction /* from formulas */ next @@ -237,13 +248,16 @@ solve( Commit( <'T', 'R', t> ) @ #i ) qed next case split_case_4 - solve( splitEqs(7) ) + solve( splitEqs(5) ) case split - by contradiction /* from formulas */ + solve( splitEqs(4) ) + case split + by contradiction /* from formulas */ + qed qed next case split_case_5 - solve( splitEqs(7) ) + solve( splitEqs(5) ) case split by contradiction /* from formulas */ qed @@ -260,20 +274,20 @@ solve( Commit( <'T', 'R', t> ) @ #i ) next case coerce solve( !KD( (~r2⊕z) ) ▶₀ #vk.3 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl.2, 0) ~~> (#vk.3, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl.2, 0) ~~> (#vk.3, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.38, 0) ~~> (#vk.3, 0) ) + by solve( (#vr.21, 0) ~~> (#vk.3, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed next @@ -284,44 +298,44 @@ solve( Commit( <'T', 'R', t> ) @ #i ) next case coerce solve( !KD( (~k⊕~r2) ) ▶₀ #vk.3 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl.2, 0) ~~> (#vk.3, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl.2, 0) ~~> (#vk.3, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.38, 0) ~~> (#vk.3, 0) ) + by solve( (#vr.21, 0) ~~> (#vk.3, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed next case coerce solve( !KD( (~k⊕~r2⊕z) ) ▶₀ #vk.2 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl.2, 0) ~~> (#vk.2, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl.2, 0) ~~> (#vk.2, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.38, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.21, 0) ~~> (#vk.2, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed next case split_case_7 - solve( splitEqs(3) ) + solve( splitEqs(2) ) case split solve( !KU( (~r2⊕x) ) @ #vk.3 ) case c_xor @@ -329,26 +343,26 @@ solve( Commit( <'T', 'R', t> ) @ #i ) next case coerce solve( !KD( (~r2⊕x) ) ▶₀ #vk.2 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl.2, 0) ~~> (#vk.2, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl.2, 0) ~~> (#vk.2, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.38, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.21, 0) ~~> (#vk.2, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed qed next case split_case_8 - solve( splitEqs(3) ) + solve( splitEqs(2) ) case split solve( !KU( (~k⊕x) ) @ #vk.3 ) case c_xor @@ -356,20 +370,20 @@ solve( Commit( <'T', 'R', t> ) @ #i ) next case coerce solve( !KD( (~k⊕x) ) ▶₀ #vk.2 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl.2, 0) ~~> (#vk.2, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl.2, 0) ~~> (#vk.2, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.38, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.21, 0) ~~> (#vk.2, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed qed @@ -392,9 +406,9 @@ guarded formula characterizing all counter-examples: */ simplify solve( Commit( <'R', 'T', t> ) @ #i ) - case eventCommitRTkrr_0_1111111111111 - solve( State_1111111111111( ~id, ~k, ~r1, r2, x ) ▶₀ #i ) - case eventRunningTRkrr_0_111111111111 + case eventCommitRTkrr_0_11111111111111 + solve( State_11111111111111( ~id, ~k, ~r1, r2, x ) ▶₀ #i ) + case eventRunningTRkrr_0_1111111111111 solve( !KU( lh((h(x)⊕rot(~id, h(x)))) ) @ #vk.2 ) case c_lh solve( !KU( (h(x)⊕rot(~id, h(x))) ) @ #vk.3 ) @@ -406,213 +420,48 @@ solve( Commit( <'R', 'T', t> ) @ #i ) next case coerce solve( !KD( (h(x)⊕rot(~id, h(x))) ) ▶₀ #vk.1 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 + case eventCommitRTkrr_0_11111111111111 by solve( (#vl, 0) ~~> (#vk.1, 0) ) next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst by contradiction /* impossible chain */ next case d_0_snd - by solve( (#vr.17, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.10, 0) ~~> (#vk.1, 0) ) qed + next + case newr_0_111111 + by contradiction /* impossible chain */ qed qed next - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 solve( splitEqs(0) ) case split_case_1 - by solve( !KU( ~k ) @ #vk.2 ) + by contradiction /* from formulas */ next case split_case_2 by contradiction /* cyclic */ next case split_case_3 - solve( splitEqs(3) ) - case split_case_1 - solve( splitEqs(4) ) - case split_case_1 - by contradiction /* from formulas */ - next - case split_case_2 - by contradiction /* from formulas */ - qed - next - case split_case_2 - by contradiction /* from formulas */ - qed + by contradiction /* from formulas */ next case split_case_4 - solve( splitEqs(3) ) - case split - by contradiction /* from formulas */ - qed + by contradiction /* from formulas */ next case split_case_5 - solve( splitEqs(4) ) - case split - by contradiction /* from formulas */ - qed + by contradiction /* from formulas */ next case split_case_6 - solve( !KU( (~k⊕~r1⊕x) ) @ #vk.2 ) - case c_xor_case_1 - solve( !KU( (~k⊕x) ) @ #vk.4 ) - case c_xor - by solve( !KU( ~k ) @ #vk.7 ) - next - case coerce - solve( !KD( (~k⊕x) ) ▶₀ #vk.2 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 - by solve( (#vl.1, 0) ~~> (#vk.2, 0) ) - next - case outrlhhkrrrotidhkrr_0_1111211111 - solve( (#vl.1, 0) ~~> (#vk.2, 0) ) - case d_0_fst - by contradiction /* impossible chain */ - next - case d_0_snd - by solve( (#vr.26, 0) ~~> (#vk.2, 0) ) - qed - qed - qed - next - case c_xor_case_2 - solve( !KU( (~r1⊕x) ) @ #vk.4 ) - case c_xor - by solve( !KU( ~k ) @ #vk.5 ) - next - case coerce - solve( !KD( (~r1⊕x) ) ▶₀ #vk.2 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 - by solve( (#vl.1, 0) ~~> (#vk.2, 0) ) - next - case outrlhhkrrrotidhkrr_0_1111211111 - solve( (#vl.1, 0) ~~> (#vk.2, 0) ) - case d_0_fst - by contradiction /* impossible chain */ - next - case d_0_snd - by solve( (#vr.26, 0) ~~> (#vk.2, 0) ) - qed - qed - qed - next - case c_xor_case_3 - solve( !KU( (~k⊕~r1) ) @ #vk.5 ) - case c_xor - by solve( !KU( ~k ) @ #vk.7 ) - next - case coerce - solve( !KD( (~k⊕~r1) ) ▶₀ #vk.2 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 - by solve( (#vl.1, 0) ~~> (#vk.2, 0) ) - next - case outrlhhkrrrotidhkrr_0_1111211111 - solve( (#vl.1, 0) ~~> (#vk.2, 0) ) - case d_0_fst - by contradiction /* impossible chain */ - next - case d_0_snd - by solve( (#vr.26, 0) ~~> (#vk.2, 0) ) - qed - qed - qed - next - case coerce - solve( !KD( (~k⊕~r1⊕x) ) ▶₀ #vk.1 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 - by solve( (#vl.1, 0) ~~> (#vk.1, 0) ) - next - case outrlhhkrrrotidhkrr_0_1111211111 - solve( (#vl.1, 0) ~~> (#vk.1, 0) ) - case d_0_fst - by contradiction /* impossible chain */ - next - case d_0_snd - by solve( (#vr.26, 0) ~~> (#vk.1, 0) ) - qed - qed - qed + by contradiction /* from formulas */ next case split_case_7 - solve( splitEqs(2) ) - case split - solve( !KU( (~r1⊕x) ) @ #vk.2 ) - case c_xor - solve( splitEqs(3) ) - case split_case_1 - by contradiction /* from formulas */ - next - case split_case_2 - by contradiction /* from formulas */ - next - case split_case_3 - by contradiction /* from formulas */ - qed - next - case coerce - solve( !KD( (~r1⊕x) ) ▶₀ #vk.1 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 - by solve( (#vl.1, 0) ~~> (#vk.1, 0) ) - next - case outrlhhkrrrotidhkrr_0_1111211111 - solve( (#vl.1, 0) ~~> (#vk.1, 0) ) - case d_0_fst - by contradiction /* impossible chain */ - next - case d_0_snd - by solve( (#vr.26, 0) ~~> (#vk.1, 0) ) - qed - qed - qed - qed + by contradiction /* from formulas */ next case split_case_8 - solve( splitEqs(2) ) - case split - solve( !KU( (~k⊕x) ) @ #vk.2 ) - case c_xor - by solve( !KU( ~k ) @ #vk.5 ) - next - case coerce - solve( !KD( (~k⊕x) ) ▶₀ #vk.1 ) - case outr_0_1111111 - by contradiction /* impossible chain */ - next - case outrhhkrrrotidhkrr_0_11111111111111 - by solve( (#vl.1, 0) ~~> (#vk.1, 0) ) - next - case outrlhhkrrrotidhkrr_0_1111211111 - solve( (#vl.1, 0) ~~> (#vk.1, 0) ) - case d_0_fst - by contradiction /* impossible chain */ - next - case d_0_snd - by solve( (#vr.26, 0) ~~> (#vk.1, 0) ) - qed - qed - qed - qed + by contradiction /* from formulas */ qed qed qed @@ -632,23 +481,23 @@ guarded formula characterizing all satisfying traces: */ simplify solve( Alive( x, 'Reader' ) @ #i ) - case eventAlivekReader_0_111121111111 + case inrhhkrrrotidhkrr_0_111121111111 solve( State_111121111111( ~id, ~k, ~r2, r1 ) ▶₀ #i ) - case inrhhkrrrotidhkrr_0_11112111111 + case eventRunningRTkrr_0_1111211111 solve( Response( ~k, 'Tag' ) @ #j ) - case eventResponsekTag_0_1111211 + case inr_0_111121 solve( !KU( rh((h(x)⊕rot(~id, h(x)))) ) @ #vk ) - case outrhhkrrrotidhkrr_0_11111111111111 - solve( !KU( lh((h(x.2)⊕rot(~id, h(x.2)))) ) @ #vk.4 ) - case outrlhhkrrrotidhkrr_0_1111211111 - solve( splitEqs(1) ) + case eventCommitRTkrr_0_11111111111111 + solve( !KU( lh((h(x.1)⊕rot(~id, h(x.1)))) ) @ #vk.4 ) + case eventRunningRTkrr_0_1111211111 + solve( splitEqs(0) ) case split_case_3 - solve( splitEqs(4) ) + solve( splitEqs(2) ) case split_case_1 solve( !KU( ~r1 ) @ #vk.3 ) - case outr_0_1111111 + case newr_0_111111 solve( !KU( ~r2 ) @ #vk.4 ) - case outrlhhkrrrotidhkrr_0_1111211111 + case eventRunningRTkrr_0_1111211111 SOLVED // trace found qed qed @@ -660,691 +509,554 @@ solve( Alive( x, 'Reader' ) @ #i ) qed qed -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_1[color=#ffffff, process="new ~k;"]: - [ State_1( ), Fr( ~k ) ] --> [ State_11( ~k ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) newid_0_11[color=#ffffff, process="new ~id;"]: - [ State_11( ~k ), Fr( ~id ) ] --> [ State_111( ~id, ~k ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="!"]: - [ State_111( ~id, ~k ) ] --> [ !Semistate_1111( ~id, ~k ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_111[color=#ffffff, process="!"]: - [ !Semistate_1111( ~id, ~k ) ] --> [ State_1111( ~id, ~k ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1111[color=#ffffff, process="|"]: - [ State_1111( ~id, ~k ) ] - --> - [ State_11111( ~id, ~k ), State_11112( ~id, ~k ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) newr_0_11111[color=#404480, process="new ~r1;"]: - [ State_11111( ~id, ~k ), Fr( ~r1 ) ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( ~k.1 ), Fr( ~id.1 ) ] --> - [ State_111111( ~id, ~k, ~r1 ) ] - - /* has exactly the trivial AC variant */ + [ !Semistate_1111( ~id.1, ~k.1 ) ] -rule (modulo E) eventChallengerReader_0_111111[color=#404480, - process="event Challenge( ~r1, 'Reader' );"]: - [ State_111111( ~id, ~k, ~r1 ) ] - --[ Challenge( ~r1, 'Reader' ) ]-> - [ State_1111111( ~id, ~k, ~r1 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( ~k ), Fr( ~id ) ] + --> + [ !Semistate_1111( ~id, ~k ) ] + */ -rule (modulo E) outr_0_1111111[color=#404480, process="out(~r1);"]: - [ State_1111111( ~id, ~k, ~r1 ) ] - --> - [ State_11111111( ~id, ~k, ~r1 ), Out( ~r1 ) ] +rule (modulo E) newr_0_111111[color=#404480, process="new ~r1.1;"]: + [ State_111111( ~id.1, ~k.1 ), Fr( ~r1.1 ) ] + --[ Challenge( ~r1.1, 'Reader' ) ]-> + [ State_111111111( ~id.1, ~k.1, ~r1.1 ), Out( ~r1.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newr_0_111111[color=#404480, process="new ~r1.1;"]: + [ State_111111( ~id, ~k ), Fr( ~r1 ) ] + --[ Challenge( ~r1, 'Reader' ) ]-> + [ State_111111111( ~id, ~k, ~r1 ), Out( ~r1 ) ] + */ -rule (modulo E) inrx_0_11111111[color=#404480, process="in();"]: - [ State_11111111( ~id, ~k, ~r1 ), In( ) ] +rule (modulo E) inrx_0_111111111[color=#404480, + process="in();"]: + [ State_111111111( ~id.1, ~k.1, ~r1.1 ), In( ) ] --> - [ State_111111111( ~id, ~k, ~r1, r2, x ) ] + [ State_1111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inrx_0_111111111[color=#404480, + process="in();"]: + [ State_111111111( ~id, ~k, ~r1 ), In( ) ] + --> + [ State_1111111111( ~id, ~k, ~r1, r2, x ) ] + */ -rule (modulo E) ifxlhhkrrrotidhkrr_0_111111111[color=#404480, - process="if x=lh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2)))))"]: - [ State_111111111( ~id, ~k, ~r1, r2, x ) ] - --[ Pred_Eq( x, lh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2))))) ) ]-> - [ State_1111111111( ~id, ~k, ~r1, r2, x ) ] +rule (modulo E) ifxlhhkrrrotidhkrr_0_1111111111[color=#404480, + process="if x.1=lh((h((~k.1⊕~r1.1⊕r2.1))⊕rot(~id.1, h((~k.1⊕~r1.1⊕r2.1)))))"]: + [ State_1111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] + --[ + Pred_Eq( x.1, lh((h((~k.1⊕~r1.1⊕r2.1))⊕rot(~id.1, h((~k.1⊕~r1.1⊕r2.1))))) + ) + ]-> + [ State_11111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] /* - rule (modulo AC) ifxlhhkrrrotidhkrr_0_111111111[color=#404480, - process="if x=lh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2)))))"]: - [ State_111111111( ~id, ~k, ~r1, r2, x.1 ) ] - --[ Pred_Eq( x.1, lh((h(x)⊕rot(~id, h(x)))) ) ]-> + rule (modulo AC) ifxlhhkrrrotidhkrr_0_1111111111[color=#404480, + process="if x.1=lh((h((~k.1⊕~r1.1⊕r2.1))⊕rot(~id.1, h((~k.1⊕~r1.1⊕r2.1)))))"]: [ State_1111111111( ~id, ~k, ~r1, r2, x.1 ) ] + --[ Pred_Eq( x.1, lh((h(x)⊕rot(~id, h(x)))) ) ]-> + [ State_11111111111( ~id, ~k, ~r1, r2, x.1 ) ] variants (modulo AC) - 1. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = ~k.16 - x = ~r1.17 + 1. ~k = ~k.17 + ~r1 = ~r1.18 + r2 = ~k.17 + x = ~r1.18 - 2. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = ~r1.17 - x = ~k.16 + 2. ~k = ~k.17 + ~r1 = ~r1.18 + r2 = ~r1.18 + x = ~k.17 - 3. ~k = ~k.16 - ~r1 = ~r1.17 + 3. ~k = ~k.17 + ~r1 = ~r1.18 r2 = zero - x = (~k.16⊕~r1.17) + x = (~k.17⊕~r1.18) - 4. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = (~k.16⊕~r1.17) + 4. ~k = ~k.17 + ~r1 = ~r1.18 + r2 = (~k.17⊕~r1.18) x = zero - 5. ~k = ~k.17 - ~r1 = ~k.17 - r2 = r2.19 - x = r2.19 + 5. ~k = ~k.18 + ~r1 = ~k.18 + r2 = r2.20 + x = r2.20 - 6. ~k = ~k.17 - ~r1 = ~r1.18 - r2 = r2.19 - x = (~k.17⊕~r1.18⊕r2.19) - - 7. ~k = ~k.22 - ~r1 = ~r1.23 - r2 = (~k.22⊕~r1.23⊕x.29) - x = x.29 + 6. ~k = ~k.18 + ~r1 = ~r1.19 + r2 = r2.20 + x = (~k.18⊕~r1.19⊕r2.20) - 8. ~k = ~k.80 - ~r1 = ~r1.81 - r2 = (~r1.81⊕x.157) - x = (~k.80⊕x.157) + 7. ~k = ~k.23 + ~r1 = ~r1.24 + r2 = (~k.23⊕~r1.24⊕x.30) + x = x.30 - 9. ~k = ~k.81 + 8. ~k = ~k.81 ~r1 = ~r1.82 - r2 = (~k.81⊕x.159) - x = (~r1.82⊕x.159) + r2 = (~r1.82⊕x.158) + x = (~k.81⊕x.158) + + 9. ~k = ~k.82 + ~r1 = ~r1.83 + r2 = (~k.82⊕x.160) + x = (~r1.83⊕x.160) */ -rule (modulo E) ifxlhhkrrrotidhkrr_1_111111111[color=#404480, - process="if x=lh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2)))))"]: - [ State_111111111( ~id, ~k, ~r1, r2, x ) ] - --[ Pred_Not_Eq( x, lh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2))))) ) ]-> - [ State_1111111112( ~id, ~k, ~r1, r2, x ) ] +rule (modulo E) eventAlivekTag_0_11111111111[color=#404480, + process="event Alive( ~k.1, 'Tag' );"]: + [ State_11111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] + --[ Alive( ~k.1, 'Tag' ) ]-> + [ State_111111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] /* - rule (modulo AC) ifxlhhkrrrotidhkrr_1_111111111[color=#404480, - process="if x=lh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2)))))"]: - [ State_111111111( ~id, ~k, ~r1, r2, x.1 ) ] - --[ Pred_Not_Eq( x.1, lh((h(x)⊕rot(~id, h(x)))) ) ]-> - [ State_1111111112( ~id, ~k, ~r1, r2, x.1 ) ] - variants (modulo AC) - 1. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = ~k.16 - x = ~r1.17 - - 2. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = ~r1.17 - x = ~k.16 - - 3. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = zero - x = (~k.16⊕~r1.17) - - 4. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = (~k.16⊕~r1.17) - x = zero - - 5. ~k = ~k.17 - ~r1 = ~k.17 - r2 = r2.19 - x = r2.19 - - 6. ~k = ~k.17 - ~r1 = ~r1.18 - r2 = r2.19 - x = (~k.17⊕~r1.18⊕r2.19) - - 7. ~k = ~k.22 - ~r1 = ~r1.23 - r2 = (~k.22⊕~r1.23⊕x.29) - x = x.29 - - 8. ~k = ~k.80 - ~r1 = ~r1.81 - r2 = (~r1.81⊕x.157) - x = (~k.80⊕x.157) - - 9. ~k = ~k.81 - ~r1 = ~r1.82 - r2 = (~k.81⊕x.159) - x = (~r1.82⊕x.159) + rule (modulo AC) eventAlivekTag_0_11111111111[color=#404480, + process="event Alive( ~k.1, 'Tag' );"]: + [ State_11111111111( ~id, ~k, ~r1, r2, x ) ] + --[ Alive( ~k, 'Tag' ) ]-> + [ State_111111111111( ~id, ~k, ~r1, r2, x ) ] */ -rule (modulo E) eventAlivekTag_0_1111111111[color=#404480, - process="event Alive( ~k, 'Tag' );"]: - [ State_1111111111( ~id, ~k, ~r1, r2, x ) ] - --[ Alive( ~k, 'Tag' ) ]-> - [ State_11111111111( ~id, ~k, ~r1, r2, x ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventResponsekReader_0_11111111111[color=#404480, - process="event Response( ~k, 'Reader' );"]: - [ State_11111111111( ~id, ~k, ~r1, r2, x ) ] - --[ Response( ~k, 'Reader' ) ]-> - [ State_111111111111( ~id, ~k, ~r1, r2, x ) ] +rule (modulo E) eventResponsekReader_0_111111111111[color=#404480, + process="event Response( ~k.1, 'Reader' );"]: + [ State_111111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] + --[ Response( ~k.1, 'Reader' ) ]-> + [ State_1111111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventResponsekReader_0_111111111111[color=#404480, + process="event Response( ~k.1, 'Reader' );"]: + [ State_111111111111( ~id, ~k, ~r1, r2, x ) ] + --[ Response( ~k, 'Reader' ) ]-> + [ State_1111111111111( ~id, ~k, ~r1, r2, x ) ] + */ -rule (modulo E) eventRunningTRkrr_0_111111111111[color=#404480, - process="event Running( <'T', 'R', (~k⊕~r1⊕r2)> );"]: - [ State_111111111111( ~id, ~k, ~r1, r2, x ) ] - --[ Running( <'T', 'R', (~k⊕~r1⊕r2)> ) ]-> - [ State_1111111111111( ~id, ~k, ~r1, r2, x ) ] +rule (modulo E) eventRunningTRkrr_0_1111111111111[color=#404480, + process="event Running( <'T', 'R', (~k.1⊕~r1.1⊕r2.1)> );"]: + [ State_1111111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] + --[ Running( <'T', 'R', (~k.1⊕~r1.1⊕r2.1)> ) ]-> + [ State_11111111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] /* - rule (modulo AC) eventRunningTRkrr_0_111111111111[color=#404480, - process="event Running( <'T', 'R', (~k⊕~r1⊕r2)> );"]: - [ State_111111111111( ~id, ~k, ~r1, r2, x ) ] - --[ Running( <'T', 'R', z> ) ]-> + rule (modulo AC) eventRunningTRkrr_0_1111111111111[color=#404480, + process="event Running( <'T', 'R', (~k.1⊕~r1.1⊕r2.1)> );"]: [ State_1111111111111( ~id, ~k, ~r1, r2, x ) ] + --[ Running( <'T', 'R', z> ) ]-> + [ State_11111111111111( ~id, ~k, ~r1, r2, x ) ] variants (modulo AC) - 1. ~k = ~k.11 - ~r1 = ~r1.12 - r2 = ~k.11 - z = ~r1.12 + 1. ~k = ~k.12 + ~r1 = ~r1.13 + r2 = ~k.12 + z = ~r1.13 - 2. ~k = ~k.11 - ~r1 = ~r1.12 - r2 = ~r1.12 - z = ~k.11 + 2. ~k = ~k.12 + ~r1 = ~r1.13 + r2 = ~r1.13 + z = ~k.12 - 3. ~k = ~k.11 - ~r1 = ~r1.12 + 3. ~k = ~k.12 + ~r1 = ~r1.13 r2 = zero - z = (~k.11⊕~r1.12) + z = (~k.12⊕~r1.13) - 4. ~k = ~k.11 - ~r1 = ~r1.12 - r2 = (~k.11⊕~r1.12) + 4. ~k = ~k.12 + ~r1 = ~r1.13 + r2 = (~k.12⊕~r1.13) z = zero - 5. ~k = ~k.12 - ~r1 = ~k.12 - r2 = r2.14 - z = r2.14 + 5. ~k = ~k.13 + ~r1 = ~k.13 + r2 = r2.15 + z = r2.15 - 6. ~k = ~k.12 - ~r1 = ~r1.13 - r2 = r2.14 - z = (~k.12⊕~r1.13⊕r2.14) - - 7. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = (~k.16⊕~r1.17⊕z.22) - z = z.22 + 6. ~k = ~k.13 + ~r1 = ~r1.14 + r2 = r2.15 + z = (~k.13⊕~r1.14⊕r2.15) - 8. ~k = ~k.18 - ~r1 = ~r1.19 - r2 = (~r1.19⊕x.33) - z = (~k.18⊕x.33) + 7. ~k = ~k.17 + ~r1 = ~r1.18 + r2 = (~k.17⊕~r1.18⊕z.23) + z = z.23 - 9. ~k = ~k.19 + 8. ~k = ~k.19 ~r1 = ~r1.20 - r2 = (~k.19⊕x.35) - z = (~r1.20⊕x.35) + r2 = (~r1.20⊕x.34) + z = (~k.19⊕x.34) + + 9. ~k = ~k.20 + ~r1 = ~r1.21 + r2 = (~k.20⊕x.36) + z = (~r1.21⊕x.36) */ -rule (modulo E) eventCommitRTkrr_0_1111111111111[color=#404480, - process="event Commit( <'R', 'T', (~k⊕~r1⊕r2)> );"]: - [ State_1111111111111( ~id, ~k, ~r1, r2, x ) ] - --[ Commit( <'R', 'T', (~k⊕~r1⊕r2)> ) ]-> - [ State_11111111111111( ~id, ~k, ~r1, r2, x ) ] +rule (modulo E) eventCommitRTkrr_0_11111111111111[color=#404480, + process="event Commit( <'R', 'T', (~k.1⊕~r1.1⊕r2.1)> );"]: + [ State_11111111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] + --[ Commit( <'R', 'T', (~k.1⊕~r1.1⊕r2.1)> ) ]-> + [ Out( rh((h((~k.1⊕~r1.1⊕r2.1))⊕rot(~id.1, h((~k.1⊕~r1.1⊕r2.1))))) ) ] /* - rule (modulo AC) eventCommitRTkrr_0_1111111111111[color=#404480, - process="event Commit( <'R', 'T', (~k⊕~r1⊕r2)> );"]: - [ State_1111111111111( ~id, ~k, ~r1, r2, x ) ] - --[ Commit( <'R', 'T', z> ) ]-> + rule (modulo AC) eventCommitRTkrr_0_11111111111111[color=#404480, + process="event Commit( <'R', 'T', (~k.1⊕~r1.1⊕r2.1)> );"]: [ State_11111111111111( ~id, ~k, ~r1, r2, x ) ] + --[ Commit( <'R', 'T', z> ) ]-> + [ Out( rh((h(z)⊕rot(~id, h(z)))) ) ] variants (modulo AC) - 1. ~k = ~k.11 - ~r1 = ~r1.12 - r2 = ~k.11 - z = ~r1.12 - - 2. ~k = ~k.11 - ~r1 = ~r1.12 - r2 = ~r1.12 - z = ~k.11 - - 3. ~k = ~k.11 - ~r1 = ~r1.12 + 1. ~k = ~k.20 + ~r1 = ~r1.21 + r2 = ~k.20 + z = ~r1.21 + + 2. ~k = ~k.20 + ~r1 = ~r1.21 + r2 = ~r1.21 + z = ~k.20 + + 3. ~k = ~k.20 + ~r1 = ~r1.21 r2 = zero - z = (~k.11⊕~r1.12) + z = (~k.20⊕~r1.21) - 4. ~k = ~k.11 - ~r1 = ~r1.12 - r2 = (~k.11⊕~r1.12) + 4. ~k = ~k.20 + ~r1 = ~r1.21 + r2 = (~k.20⊕~r1.21) z = zero - 5. ~k = ~k.12 - ~r1 = ~k.12 - r2 = r2.14 - z = r2.14 - - 6. ~k = ~k.12 - ~r1 = ~r1.13 - r2 = r2.14 - z = (~k.12⊕~r1.13⊕r2.14) - - 7. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = (~k.16⊕~r1.17⊕z.22) - z = z.22 - - 8. ~k = ~k.18 - ~r1 = ~r1.19 - r2 = (~r1.19⊕x.33) - z = (~k.18⊕x.33) - - 9. ~k = ~k.19 - ~r1 = ~r1.20 - r2 = (~k.19⊕x.35) - z = (~r1.20⊕x.35) + 5. ~k = ~k.21 + ~r1 = ~k.21 + r2 = r2.23 + z = r2.23 + + 6. ~k = ~k.21 + ~r1 = ~r1.22 + r2 = r2.23 + z = (~k.21⊕~r1.22⊕r2.23) + + 7. ~k = ~k.26 + ~r1 = ~r1.27 + r2 = (~k.26⊕~r1.27⊕z.33) + z = z.33 + + 8. ~k = ~k.137 + ~r1 = ~r1.138 + r2 = (~r1.138⊕x.270) + z = (~k.137⊕x.270) + + 9. ~k = ~k.138 + ~r1 = ~r1.139 + r2 = (~k.138⊕x.272) + z = (~r1.139⊕x.272) */ -rule (modulo E) outrhhkrrrotidhkrr_0_11111111111111[color=#404480, - process="out(rh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2))))));"]: - [ State_11111111111111( ~id, ~k, ~r1, r2, x ) ] - --> - [ - State_111111111111111( ~id, ~k, ~r1, r2, x ), - Out( rh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2))))) ) - ] +rule (modulo E) ifxlhhkrrrotidhkrr_1_1111111111[color=#404480, + process="if x.1=lh((h((~k.1⊕~r1.1⊕r2.1))⊕rot(~id.1, h((~k.1⊕~r1.1⊕r2.1)))))"]: + [ State_1111111111( ~id.1, ~k.1, ~r1.1, r2.1, x.1 ) ] + --[ + Pred_Not_Eq( x.1, + lh((h((~k.1⊕~r1.1⊕r2.1))⊕rot(~id.1, h((~k.1⊕~r1.1⊕r2.1))))) + ) + ]-> + [ ] /* - rule (modulo AC) outrhhkrrrotidhkrr_0_11111111111111[color=#404480, - process="out(rh((h((~k⊕~r1⊕r2))⊕rot(~id, h((~k⊕~r1⊕r2))))));"]: - [ State_11111111111111( ~id, ~k, ~r1, r2, x.1 ) ] - --> - [ - State_111111111111111( ~id, ~k, ~r1, r2, x.1 ), - Out( rh((h(x)⊕rot(~id, h(x)))) ) - ] + rule (modulo AC) ifxlhhkrrrotidhkrr_1_1111111111[color=#404480, + process="if x.1=lh((h((~k.1⊕~r1.1⊕r2.1))⊕rot(~id.1, h((~k.1⊕~r1.1⊕r2.1)))))"]: + [ State_1111111111( ~id, ~k, ~r1, r2, x.1 ) ] + --[ Pred_Not_Eq( x.1, lh((h(x)⊕rot(~id, h(x)))) ) ]-> + [ ] variants (modulo AC) - 1. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = ~k.16 - x = ~r1.17 + 1. ~k = ~k.17 + ~r1 = ~r1.18 + r2 = ~k.17 + x = ~r1.18 - 2. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = ~r1.17 - x = ~k.16 + 2. ~k = ~k.17 + ~r1 = ~r1.18 + r2 = ~r1.18 + x = ~k.17 - 3. ~k = ~k.16 - ~r1 = ~r1.17 + 3. ~k = ~k.17 + ~r1 = ~r1.18 r2 = zero - x = (~k.16⊕~r1.17) + x = (~k.17⊕~r1.18) - 4. ~k = ~k.16 - ~r1 = ~r1.17 - r2 = (~k.16⊕~r1.17) + 4. ~k = ~k.17 + ~r1 = ~r1.18 + r2 = (~k.17⊕~r1.18) x = zero - 5. ~k = ~k.17 - ~r1 = ~k.17 - r2 = r2.19 - x = r2.19 - - 6. ~k = ~k.17 - ~r1 = ~r1.18 - r2 = r2.19 - x = (~k.17⊕~r1.18⊕r2.19) + 5. ~k = ~k.18 + ~r1 = ~k.18 + r2 = r2.20 + x = r2.20 - 7. ~k = ~k.22 - ~r1 = ~r1.23 - r2 = (~k.22⊕~r1.23⊕x.29) - x = x.29 + 6. ~k = ~k.18 + ~r1 = ~r1.19 + r2 = r2.20 + x = (~k.18⊕~r1.19⊕r2.20) - 8. ~k = ~k.80 - ~r1 = ~r1.81 - r2 = (~r1.81⊕x.157) - x = (~k.80⊕x.157) + 7. ~k = ~k.23 + ~r1 = ~r1.24 + r2 = (~k.23⊕~r1.24⊕x.30) + x = x.30 - 9. ~k = ~k.81 + 8. ~k = ~k.81 ~r1 = ~r1.82 - r2 = (~k.81⊕x.159) - x = (~r1.82⊕x.159) + r2 = (~r1.82⊕x.158) + x = (~k.81⊕x.158) + + 9. ~k = ~k.82 + ~r1 = ~r1.83 + r2 = (~k.82⊕x.160) + x = (~r1.83⊕x.160) */ -rule (modulo E) p_0_111111111111111[color=#404480, process="0"]: - [ State_111111111111111( ~id, ~k, ~r1, r2, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111112[color=#404480, process="0"]: - [ State_1111111112( ~id, ~k, ~r1, r2, x ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inr_0_11112[color=#40807c, process="in(r1);"]: - [ State_11112( ~id, ~k ), In( r1 ) ] --> [ State_111121( ~id, ~k, r1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newr_0_111121[color=#40807c, process="new ~r2;"]: - [ State_111121( ~id, ~k, r1 ), Fr( ~r2 ) ] +rule (modulo E) p_1_111[color=#ffffff, process="!"]: + [ !Semistate_1111( ~id.1, ~k.1 ) ] --> - [ State_1111211( ~id, ~k, ~r2, r1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventResponsekTag_0_1111211[color=#40807c, - process="event Response( ~k, 'Tag' );"]: - [ State_1111211( ~id, ~k, ~r2, r1 ) ] - --[ Response( ~k, 'Tag' ) ]-> - [ State_11112111( ~id, ~k, ~r2, r1 ) ] + [ State_111121( ~id.1, ~k.1 ), State_111111( ~id.1, ~k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_111[color=#ffffff, process="!"]: + [ !Semistate_1111( ~id, ~k ) ] + --> + [ State_111121( ~id, ~k ), State_111111( ~id, ~k ) ] + */ -rule (modulo E) eventChallengerTag_0_11112111[color=#40807c, - process="event Challenge( ~r2, 'Tag' );"]: - [ State_11112111( ~id, ~k, ~r2, r1 ) ] - --[ Challenge( ~r2, 'Tag' ) ]-> - [ State_111121111( ~id, ~k, ~r2, r1 ) ] +rule (modulo E) inr_0_111121[color=#40807c, process="in(r1.2);"]: + [ State_111121( ~id.1, ~k.1 ), In( r1.2 ), Fr( ~r2.2 ) ] + --[ Response( ~k.1, 'Tag' ) ]-> + [ State_111121111( ~id.1, ~k.1, ~r2.2, r1.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inr_0_111121[color=#40807c, process="in(r1.2);"]: + [ State_111121( ~id, ~k ), In( r1 ), Fr( ~r2 ) ] + --[ Response( ~k, 'Tag' ) ]-> + [ State_111121111( ~id, ~k, ~r2, r1 ) ] + */ -rule (modulo E) eventRunningRTkrr_0_111121111[color=#40807c, - process="event Running( <'R', 'T', (~k⊕~r2⊕r1)> );"]: - [ State_111121111( ~id, ~k, ~r2, r1 ) ] - --[ Running( <'R', 'T', (~k⊕~r2⊕r1)> ) ]-> - [ State_1111211111( ~id, ~k, ~r2, r1 ) ] +rule (modulo E) eventChallengerTag_0_111121111[color=#40807c, + process="event Challenge( ~r2.2, 'Tag' );"]: + [ State_111121111( ~id.1, ~k.1, ~r2.2, r1.2 ) ] + --[ Challenge( ~r2.2, 'Tag' ) ]-> + [ State_1111211111( ~id.1, ~k.1, ~r2.2, r1.2 ) ] /* - rule (modulo AC) eventRunningRTkrr_0_111121111[color=#40807c, - process="event Running( <'R', 'T', (~k⊕~r2⊕r1)> );"]: + rule (modulo AC) eventChallengerTag_0_111121111[color=#40807c, + process="event Challenge( ~r2.2, 'Tag' );"]: [ State_111121111( ~id, ~k, ~r2, r1 ) ] - --[ Running( <'R', 'T', z> ) ]-> + --[ Challenge( ~r2, 'Tag' ) ]-> [ State_1111211111( ~id, ~k, ~r2, r1 ) ] - variants (modulo AC) - 1. ~k = ~k.10 - ~r2 = ~r2.11 - r1 = ~k.10 - z = ~r2.11 - - 2. ~k = ~k.10 - ~r2 = ~r2.11 - r1 = ~r2.11 - z = ~k.10 - - 3. ~k = ~k.10 - ~r2 = ~r2.11 - r1 = zero - z = (~k.10⊕~r2.11) - - 4. ~k = ~k.10 - ~r2 = ~r2.11 - r1 = (~k.10⊕~r2.11) - z = zero - - 5. ~k = ~k.11 - ~r2 = ~k.11 - r1 = r1.13 - z = r1.13 - - 6. ~k = ~k.11 - ~r2 = ~r2.12 - r1 = r1.13 - z = (~k.11⊕~r2.12⊕r1.13) - - 7. ~k = ~k.14 - ~r2 = ~r2.15 - r1 = (~k.14⊕~r2.15⊕z.19) - z = z.19 - - 8. ~k = ~k.16 - ~r2 = ~r2.17 - r1 = (~r2.17⊕x.29) - z = (~k.16⊕x.29) - - 9. ~k = ~k.17 - ~r2 = ~r2.18 - r1 = (~k.17⊕x.31) - z = (~r2.18⊕x.31) */ -rule (modulo E) outrlhhkrrrotidhkrr_0_1111211111[color=#40807c, - process="out(<~r2, lh((h((~k⊕~r2⊕r1))⊕rot(~id, h((~k⊕~r2⊕r1)))))>);"]: - [ State_1111211111( ~id, ~k, ~r2, r1 ) ] - --> +rule (modulo E) eventRunningRTkrr_0_1111211111[color=#40807c, + process="event Running( <'R', 'T', (~k.1⊕~r2.2⊕r1.2)> );"]: + [ State_1111211111( ~id.1, ~k.1, ~r2.2, r1.2 ) ] + --[ Running( <'R', 'T', (~k.1⊕~r2.2⊕r1.2)> ) ]-> [ - State_11112111111( ~id, ~k, ~r2, r1 ), - Out( <~r2, lh((h((~k⊕~r2⊕r1))⊕rot(~id, h((~k⊕~r2⊕r1)))))> ) + State_111121111111( ~id.1, ~k.1, ~r2.2, r1.2 ), + Out( <~r2.2, lh((h((~k.1⊕~r2.2⊕r1.2))⊕rot(~id.1, h((~k.1⊕~r2.2⊕r1.2)))))> + ) ] /* - rule (modulo AC) outrlhhkrrrotidhkrr_0_1111211111[color=#40807c, - process="out(<~r2, lh((h((~k⊕~r2⊕r1))⊕rot(~id, h((~k⊕~r2⊕r1)))))>);"]: + rule (modulo AC) eventRunningRTkrr_0_1111211111[color=#40807c, + process="event Running( <'R', 'T', (~k.1⊕~r2.2⊕r1.2)> );"]: [ State_1111211111( ~id, ~k, ~r2, r1 ) ] - --> + --[ Running( <'R', 'T', z> ) ]-> [ - State_11112111111( ~id, ~k, ~r2, r1 ), - Out( <~r2, lh((h(x)⊕rot(~id, h(x))))> ) + State_111121111111( ~id, ~k, ~r2, r1 ), + Out( <~r2, lh((h(z)⊕rot(~id, h(z))))> ) ] variants (modulo AC) - 1. ~k = ~k.15 - ~r2 = ~r2.16 - r1 = ~k.15 - x = ~r2.16 + 1. ~k = ~k.20 + ~r2 = ~r2.21 + r1 = ~k.20 + z = ~r2.21 - 2. ~k = ~k.15 - ~r2 = ~r2.16 - r1 = ~r2.16 - x = ~k.15 + 2. ~k = ~k.20 + ~r2 = ~r2.21 + r1 = ~r2.21 + z = ~k.20 - 3. ~k = ~k.15 - ~r2 = ~r2.16 + 3. ~k = ~k.20 + ~r2 = ~r2.21 r1 = zero - x = (~k.15⊕~r2.16) - - 4. ~k = ~k.15 - ~r2 = ~r2.16 - r1 = (~k.15⊕~r2.16) - x = zero - - 5. ~k = ~k.16 - ~r2 = ~k.16 - r1 = r1.18 - x = r1.18 - - 6. ~k = ~k.16 - ~r2 = ~r2.17 - r1 = r1.18 - x = (~k.16⊕~r2.17⊕r1.18) + z = (~k.20⊕~r2.21) - 7. ~k = ~k.20 + 4. ~k = ~k.20 ~r2 = ~r2.21 - r1 = (~k.20⊕~r2.21⊕x.26) - x = x.26 - - 8. ~k = ~k.73 - ~r2 = ~r2.74 - r1 = (~r2.74⊕x.143) - x = (~k.73⊕x.143) + r1 = (~k.20⊕~r2.21) + z = zero - 9. ~k = ~k.74 - ~r2 = ~r2.75 - r1 = (~k.74⊕x.145) - x = (~r2.75⊕x.145) + 5. ~k = ~k.21 + ~r2 = ~k.21 + r1 = r1.23 + z = r1.23 + + 6. ~k = ~k.21 + ~r2 = ~r2.22 + r1 = r1.23 + z = (~k.21⊕~r2.22⊕r1.23) + + 7. ~k = ~k.25 + ~r2 = ~r2.26 + r1 = (~k.25⊕~r2.26⊕z.31) + z = z.31 + + 8. ~k = ~k.128 + ~r2 = ~r2.129 + r1 = (~r2.129⊕x.251) + z = (~k.128⊕x.251) + + 9. ~k = ~k.129 + ~r2 = ~r2.130 + r1 = (~k.129⊕x.253) + z = (~r2.130⊕x.253) */ -rule (modulo E) inrhhkrrrotidhkrr_0_11112111111[color=#40807c, - process="in(rh((h((~k⊕~r2⊕r1))⊕rot(~id, h((~k⊕~r2⊕r1))))));"]: +rule (modulo E) inrhhkrrrotidhkrr_0_111121111111[color=#40807c, + process="in(rh((h((=~k.1⊕=~r2.2⊕=r1.2))⊕rot(=~id.1, h((=~k.1⊕=~r2.2⊕=r1.2))))));"]: [ - State_11112111111( ~id, ~k, ~r2, r1 ), - In( rh((h((~k⊕~r2⊕r1))⊕rot(~id, h((~k⊕~r2⊕r1))))) ) + State_111121111111( ~id.1, ~k.1, ~r2.2, r1.2 ), + In( rh((h((~k.1⊕~r2.2⊕r1.2))⊕rot(~id.1, h((~k.1⊕~r2.2⊕r1.2))))) ) ] - --> - [ State_111121111111( ~id, ~k, ~r2, r1 ) ] + --[ Alive( ~k.1, 'Reader' ) ]-> + [ State_11112111111111( ~id.1, ~k.1, ~r2.2, r1.2 ) ] /* - rule (modulo AC) inrhhkrrrotidhkrr_0_11112111111[color=#40807c, - process="in(rh((h((~k⊕~r2⊕r1))⊕rot(~id, h((~k⊕~r2⊕r1))))));"]: - [ State_11112111111( ~id, ~k, ~r2, r1 ), In( rh((h(x)⊕rot(~id, h(x)))) ) + rule (modulo AC) inrhhkrrrotidhkrr_0_111121111111[color=#40807c, + process="in(rh((h((=~k.1⊕=~r2.2⊕=r1.2))⊕rot(=~id.1, h((=~k.1⊕=~r2.2⊕=r1.2))))));"]: + [ State_111121111111( ~id, ~k, ~r2, r1 ), In( rh((h(x)⊕rot(~id, h(x)))) ) ] - --> - [ State_111121111111( ~id, ~k, ~r2, r1 ) ] + --[ Alive( ~k, 'Reader' ) ]-> + [ State_11112111111111( ~id, ~k, ~r2, r1 ) ] variants (modulo AC) - 1. ~k = ~k.15 - ~r2 = ~r2.16 - r1 = ~k.15 - x = ~r2.16 - - 2. ~k = ~k.15 - ~r2 = ~r2.16 - r1 = ~r2.16 - x = ~k.15 - - 3. ~k = ~k.15 - ~r2 = ~r2.16 + 1. ~k = ~k.18 + ~r2 = ~r2.19 + r1 = ~k.18 + x = ~r2.19 + + 2. ~k = ~k.18 + ~r2 = ~r2.19 + r1 = ~r2.19 + x = ~k.18 + + 3. ~k = ~k.18 + ~r2 = ~r2.19 r1 = zero - x = (~k.15⊕~r2.16) + x = (~k.18⊕~r2.19) - 4. ~k = ~k.15 - ~r2 = ~r2.16 - r1 = (~k.15⊕~r2.16) + 4. ~k = ~k.18 + ~r2 = ~r2.19 + r1 = (~k.18⊕~r2.19) x = zero - 5. ~k = ~k.16 - ~r2 = ~k.16 - r1 = r1.18 - x = r1.18 - - 6. ~k = ~k.16 - ~r2 = ~r2.17 - r1 = r1.18 - x = (~k.16⊕~r2.17⊕r1.18) - - 7. ~k = ~k.20 - ~r2 = ~r2.21 - r1 = (~k.20⊕~r2.21⊕x.26) - x = x.26 - - 8. ~k = ~k.73 - ~r2 = ~r2.74 - r1 = (~r2.74⊕x.143) - x = (~k.73⊕x.143) - - 9. ~k = ~k.74 - ~r2 = ~r2.75 - r1 = (~k.74⊕x.145) - x = (~r2.75⊕x.145) + 5. ~k = ~k.19 + ~r2 = ~k.19 + r1 = r1.21 + x = r1.21 + + 6. ~k = ~k.19 + ~r2 = ~r2.20 + r1 = r1.21 + x = (~k.19⊕~r2.20⊕r1.21) + + 7. ~k = ~k.24 + ~r2 = ~r2.25 + r1 = (~k.24⊕~r2.25⊕x.31) + x = x.31 + + 8. ~k = ~k.90 + ~r2 = ~r2.91 + r1 = (~r2.91⊕x.175) + x = (~k.90⊕x.175) + + 9. ~k = ~k.91 + ~r2 = ~r2.92 + r1 = (~k.91⊕x.177) + x = (~r2.92⊕x.177) */ -rule (modulo E) eventAlivekReader_0_111121111111[color=#40807c, - process="event Alive( ~k, 'Reader' );"]: - [ State_111121111111( ~id, ~k, ~r2, r1 ) ] - --[ Alive( ~k, 'Reader' ) ]-> - [ State_1111211111111( ~id, ~k, ~r2, r1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventCommitTRkrr_0_1111211111111[color=#40807c, - process="event Commit( <'T', 'R', (~k⊕~r2⊕r1)> );"]: - [ State_1111211111111( ~id, ~k, ~r2, r1 ) ] - --[ Commit( <'T', 'R', (~k⊕~r2⊕r1)> ) ]-> - [ State_11112111111111( ~id, ~k, ~r2, r1 ) ] +rule (modulo E) eventCommitTRkrr_0_11112111111111[color=#40807c, + process="event Commit( <'T', 'R', (~k.1⊕~r2.2⊕r1.2)> );"]: + [ State_11112111111111( ~id.1, ~k.1, ~r2.2, r1.2 ) ] + --[ Commit( <'T', 'R', (~k.1⊕~r2.2⊕r1.2)> ) ]-> + [ ] /* - rule (modulo AC) eventCommitTRkrr_0_1111211111111[color=#40807c, - process="event Commit( <'T', 'R', (~k⊕~r2⊕r1)> );"]: - [ State_1111211111111( ~id, ~k, ~r2, r1 ) ] - --[ Commit( <'T', 'R', z> ) ]-> + rule (modulo AC) eventCommitTRkrr_0_11112111111111[color=#40807c, + process="event Commit( <'T', 'R', (~k.1⊕~r2.2⊕r1.2)> );"]: [ State_11112111111111( ~id, ~k, ~r2, r1 ) ] + --[ Commit( <'T', 'R', z> ) ]-> + [ ] variants (modulo AC) - 1. ~k = ~k.10 - ~r2 = ~r2.11 - r1 = ~k.10 - z = ~r2.11 - - 2. ~k = ~k.10 - ~r2 = ~r2.11 - r1 = ~r2.11 - z = ~k.10 - - 3. ~k = ~k.10 - ~r2 = ~r2.11 + 1. ~k = ~k.12 + ~r2 = ~r2.13 + r1 = ~k.12 + z = ~r2.13 + + 2. ~k = ~k.12 + ~r2 = ~r2.13 + r1 = ~r2.13 + z = ~k.12 + + 3. ~k = ~k.12 + ~r2 = ~r2.13 r1 = zero - z = (~k.10⊕~r2.11) + z = (~k.12⊕~r2.13) - 4. ~k = ~k.10 - ~r2 = ~r2.11 - r1 = (~k.10⊕~r2.11) + 4. ~k = ~k.12 + ~r2 = ~r2.13 + r1 = (~k.12⊕~r2.13) z = zero - 5. ~k = ~k.11 - ~r2 = ~k.11 - r1 = r1.13 - z = r1.13 - - 6. ~k = ~k.11 - ~r2 = ~r2.12 - r1 = r1.13 - z = (~k.11⊕~r2.12⊕r1.13) + 5. ~k = ~k.13 + ~r2 = ~k.13 + r1 = r1.15 + z = r1.15 - 7. ~k = ~k.14 - ~r2 = ~r2.15 - r1 = (~k.14⊕~r2.15⊕z.19) - z = z.19 + 6. ~k = ~k.13 + ~r2 = ~r2.14 + r1 = r1.15 + z = (~k.13⊕~r2.14⊕r1.15) - 8. ~k = ~k.16 + 7. ~k = ~k.16 ~r2 = ~r2.17 - r1 = (~r2.17⊕x.29) - z = (~k.16⊕x.29) + r1 = (~k.16⊕~r2.17⊕z.21) + z = z.21 + + 8. ~k = ~k.18 + ~r2 = ~r2.19 + r1 = (~r2.19⊕x.31) + z = (~k.18⊕x.31) - 9. ~k = ~k.17 - ~r2 = ~r2.18 - r1 = (~k.17⊕x.31) - z = (~r2.18⊕x.31) + 9. ~k = ~k.19 + ~r2 = ~r2.20 + r1 = (~k.19⊕x.33) + z = (~r2.20⊕x.33) */ -rule (modulo E) p_0_11112111111111[color=#40807c, process="0"]: - [ State_11112111111111( ~id, ~k, ~r2, r1 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - restriction predicate_eq: "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" // safety formula @@ -1362,7 +1074,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -1372,11 +1084,11 @@ analyzing: examples/sapic/fast/feature-xor/CH07.spthy analyzed: examples/sapic/fast/feature-xor/CH07.spthy output: examples/sapic/fast/feature-xor/CH07.spthy.tmp - processing time: 9.000325699s + processing time: 4.111748472s recentalive_tag_attack (exists-trace): verified (10 steps) recentalive_reader (all-traces): verified (24 steps) - noninjectiveagreement_tag (all-traces): verified (77 steps) - noninjectiveagreement_reader (all-traces): verified (77 steps) + noninjectiveagreement_tag (all-traces): verified (78 steps) + noninjectiveagreement_reader (all-traces): verified (22 steps) executable (exists-trace): verified (11 steps) ------------------------------------------------------------------------------ @@ -1387,11 +1099,11 @@ summary of summaries: analyzed: examples/sapic/fast/feature-xor/CH07.spthy output: examples/sapic/fast/feature-xor/CH07.spthy.tmp - processing time: 9.000325699s + processing time: 4.111748472s recentalive_tag_attack (exists-trace): verified (10 steps) recentalive_reader (all-traces): verified (24 steps) - noninjectiveagreement_tag (all-traces): verified (77 steps) - noninjectiveagreement_reader (all-traces): verified (77 steps) + noninjectiveagreement_tag (all-traces): verified (78 steps) + noninjectiveagreement_reader (all-traces): verified (22 steps) executable (exists-trace): verified (11 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/feature-xor/CRxor_analyzed.spthy b/case-studies-regression/sapic/fast/feature-xor/CRxor_analyzed.spthy index 53877c3c3..27ab4c605 100644 --- a/case-studies-regression/sapic/fast/feature-xor/CRxor_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-xor/CRxor_analyzed.spthy @@ -3,11 +3,21 @@ theory CRXOR begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + + + + + + + + + lemma alive: all-traces "∀ x y #i. (Alive( x, y ) @ #i) ⇒ (∃ #j. Response( y ) @ #j)" /* @@ -15,15 +25,15 @@ guarded formula characterizing all counter-examples: "∃ x y #i. (Alive( x, y ) @ #i) ∧ ∀ #j. (Response( y ) @ #j) ⇒ ⊥" */ simplify -solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) - case ifhknanbm_0_1111111 +solve( State_111111111( ~k, ~na, m, nb ) ▶₀ #i ) + case ifhknanbm_0_11111111 solve( splitEqs(1) ) case split_case_1 solve( !KU( h(~na) ) @ #vk.1 ) case c_h by solve( !KU( ~k ) @ #vk.2 ) next - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 by contradiction /* from formulas */ qed next @@ -32,7 +42,7 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) case c_h by solve( !KU( ~k ) @ #vk.3 ) next - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 by contradiction /* cyclic */ qed next @@ -47,16 +57,16 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~k⊕nb) ) ▶₀ #vk.2 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.2, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.2, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed @@ -68,16 +78,16 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~na⊕nb) ) ▶₀ #vk.2 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.2, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.2, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed @@ -89,37 +99,37 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~k⊕~na) ) ▶₀ #vk.2 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.2, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.2, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed next case coerce solve( !KD( (~k⊕~na⊕nb) ) ▶₀ #vk.1 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.1, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed next - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 by contradiction /* from formulas */ qed next @@ -132,21 +142,21 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~k⊕~na) ) ▶₀ #vk.1 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.1, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed next - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 by contradiction /* from formulas */ qed next @@ -157,16 +167,16 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~k⊕~na) ) ▶₀ #vk ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk, 0) ) + by solve( (#vr.6, 0) ~~> (#vk, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed @@ -180,16 +190,16 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~k⊕z) ) ▶₀ #vk.1 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.1, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed @@ -201,16 +211,16 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~na⊕z) ) ▶₀ #vk.1 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.1, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed @@ -222,32 +232,32 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~k⊕~na) ) ▶₀ #vk.1 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.1, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed next case coerce solve( !KD( (~k⊕~na⊕z) ) ▶₀ #vk ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk, 0) ) + by solve( (#vr.6, 0) ~~> (#vk, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed @@ -263,37 +273,37 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~k⊕x) ) ▶₀ #vk.2 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.2, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.2, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed next case coerce solve( !KD( (~na⊕x) ) ▶₀ #vk.1 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.1, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed next - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 by contradiction /* from formulas */ qed next @@ -308,37 +318,37 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) next case coerce solve( !KD( (~na⊕x) ) ▶₀ #vk.2 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.2, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.2, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.2, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed next case coerce solve( !KD( (~k⊕x) ) ▶₀ #vk.1 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( (#vl, 0) ~~> (#vk.1, 0) ) case d_0_fst - by solve( (#vr.11, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.6, 0) ~~> (#vk.1, 0) ) next case d_0_snd by contradiction /* impossible chain */ qed next - case outna_0_11111 + case newna_0_1111 by contradiction /* impossible chain */ qed qed next - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 by contradiction /* from formulas */ qed qed @@ -362,12 +372,12 @@ guarded formula characterizing all satisfying traces: ((¬(#k < #j)) ∨ (¬(#j < #i)))" */ simplify -solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) - case ifhknanbm_0_1111111 +solve( State_111111111( ~k, ~na, m, nb ) ▶₀ #i ) + case ifhknanbm_0_11111111 solve( splitEqs(1) ) case split_case_7 solve( !KU( h((~k⊕x)) ) @ #vk.1 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 solve( !KU( (~na⊕x) ) @ #vk.2 ) case c_xor solve( splitEqs(3) ) @@ -375,9 +385,9 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) solve( !KU( (~nb⊕na.1) ) @ #vk.4 ) case c_xor solve( !KU( ~na ) @ #vk.5 ) - case outna_0_11111 + case newna_0_1111 solve( !KU( ~nb ) @ #vk.6 ) - case outhknbnanb_0_11211211 + case eventResponsek_0_11211121 SOLVED // trace found qed qed @@ -403,21 +413,24 @@ guarded formula characterizing all satisfying traces: (∀ #l. (NeqForExec( x, x ) @ #l) ⇒ ⊥)" */ simplify -solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) - case ifhknanbm_0_1111111 - solve( State_1121121( ~k, ~nb.1, na.1 ) ▶₀ #j ) - case eventNeqForExecnazero_0_112112 - solve( splitEqs(2) ) +solve( State_111111111( ~k, ~na, m, nb ) ▶₀ #i ) + case ifhknanbm_0_11111111 + solve( State_11211121( ~k, ~nb.1, na.1 ) ▶₀ #j ) + case eventNeqForExecnazero_0_1121112 + solve( splitEqs(1) ) case split_case_3 - solve( !KU( h((~k⊕~na⊕nb)) ) @ #vk.1 ) - case outhknbnanb_0_11211211 - solve( splitEqs(4) ) - case split_case_2 - solve( !KU( ~nb ) @ #vk.2 ) - case outhknbnanb_0_11211211 - solve( !KU( ~na ) @ #vk.3 ) - case outna_0_11111 - SOLVED // trace found + solve( splitEqs(2) ) + case split_case_2 + solve( !KU( h((~k⊕~na⊕nb)) ) @ #vk.1 ) + case eventResponsek_0_11211121 + solve( splitEqs(5) ) + case split_case_1 + solve( !KU( ~nb ) @ #vk.2 ) + case eventResponsek_0_11211121 + solve( !KU( ~na ) @ #vk.3 ) + case newna_0_1111 + SOLVED // trace found + qed qed qed qed @@ -426,301 +439,287 @@ solve( State_11111111( ~k, ~na, m, nb ) ▶₀ #i ) qed qed -rule (modulo E) Init[color=#ffffff, process="new ~k;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_[color=#ffffff, process="new ~k;"]: - [ State_( ), Fr( ~k ) ] --> [ State_1( ~k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="!"]: - [ State_1( ~k ) ] --> [ !Semistate_11( ~k ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_1[color=#ffffff, process="!"]: - [ !Semistate_11( ~k ) ] --> [ State_11( ~k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( ~k ) ] --> [ State_111( ~k ), State_112( ~k ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newna_0_111[color=#80404f, process="new ~na;"]: - [ State_111( ~k ), Fr( ~na ) ] --> [ State_1111( ~k, ~na ) ] - /* has exactly the trivial AC variant */ +rule (modulo E) Init[color=#ffffff, process="new ~k.1;"]: + [ Fr( ~k.1 ) ] --[ Init( ) ]-> [ !Semistate_11( ~k.1 ) ] -rule (modulo E) eventChallengena_0_1111[color=#80404f, - process="event Challenge( ~na );"]: - [ State_1111( ~k, ~na ) ] - --[ Challenge( ~na ) ]-> - [ State_11111( ~k, ~na ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="new ~k.1;"]: + [ Fr( ~k ) ] --[ Init( ) ]-> [ !Semistate_11( ~k ) ] + */ -rule (modulo E) outna_0_11111[color=#80404f, process="out(~na);"]: - [ State_11111( ~k, ~na ) ] --> [ State_111111( ~k, ~na ), Out( ~na ) ] +rule (modulo E) newna_0_1111[color=#80404f, process="new ~na.1;"]: + [ State_1111( ~k.1 ), Fr( ~na.1 ) ] + --[ Challenge( ~na.1 ) ]-> + [ State_1111111( ~k.1, ~na.1 ), Out( ~na.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newna_0_1111[color=#80404f, process="new ~na.1;"]: + [ State_1111( ~k ), Fr( ~na ) ] + --[ Challenge( ~na ) ]-> + [ State_1111111( ~k, ~na ), Out( ~na ) ] + */ -rule (modulo E) inmnb_0_111111[color=#80404f, process="in();"]: - [ State_111111( ~k, ~na ), In( ) ] +rule (modulo E) inmnb_0_1111111[color=#80404f, + process="in();"]: + [ State_1111111( ~k.1, ~na.1 ), In( ) ] --> - [ State_1111111( ~k, ~na, m, nb ) ] + [ State_11111111( ~k.1, ~na.1, m.1, nb.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inmnb_0_1111111[color=#80404f, + process="in();"]: + [ State_1111111( ~k, ~na ), In( ) ] + --> + [ State_11111111( ~k, ~na, m, nb ) ] + */ -rule (modulo E) ifhknanbm_0_1111111[color=#80404f, - process="if h((~k⊕~na⊕nb))=m"]: - [ State_1111111( ~k, ~na, m, nb ) ] - --[ Pred_Eq( h((~k⊕~na⊕nb)), m ) ]-> - [ State_11111111( ~k, ~na, m, nb ) ] +rule (modulo E) ifhknanbm_0_11111111[color=#80404f, + process="if h((~k.1⊕~na.1⊕nb.1))=m.1"]: + [ State_11111111( ~k.1, ~na.1, m.1, nb.1 ) ] + --[ Pred_Eq( h((~k.1⊕~na.1⊕nb.1)), m.1 ) ]-> + [ State_111111111( ~k.1, ~na.1, m.1, nb.1 ) ] /* - rule (modulo AC) ifhknanbm_0_1111111[color=#80404f, - process="if h((~k⊕~na⊕nb))=m"]: - [ State_1111111( ~k, ~na, m, nb ) ] - --[ Pred_Eq( h(z), m ) ]-> + rule (modulo AC) ifhknanbm_0_11111111[color=#80404f, + process="if h((~k.1⊕~na.1⊕nb.1))=m.1"]: [ State_11111111( ~k, ~na, m, nb ) ] + --[ Pred_Eq( h(z), m ) ]-> + [ State_111111111( ~k, ~na, m, nb ) ] variants (modulo AC) - 1. ~k = ~k.6 - ~na = ~na.6 - nb = nb.6 - z = (~k.6⊕~na.6⊕nb.6) - - 2. ~k = ~k.6 - ~na = ~na.6 - nb = zero - z = (~k.6⊕~na.6) - - 3. ~k = ~x.6 - ~na = ~x.6 + 1. ~k = ~k.7 + ~na = ~na.7 nb = nb.7 - z = nb.7 + z = (~k.7⊕~na.7⊕nb.7) - 4. ~k = ~x.6 + 2. ~k = ~k.7 ~na = ~na.7 - nb = ~x.6 - z = ~na.7 + nb = zero + z = (~k.7⊕~na.7) - 5. ~k = ~x.6 + 3. ~k = ~x.7 ~na = ~x.7 - nb = (~x.6⊕~x.7) + nb = nb.8 + z = nb.8 + + 4. ~k = ~x.7 + ~na = ~na.8 + nb = ~x.7 + z = ~na.8 + + 5. ~k = ~x.7 + ~na = ~x.8 + nb = (~x.7⊕~x.8) z = zero - 6. ~k = ~x.6 - ~na = ~x.7 - nb = (~x.6⊕~x.7⊕x.9) - z = x.9 + 6. ~k = ~x.7 + ~na = ~x.8 + nb = (~x.7⊕~x.8⊕x.10) + z = x.10 - 7. ~k = ~x.6 - ~na = ~na.10 - nb = (~x.6⊕x.9) - z = (x.9⊕~na.10) + 7. ~k = ~x.7 + ~na = ~na.11 + nb = (~x.7⊕x.10) + z = (x.10⊕~na.11) - 8. ~k = ~k.7 - ~na = ~x.6 - nb = ~x.6 - z = ~k.7 + 8. ~k = ~k.8 + ~na = ~x.7 + nb = ~x.7 + z = ~k.8 - 9. ~k = ~k.9 - ~na = ~x.6 - nb = (~x.6⊕x.8) - z = (x.8⊕~k.9) + 9. ~k = ~k.10 + ~na = ~x.7 + nb = (~x.7⊕x.9) + z = (x.9⊕~k.10) + */ + +rule (modulo E) eventAlivenak_0_111111111[color=#80404f, + process="event Alive( ~na.1, ~k.1 );"]: + [ State_111111111( ~k.1, ~na.1, m.1, nb.1 ) ] + --[ Alive( ~na.1, ~k.1 ) ]-> + [ ] + + /* + rule (modulo AC) eventAlivenak_0_111111111[color=#80404f, + process="event Alive( ~na.1, ~k.1 );"]: + [ State_111111111( ~k, ~na, m, nb ) ] --[ Alive( ~na, ~k ) ]-> [ ] */ -rule (modulo E) ifhknanbm_1_1111111[color=#80404f, - process="if h((~k⊕~na⊕nb))=m"]: - [ State_1111111( ~k, ~na, m, nb ) ] - --[ Pred_Not_Eq( h((~k⊕~na⊕nb)), m ) ]-> - [ State_11111112( ~k, ~na, m, nb ) ] +rule (modulo E) ifhknanbm_1_11111111[color=#80404f, + process="if h((~k.1⊕~na.1⊕nb.1))=m.1"]: + [ State_11111111( ~k.1, ~na.1, m.1, nb.1 ) ] + --[ Pred_Not_Eq( h((~k.1⊕~na.1⊕nb.1)), m.1 ) ]-> + [ ] /* - rule (modulo AC) ifhknanbm_1_1111111[color=#80404f, - process="if h((~k⊕~na⊕nb))=m"]: - [ State_1111111( ~k, ~na, m, nb ) ] - --[ Pred_Not_Eq( h(z), m ) ]-> - [ State_11111112( ~k, ~na, m, nb ) ] + rule (modulo AC) ifhknanbm_1_11111111[color=#80404f, + process="if h((~k.1⊕~na.1⊕nb.1))=m.1"]: + [ State_11111111( ~k, ~na, m, nb ) ] --[ Pred_Not_Eq( h(z), m ) ]-> [ ] variants (modulo AC) - 1. ~k = ~k.6 - ~na = ~na.6 - nb = nb.6 - z = (~k.6⊕~na.6⊕nb.6) - - 2. ~k = ~k.6 - ~na = ~na.6 - nb = zero - z = (~k.6⊕~na.6) - - 3. ~k = ~x.6 - ~na = ~x.6 + 1. ~k = ~k.7 + ~na = ~na.7 nb = nb.7 - z = nb.7 + z = (~k.7⊕~na.7⊕nb.7) - 4. ~k = ~x.6 + 2. ~k = ~k.7 ~na = ~na.7 - nb = ~x.6 - z = ~na.7 + nb = zero + z = (~k.7⊕~na.7) - 5. ~k = ~x.6 + 3. ~k = ~x.7 ~na = ~x.7 - nb = (~x.6⊕~x.7) + nb = nb.8 + z = nb.8 + + 4. ~k = ~x.7 + ~na = ~na.8 + nb = ~x.7 + z = ~na.8 + + 5. ~k = ~x.7 + ~na = ~x.8 + nb = (~x.7⊕~x.8) z = zero - 6. ~k = ~x.6 - ~na = ~x.7 - nb = (~x.6⊕~x.7⊕x.9) - z = x.9 + 6. ~k = ~x.7 + ~na = ~x.8 + nb = (~x.7⊕~x.8⊕x.10) + z = x.10 - 7. ~k = ~x.6 - ~na = ~na.10 - nb = (~x.6⊕x.9) - z = (x.9⊕~na.10) + 7. ~k = ~x.7 + ~na = ~na.11 + nb = (~x.7⊕x.10) + z = (x.10⊕~na.11) - 8. ~k = ~k.7 - ~na = ~x.6 - nb = ~x.6 - z = ~k.7 + 8. ~k = ~k.8 + ~na = ~x.7 + nb = ~x.7 + z = ~k.8 - 9. ~k = ~k.9 - ~na = ~x.6 - nb = (~x.6⊕x.8) - z = (x.8⊕~k.9) + 9. ~k = ~k.10 + ~na = ~x.7 + nb = (~x.7⊕x.9) + z = (x.9⊕~k.10) */ -rule (modulo E) eventAlivenak_0_11111111[color=#80404f, - process="event Alive( ~na, ~k );"]: - [ State_11111111( ~k, ~na, m, nb ) ] - --[ Alive( ~na, ~k ) ]-> - [ State_111111111( ~k, ~na, m, nb ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111111[color=#80404f, process="0"]: - [ State_111111111( ~k, ~na, m, nb ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111112[color=#80404f, process="0"]: - [ State_11111112( ~k, ~na, m, nb ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inna_0_112[color=#805d40, process="in(na);"]: - [ State_112( ~k ), In( na ) ] --> [ State_1121( ~k, na ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newnb_0_1121[color=#805d40, process="new ~nb;"]: - [ State_1121( ~k, na ), Fr( ~nb ) ] --> [ State_11211( ~k, ~nb, na ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifnazero_0_11211[color=#805d40, process="if na=zero"]: - [ State_11211( ~k, ~nb, na ) ] - --[ Pred_Eq( na, zero ) ]-> - [ State_112111( ~k, ~nb, na ) ] +rule (modulo E) p_1_1[color=#ffffff, process="!"]: + [ !Semistate_11( ~k.1 ) ] --> [ State_1121( ~k.1 ), State_1111( ~k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_1[color=#ffffff, process="!"]: + [ !Semistate_11( ~k ) ] --> [ State_1121( ~k ), State_1111( ~k ) ] + */ -rule (modulo E) ifnazero_1_11211[color=#805d40, process="if na=zero"]: - [ State_11211( ~k, ~nb, na ) ] - --[ Pred_Not_Eq( na, zero ) ]-> - [ State_112112( ~k, ~nb, na ) ] +rule (modulo E) inna_0_1121[color=#805d40, process="in(na.2);"]: + [ State_1121( ~k.1 ), In( na.2 ), Fr( ~nb.2 ) ] + --> + [ State_112111( ~k.1, ~nb.2, na.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inna_0_1121[color=#805d40, process="in(na.2);"]: + [ State_1121( ~k ), In( na ), Fr( ~nb ) ] + --> + [ State_112111( ~k, ~nb, na ) ] + */ -rule (modulo E) p_0_112111[color=#805d40, process="0"]: - [ State_112111( ~k, ~nb, na ) ] --> [ ] +rule (modulo E) ifnazero_0_112111[color=#805d40, process="if na.2=zero"]: + [ State_112111( ~k.1, ~nb.2, na.2 ) ] --[ Pred_Eq( na.2, zero ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifnazero_0_112111[color=#805d40, + process="if na.2=zero"]: + [ State_112111( ~k, ~nb, na ) ] --[ Pred_Eq( na, zero ) ]-> [ ] + */ -rule (modulo E) eventNeqForExecnazero_0_112112[color=#805d40, - process="event NeqForExec( na, zero );"]: - [ State_112112( ~k, ~nb, na ) ] - --[ NeqForExec( na, zero ) ]-> - [ State_1121121( ~k, ~nb, na ) ] +rule (modulo E) ifnazero_1_112111[color=#805d40, process="if na.2=zero"]: + [ State_112111( ~k.1, ~nb.2, na.2 ) ] + --[ Pred_Not_Eq( na.2, zero ) ]-> + [ State_1121112( ~k.1, ~nb.2, na.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifnazero_1_112111[color=#805d40, + process="if na.2=zero"]: + [ State_112111( ~k, ~nb, na ) ] + --[ Pred_Not_Eq( na, zero ) ]-> + [ State_1121112( ~k, ~nb, na ) ] + */ -rule (modulo E) eventResponsek_0_1121121[color=#805d40, - process="event Response( ~k );"]: - [ State_1121121( ~k, ~nb, na ) ] - --[ Response( ~k ) ]-> - [ State_11211211( ~k, ~nb, na ) ] +rule (modulo E) eventNeqForExecnazero_0_1121112[color=#805d40, + process="event NeqForExec( na.2, zero );"]: + [ State_1121112( ~k.1, ~nb.2, na.2 ) ] + --[ NeqForExec( na.2, zero ) ]-> + [ State_11211121( ~k.1, ~nb.2, na.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventNeqForExecnazero_0_1121112[color=#805d40, + process="event NeqForExec( na.2, zero );"]: + [ State_1121112( ~k, ~nb, na ) ] + --[ NeqForExec( na, zero ) ]-> + [ State_11211121( ~k, ~nb, na ) ] + */ -rule (modulo E) outhknbnanb_0_11211211[color=#805d40, - process="out();"]: - [ State_11211211( ~k, ~nb, na ) ] - --> - [ State_112112111( ~k, ~nb, na ), Out( ) ] +rule (modulo E) eventResponsek_0_11211121[color=#805d40, + process="event Response( ~k.1 );"]: + [ State_11211121( ~k.1, ~nb.2, na.2 ) ] + --[ Response( ~k.1 ) ]-> + [ Out( ) ] /* - rule (modulo AC) outhknbnanb_0_11211211[color=#805d40, - process="out();"]: - [ State_11211211( ~k, ~nb, na ) ] - --> - [ State_112112111( ~k, ~nb, na ), Out( ) ] + rule (modulo AC) eventResponsek_0_11211121[color=#805d40, + process="event Response( ~k.1 );"]: + [ State_11211121( ~k, ~nb, na ) ] + --[ Response( ~k ) ]-> + [ Out( ) ] variants (modulo AC) - 1. ~k = ~k.5 - ~nb = ~nb.5 - na = na.5 - z = (~k.5⊕~nb.5⊕na.5) + 1. ~k = ~k.7 + ~nb = ~nb.8 + na = na.8 + z = (~k.7⊕~nb.8⊕na.8) - 2. ~k = ~k.5 - ~nb = ~nb.5 + 2. ~k = ~k.7 + ~nb = ~nb.8 na = zero - z = (~k.5⊕~nb.5) + z = (~k.7⊕~nb.8) - 3. ~k = ~x.5 - ~nb = ~x.5 - na = na.6 - z = na.6 + 3. ~k = ~x.7 + ~nb = ~x.7 + na = na.8 + z = na.8 - 4. ~k = ~x.5 - ~nb = ~nb.6 - na = ~x.5 - z = ~nb.6 + 4. ~k = ~x.7 + ~nb = ~nb.8 + na = ~x.7 + z = ~nb.8 - 5. ~k = ~x.5 - ~nb = ~x.6 - na = (~x.5⊕~x.6) + 5. ~k = ~x.7 + ~nb = ~x.8 + na = (~x.7⊕~x.8) z = zero - 6. ~k = ~x.5 - ~nb = ~x.6 - na = (~x.5⊕~x.6⊕x.7) - z = x.7 + 6. ~k = ~x.7 + ~nb = ~x.8 + na = (~x.7⊕~x.8⊕x.9) + z = x.9 - 7. ~k = ~x.5 - ~nb = ~nb.8 - na = (~x.5⊕x.7) - z = (x.7⊕~nb.8) + 7. ~k = ~x.7 + ~nb = ~nb.10 + na = (~x.7⊕x.9) + z = (x.9⊕~nb.10) - 8. ~k = ~k.6 - ~nb = ~x.5 - na = ~x.5 - z = ~k.6 + 8. ~k = ~k.8 + ~nb = ~x.7 + na = ~x.7 + z = ~k.8 - 9. ~k = ~k.7 - ~nb = ~x.5 - na = (~x.5⊕x.6) - z = (x.6⊕~k.7) + 9. ~k = ~k.9 + ~nb = ~x.7 + na = (~x.7⊕x.8) + z = (x.8⊕~k.9) */ -rule (modulo E) p_0_112112111[color=#805d40, process="0"]: - [ State_112112111( ~k, ~nb, na ) ] --> [ ] - - /* has exactly the trivial AC variant */ - restriction predicate_eq: "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" // safety formula @@ -738,7 +737,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -748,10 +747,10 @@ analyzing: examples/sapic/fast/feature-xor/CRxor.spthy analyzed: examples/sapic/fast/feature-xor/CRxor.spthy output: examples/sapic/fast/feature-xor/CRxor.spthy.tmp - processing time: 3.008278777s + processing time: 1.786020871s alive (all-traces): verified (111 steps) recentalive_tag (exists-trace): verified (10 steps) - executable (exists-trace): verified (9 steps) + executable (exists-trace): verified (10 steps) ------------------------------------------------------------------------------ @@ -761,10 +760,10 @@ summary of summaries: analyzed: examples/sapic/fast/feature-xor/CRxor.spthy output: examples/sapic/fast/feature-xor/CRxor.spthy.tmp - processing time: 3.008278777s + processing time: 1.786020871s alive (all-traces): verified (111 steps) recentalive_tag (exists-trace): verified (10 steps) - executable (exists-trace): verified (9 steps) + executable (exists-trace): verified (10 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/fast/feature-xor/KCL07_analyzed.spthy b/case-studies-regression/sapic/fast/feature-xor/KCL07_analyzed.spthy index 1424bff48..0487ae639 100644 --- a/case-studies-regression/sapic/fast/feature-xor/KCL07_analyzed.spthy +++ b/case-studies-regression/sapic/fast/feature-xor/KCL07_analyzed.spthy @@ -3,11 +3,21 @@ theory KCL07 begin // Function signature and definition of the equational theory E builtins: xor -functions: fst/1, h/1, pair/2, snd/1 +functions: fst/1[destructor], h/1, pair/2, snd/1[destructor] equations: fst() = x.1, snd() = x.2 heuristic: p + + + + + + + + + + lemma recentalive_tag: all-traces "∀ x #i. @@ -27,107 +37,71 @@ guarded formula characterizing all counter-examples: ((¬(#k < #j)) ∨ (¬(#j < #i)))" */ simplify -solve( State_111111111( ~id, ~k, ~r1, xoredhash ) ▶₀ #i ) - case ifxoredhashidhrk_0_11111111 +solve( State_1111111111( ~id, ~k, ~r1, xoredhash ) ▶₀ #i ) + case ifxoredhashidhrk_0_111111111 solve( !KU( (~id⊕h(<~r1, ~k>)) ) @ #vk ) case c_xor solve( !KU( h(<~r1, ~k>) ) @ #vk.1 ) case c_h solve( !KU( ~id ) @ #vk.2 ) - case outidrrhrk_0_11121111 + case p_1_1112 by solve( !KU( ~k ) @ #vk.5 ) qed next - case outidrrhrk_0_11121111 - solve( splitEqs(1) ) - case split - solve( !KU( ~id ) @ #vk.2 ) - case outidrrhrk_0_11121111 - solve( !KU( ~r2 ) @ #vk.3 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r1 ) @ #vk.4 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - by contradiction /* cyclic */ - qed - qed - qed + case p_1_1112 + by contradiction /* from formulas */ qed next case coerce solve( !KD( (~id⊕h(<~r1, ~k>)) ) ▶₀ #vk ) - case outidrrhrk_0_11121111 + case newr_0_11111 + by contradiction /* impossible chain */ + next + case p_1_1112 solve( (#vl, 0) ~~> (#vk, 0) ) case d_0_fst - solve( State_11121111( ~id.1, ~k.1, ~r2, r1.1 ) ▶₀ #vr.11 ) - case eventResponsekTag_0_1112111 + solve( !Semistate_11121( ~id.1, ~k.1 ) ▶₀ #vr.5 ) + case p_1_11 solve( splitEqs(1) ) case split - solve( (#vr.12, 0) ~~> (#vk, 0) ) + solve( (#vr.6, 0) ~~> (#vk, 0) ) case d_xor_case_1 - solve( (#vr.20, 0) ~~> (#vk, 0) ) + solve( (#vr.8, 0) ~~> (#vk, 0) ) case Xor solve( !KU( (~r2⊕h(<~r1, ~k>)) ) @ #vk.2 ) case c_xor solve( !KU( h(<~r1, ~k>) ) @ #vk.3 ) case c_h solve( !KU( ~r2 ) @ #vk.4 ) - case outidrrhrk_0_11121111_case_1 + case p_1_1112_case_1 by solve( !KU( ~k ) @ #vk.7 ) next - case outidrrhrk_0_11121111_case_2 + case p_1_1112_case_2 by solve( !KU( ~k ) @ #vk.7 ) qed next - case outidrrhrk_0_11121111 - solve( splitEqs(7) ) - case split - solve( !KU( ~r2 ) @ #vk.4 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r2.1 ) @ #vk.5 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r1 ) @ #vk.6 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - solve( !KU( ~r2.1 ) @ #vk.5 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r1 ) @ #vk.6 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - by contradiction /* cyclic */ - qed - qed - qed + case p_1_1112 + by contradiction /* from formulas */ qed next case coerce solve( !KD( (~r2⊕h(<~r1, ~k>)) ) ▶₀ #vk.1 ) - case outidrrhrk_0_11121111 + case newr_0_11111 + by contradiction /* impossible chain */ + next + case p_1_1112 solve( (#vl.1, 0) ~~> (#vk.1, 0) ) case d_0_fst - solve( State_11121111( ~id.1, ~k.1, ~r2.1, r1.2 ) ▶₀ #vr.21 ) - case eventResponsekTag_0_1112111 + solve( !Semistate_11121( ~id.1, ~k.1 ) ▶₀ #vr.9 ) + case p_1_11 solve( splitEqs(7) ) case split - solve( (#vr.22, 0) ~~> (#vk.1, 0) ) + solve( (#vr.10, 0) ~~> (#vk.1, 0) ) case d_xor_case_1 - by solve( (#vr.30, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.12, 0) ~~> (#vk.1, 0) ) next case d_xor_case_2 - solve( (#vr.30, 0) ~~> (#vk.1, 0) ) + solve( (#vr.12, 0) ~~> (#vk.1, 0) ) case Xor by contradiction /* cyclic */ qed @@ -142,519 +116,191 @@ solve( State_111111111( ~id, ~k, ~r1, xoredhash ) ▶₀ #i ) qed next case d_0_snd - solve( (#vr.22, 0) ~~> (#vk.1, 0) ) + solve( (#vr.10, 0) ~~> (#vk.1, 0) ) case Xor - solve( State_11121111( ~id.1, ~k, ~r2, ~r1 ) ▶₀ #vr.21 ) - case eventResponsekTag_0_1112111 - solve( !KU( ~r1 ) @ #vk.2 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - qed + by contradiction /* cyclic */ next case d_xor_case_1 - solve( (#vr.23, 0) ~~> (#vk.1, 0) ) + solve( (#vr.11, 0) ~~> (#vk.1, 0) ) case Xor - solve( State_11121111( ~id.1, ~k.1, ~r2, r1.2 ) ▶₀ #vr.21 ) - case eventResponsekTag_0_1112111 - solve( !KU( (h(<~r1, ~k>)⊕h()) ) @ #vk.3 ) - case c_xor - solve( !KU( h() ) @ #vk.4 ) + solve( !KU( (h(<~r1, ~k>)⊕h()) ) @ #vk.3 ) + case c_xor + solve( !KU( h() ) @ #vk.4 ) + case c_h + solve( !KU( h(<~r1, ~k>) ) @ #vk.6 ) case c_h - solve( !KU( h(<~r1, ~k>) ) @ #vk.6 ) - case c_h - by solve( !KU( ~k ) @ #vk.7 ) - next - case outidrrhrk_0_11121111 - solve( splitEqs(12) ) - case split - by solve( !KU( ~k ) @ #vk.7 ) - qed - qed + by solve( !KU( ~k ) @ #vk.7 ) next - case outidrrhrk_0_11121111 - solve( splitEqs(12) ) - case split - solve( !KU( h(<~r1, ~k>) ) @ #vk.5 ) - case c_h - solve( !KU( ~r2.1 ) @ #vk.6 ) - case outidrrhrk_0_11121111_case_1 - by solve( !KU( ~k ) @ #vk.9 ) - next - case outidrrhrk_0_11121111_case_2 - by contradiction /* cyclic */ - qed + case p_1_1112 + by contradiction /* from formulas */ + qed + next + case p_1_1112 + solve( splitEqs(12) ) + case split + solve( !KU( h(<~r1, ~k>) ) @ #vk.5 ) + case c_h + solve( !KU( ~r2.1 ) @ #vk.6 ) + case p_1_1112_case_1 + by solve( !KU( ~k ) @ #vk.9 ) next - case outidrrhrk_0_11121111 - solve( splitEqs(14) ) - case split - solve( !KU( ~r2.1 ) @ #vk.6 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r2.2 ) @ #vk.7 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r1 ) @ #vk.8 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - by contradiction /* cyclic */ - qed - qed + case p_1_1112_case_2 + by contradiction /* cyclic */ qed + next + case p_1_1112 + by contradiction /* from formulas */ qed qed + qed + next + case coerce + solve( !KD( (h(<~r1, ~k>)⊕h()) ) ▶₀ #vk.2 ) + case newr_0_11111 + by contradiction /* impossible chain */ next - case coerce - solve( !KD( (h(<~r1, ~k>)⊕h()) ) ▶₀ #vk.2 ) - case outidrrhrk_0_11121111 - solve( (#vl.1, 0) ~~> (#vk.2, 0) ) - case d_0_fst - solve( State_11121111( ~id.1, ~k.1, ~r2.1, r1.2 ) ▶₀ #vr.23 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(12) ) - case split - solve( (#vr.24, 0) ~~> (#vk.2, 0) ) - case d_xor_case_1 - by solve( (#vr.32, 0) ~~> (#vk.2, 0) ) - next - case d_xor_case_2 - by solve( (#vr.32, 0) ~~> (#vk.2, 0) ) - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by contradiction /* impossible chain */ - qed + case p_1_1112 + solve( (#vl.1, 0) ~~> (#vk.2, 0) ) + case d_0_fst + solve( !Semistate_11121( ~id.1, ~k.1 ) ▶₀ #vr.11 ) + case p_1_11 + solve( splitEqs(12) ) + case split + solve( (#vr.12, 0) ~~> (#vk.2, 0) ) + case d_xor_case_1 + by solve( (#vr.14, 0) ~~> (#vk.2, 0) ) + next + case d_xor_case_2 + by solve( (#vr.14, 0) ~~> (#vk.2, 0) ) + next + case d_xor_case_3 + by contradiction /* impossible chain */ + next + case d_xor_case_4 + by contradiction /* impossible chain */ qed qed + qed + next + case d_0_snd + solve( (#vr.12, 0) ~~> (#vk.2, 0) ) + case d_xor_case_1 + by solve( (#vr.13, 0) ~~> (#vk.2, 0) ) next - case d_0_snd - solve( (#vr.24, 0) ~~> (#vk.2, 0) ) - case d_xor_case_1 - by solve( (#vr.25, 0) ~~> (#vk.2, 0) ) - next - case d_xor_case_2 - solve( (#vr.25, 0) ~~> (#vk.2, 0) ) - case Xor_case_1 - solve( State_11121111( ~id.1, ~k, ~r2.1, r1.1 ) ▶₀ #vr.23 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(12) ) - case split - solve( !KU( (~r2.1⊕h(<~r1, ~k>)) ) @ #vk.4 ) - case c_xor - solve( !KU( h(<~r1, ~k>) ) @ #vk.5 ) - case c_h - solve( !KU( ~r2.1 ) @ #vk.6 ) - case outidrrhrk_0_11121111_case_1 - by solve( !KU( ~k ) @ #vk.9 ) - next - case outidrrhrk_0_11121111_case_2 - by solve( !KU( ~k ) @ #vk.9 ) - qed + case d_xor_case_2 + solve( (#vr.13, 0) ~~> (#vk.2, 0) ) + case Xor_case_1 + solve( !Semistate_11121( ~id.1, ~k ) ▶₀ #vr.11 ) + case p_1_11 + solve( splitEqs(12) ) + case split + solve( !KU( (~r2.1⊕h(<~r1, ~k>)) ) @ #vk.4 ) + case c_xor + solve( !KU( h(<~r1, ~k>) ) @ #vk.5 ) + case c_h + solve( !KU( ~r2.1 ) @ #vk.6 ) + case p_1_1112_case_1 + by solve( !KU( ~k ) @ #vk.9 ) next - case outidrrhrk_0_11121111 - solve( splitEqs(18) ) - case split - solve( !KU( ~r2.1 ) @ #vk.6 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r2.2 ) @ #vk.7 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r1 ) @ #vk.8 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - solve( !KU( ~r2.2 ) @ #vk.7 ) - case outidrrhrk_0_11121111_case_1 - solve( !KU( ~r1 ) @ #vk.8 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case outidrrhrk_0_11121111_case_2 - by contradiction /* cyclic */ - qed - qed - qed + case p_1_1112_case_2 + by solve( !KU( ~k ) @ #vk.9 ) qed next - case coerce - solve( !KD( (~r2.1⊕h(<~r1, ~k>)) ) ▶₀ #vk.3 ) - case outidrrhrk_0_11121111 - solve( (#vl.2, 0) ~~> (#vk.3, 0) ) - case d_0_fst - solve( State_11121111( ~id.1, ~k.1, ~r2.2, r1.2 ) ▶₀ #vr.33 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(18) ) - case split - solve( (#vr.34, 0) ~~> (#vk.3, 0) ) - case d_xor_case_1 - by solve( (#vr.42, 0) ~~> (#vk.3, 0) ) - next - case d_xor_case_2 - solve( (#vr.42, 0) ~~> (#vk.3, 0) ) - case Xor - by contradiction /* cyclic */ - qed - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by contradiction /* impossible chain */ - qed - qed - qed - next - case d_0_snd - solve( (#vr.34, 0) ~~> (#vk.3, 0) ) - case Xor - by solve( State_11121111( ~id.1, ~k, ~r2.1, ~r1 - ) ▶₀ #vr.33 ) - next - case d_xor_case_1 - solve( (#vr.35, 0) ~~> (#vk.3, 0) ) - case Xor - solve( State_11121111( ~id.1, ~k.1, ~r2.1, r1.2 - ) ▶₀ #vr.33 ) - case eventResponsekTag_0_1112111 + case p_1_1112 + by contradiction /* from formulas */ + qed + next + case coerce + solve( !KD( (~r2.1⊕h(<~r1, ~k>)) ) ▶₀ #vk.3 ) + case newr_0_11111 + by contradiction /* impossible chain */ + next + case p_1_1112 + solve( (#vl.2, 0) ~~> (#vk.3, 0) ) + case d_0_fst + solve( !Semistate_11121( ~id.1, ~k.1 ) ▶₀ #vr.15 ) + case p_1_11 + solve( splitEqs(18) ) + case split + solve( (#vr.16, 0) ~~> (#vk.3, 0) ) + case d_xor_case_1 + by solve( (#vr.18, 0) ~~> (#vk.3, 0) ) + next + case d_xor_case_2 + solve( (#vr.18, 0) ~~> (#vk.3, 0) ) + case Xor by contradiction /* cyclic */ qed + next + case d_xor_case_3 + by contradiction /* impossible chain */ + next + case d_xor_case_4 + by contradiction /* impossible chain */ qed - next - case d_xor_case_2 - solve( (#vr.35, 0) ~~> (#vk.3, 0) ) - case Xor - solve( State_11121111( ~id.1, ~k, ~r2.2, ~r1 ) ▶₀ #vr.33 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(18) ) - case split - solve( !KU( (~r2.1⊕~r2.2) ) @ #vk.5 ) - case c_xor - solve( !KU( ~r1 ) @ #vk.6 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case coerce - solve( !KD( (~r2.1⊕~r2.2) ) ▶₀ #vk.4 ) - case outidrrhrk_0_11121111 - solve( (#vl.3, 0) ~~> (#vk.4, 0) ) - case d_0_fst - solve( State_11121111( ~id.1, ~k.1, ~r2.3, r1.2 - ) ▶₀ #vr.43 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(24) ) - case split - solve( (#vr.44, 0) ~~> (#vk.4, 0) ) - case d_xor_case_1 - by solve( (#vr.52, 0) ~~> (#vk.4, 0) ) - next - case d_xor_case_2 - solve( (#vr.52, 0) ~~> (#vk.4, 0) ) - case Xor_case_1 - solve( !KU( ~r1 ) @ #vk.6 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case Xor_case_2 - solve( !KU( ~r1 ) @ #vk.6 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - qed - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by contradiction /* impossible chain */ - qed - qed - qed - next - case d_0_snd - solve( (#vr.44, 0) ~~> (#vk.4, 0) ) - case d_xor_case_1 - solve( (#vr.45, 0) ~~> (#vk.4, 0) ) - case Xor_case_1 - solve( State_11121111( ~id.1, ~k.1, ~r2.2, - r1.2 - ) ▶₀ #vr.43 ) - case eventResponsekTag_0_1112111 - by contradiction /* cyclic */ - qed - next - case Xor_case_2 - solve( State_11121111( ~id.1, ~k.1, ~r2.1, - r1.2 - ) ▶₀ #vr.43 ) - case eventResponsekTag_0_1112111 - solve( !KU( ~r1 ) @ #vk.6 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case d_xor_case_2 - by solve( (#vr.45, 0) ~~> (#vk.4, 0) ) - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by solve( (#vr.45, 0) ~~> (#vk.4, 0) ) - qed - qed - next - case outr_0_111111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - qed - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by solve( (#vr.35, 0) ~~> (#vk.3, 0) ) qed qed next - case outr_0_111111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - next - case Xor_case_2 - solve( State_11121111( ~id.1, ~k, ~r2.1, ~r1 ) ▶₀ #vr.23 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(12) ) - case split - solve( !KU( (~r2.1⊕h()) ) @ #vk.4 ) - case c_xor - solve( !KU( ~r1 ) @ #vk.5 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case coerce - solve( !KD( (~r2.1⊕h()) ) ▶₀ #vk.3 ) - case outidrrhrk_0_11121111 - solve( (#vl.2, 0) ~~> (#vk.3, 0) ) - case d_0_fst - solve( State_11121111( ~id.1, ~k.1, ~r2.2, r1.2 ) ▶₀ #vr.33 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(18) ) - case split - solve( (#vr.34, 0) ~~> (#vk.3, 0) ) - case d_xor_case_1 - by solve( (#vr.42, 0) ~~> (#vk.3, 0) ) - next - case d_xor_case_2 - solve( (#vr.42, 0) ~~> (#vk.3, 0) ) - case Xor - solve( !KU( ~r1 ) @ #vk.5 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - qed - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by contradiction /* impossible chain */ - qed - qed + case d_0_snd + solve( (#vr.16, 0) ~~> (#vk.3, 0) ) + case d_xor_case_1 + solve( (#vr.17, 0) ~~> (#vk.3, 0) ) + case Xor + by contradiction /* cyclic */ qed next - case d_0_snd - solve( (#vr.34, 0) ~~> (#vk.3, 0) ) + case d_xor_case_2 + solve( (#vr.17, 0) ~~> (#vk.3, 0) ) case Xor - by solve( State_11121111( ~id.1, ~k, ~r2.1, r1.1 - ) ▶₀ #vr.33 ) - next - case d_xor_case_1 - solve( (#vr.35, 0) ~~> (#vk.3, 0) ) - case Xor - solve( State_11121111( ~id.1, ~k.1, ~r2.1, r1.2 - ) ▶₀ #vr.33 ) - case eventResponsekTag_0_1112111 - by contradiction /* cyclic */ - qed - qed - next - case d_xor_case_2 - solve( (#vr.35, 0) ~~> (#vk.3, 0) ) - case Xor - solve( State_11121111( ~id.1, ~k, ~r2.2, r1.1 - ) ▶₀ #vr.33 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(18) ) - case split - solve( !KU( ~r1 ) @ #vk.5 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by solve( (#vr.35, 0) ~~> (#vk.3, 0) ) + by contradiction /* from formulas */ qed + next + case d_xor_case_3 + by contradiction /* impossible chain */ + next + case d_xor_case_4 + by solve( (#vr.17, 0) ~~> (#vk.3, 0) ) qed - next - case outr_0_111111 - by contradiction /* impossible chain */ qed qed qed qed qed next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by solve( (#vr.25, 0) ~~> (#vk.2, 0) ) + case Xor_case_2 + by contradiction /* from formulas */ qed + next + case d_xor_case_3 + by contradiction /* impossible chain */ + next + case d_xor_case_4 + by solve( (#vr.13, 0) ~~> (#vk.2, 0) ) qed - next - case outr_0_111111 - by contradiction /* impossible chain */ qed qed qed qed next case d_xor_case_2 - solve( (#vr.23, 0) ~~> (#vk.1, 0) ) + solve( (#vr.11, 0) ~~> (#vk.1, 0) ) case Xor - solve( State_11121111( ~id.1, ~k, ~r2.1, ~r1 ) ▶₀ #vr.21 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(7) ) - case split - solve( !KU( (~r2⊕~r2.1) ) @ #vk.3 ) - case c_xor - solve( !KU( ~r1 ) @ #vk.4 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case coerce - solve( !KD( (~r2⊕~r2.1) ) ▶₀ #vk.2 ) - case outidrrhrk_0_11121111 - solve( (#vl.2, 0) ~~> (#vk.2, 0) ) - case d_0_fst - solve( State_11121111( ~id.1, ~k.1, ~r2.2, r1.2 ) ▶₀ #vr.31 ) - case eventResponsekTag_0_1112111 - solve( splitEqs(13) ) - case split - solve( (#vr.32, 0) ~~> (#vk.2, 0) ) - case d_xor_case_1 - by solve( (#vr.40, 0) ~~> (#vk.2, 0) ) - next - case d_xor_case_2 - solve( (#vr.40, 0) ~~> (#vk.2, 0) ) - case Xor_case_1 - solve( !KU( ~r1 ) @ #vk.4 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - next - case Xor_case_2 - solve( !KU( ~r1 ) @ #vk.4 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - qed - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by contradiction /* impossible chain */ - qed - qed - qed - next - case d_0_snd - solve( (#vr.32, 0) ~~> (#vk.2, 0) ) - case d_xor_case_1 - solve( (#vr.33, 0) ~~> (#vk.2, 0) ) - case Xor_case_1 - solve( State_11121111( ~id.1, ~k.1, ~r2.1, r1.2 ) ▶₀ #vr.31 ) - case eventResponsekTag_0_1112111 - by contradiction /* cyclic */ - qed - next - case Xor_case_2 - solve( State_11121111( ~id.1, ~k.1, ~r2, r1.2 ) ▶₀ #vr.31 ) - case eventResponsekTag_0_1112111 - solve( !KU( ~r1 ) @ #vk.4 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case d_xor_case_2 - by solve( (#vr.33, 0) ~~> (#vk.2, 0) ) - next - case d_xor_case_3 - by contradiction /* impossible chain */ - next - case d_xor_case_4 - by solve( (#vr.33, 0) ~~> (#vk.2, 0) ) - qed - qed - next - case outr_0_111111 - by contradiction /* impossible chain */ - qed - qed - qed - qed + by contradiction /* from formulas */ qed next case d_xor_case_3 by contradiction /* impossible chain */ next case d_xor_case_4 - by solve( (#vr.23, 0) ~~> (#vk.1, 0) ) + by solve( (#vr.11, 0) ~~> (#vk.1, 0) ) qed qed - next - case outr_0_111111 - by contradiction /* impossible chain */ qed qed qed next case d_xor_case_2 - by solve( (#vr.20, 0) ~~> (#vk, 0) ) + by solve( (#vr.8, 0) ~~> (#vk, 0) ) next case d_xor_case_3 by contradiction /* impossible chain */ @@ -666,38 +312,23 @@ solve( State_111111111( ~id, ~k, ~r1, xoredhash ) ▶₀ #i ) qed next case d_0_snd - solve( (#vr.12, 0) ~~> (#vk, 0) ) - case Xor - by solve( State_11121111( ~id.1, ~k, ~id, ~r1 ) ▶₀ #vr.11 ) - next + solve( (#vr.6, 0) ~~> (#vk, 0) ) case d_xor_case_1 - solve( (#vr.13, 0) ~~> (#vk, 0) ) - case Xor - by solve( State_11121111( ~id.1, ~k.1, ~id, r1.1 ) ▶₀ #vr.11 ) - qed + by solve( (#vr.7, 0) ~~> (#vk, 0) ) next case d_xor_case_2 - solve( (#vr.13, 0) ~~> (#vk, 0) ) + solve( (#vr.7, 0) ~~> (#vk, 0) ) case Xor - solve( State_11121111( ~id.1, ~k, ~r2, ~r1 ) ▶₀ #vr.11 ) - case eventResponsekTag_0_1112111 - solve( !KU( ~r1 ) @ #vk.2 ) - case outr_0_111111 - by contradiction /* cyclic */ - qed - qed + by contradiction /* from formulas */ qed next case d_xor_case_3 by contradiction /* impossible chain */ next case d_xor_case_4 - by solve( (#vr.13, 0) ~~> (#vk, 0) ) + by solve( (#vr.7, 0) ~~> (#vk, 0) ) qed qed - next - case outr_0_111111 - by contradiction /* impossible chain */ qed qed qed @@ -715,34 +346,34 @@ guarded formula characterizing all satisfying traces: ∀ #k. (Response( x, 'Tag' ) @ #k) ⇒ #j = #k" */ simplify -solve( State_111111111( ~id, ~k, ~r1, xoredhash ) ▶₀ #i ) - case ifxoredhashidhrk_0_11111111 - solve( State_1112111( ~id.1, ~k, ~r2, r1.1 ) ▶₀ #j ) - case newr_0_111211 - solve( !KU( (~id⊕h(<~r1, ~k>)) ) @ #vk ) - case coerce - solve( !KD( (~id⊕h(<~r1, ~k>)) ) ▶₀ #vk ) - case outidrrhrk_0_11121111 - solve( (#vl, 0) ~~> (#vk, 0) ) - case d_0_snd - solve( (#vr.18, 0) ~~> (#vk, 0) ) - case d_xor_case_2 - solve( (#vr.19, 0) ~~> (#vk, 0) ) - case Xor - solve( State_11121111( ~id.1, ~k, ~r2.1, ~r1 ) ▶₀ #vr.17 ) - case eventResponsekTag_0_1112111 - solve( !KU( (~id⊕~r2) ) @ #vk.2 ) - case coerce - solve( !KD( (~id⊕~r2) ) ▶₀ #vk.1 ) - case outidrrhrk_0_11121111 - solve( (#vl.1, 0) ~~> (#vk.1, 0) ) - case d_0_fst - solve( State_11121111( ~id.1, ~k.1, ~r2.1, r1.1 ) ▶₀ #vr.20 ) - case eventResponsekTag_0_1112111 - solve( (#vr.20, 0) ~~> (#vk.1, 0) ) +solve( State_1111111111( ~id, ~k, ~r1, xoredhash ) ▶₀ #i ) + case ifxoredhashidhrk_0_111111111 + solve( !Semistate_11121( ~id.1, ~k ) ▶₀ #j ) + case p_1_11 + solve( splitEqs(1) ) + case split + solve( !KU( (~id⊕h(<~r1, ~k>)) ) @ #vk.1 ) + case coerce + solve( !KD( (~id⊕h(<~r1, ~k>)) ) ▶₀ #vk ) + case p_1_1112 + solve( (#vl, 0) ~~> (#vk, 0) ) + case d_0_fst + solve( !Semistate_11121( ~id.1, ~k.1 ) ▶₀ #vr.6 ) + case p_1_11 + solve( (#vr.6, 0) ~~> (#vk, 0) ) + case d_xor_case_1 + solve( (#vr.7, 0) ~~> (#vk, 0) ) + case Xor + solve( !KU( (~r2⊕h(<~r1, ~k>)) ) @ #vk.2 ) + case coerce + solve( !KD( (~r2⊕h(<~r1, ~k>)) ) ▶₀ #vk.1 ) + case p_1_1112 + solve( (#vl.1, 0) ~~> (#vk.1, 0) ) + case d_0_snd + solve( (#vr.9, 0) ~~> (#vk.1, 0) ) case Xor solve( !KU( ~r1 ) @ #vk.2 ) - case outr_0_111111 + case newr_0_11111 SOLVED // trace found qed qed @@ -759,160 +390,118 @@ solve( State_111111111( ~id, ~k, ~r1, xoredhash ) ▶₀ #i ) qed qed -rule (modulo E) Init[color=#ffffff, process="new ~k;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_[color=#ffffff, process="new ~k;"]: - [ State_( ), Fr( ~k ) ] --> [ State_1( ~k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newid_0_1[color=#ffffff, process="new ~id;"]: - [ State_1( ~k ), Fr( ~id ) ] --> [ State_11( ~id, ~k ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11[color=#ffffff, process="!"]: - [ State_11( ~id, ~k ) ] --> [ !Semistate_111( ~id, ~k ) ] +rule (modulo E) Init[color=#ffffff, process="new ~k.1;"]: + [ Fr( ~k.1 ), Fr( ~id.1 ) ] + --[ Init( ) ]-> + [ !Semistate_111( ~id.1, ~k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="new ~k.1;"]: + [ Fr( ~k ), Fr( ~id ) ] --[ Init( ) ]-> [ !Semistate_111( ~id, ~k ) ] + */ -rule (modulo E) p_1_11[color=#ffffff, process="!"]: - [ !Semistate_111( ~id, ~k ) ] --> [ State_111( ~id, ~k ) ] +rule (modulo E) newr_0_11111[color=#404480, process="new ~r1.1;"]: + [ State_11111( ~id.1, ~k.1 ), Fr( ~r1.1 ) ] + --[ Challenge( ~r1.1, 'Reader' ) ]-> + [ State_11111111( ~id.1, ~k.1, ~r1.1 ), Out( ~r1.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newr_0_11111[color=#404480, process="new ~r1.1;"]: + [ State_11111( ~id, ~k ), Fr( ~r1 ) ] + --[ Challenge( ~r1, 'Reader' ) ]-> + [ State_11111111( ~id, ~k, ~r1 ), Out( ~r1 ) ] + */ -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( ~id, ~k ) ] +rule (modulo E) inxoredhash_0_11111111[color=#404480, + process="in(xoredhash.1);"]: + [ State_11111111( ~id.1, ~k.1, ~r1.1 ), In( xoredhash.1 ) ] --> - [ State_1111( ~id, ~k ), State_1112( ~id, ~k ) ] + [ State_111111111( ~id.1, ~k.1, ~r1.1, xoredhash.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inxoredhash_0_11111111[color=#404480, + process="in(xoredhash.1);"]: + [ State_11111111( ~id, ~k, ~r1 ), In( xoredhash ) ] + --> + [ State_111111111( ~id, ~k, ~r1, xoredhash ) ] + */ -rule (modulo E) newr_0_1111[color=#404480, process="new ~r1;"]: - [ State_1111( ~id, ~k ), Fr( ~r1 ) ] --> [ State_11111( ~id, ~k, ~r1 ) ] +rule (modulo E) ifxoredhashidhrk_0_111111111[color=#404480, + process="if xoredhash.1=(~id.1⊕h(<~r1.1, ~k.1>))"]: + [ State_111111111( ~id.1, ~k.1, ~r1.1, xoredhash.1 ) ] + --[ Pred_Eq( xoredhash.1, (~id.1⊕h(<~r1.1, ~k.1>)) ) ]-> + [ State_1111111111( ~id.1, ~k.1, ~r1.1, xoredhash.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifxoredhashidhrk_0_111111111[color=#404480, + process="if xoredhash.1=(~id.1⊕h(<~r1.1, ~k.1>))"]: + [ State_111111111( ~id, ~k, ~r1, xoredhash ) ] + --[ Pred_Eq( xoredhash, (~id⊕h(<~r1, ~k>)) ) ]-> + [ State_1111111111( ~id, ~k, ~r1, xoredhash ) ] + */ -rule (modulo E) eventChallengerReader_0_11111[color=#404480, - process="event Challenge( ~r1, 'Reader' );"]: - [ State_11111( ~id, ~k, ~r1 ) ] - --[ Challenge( ~r1, 'Reader' ) ]-> - [ State_111111( ~id, ~k, ~r1 ) ] +rule (modulo E) eventAlivekTag_0_1111111111[color=#404480, + process="event Alive( ~k.1, 'Tag' );"]: + [ State_1111111111( ~id.1, ~k.1, ~r1.1, xoredhash.1 ) ] + --[ Alive( ~k.1, 'Tag' ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventAlivekTag_0_1111111111[color=#404480, + process="event Alive( ~k.1, 'Tag' );"]: + [ State_1111111111( ~id, ~k, ~r1, xoredhash ) ] + --[ Alive( ~k, 'Tag' ) ]-> + [ ] + */ -rule (modulo E) outr_0_111111[color=#404480, process="out(~r1);"]: - [ State_111111( ~id, ~k, ~r1 ) ] - --> - [ State_1111111( ~id, ~k, ~r1 ), Out( ~r1 ) ] +rule (modulo E) ifxoredhashidhrk_1_111111111[color=#404480, + process="if xoredhash.1=(~id.1⊕h(<~r1.1, ~k.1>))"]: + [ State_111111111( ~id.1, ~k.1, ~r1.1, xoredhash.1 ) ] + --[ Pred_Not_Eq( xoredhash.1, (~id.1⊕h(<~r1.1, ~k.1>)) ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifxoredhashidhrk_1_111111111[color=#404480, + process="if xoredhash.1=(~id.1⊕h(<~r1.1, ~k.1>))"]: + [ State_111111111( ~id, ~k, ~r1, xoredhash ) ] + --[ Pred_Not_Eq( xoredhash, (~id⊕h(<~r1, ~k>)) ) ]-> + [ ] + */ -rule (modulo E) inxoredhash_0_1111111[color=#404480, - process="in(xoredhash);"]: - [ State_1111111( ~id, ~k, ~r1 ), In( xoredhash ) ] +rule (modulo E) p_1_11[color=#ffffff, process="!"]: + [ !Semistate_111( ~id.1, ~k.1 ) ] --> - [ State_11111111( ~id, ~k, ~r1, xoredhash ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifxoredhashidhrk_0_11111111[color=#404480, - process="if xoredhash=(~id⊕h(<~r1, ~k>))"]: - [ State_11111111( ~id, ~k, ~r1, xoredhash ) ] - --[ Pred_Eq( xoredhash, (~id⊕h(<~r1, ~k>)) ) ]-> - [ State_111111111( ~id, ~k, ~r1, xoredhash ) ] - - /* has exactly the trivial AC variant */ + [ !Semistate_11121( ~id.1, ~k.1 ), State_11111( ~id.1, ~k.1 ) ] -rule (modulo E) ifxoredhashidhrk_1_11111111[color=#404480, - process="if xoredhash=(~id⊕h(<~r1, ~k>))"]: - [ State_11111111( ~id, ~k, ~r1, xoredhash ) ] - --[ Pred_Not_Eq( xoredhash, (~id⊕h(<~r1, ~k>)) ) ]-> - [ State_111111112( ~id, ~k, ~r1, xoredhash ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventAlivekTag_0_111111111[color=#404480, - process="event Alive( ~k, 'Tag' );"]: - [ State_111111111( ~id, ~k, ~r1, xoredhash ) ] - --[ Alive( ~k, 'Tag' ) ]-> - [ State_1111111111( ~id, ~k, ~r1, xoredhash ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111[color=#404480, process="0"]: - [ State_1111111111( ~id, ~k, ~r1, xoredhash ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111112[color=#404480, process="0"]: - [ State_111111112( ~id, ~k, ~r1, xoredhash ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1112[color=#ffffff, process="!"]: - [ State_1112( ~id, ~k ) ] --> [ !Semistate_11121( ~id, ~k ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11[color=#ffffff, process="!"]: + [ !Semistate_111( ~id, ~k ) ] + --> + [ !Semistate_11121( ~id, ~k ), State_11111( ~id, ~k ) ] + */ rule (modulo E) p_1_1112[color=#ffffff, process="!"]: - [ !Semistate_11121( ~id, ~k ) ] --> [ State_11121( ~id, ~k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inr_0_11121[color=#40807c, process="in(r1);"]: - [ State_11121( ~id, ~k ), In( r1 ) ] --> [ State_111211( ~id, ~k, r1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newr_0_111211[color=#40807c, process="new ~r2;"]: - [ State_111211( ~id, ~k, r1 ), Fr( ~r2 ) ] - --> - [ State_1112111( ~id, ~k, ~r2, r1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventResponsekTag_0_1112111[color=#40807c, - process="event Response( ~k, 'Tag' );"]: - [ State_1112111( ~id, ~k, ~r2, r1 ) ] - --[ Response( ~k, 'Tag' ) ]-> - [ State_11121111( ~id, ~k, ~r2, r1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outidrrhrk_0_11121111[color=#40807c, - process="out(<(~id⊕~r2), (~r2⊕h())>);"]: - [ State_11121111( ~id, ~k, ~r2, r1 ) ] - --> - [ - State_111211111( ~id, ~k, ~r2, r1 ), - Out( <(~id⊕~r2), (~r2⊕h())> ) - ] + [ !Semistate_11121( ~id.1, ~k.1 ), In( r1.2 ), Fr( ~r2.1 ) ] + --[ Response( ~k.1, 'Tag' ) ]-> + [ Out( <(~id.1⊕~r2.1), (~r2.1⊕h())> ) ] /* - rule (modulo AC) outidrrhrk_0_11121111[color=#40807c, - process="out(<(~id⊕~r2), (~r2⊕h())>);"]: - [ State_11121111( ~id, ~k, ~r2, r1 ) ] - --> - [ State_111211111( ~id, ~k, ~r2, r1 ), Out( ))> ) ] + rule (modulo AC) p_1_1112[color=#ffffff, process="!"]: + [ !Semistate_11121( ~id, ~k ), In( r1 ), Fr( ~r2 ) ] + --[ Response( ~k, 'Tag' ) ]-> + [ Out( ))> ) ] variants (modulo AC) - 1. ~id = ~id.16 - ~r2 = ~id.16 + 1. ~id = ~id.19 + ~r2 = ~id.19 z = zero - 2. ~id = ~id.16 - ~r2 = ~r2.18 - z = (~id.16⊕~r2.18) + 2. ~id = ~id.19 + ~r2 = ~r2.21 + z = (~id.19⊕~r2.21) */ -rule (modulo E) p_0_111211111[color=#40807c, process="0"]: - [ State_111211111( ~id, ~k, ~r2, r1 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - restriction predicate_eq: "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" // safety formula @@ -930,7 +519,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -940,8 +529,8 @@ analyzing: examples/sapic/fast/feature-xor/KCL07.spthy analyzed: examples/sapic/fast/feature-xor/KCL07.spthy output: examples/sapic/fast/feature-xor/KCL07.spthy.tmp - processing time: 7.724773295s - recentalive_tag (all-traces): verified (223 steps) + processing time: 1.747509274s + recentalive_tag (all-traces): verified (100 steps) executable (exists-trace): verified (16 steps) ------------------------------------------------------------------------------ @@ -952,8 +541,8 @@ summary of summaries: analyzed: examples/sapic/fast/feature-xor/KCL07.spthy output: examples/sapic/fast/feature-xor/KCL07.spthy.tmp - processing time: 7.724773295s - recentalive_tag (all-traces): verified (223 steps) + processing time: 1.747509274s + recentalive_tag (all-traces): verified (100 steps) executable (exists-trace): verified (16 steps) ============================================================================== diff --git a/case-studies-regression/sapic/fast/regression-tests/issue332-capturing-processdefinition_analyzed.spthy b/case-studies-regression/sapic/fast/regression-tests/issue332-capturing-processdefinition_analyzed.spthy new file mode 100644 index 000000000..bf969e360 --- /dev/null +++ b/case-studies-regression/sapic/fast/regression-tests/issue332-capturing-processdefinition_analyzed.spthy @@ -0,0 +1,53 @@ +theory issue332 begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + +rule (modulo E) Init[color=#ffffff, process="Pr('t')"]: + [ ] --[ Init( ) ]-> [ Out( 't' ) ] + + /* has exactly the trivial AC variant */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/regression-tests/issue332-capturing-processdefinition.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/regression-tests/issue332-capturing-processdefinition.spthy + + output: examples/sapic/fast/regression-tests/issue332-capturing-processdefinition.spthy.tmp + processing time: 0.008781434s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/regression-tests/issue332-capturing-processdefinition.spthy + + output: examples/sapic/fast/regression-tests/issue332-capturing-processdefinition.spthy.tmp + processing time: 0.008781434s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/regression-tests/issue332-const-fun-clash_analyzed.spthy b/case-studies-regression/sapic/fast/regression-tests/issue332-const-fun-clash_analyzed.spthy new file mode 100644 index 000000000..a5afabf7d --- /dev/null +++ b/case-studies-regression/sapic/fast/regression-tests/issue332-const-fun-clash_analyzed.spthy @@ -0,0 +1,53 @@ +theory test begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor], toto/1 +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + +rule (modulo E) Init[color=#ffffff, process="out('toto');"]: + [ ] --[ Init( ) ]-> [ Out( 'toto' ) ] + + /* has exactly the trivial AC variant */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/regression-tests/issue332-const-fun-clash.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/regression-tests/issue332-const-fun-clash.spthy + + output: examples/sapic/fast/regression-tests/issue332-const-fun-clash.spthy.tmp + processing time: 0.003987281s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/regression-tests/issue332-const-fun-clash.spthy + + output: examples/sapic/fast/regression-tests/issue332-const-fun-clash.spthy.tmp + processing time: 0.003987281s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/regression-tests/issue332-notype-header_analyzed.spthy b/case-studies-regression/sapic/fast/regression-tests/issue332-notype-header_analyzed.spthy new file mode 100644 index 000000000..c21648293 --- /dev/null +++ b/case-studies-regression/sapic/fast/regression-tests/issue332-notype-header_analyzed.spthy @@ -0,0 +1,53 @@ +theory test begin + +// Function signature and definition of the equational theory E + +functions: fst/1[destructor], pair/2, snd/1[destructor] +equations: fst() = x.1, snd() = x.2 + +heuristic: p + + + + + +rule (modulo E) Init[color=#ffffff, process="0"]: + [ ] --[ Init( ) ]-> [ ] + + /* has exactly the trivial AC variant */ + +restriction single_session: + "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" + // safety formula + +/* All well-formedness checks were successful. */ + +end +/* Output +maude tool: 'maude' + checking version: 3.0. OK. + checking installation: OK. + + +analyzing: examples/sapic/fast/regression-tests/issue332-notype-header.spthy + +------------------------------------------------------------------------------ +analyzed: examples/sapic/fast/regression-tests/issue332-notype-header.spthy + + output: examples/sapic/fast/regression-tests/issue332-notype-header.spthy.tmp + processing time: 0.003534898s + + +------------------------------------------------------------------------------ + +============================================================================== +summary of summaries: + +analyzed: examples/sapic/fast/regression-tests/issue332-notype-header.spthy + + output: examples/sapic/fast/regression-tests/issue332-notype-header.spthy.tmp + processing time: 0.003534898s + + +============================================================================== +*/ diff --git a/case-studies-regression/sapic/fast/statVerifLeftRight/stateverif_left_right_analyzed.spthy b/case-studies-regression/sapic/fast/statVerifLeftRight/stateverif_left_right_analyzed.spthy index f91be1eda..01baf3529 100644 --- a/case-studies-regression/sapic/fast/statVerifLeftRight/stateverif_left_right_analyzed.spthy +++ b/case-studies-regression/sapic/fast/statVerifLeftRight/stateverif_left_right_analyzed.spthy @@ -2,7 +2,8 @@ theory StatVerifSecurityDevice begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,6 +11,14 @@ equations: heuristic: p + + + + + + + + lemma source [sources]: all-traces "∀ m #i. @@ -129,431 +138,285 @@ next (∃ y #j. (Exclusive( m, y ) @ #j) ∧ ¬(last(#j))) ) case case_1 solve( Access( m ) @ #i ) - case eventAccessx_0_1111121211111 - solve( State_1111121211111( s, sk, status, m, y, lock ) ▶₀ #i ) - case ifstatusleft_0_111112121111 - solve( (#vr.11 < #t2) ∥ (#vr.11 = #t2) ) + case eventAccessx_0_11111121211111 + solve( State_11111121211111( lock, s, sk, m, y, status ) ▶₀ #i ) + case ifstatusleft_0_1111112121111 + solve( (#vr.4 < #t2) ∥ (#vr.4 = #t2) ) case case_1 - solve( Insert( <'F_status', ~n>, 'left' ) @ #t2 ) - case insertFstatussreq_0_11111211111111 - solve( State_11111211111111( lock, 'left', ~n, sk, status ) ▶₀ #t2 ) - case eventInitDevices_0_1111121111111 - solve( ((#vr.3 < #vr.22) ∧ + solve( Insert( <'F_status', ~n.1>, 'left' ) @ #t2 ) + case insertFstatussreq_0_111111211111111 + solve( State_111111211111111( lock, 'left', ~n.1, sk, status ) ▶₀ #t2 ) + case eventInitDevices_0_11111121111111 + solve( ((#vr.2 < #vr.10) ∧ (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) + (Unlock_1( '1', ~n, ~n.1 ) @ #t2) ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.22) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.2 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, ~n.1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) + (Lock( pp, lpp, ~n.1 ) @ #t0) ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) + (Unlock( pp, lpp, ~n.1 ) @ #t0) ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.22 < #vr.3) ) + ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.2) ) case case_1 - solve( (#vr.11 < #t2.1) ∥ (#vr.11 = #t2.1) ) + solve( (#vr.4 < #t2.1) ∥ (#vr.4 = #t2.1) ) case case_1 - solve( Insert( <'F_status', ~n>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( State_111( ~n, sk ) ▶₀ #t2.1 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n, sk, status ) ▶₀ #t2.1 ) + solve( Insert( <'F_status', ~n.1>, 'init' ) @ #t2.1 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.1, sk, status + ) ▶₀ #t2.1 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.1, sk, status ) ▶₀ #t2.1 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( Unlock_1( '1', ~n.2, ~n ) @ #t2.2 ) - case unlocks_0_111112121111111 - solve( State_111112121111111( ~n, sk, status, x, y.1, ~n.2 ) ▶₀ #t2.2 ) - case outx_0_11111212111111 + solve( Insert( <'F_status', ~n.1>, 'init' ) @ #t2.1 ) + case p_1_ + solve( Unlock_1( '1', ~n, ~n.1 ) @ #t2.2 ) + case unlocks_0_1111112121111111 + solve( State_1111112121111111( ~n, ~n.1, sk, x, y.1, status ) ▶₀ #t2.2 ) + case eventAccessx_0_11111121211111 by contradiction /* cyclic */ qed next - case unlocks_0_1111121211112111 - by solve( State_1111121211112111( ~n, sk, status, x, y.1, ~n.2 + case unlocks_0_11111121211112111 + by solve( State_11111121211112111( ~n, ~n.1, sk, x, y.1, status ) ▶₀ #t2.2 ) next - case unlocks_0_11111212111122 - by solve( State_11111212111122( ~n, sk, status, x, y.1, ~n.2 ) ▶₀ #t2.2 ) + case unlocks_0_111111212111122 + by solve( State_111111212111122( ~n, ~n.1, sk, x, y.1, status + ) ▶₀ #t2.2 ) qed qed qed next case case_2 - solve( (#vr.11 < #t2.1) ∥ (#vr.11 = #t2.1) ) + solve( (#vr.4 < #t2.1) ∥ (#vr.4 = #t2.1) ) case case_1 - solve( Insert( <'F_status', ~n>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( State_111( ~n, sk ) ▶₀ #t2.1 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n, sk, status ) ▶₀ #t2.1 ) + solve( Insert( <'F_status', ~n.1>, 'init' ) @ #t2.1 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.1, sk, status + ) ▶₀ #t2.1 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.1, sk, status ) ▶₀ #t2.1 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( Unlock_0( '0', ~n.3, ~n ) @ #t2.2 ) - case unlocks_0_111112111111111 - solve( State_111112111111111( ~n.3, req, ~n, sk, status ) ▶₀ #t2.2 ) - case insertFstatussreq_0_11111211111111 + solve( Insert( <'F_status', ~n.1>, 'init' ) @ #t2.1 ) + case p_1_ + solve( Unlock_0( '0', ~n.3, ~n.1 ) @ #t2.2 ) + case unlocks_0_1111112111111111 + solve( State_1111112111111111( ~n.3, req, ~n.1, sk, status ) ▶₀ #t2.2 ) + case insertFstatussreq_0_111111211111111 solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( aenc(, pk(~n.1)) ) @ #vk ) + solve( !KU( aenc(, pk(~n.2)) ) @ #vk ) case c_aenc by contradiction /* from formulas */ next - case outaenclmrmpksk_0_111121111 - by contradiction /* from formulas */ - next - case outx_0_11111212111111 - solve( (∃ #j. (!KU( t ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.25)) ∥ + case eventAccessx_0_11111121211111 + solve( (∃ #j. (!KU( t ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.11)) ∥ (∃ x #j. (Exclusive( x, t ) @ #j) ∧ ¬(last(#j))) ∥ (∃ y #j. (Exclusive( t, y ) @ #j) ∧ ¬(last(#j))) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( (#vr.37 < #t2.3) ∥ (#vr.37 = #t2.3) ) - case case_1 - solve( Insert( <'F_status', ~n.6>, 'left' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11112111( x, t, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - next - case insertFstatussreq_0_111112111111211 - solve( State_11112111( x, t, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - by solve( Insert( <'F_status', ~n.4>, 'left' ) @ #t2.3 ) - qed + by contradiction /* impossible chain */ next case case_3 - solve( (#vr.37 < #t2.3) ∥ (#vr.37 = #t2.3) ) - case case_1 - solve( Insert( <'F_status', ~n.6>, 'left' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11112111( t, y.1, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - next - case insertFstatussreq_0_111112111111211 - solve( State_11112111( t, y.1, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - by solve( Insert( <'F_status', ~n.4>, 'left' ) @ #t2.3 ) - qed + by contradiction /* impossible chain */ qed next - case outy_0_111112121111211 - solve( (∃ #j. (!KU( t ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.25)) ∥ + case eventAccessy_0_111111212111121 + solve( (∃ #j. (!KU( t ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.11)) ∥ (∃ x #j. (Exclusive( x, t ) @ #j) ∧ ¬(last(#j))) ∥ (∃ y #j. (Exclusive( t, y ) @ #j) ∧ ¬(last(#j))) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( (#vr.38 < #t2.3) ∥ (#vr.38 = #t2.3) ) - case case_1 - solve( Insert( <'F_status', ~n.6>, 'right' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11112111( x, t, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - next - case insertFstatussreq_0_111112111111211 - solve( State_11112111( x, t, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - by solve( Insert( <'F_status', ~n.4>, 'right' ) @ #t2.3 ) - qed + by contradiction /* impossible chain */ next case case_3 - solve( (#vr.38 < #t2.3) ∥ (#vr.38 = #t2.3) ) - case case_1 - solve( Insert( <'F_status', ~n.6>, 'right' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11112111( t, y.1, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - next - case insertFstatussreq_0_111112111111211 - solve( State_11112111( t, y.1, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - by solve( Insert( <'F_status', ~n.4>, 'right' ) @ #t2.3 ) - qed + by contradiction /* impossible chain */ qed + next + case p_1_11112 + by contradiction /* from formulas */ qed qed qed next - case unlocks_0_1111121111112111 - by solve( State_1111121111112111( ~n.3, req, ~n, sk, status ) ▶₀ #t2.2 ) + case unlocks_0_11111121111112111 + by solve( State_11111121111112111( ~n.3, req, ~n.1, sk, status + ) ▶₀ #t2.2 ) qed qed qed qed qed next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'left', ~n, sk, status ) ▶₀ #t2 ) + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'left', ~n.1, sk, status + ) ▶₀ #t2 ) qed next case case_2 - by solve( Insert( <'F_status', ~n>, 'left' ) @ #t2 ) + by solve( Insert( <'F_status', ~n.1>, 'left' ) @ #t2 ) qed qed next - case eventAccessy_0_11111212111121 - solve( State_11111212111121( s, sk, status, x, m, lock ) ▶₀ #i ) - case ifstatusright_0_1111121211112 - solve( (#vr.12 < #t2) ∥ (#vr.12 = #t2) ) + case eventAccessy_0_111111212111121 + solve( State_111111212111121( lock, s, sk, x, m, status ) ▶₀ #i ) + case ifstatusright_0_11111121211112 + solve( (#vr.5 < #t2) ∥ (#vr.5 = #t2) ) case case_1 - solve( Insert( <'F_status', ~n>, 'right' ) @ #t2 ) - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'right', ~n, sk, status ) ▶₀ #t2 ) + solve( Insert( <'F_status', ~n.1>, 'right' ) @ #t2 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'right', ~n.1, sk, status + ) ▶₀ #t2 ) next - case insertFstatussreq_0_111112111111211 - solve( State_111112111111211( lock, 'right', ~n, sk, status ) ▶₀ #t2 ) - case eventInitDevices_0_11111211111121 - solve( ((#vr.4 < #vr.24) ∧ + case insertFstatussreq_0_1111112111111211 + solve( State_1111112111111211( lock, 'right', ~n.1, sk, status ) ▶₀ #t2 ) + case eventInitDevices_0_111111211111121 + solve( ((#vr.3 < #vr.12) ∧ (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) + (Unlock_1( '1', ~n, ~n.1 ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, ~n.1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) + (Lock( pp, lpp, ~n.1 ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) + (Unlock( pp, lpp, ~n.1 ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.3) ) case case_1 - solve( (#vr.12 < #t2.1) ∥ (#vr.12 = #t2.1) ) + solve( (#vr.5 < #t2.1) ∥ (#vr.5 = #t2.1) ) case case_1 - solve( Insert( <'F_status', ~n>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( State_111( ~n, sk ) ▶₀ #t2.1 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n, sk, status ) ▶₀ #t2.1 ) + solve( Insert( <'F_status', ~n.1>, 'init' ) @ #t2.1 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.1, sk, status + ) ▶₀ #t2.1 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.1, sk, status ) ▶₀ #t2.1 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( Unlock_1( '1', ~n.2, ~n ) @ #t2.2 ) - case unlocks_0_111112121111111 - by solve( State_111112121111111( ~n, sk, status, x.1, y, ~n.2 + solve( Insert( <'F_status', ~n.1>, 'init' ) @ #t2.1 ) + case p_1_ + solve( Unlock_1( '1', ~n, ~n.1 ) @ #t2.2 ) + case unlocks_0_1111112121111111 + by solve( State_1111112121111111( ~n, ~n.1, sk, x.1, y, status ) ▶₀ #t2.2 ) next - case unlocks_0_1111121211112111 - solve( State_1111121211112111( ~n, sk, status, x.1, y, ~n.2 ) ▶₀ #t2.2 ) - case outy_0_111112121111211 + case unlocks_0_11111121211112111 + solve( State_11111121211112111( ~n, ~n.1, sk, x.1, y, status ) ▶₀ #t2.2 ) + case eventAccessy_0_111111212111121 by contradiction /* cyclic */ qed next - case unlocks_0_11111212111122 - by solve( State_11111212111122( ~n, sk, status, x.1, y, ~n.2 ) ▶₀ #t2.2 ) + case unlocks_0_111111212111122 + by solve( State_111111212111122( ~n, ~n.1, sk, x.1, y, status + ) ▶₀ #t2.2 ) qed qed qed next case case_2 - solve( (#vr.12 < #t2.1) ∥ (#vr.12 = #t2.1) ) + solve( (#vr.5 < #t2.1) ∥ (#vr.5 = #t2.1) ) case case_1 - solve( Insert( <'F_status', ~n>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( State_111( ~n, sk ) ▶₀ #t2.1 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n, sk, status ) ▶₀ #t2.1 ) + solve( Insert( <'F_status', ~n.1>, 'init' ) @ #t2.1 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.1, sk, status + ) ▶₀ #t2.1 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.1, sk, status ) ▶₀ #t2.1 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( Unlock_0( '0', ~n.3, ~n ) @ #t2.2 ) - case unlocks_0_111112111111111 - by solve( State_111112111111111( ~n.3, req, ~n, sk, status ) ▶₀ #t2.2 ) + solve( Insert( <'F_status', ~n.1>, 'init' ) @ #t2.1 ) + case p_1_ + solve( Unlock_0( '0', ~n.3, ~n.1 ) @ #t2.2 ) + case unlocks_0_1111112111111111 + by solve( State_1111112111111111( ~n.3, req, ~n.1, sk, status + ) ▶₀ #t2.2 ) next - case unlocks_0_1111121111112111 - solve( State_1111121111112111( ~n.3, req, ~n, sk, status ) ▶₀ #t2.2 ) - case insertFstatussreq_0_111112111111211 + case unlocks_0_11111121111112111 + solve( State_11111121111112111( ~n.3, req, ~n.1, sk, status ) ▶₀ #t2.2 ) + case insertFstatussreq_0_1111112111111211 solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( aenc(, pk(~n.1)) ) @ #vk ) + solve( !KU( aenc(, pk(~n.2)) ) @ #vk ) case c_aenc by contradiction /* from formulas */ next - case outaenclmrmpksk_0_111121111 - by contradiction /* from formulas */ - next - case outx_0_11111212111111 - solve( (∃ #j. (!KU( t ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.27)) ∥ + case eventAccessx_0_11111121211111 + solve( (∃ #j. (!KU( t ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.13)) ∥ (∃ x #j. (Exclusive( x, t ) @ #j) ∧ ¬(last(#j))) ∥ (∃ y #j. (Exclusive( t, y ) @ #j) ∧ ¬(last(#j))) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( (#vr.39 < #t2.3) ∥ (#vr.39 = #t2.3) ) - case case_1 - solve( Insert( <'F_status', ~n.6>, 'left' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11112111( x.1, t, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - next - case insertFstatussreq_0_111112111111211 - solve( State_11112111( x.1, t, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - by solve( Insert( <'F_status', ~n.4>, 'left' ) @ #t2.3 ) - qed + by contradiction /* impossible chain */ next case case_3 - solve( (#vr.39 < #t2.3) ∥ (#vr.39 = #t2.3) ) - case case_1 - solve( Insert( <'F_status', ~n.6>, 'left' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11112111( t, y, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - next - case insertFstatussreq_0_111112111111211 - solve( State_11112111( t, y, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - by solve( Insert( <'F_status', ~n.4>, 'left' ) @ #t2.3 ) - qed + by contradiction /* impossible chain */ qed next - case outy_0_111112121111211 - solve( (∃ #j. (!KU( t ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.27)) ∥ + case eventAccessy_0_111111212111121 + solve( (∃ #j. (!KU( t ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.13)) ∥ (∃ x #j. (Exclusive( x, t ) @ #j) ∧ ¬(last(#j))) ∥ (∃ y #j. (Exclusive( t, y ) @ #j) ∧ ¬(last(#j))) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( (#vr.40 < #t2.3) ∥ (#vr.40 = #t2.3) ) - case case_1 - solve( Insert( <'F_status', ~n.6>, 'right' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11112111( x.1, t, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - next - case insertFstatussreq_0_111112111111211 - solve( State_11112111( x.1, t, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - by solve( Insert( <'F_status', ~n.4>, 'right' ) @ #t2.3 ) - qed + by contradiction /* impossible chain */ next case case_3 - solve( (#vr.40 < #t2.3) ∥ (#vr.40 = #t2.3) ) - case case_1 - solve( Insert( <'F_status', ~n.6>, 'right' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11112111( t, y, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - next - case insertFstatussreq_0_111112111111211 - solve( State_11112111( t, y, s, sk ) ▶₀ #j ) - case newrm_0_1111211 - by contradiction /* impossible chain */ - qed - qed - next - case case_2 - by solve( Insert( <'F_status', ~n.4>, 'right' ) @ #t2.3 ) - qed + by contradiction /* impossible chain */ qed + next + case p_1_11112 + by contradiction /* from formulas */ qed qed qed @@ -565,7 +428,7 @@ next qed next case case_2 - by solve( Insert( <'F_status', ~n>, 'right' ) @ #t2 ) + by solve( Insert( <'F_status', ~n.1>, 'right' ) @ #t2 ) qed qed qed @@ -766,45 +629,45 @@ guarded formula characterizing all satisfying traces: "∃ x y #i #j. (Exclusive( x, y ) @ #i) ∧ (K( x ) @ #j)" */ simplify -solve( State_11112111( x, y, s, sk ) ▶₀ #i ) - case newrm_0_1111211 - solve( !KU( ~n ) @ #vk ) - case outx_0_11111212111111 - solve( (#vr.24 < #t2) ∥ (#vr.24 = #t2) ) +solve( !Semistate_111121( s, sk ) ▶₀ #i ) + case p_1_ + solve( !KU( ~n.2 ) @ #vk ) + case eventAccessx_0_11111121211111 + solve( (#vr.7 < #t2) ∥ (#vr.7 = #t2) ) case case_1 - solve( Insert( <'F_status', ~n.6>, 'left' ) @ #t2 ) - case insertFstatussreq_0_11111211111111 - solve( State_11111211111111( lock, 'left', ~n.4, sk, status ) ▶₀ #t2 ) - case eventInitDevices_0_1111121111111 - solve( ((#vr.16 < #vr.33) ∧ + solve( Insert( <'F_status', ~n.5>, 'left' ) @ #t2 ) + case insertFstatussreq_0_111111211111111 + solve( State_111111211111111( lock, 'left', ~n.4, sk, status ) ▶₀ #t2 ) + case eventInitDevices_0_11111121111111 + solve( ((#vr.5 < #vr.12) ∧ (∃ #t2. (Unlock_1( '1', ~n.7, ~n.5 ) @ #t2) ∧ - (#vr.16 < #t2) ∧ - (#t2 < #vr.33) ∧ + (#vr.5 < #t2) ∧ + (#t2 < #vr.12) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, ~n.5 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.16) ∨ (#t0 = #vr.16) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.5) ∨ (#t0 = #vr.5) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.16) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.33 < #vr.16) ) + ((#t0 < #vr.5) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.5) ) case case_2 - solve( (#vr.24 < #t2.1) ∥ (#vr.24 = #t2.1) ) + solve( (#vr.7 < #t2.1) ∥ (#vr.7 = #t2.1) ) case case_2 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 + case p_1_ solve( Unlock_0( '0', ~n.4, ~n.5 ) @ #t2.2 ) - case unlocks_0_111112111111111 - solve( State_111112111111111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) - case insertFstatussreq_0_11111211111111 + case unlocks_0_1111112111111111 + solve( State_1111112111111111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) + case insertFstatussreq_0_111111211111111 solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) case case_2 - solve( !KU( aenc(<~n, y>, pk(~n.6)) ) @ #vk.1 ) - case outaenclmrmpksk_0_111121111 + solve( !KU( aenc(<~n.2, y>, pk(~n.6)) ) @ #vk.1 ) + case p_1_11112 SOLVED // trace found qed qed @@ -826,45 +689,45 @@ guarded formula characterizing all satisfying traces: "∃ x y #i #k. (Exclusive( x, y ) @ #i) ∧ (K( y ) @ #k)" */ simplify -solve( State_11112111( x, y, s, sk ) ▶₀ #i ) - case newrm_0_1111211 - solve( !KU( ~n.1 ) @ #vk ) - case outy_0_111112121111211 - solve( (#vr.25 < #t2) ∥ (#vr.25 = #t2) ) +solve( !Semistate_111121( s, sk ) ▶₀ #i ) + case p_1_ + solve( !KU( ~n.3 ) @ #vk ) + case eventAccessy_0_111111212111121 + solve( (#vr.8 < #t2) ∥ (#vr.8 = #t2) ) case case_1 - solve( Insert( <'F_status', ~n.6>, 'right' ) @ #t2 ) - case insertFstatussreq_0_111112111111211 - solve( State_111112111111211( lock, 'right', ~n.4, sk, status ) ▶₀ #t2 ) - case eventInitDevices_0_11111211111121 - solve( ((#vr.17 < #vr.35) ∧ + solve( Insert( <'F_status', ~n.5>, 'right' ) @ #t2 ) + case insertFstatussreq_0_1111112111111211 + solve( State_1111112111111211( lock, 'right', ~n.4, sk, status ) ▶₀ #t2 ) + case eventInitDevices_0_111111211111121 + solve( ((#vr.6 < #vr.14) ∧ (∃ #t2. (Unlock_1( '1', ~n.7, ~n.5 ) @ #t2) ∧ - (#vr.17 < #t2) ∧ - (#t2 < #vr.35) ∧ + (#vr.6 < #t2) ∧ + (#t2 < #vr.14) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, ~n.5 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.6) ∨ (#t0 = #vr.6) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.35 < #vr.17) ) + ((#t0 < #vr.6) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.14 < #vr.6) ) case case_2 - solve( (#vr.25 < #t2.1) ∥ (#vr.25 = #t2.1) ) + solve( (#vr.8 < #t2.1) ∥ (#vr.8 = #t2.1) ) case case_2 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 + case p_1_ solve( Unlock_0( '0', ~n.4, ~n.5 ) @ #t2.2 ) - case unlocks_0_1111121111112111 - solve( State_1111121111112111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) - case insertFstatussreq_0_111112111111211 + case unlocks_0_11111121111112111 + solve( State_11111121111112111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) + case insertFstatussreq_0_1111112111111211 solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) case case_2 - solve( !KU( aenc(, pk(~n.6)) ) @ #vk.1 ) - case outaenclmrmpksk_0_111121111 + solve( !KU( aenc(, pk(~n.6)) ) @ #vk.1 ) + case p_1_11112 SOLVED // trace found qed qed @@ -889,216 +752,193 @@ guarded formula characterizing all counter-examples: (Exclusive( x, y ) @ #i) ∧ (K( x ) @ #k1) ∧ (K( y ) @ #k2)" */ simplify -solve( State_11112111( x, y, s, sk ) ▶₀ #i ) - case newrm_0_1111211 - solve( !KU( ~n ) @ #vk ) - case outaenclmrmpksk_0_111121111 - by solve( !KU( ~n.3 ) @ #vk.2 ) - next - case outx_0_11111212111111 - solve( (#vr.24 < #t2) ∥ (#vr.24 = #t2) ) +solve( !Semistate_111121( s, sk ) ▶₀ #i ) + case p_1_ + solve( !KU( ~n.2 ) @ #vk ) + case eventAccessx_0_11111121211111 + solve( (#vr.7 < #t2) ∥ (#vr.7 = #t2) ) case case_1 - solve( Insert( <'F_status', ~n.6>, 'left' ) @ #t2 ) - case insertFstatussreq_0_11111211111111 - solve( State_11111211111111( lock, 'left', ~n.4, sk, status ) ▶₀ #t2 ) - case eventInitDevices_0_1111121111111 - solve( ((#vr.16 < #vr.33) ∧ + solve( Insert( <'F_status', ~n.5>, 'left' ) @ #t2 ) + case insertFstatussreq_0_111111211111111 + solve( State_111111211111111( lock, 'left', ~n.4, sk, status ) ▶₀ #t2 ) + case eventInitDevices_0_11111121111111 + solve( ((#vr.5 < #vr.12) ∧ (∃ #t2. (Unlock_1( '1', ~n.7, ~n.5 ) @ #t2) ∧ - (#vr.16 < #t2) ∧ - (#t2 < #vr.33) ∧ + (#vr.5 < #t2) ∧ + (#t2 < #vr.12) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, ~n.5 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.16) ∨ (#t0 = #vr.16) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.5) ∨ (#t0 = #vr.5) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.16) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.33 < #vr.16) ) + ((#t0 < #vr.5) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.5) ) case case_1 - solve( (#vr.24 < #t2.1) ∥ (#vr.24 = #t2.1) ) + solve( (#vr.7 < #t2.1) ∥ (#vr.7 = #t2.1) ) case case_1 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.5, sk ) ▶₀ #t2.1 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.5, sk, status + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.5, sk, status ) ▶₀ #t2.1 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.5, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.5, sk, status ) ▶₀ #t2.1 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 + case p_1_ solve( Unlock_1( '1', ~n.7, ~n.5 ) @ #t2.2 ) - case unlocks_0_111112121111111 - solve( State_111112121111111( ~n.5, sk, status, x, y, ~n.7 ) ▶₀ #t2.2 ) - case outx_0_11111212111111 + case unlocks_0_1111112121111111 + solve( State_1111112121111111( ~n.7, ~n.5, sk, x, y, status ) ▶₀ #t2.2 ) + case eventAccessx_0_11111121211111 by contradiction /* cyclic */ qed next - case unlocks_0_1111121211112111 - by solve( State_1111121211112111( ~n.5, sk, status, x, y, ~n.7 + case unlocks_0_11111121211112111 + by solve( State_11111121211112111( ~n.7, ~n.5, sk, x, y, status ) ▶₀ #t2.2 ) next - case unlocks_0_11111212111122 - by solve( State_11111212111122( ~n.5, sk, status, x, y, ~n.7 ) ▶₀ #t2.2 ) + case unlocks_0_111111212111122 + by solve( State_111111212111122( ~n.7, ~n.5, sk, x, y, status + ) ▶₀ #t2.2 ) qed qed qed next case case_2 - solve( (#vr.24 < #t2.1) ∥ (#vr.24 = #t2.1) ) + solve( (#vr.7 < #t2.1) ∥ (#vr.7 = #t2.1) ) case case_1 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.5, sk ) ▶₀ #t2.1 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.5, sk, status + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.5, sk, status ) ▶₀ #t2.1 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.5, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.5, sk, status ) ▶₀ #t2.1 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 + case p_1_ solve( Unlock_0( '0', ~n.4, ~n.5 ) @ #t2.2 ) - case unlocks_0_111112111111111 - solve( State_111112111111111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) - case insertFstatussreq_0_11111211111111 + case unlocks_0_1111112111111111 + solve( State_1111112111111111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) + case insertFstatussreq_0_111111211111111 solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( ~n.1 ) @ #vk.1 ) - case outaenclmrmpksk_0_111121111 - solve( !KU( aenc(<~n, y>, pk(~n.6)) ) @ #vk.2 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaenclmrmpksk_0_111121111 - by solve( !KU( ~n.3 ) @ #vk.4 ) - qed - next - case outx_0_11111212111111 - solve( (#vr.48 < #t2.3) ∥ (#vr.48 = #t2.3) ) + solve( !KU( ~n.3 ) @ #vk.1 ) + case eventAccessx_0_11111121211111 + solve( (#vr.18 < #t2.3) ∥ (#vr.18 = #t2.3) ) case case_1 solve( Insert( <'F_status', ~n.10>, 'left' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11111211111111( lock, 'left', ~n.7, sk, status ) ▶₀ #t2.3 ) - case eventInitDevices_0_1111121111111 - solve( ((#vr.40 < #vr.57) ∧ + case insertFstatussreq_0_111111211111111 + solve( State_111111211111111( lock, 'left', ~n.8, sk, status ) ▶₀ #t2.3 ) + case eventInitDevices_0_11111121111111 + solve( ((#vr.16 < #vr.23) ∧ (∃ #t2. - (Unlock_1( '1', ~n.11, ~n.8 ) @ #t2) + (Unlock_1( '1', ~n.11, ~n.9 ) @ #t2) ∧ - (#vr.40 < #t2) ∧ - (#t2 < #vr.57) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.11, ~n.8 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.16 < #t2) ∧ + (#t2 < #vr.23) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.11, ~n.9 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.8 ) @ #t0) + (Lock( pp, lpp, ~n.9 ) @ #t0) ⇒ - ((#t0 < #vr.40) ∨ (#t0 = #vr.40) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.16) ∨ (#t0 = #vr.16) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.8 ) @ #t0) + (Unlock( pp, lpp, ~n.9 ) @ #t0) ⇒ - ((#t0 < #vr.40) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.57 < #vr.40) ) + ((#t0 < #vr.16) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.23 < #vr.16) ) case case_1 - solve( (#vr.48 < #t2.4) ∥ (#vr.48 = #t2.4) ) + solve( (#vr.18 < #t2.4) ∥ (#vr.18 = #t2.4) ) case case_1 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.8, sk ) ▶₀ #t2.4 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.8, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( Unlock_1( '1', ~n.11, ~n.8 ) @ #t2.5 ) - case unlocks_0_111112121111111 - solve( State_111112121111111( ~n.8, sk, status, x, y.1, ~n.10 + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case p_1_ + solve( Unlock_1( '1', ~n.11, ~n.9 ) @ #t2.5 ) + case unlocks_0_1111112121111111 + solve( State_1111112121111111( ~n.11, ~n.9, sk, x, y.1, status ) ▶₀ #t2.5 ) - case outx_0_11111212111111 + case eventAccessx_0_11111121211111 by contradiction /* cyclic */ qed next - case unlocks_0_1111121211112111 - by solve( State_1111121211112111( ~n.8, sk, status, x, y.1, ~n.10 + case unlocks_0_11111121211112111 + by solve( State_11111121211112111( ~n.11, ~n.9, sk, x, y.1, status ) ▶₀ #t2.5 ) next - case unlocks_0_11111212111122 - by solve( State_11111212111122( ~n.8, sk, status, x, y.1, ~n.10 + case unlocks_0_111111212111122 + by solve( State_111111212111122( ~n.11, ~n.9, sk, x, y.1, status ) ▶₀ #t2.5 ) qed qed qed next case case_2 - solve( (#vr.48 < #t2.4) ∥ (#vr.48 = #t2.4) ) + solve( (#vr.18 < #t2.4) ∥ (#vr.18 = #t2.4) ) case case_1 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.8, sk ) ▶₀ #t2.4 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.8, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( Unlock_0( '0', ~n.7, ~n.8 ) @ #t2.5 ) - case unlocks_0_111112111111111 - solve( State_111112111111111( ~n.7, req, ~n.8, sk, status ) ▶₀ #t2.5 ) - case insertFstatussreq_0_11111211111111 + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case p_1_ + solve( Unlock_0( '0', ~n.8, ~n.9 ) @ #t2.5 ) + case unlocks_0_1111112111111111 + solve( State_1111112111111111( ~n.8, req, ~n.9, sk, status ) ▶₀ #t2.5 ) + case insertFstatussreq_0_111111211111111 solve( (#t2.4 < #t2.6) ∥ (#t2.4 = #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( aenc(<~n, y>, pk(~n.6)) ) @ #vk.2 ) + solve( !KU( aenc(<~n.2, y>, pk(~n.6)) ) @ #vk.2 ) case c_aenc by contradiction /* cyclic */ next - case outaenclmrmpksk_0_111121111 - solve( !KU( aenc(<~n.1, y>, pk(~n.7)) ) @ #vk.4 ) + case p_1_11112 + solve( !KU( aenc(<~n.3, y>, pk(~n.8)) ) @ #vk.4 ) case c_aenc by contradiction /* cyclic */ qed @@ -1106,8 +946,8 @@ solve( State_11112111( x, y, s, sk ) ▶₀ #i ) qed qed next - case unlocks_0_1111121111112111 - by solve( State_1111121111112111( ~n.7, req, ~n.8, sk, status + case unlocks_0_11111121111112111 + by solve( State_11111121111112111( ~n.8, req, ~n.9, sk, status ) ▶₀ #t2.5 ) qed qed @@ -1115,130 +955,124 @@ solve( State_11112111( x, y, s, sk ) ▶₀ #i ) qed qed next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'left', ~n.7, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'left', ~n.8, sk, status ) ▶₀ #t2.3 ) qed next case case_2 - by solve( Insert( <'F_status', ~n.7>, 'left' ) @ #t2.3 ) + by solve( Insert( <'F_status', ~n.9>, 'left' ) @ #t2.3 ) qed next - case outy_0_111112121111211 - solve( (#vr.49 < #t2.3) ∥ (#vr.49 = #t2.3) ) + case eventAccessy_0_111111212111121 + solve( (#vr.19 < #t2.3) ∥ (#vr.19 = #t2.3) ) case case_1 solve( Insert( <'F_status', ~n.10>, 'right' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'right', ~n.7, sk, status + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'right', ~n.8, sk, status ) ▶₀ #t2.3 ) next - case insertFstatussreq_0_111112111111211 - solve( State_111112111111211( lock, 'right', ~n.7, sk, status + case insertFstatussreq_0_1111112111111211 + solve( State_1111112111111211( lock, 'right', ~n.8, sk, status ) ▶₀ #t2.3 ) - case eventInitDevices_0_11111211111121 - solve( ((#vr.41 < #vr.59) ∧ + case eventInitDevices_0_111111211111121 + solve( ((#vr.17 < #vr.25) ∧ (∃ #t2. - (Unlock_1( '1', ~n.11, ~n.8 ) @ #t2) + (Unlock_1( '1', ~n.11, ~n.9 ) @ #t2) ∧ - (#vr.41 < #t2) ∧ - (#t2 < #vr.59) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.11, ~n.8 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.25) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.11, ~n.9 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.8 ) @ #t0) + (Lock( pp, lpp, ~n.9 ) @ #t0) ⇒ - ((#t0 < #vr.41) ∨ (#t0 = #vr.41) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.8 ) @ #t0) + (Unlock( pp, lpp, ~n.9 ) @ #t0) ⇒ - ((#t0 < #vr.41) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.59 < #vr.41) ) + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.25 < #vr.17) ) case case_1 - solve( (#vr.49 < #t2.4) ∥ (#vr.49 = #t2.4) ) + solve( (#vr.19 < #t2.4) ∥ (#vr.19 = #t2.4) ) case case_1 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.8, sk ) ▶₀ #t2.4 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.8, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( Unlock_1( '1', ~n.11, ~n.8 ) @ #t2.5 ) - case unlocks_0_111112121111111 - by solve( State_111112121111111( ~n.8, sk, status, x, y.1, ~n.10 + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case p_1_ + solve( Unlock_1( '1', ~n.11, ~n.9 ) @ #t2.5 ) + case unlocks_0_1111112121111111 + by solve( State_1111112121111111( ~n.11, ~n.9, sk, x, y.1, status ) ▶₀ #t2.5 ) next - case unlocks_0_1111121211112111 - solve( State_1111121211112111( ~n.8, sk, status, x, y.1, ~n.10 + case unlocks_0_11111121211112111 + solve( State_11111121211112111( ~n.11, ~n.9, sk, x, y.1, status ) ▶₀ #t2.5 ) - case outy_0_111112121111211 + case eventAccessy_0_111111212111121 by contradiction /* cyclic */ qed next - case unlocks_0_11111212111122 - by solve( State_11111212111122( ~n.8, sk, status, x, y.1, ~n.10 + case unlocks_0_111111212111122 + by solve( State_111111212111122( ~n.11, ~n.9, sk, x, y.1, status ) ▶₀ #t2.5 ) qed qed qed next case case_2 - solve( (#vr.49 < #t2.4) ∥ (#vr.49 = #t2.4) ) + solve( (#vr.19 < #t2.4) ∥ (#vr.19 = #t2.4) ) case case_1 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.8, sk ) ▶₀ #t2.4 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.8, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( Unlock_0( '0', ~n.7, ~n.8 ) @ #t2.5 ) - case unlocks_0_111112111111111 - by solve( State_111112111111111( ~n.7, req, ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case p_1_ + solve( Unlock_0( '0', ~n.8, ~n.9 ) @ #t2.5 ) + case unlocks_0_1111112111111111 + by solve( State_1111112111111111( ~n.8, req, ~n.9, sk, status ) ▶₀ #t2.5 ) next - case unlocks_0_1111121111112111 - solve( State_1111121111112111( ~n.7, req, ~n.8, sk, status ) ▶₀ #t2.5 ) - case insertFstatussreq_0_111112111111211 + case unlocks_0_11111121111112111 + solve( State_11111121111112111( ~n.8, req, ~n.9, sk, status ) ▶₀ #t2.5 ) + case insertFstatussreq_0_1111112111111211 solve( (#t2.4 < #t2.6) ∥ (#t2.4 = #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( aenc(<~n, y>, pk(~n.6)) ) @ #vk.2 ) + solve( !KU( aenc(<~n.2, y>, pk(~n.6)) ) @ #vk.2 ) case c_aenc by contradiction /* cyclic */ next - case outaenclmrmpksk_0_111121111 - solve( !KU( aenc(, pk(~n.7)) ) @ #vk.4 ) + case p_1_11112 + solve( !KU( aenc(, pk(~n.8)) ) @ #vk.4 ) case c_aenc by contradiction /* cyclic */ next - case outaenclmrmpksk_0_111121111 - by contradiction /* from formulas */ + case p_1_11112 + by contradiction /* cyclic */ qed qed qed @@ -1251,14 +1085,23 @@ solve( State_11112111( x, y, s, sk ) ▶₀ #i ) qed next case case_2 - by solve( Insert( <'F_status', ~n.7>, 'right' ) @ #t2.3 ) + by solve( Insert( <'F_status', ~n.9>, 'right' ) @ #t2.3 ) + qed + next + case p_1_11112 + solve( !KU( aenc(<~n.2, y>, pk(~n.6)) ) @ #vk.2 ) + case c_aenc + by contradiction /* cyclic */ + next + case p_1_11112 + by solve( !KU( ~n.1 ) @ #vk.4 ) qed qed qed qed next - case unlocks_0_1111121111112111 - by solve( State_1111121111112111( ~n.4, req, ~n.5, sk, status + case unlocks_0_11111121111112111 + by solve( State_11111121111112111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) qed qed @@ -1266,226 +1109,210 @@ solve( State_11112111( x, y, s, sk ) ▶₀ #i ) qed qed next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'left', ~n.4, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'left', ~n.4, sk, status ) ▶₀ #t2 ) qed next case case_2 - by solve( Insert( <'F_status', ~n.4>, 'left' ) @ #t2 ) + by solve( Insert( <'F_status', ~n.5>, 'left' ) @ #t2 ) qed next - case outy_0_111112121111211 - solve( (#vr.25 < #t2) ∥ (#vr.25 = #t2) ) + case eventAccessy_0_111111212111121 + solve( (#vr.8 < #t2) ∥ (#vr.8 = #t2) ) case case_1 - solve( Insert( <'F_status', ~n.6>, 'right' ) @ #t2 ) - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'right', ~n.4, sk, status + solve( Insert( <'F_status', ~n.5>, 'right' ) @ #t2 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'right', ~n.4, sk, status ) ▶₀ #t2 ) next - case insertFstatussreq_0_111112111111211 - solve( State_111112111111211( lock, 'right', ~n.4, sk, status ) ▶₀ #t2 ) - case eventInitDevices_0_11111211111121 - solve( ((#vr.17 < #vr.35) ∧ + case insertFstatussreq_0_1111112111111211 + solve( State_1111112111111211( lock, 'right', ~n.4, sk, status ) ▶₀ #t2 ) + case eventInitDevices_0_111111211111121 + solve( ((#vr.6 < #vr.14) ∧ (∃ #t2. (Unlock_1( '1', ~n.7, ~n.5 ) @ #t2) ∧ - (#vr.17 < #t2) ∧ - (#t2 < #vr.35) ∧ + (#vr.6 < #t2) ∧ + (#t2 < #vr.14) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, ~n.5 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.6) ∨ (#t0 = #vr.6) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.35 < #vr.17) ) + ((#t0 < #vr.6) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.14 < #vr.6) ) case case_1 - solve( (#vr.25 < #t2.1) ∥ (#vr.25 = #t2.1) ) + solve( (#vr.8 < #t2.1) ∥ (#vr.8 = #t2.1) ) case case_1 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.5, sk ) ▶₀ #t2.1 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.5, sk, status + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.5, sk, status ) ▶₀ #t2.1 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.5, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.5, sk, status ) ▶₀ #t2.1 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 + case p_1_ solve( Unlock_1( '1', ~n.7, ~n.5 ) @ #t2.2 ) - case unlocks_0_111112121111111 - by solve( State_111112121111111( ~n.5, sk, status, x, y, ~n.7 + case unlocks_0_1111112121111111 + by solve( State_1111112121111111( ~n.7, ~n.5, sk, x, y, status ) ▶₀ #t2.2 ) next - case unlocks_0_1111121211112111 - solve( State_1111121211112111( ~n.5, sk, status, x, y, ~n.7 ) ▶₀ #t2.2 ) - case outy_0_111112121111211 + case unlocks_0_11111121211112111 + solve( State_11111121211112111( ~n.7, ~n.5, sk, x, y, status ) ▶₀ #t2.2 ) + case eventAccessy_0_111111212111121 by contradiction /* cyclic */ qed next - case unlocks_0_11111212111122 - by solve( State_11111212111122( ~n.5, sk, status, x, y, ~n.7 ) ▶₀ #t2.2 ) + case unlocks_0_111111212111122 + by solve( State_111111212111122( ~n.7, ~n.5, sk, x, y, status + ) ▶₀ #t2.2 ) qed qed qed next case case_2 - solve( (#vr.25 < #t2.1) ∥ (#vr.25 = #t2.1) ) + solve( (#vr.8 < #t2.1) ∥ (#vr.8 = #t2.1) ) case case_1 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.5, sk ) ▶₀ #t2.1 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.5, sk, status + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.5, sk, status ) ▶₀ #t2.1 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.5, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.5, sk, status ) ▶₀ #t2.1 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 solve( Insert( <'F_status', ~n.5>, 'init' ) @ #t2.1 ) - case insertFstatussinit_0_111 + case p_1_ solve( Unlock_0( '0', ~n.4, ~n.5 ) @ #t2.2 ) - case unlocks_0_111112111111111 - by solve( State_111112111111111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) + case unlocks_0_1111112111111111 + by solve( State_1111112111111111( ~n.4, req, ~n.5, sk, status + ) ▶₀ #t2.2 ) next - case unlocks_0_1111121111112111 - solve( State_1111121111112111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) - case insertFstatussreq_0_111112111111211 + case unlocks_0_11111121111112111 + solve( State_11111121111112111( ~n.4, req, ~n.5, sk, status ) ▶₀ #t2.2 ) + case insertFstatussreq_0_1111112111111211 solve( (#t2.1 < #t2.3) ∥ (#t2.1 = #t2.3) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( ~n.1 ) @ #vk.1 ) - case outaenclmrmpksk_0_111121111 - solve( !KU( aenc(, pk(~n.6)) ) @ #vk.2 ) - case c_aenc - by contradiction /* cyclic */ - qed - next - case outx_0_11111212111111 - solve( (#vr.50 < #t2.3) ∥ (#vr.50 = #t2.3) ) + solve( !KU( ~n.3 ) @ #vk.1 ) + case eventAccessx_0_11111121211111 + solve( (#vr.20 < #t2.3) ∥ (#vr.20 = #t2.3) ) case case_1 solve( Insert( <'F_status', ~n.10>, 'left' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - solve( State_11111211111111( lock, 'left', ~n.7, sk, status ) ▶₀ #t2.3 ) - case eventInitDevices_0_1111121111111 - solve( ((#vr.42 < #vr.59) ∧ + case insertFstatussreq_0_111111211111111 + solve( State_111111211111111( lock, 'left', ~n.8, sk, status ) ▶₀ #t2.3 ) + case eventInitDevices_0_11111121111111 + solve( ((#vr.18 < #vr.25) ∧ (∃ #t2. - (Unlock_1( '1', ~n.11, ~n.8 ) @ #t2) + (Unlock_1( '1', ~n.11, ~n.9 ) @ #t2) ∧ - (#vr.42 < #t2) ∧ - (#t2 < #vr.59) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.11, ~n.8 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.25) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.11, ~n.9 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.8 ) @ #t0) + (Lock( pp, lpp, ~n.9 ) @ #t0) ⇒ - ((#t0 < #vr.42) ∨ (#t0 = #vr.42) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.8 ) @ #t0) + (Unlock( pp, lpp, ~n.9 ) @ #t0) ⇒ - ((#t0 < #vr.42) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.59 < #vr.42) ) + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.25 < #vr.18) ) case case_1 - solve( (#vr.50 < #t2.4) ∥ (#vr.50 = #t2.4) ) + solve( (#vr.20 < #t2.4) ∥ (#vr.20 = #t2.4) ) case case_1 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.8, sk ) ▶₀ #t2.4 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.8, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( Unlock_1( '1', ~n.11, ~n.8 ) @ #t2.5 ) - case unlocks_0_111112121111111 - solve( State_111112121111111( ~n.8, sk, status, x.1, y, ~n.10 + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case p_1_ + solve( Unlock_1( '1', ~n.11, ~n.9 ) @ #t2.5 ) + case unlocks_0_1111112121111111 + solve( State_1111112121111111( ~n.11, ~n.9, sk, x.1, y, status ) ▶₀ #t2.5 ) - case outx_0_11111212111111 + case eventAccessx_0_11111121211111 by contradiction /* cyclic */ qed next - case unlocks_0_1111121211112111 - by solve( State_1111121211112111( ~n.8, sk, status, x.1, y, ~n.10 + case unlocks_0_11111121211112111 + by solve( State_11111121211112111( ~n.11, ~n.9, sk, x.1, y, status ) ▶₀ #t2.5 ) next - case unlocks_0_11111212111122 - by solve( State_11111212111122( ~n.8, sk, status, x.1, y, ~n.10 + case unlocks_0_111111212111122 + by solve( State_111111212111122( ~n.11, ~n.9, sk, x.1, y, status ) ▶₀ #t2.5 ) qed qed qed next case case_2 - solve( (#vr.50 < #t2.4) ∥ (#vr.50 = #t2.4) ) + solve( (#vr.20 < #t2.4) ∥ (#vr.20 = #t2.4) ) case case_1 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.8, sk ) ▶₀ #t2.4 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.8, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( Unlock_0( '0', ~n.7, ~n.8 ) @ #t2.5 ) - case unlocks_0_111112111111111 - solve( State_111112111111111( ~n.7, req, ~n.8, sk, status ) ▶₀ #t2.5 ) - case insertFstatussreq_0_11111211111111 + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case p_1_ + solve( Unlock_0( '0', ~n.8, ~n.9 ) @ #t2.5 ) + case unlocks_0_1111112111111111 + solve( State_1111112111111111( ~n.8, req, ~n.9, sk, status ) ▶₀ #t2.5 ) + case insertFstatussreq_0_111111211111111 solve( (#t2.4 < #t2.6) ∥ (#t2.4 = #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( aenc(, pk(~n.6)) ) @ #vk.2 ) + solve( !KU( aenc(, pk(~n.6)) ) @ #vk.2 ) case c_aenc by contradiction /* cyclic */ qed qed qed next - case unlocks_0_1111121111112111 - by solve( State_1111121111112111( ~n.7, req, ~n.8, sk, status + case unlocks_0_11111121111112111 + by solve( State_11111121111112111( ~n.8, req, ~n.9, sk, status ) ▶₀ #t2.5 ) qed qed @@ -1493,120 +1320,114 @@ solve( State_11112111( x, y, s, sk ) ▶₀ #i ) qed qed next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'left', ~n.7, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'left', ~n.8, sk, status ) ▶₀ #t2.3 ) qed next case case_2 - by solve( Insert( <'F_status', ~n.7>, 'left' ) @ #t2.3 ) + by solve( Insert( <'F_status', ~n.9>, 'left' ) @ #t2.3 ) qed next - case outy_0_111112121111211 - solve( (#vr.51 < #t2.3) ∥ (#vr.51 = #t2.3) ) + case eventAccessy_0_111111212111121 + solve( (#vr.21 < #t2.3) ∥ (#vr.21 = #t2.3) ) case case_1 solve( Insert( <'F_status', ~n.10>, 'right' ) @ #t2.3 ) - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'right', ~n.7, sk, status + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'right', ~n.8, sk, status ) ▶₀ #t2.3 ) next - case insertFstatussreq_0_111112111111211 - solve( State_111112111111211( lock, 'right', ~n.7, sk, status + case insertFstatussreq_0_1111112111111211 + solve( State_1111112111111211( lock, 'right', ~n.8, sk, status ) ▶₀ #t2.3 ) - case eventInitDevices_0_11111211111121 - solve( ((#vr.43 < #vr.61) ∧ + case eventInitDevices_0_111111211111121 + solve( ((#vr.19 < #vr.27) ∧ (∃ #t2. - (Unlock_1( '1', ~n.11, ~n.8 ) @ #t2) + (Unlock_1( '1', ~n.11, ~n.9 ) @ #t2) ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.61) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.11, ~n.8 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.19 < #t2) ∧ + (#t2 < #vr.27) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.11, ~n.9 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.8 ) @ #t0) + (Lock( pp, lpp, ~n.9 ) @ #t0) ⇒ - ((#t0 < #vr.43) ∨ (#t0 = #vr.43) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.19) ∨ (#t0 = #vr.19) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.8 ) @ #t0) + (Unlock( pp, lpp, ~n.9 ) @ #t0) ⇒ - ((#t0 < #vr.43) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.61 < #vr.43) ) + ((#t0 < #vr.19) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.27 < #vr.19) ) case case_1 - solve( (#vr.51 < #t2.4) ∥ (#vr.51 = #t2.4) ) + solve( (#vr.21 < #t2.4) ∥ (#vr.21 = #t2.4) ) case case_1 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.8, sk ) ▶₀ #t2.4 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.8, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( Unlock_1( '1', ~n.11, ~n.8 ) @ #t2.5 ) - case unlocks_0_111112121111111 - by solve( State_111112121111111( ~n.8, sk, status, x.1, y, ~n.10 + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case p_1_ + solve( Unlock_1( '1', ~n.11, ~n.9 ) @ #t2.5 ) + case unlocks_0_1111112121111111 + by solve( State_1111112121111111( ~n.11, ~n.9, sk, x.1, y, status ) ▶₀ #t2.5 ) next - case unlocks_0_1111121211112111 - solve( State_1111121211112111( ~n.8, sk, status, x.1, y, ~n.10 + case unlocks_0_11111121211112111 + solve( State_11111121211112111( ~n.11, ~n.9, sk, x.1, y, status ) ▶₀ #t2.5 ) - case outy_0_111112121111211 + case eventAccessy_0_111111212111121 by contradiction /* cyclic */ qed next - case unlocks_0_11111212111122 - by solve( State_11111212111122( ~n.8, sk, status, x.1, y, ~n.10 + case unlocks_0_111111212111122 + by solve( State_111111212111122( ~n.11, ~n.9, sk, x.1, y, status ) ▶₀ #t2.5 ) qed qed qed next case case_2 - solve( (#vr.51 < #t2.4) ∥ (#vr.51 = #t2.4) ) + solve( (#vr.21 < #t2.4) ∥ (#vr.21 = #t2.4) ) case case_1 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( State_111( ~n.8, sk ) ▶₀ #t2.4 ) - case news_0_11 - by contradiction /* cyclic */ - qed - next - case insertFstatussreq_0_11111211111111 - by solve( State_11111211111111( lock, 'init', ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case insertFstatussreq_0_111111211111111 + by solve( State_111111211111111( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) next - case insertFstatussreq_0_111112111111211 - by solve( State_111112111111211( lock, 'init', ~n.8, sk, status + case insertFstatussreq_0_1111112111111211 + by solve( State_1111112111111211( lock, 'init', ~n.9, sk, status ) ▶₀ #t2.4 ) + next + case p_1_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_status', ~n.8>, 'init' ) @ #t2.4 ) - case insertFstatussinit_0_111 - solve( Unlock_0( '0', ~n.7, ~n.8 ) @ #t2.5 ) - case unlocks_0_111112111111111 - by solve( State_111112111111111( ~n.7, req, ~n.8, sk, status + solve( Insert( <'F_status', ~n.9>, 'init' ) @ #t2.4 ) + case p_1_ + solve( Unlock_0( '0', ~n.8, ~n.9 ) @ #t2.5 ) + case unlocks_0_1111112111111111 + by solve( State_1111112111111111( ~n.8, req, ~n.9, sk, status ) ▶₀ #t2.5 ) next - case unlocks_0_1111121111112111 - solve( State_1111121111112111( ~n.7, req, ~n.8, sk, status ) ▶₀ #t2.5 ) - case insertFstatussreq_0_111112111111211 + case unlocks_0_11111121111112111 + solve( State_11111121111112111( ~n.8, req, ~n.9, sk, status ) ▶₀ #t2.5 ) + case insertFstatussreq_0_1111112111111211 solve( (#t2.4 < #t2.6) ∥ (#t2.4 = #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( aenc(, pk(~n.6)) ) @ #vk.2 ) + solve( !KU( aenc(, pk(~n.6)) ) @ #vk.2 ) case c_aenc by contradiction /* cyclic */ qed @@ -1620,7 +1441,13 @@ solve( State_11112111( x, y, s, sk ) ▶₀ #i ) qed next case case_2 - by solve( Insert( <'F_status', ~n.7>, 'right' ) @ #t2.3 ) + by solve( Insert( <'F_status', ~n.9>, 'right' ) @ #t2.3 ) + qed + next + case p_1_11112 + solve( !KU( aenc(, pk(~n.6)) ) @ #vk.2 ) + case c_aenc + by contradiction /* cyclic */ qed qed qed @@ -1633,525 +1460,446 @@ solve( State_11112111( x, y, s, sk ) ▶₀ #i ) qed next case case_2 - by solve( Insert( <'F_status', ~n.4>, 'right' ) @ #t2 ) + by solve( Insert( <'F_status', ~n.5>, 'right' ) @ #t2 ) qed + next + case p_1_11112 + by solve( !KU( ~n.1 ) @ #vk.2 ) qed qed -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newsk_0_1[color=#ffffff, process="new sk;"]: - [ State_1( ), Fr( sk ) ] --> [ State_11( sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) news_0_11[color=#ffffff, process="new s;"]: - [ State_11( sk ), Fr( s ) ] --> [ State_111( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertFstatussinit_0_111[color=#ffffff, - process="insert <'F_status', s>,'init';"]: - [ State_111( s, sk ) ] - --[ Insert( <'F_status', s>, 'init' ) ]-> - [ State_1111( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#ffffff, process="|"]: - [ State_1111( s, sk ) ] - --> - [ State_11111( s, sk ), State_11112( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111[color=#708040, process="|"]: - [ State_11111( s, sk ) ] - --> - [ State_111111( s, sk ), State_111112( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outpksk_0_111111[color=#708040, process="out(pk(sk));"]: - [ State_111111( s, sk ) ] --> [ State_1111111( s, sk ), Out( pk(sk) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111[color=#708040, process="0"]: - [ State_1111111( s, sk ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111112[color=#708040, process="!"]: - [ State_111112( s, sk ) ] --> [ !Semistate_1111121( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_111112[color=#708040, process="!"]: - [ !Semistate_1111121( s, sk ) ] --> [ State_1111121( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111121[color=#708040, process="|"]: - [ State_1111121( s, sk ) ] - --> - [ State_11111211( s, sk ), State_11111212( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) locks_0_11111211[color=#708040, process="lock s;"]: - [ State_11111211( s, sk ), Fr( lock ) ] - --[ Lock_0( '0', lock, s ), Lock( '0', lock, s ) ]-> - [ State_111112111( lock, s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inreq_0_111112111[color=#708040, process="in(req);"]: - [ State_111112111( lock, s, sk ), In( req ) ] - --> - [ State_1111121111( lock, req, s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupFstatussasstatus_0_1111121111[color=#708040, - process="lookup <'F_status', s> as status"]: - [ State_1111121111( lock, req, s, sk ) ] - --[ IsIn( <'F_status', s>, status ) ]-> - [ State_11111211111( lock, req, s, sk, status ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupFstatussasstatus_1_1111121111[color=#708040, - process="lookup <'F_status', s> as status"]: - [ State_1111121111( lock, req, s, sk ) ] - --[ IsNotSet( <'F_status', s> ) ]-> - [ State_11111211112( lock, req, s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifstatusinit_0_11111211111[color=#708040, - process="if status='init'"]: - [ State_11111211111( lock, req, s, sk, status ) ] - --[ Pred_Eq( status, 'init' ) ]-> - [ State_111112111111( lock, req, s, sk, status ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifstatusinit_1_11111211111[color=#708040, - process="if status='init'"]: - [ State_11111211111( lock, req, s, sk, status ) ] - --[ Pred_Not_Eq( status, 'init' ) ]-> - [ State_111112111112( lock, req, s, sk, status ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifreqleft_0_111112111111[color=#708040, - process="if req='left'"]: - [ State_111112111111( lock, req, s, sk, status ) ] - --[ Pred_Eq( req, 'left' ) ]-> - [ State_1111121111111( lock, req, s, sk, status ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifreqleft_1_111112111111[color=#708040, - process="if req='left'"]: - [ State_111112111111( lock, req, s, sk, status ) ] - --[ Pred_Not_Eq( req, 'left' ) ]-> - [ State_1111121111112( lock, req, s, sk, status ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventInitDevices_0_1111121111111[color=#708040, - process="event InitDevice( s );"]: - [ State_1111121111111( lock, req, s, sk, status ) ] - --[ InitDevice( s ) ]-> - [ State_11111211111111( lock, req, s, sk, status ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertFstatussreq_0_11111211111111[color=#708040, - process="insert <'F_status', s>,req;"]: - [ State_11111211111111( lock, req, s, sk, status ) ] - --[ Insert( <'F_status', s>, req ) ]-> - [ State_111112111111111( lock, req, s, sk, status ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlocks_0_111112111111111[color=#708040, - process="unlock s;"]: - [ State_111112111111111( lock, req, s, sk, status ) ] - --[ Unlock_0( '0', lock, s ), Unlock( '0', lock, s ) ]-> - [ State_1111121111111111( lock, req, s, sk, status ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111121111111111[color=#708040, process="0"]: - [ State_1111121111111111( lock, req, s, sk, status ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifreqright_0_1111121111112[color=#708040, - process="if req='right'"]: - [ State_1111121111112( lock, req, s, sk, status ) ] - --[ Pred_Eq( req, 'right' ) ]-> - [ State_11111211111121( lock, req, s, sk, status ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) ifreqright_1_1111121111112[color=#708040, - process="if req='right'"]: - [ State_1111121111112( lock, req, s, sk, status ) ] - --[ Pred_Not_Eq( req, 'right' ) ]-> - [ State_11111211111122( lock, req, s, sk, status ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) eventInitDevices_0_11111211111121[color=#708040, - process="event InitDevice( s );"]: - [ State_11111211111121( lock, req, s, sk, status ) ] - --[ InitDevice( s ) ]-> - [ State_111112111111211( lock, req, s, sk, status ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) insertFstatussreq_0_111112111111211[color=#708040, - process="insert <'F_status', s>,req;"]: - [ State_111112111111211( lock, req, s, sk, status ) ] - --[ Insert( <'F_status', s>, req ) ]-> - [ State_1111121111112111( lock, req, s, sk, status ) ] +rule (modulo E) locks_0_111111211[color=#708040, process="lock s.1;"]: + [ State_111111211( s.1, sk.1 ), Fr( lock ), In( req.1 ) ] + --[ Lock_0( '0', lock, s.1 ), Lock( '0', lock, s.1 ) ]-> + [ State_11111121111( lock, req.1, s.1, sk.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) locks_0_111111211[color=#708040, process="lock s.1;"]: + [ State_111111211( s, sk ), Fr( lock ), In( req ) ] + --[ Lock_0( '0', lock, s ), Lock( '0', lock, s ) ]-> + [ State_11111121111( lock, req, s, sk ) ] + */ -rule (modulo E) unlocks_0_1111121111112111[color=#708040, - process="unlock s;"]: - [ State_1111121111112111( lock, req, s, sk, status ) ] - --[ Unlock_0( '0', lock, s ), Unlock( '0', lock, s ) ]-> - [ State_11111211111121111( lock, req, s, sk, status ) ] +rule (modulo E) lookupFstatussasstatus_0_11111121111[color=#708040, + process="lookup <'F_status', s.1> as status.1"]: + [ State_11111121111( lock, req.1, s.1, sk.1 ) ] + --[ IsIn( <'F_status', s.1>, status.1 ) ]-> + [ State_111111211111( lock, req.1, s.1, sk.1, status.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupFstatussasstatus_0_11111121111[color=#708040, + process="lookup <'F_status', s.1> as status.1"]: + [ State_11111121111( lock, req, s, sk ) ] + --[ IsIn( <'F_status', s>, status ) ]-> + [ State_111111211111( lock, req, s, sk, status ) ] + */ -rule (modulo E) p_0_11111211111121111[color=#708040, process="0"]: - [ State_11111211111121111( lock, req, s, sk, status ) ] --> [ ] +rule (modulo E) ifstatusinit_0_111111211111[color=#708040, + process="if status.1='init'"]: + [ State_111111211111( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Pred_Eq( status.1, 'init' ) ]-> + [ State_1111112111111( lock, req.1, s.1, sk.1, status.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifstatusinit_0_111111211111[color=#708040, + process="if status.1='init'"]: + [ State_111111211111( lock, req, s, sk, status ) ] + --[ Pred_Eq( status, 'init' ) ]-> + [ State_1111112111111( lock, req, s, sk, status ) ] + */ -rule (modulo E) p_0_11111211111122[color=#708040, process="0"]: - [ State_11111211111122( lock, req, s, sk, status ) ] --> [ ] +rule (modulo E) ifreqleft_0_1111112111111[color=#708040, + process="if req.1='left'"]: + [ State_1111112111111( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Pred_Eq( req.1, 'left' ) ]-> + [ State_11111121111111( lock, req.1, s.1, sk.1, status.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifreqleft_0_1111112111111[color=#708040, + process="if req.1='left'"]: + [ State_1111112111111( lock, req, s, sk, status ) ] + --[ Pred_Eq( req, 'left' ) ]-> + [ State_11111121111111( lock, req, s, sk, status ) ] + */ -rule (modulo E) p_0_111112111112[color=#708040, process="0"]: - [ State_111112111112( lock, req, s, sk, status ) ] --> [ ] +rule (modulo E) eventInitDevices_0_11111121111111[color=#708040, + process="event InitDevice( s.1 );"]: + [ State_11111121111111( lock, req.1, s.1, sk.1, status.1 ) ] + --[ InitDevice( s.1 ) ]-> + [ State_111111211111111( lock, req.1, s.1, sk.1, status.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventInitDevices_0_11111121111111[color=#708040, + process="event InitDevice( s.1 );"]: + [ State_11111121111111( lock, req, s, sk, status ) ] + --[ InitDevice( s ) ]-> + [ State_111111211111111( lock, req, s, sk, status ) ] + */ -rule (modulo E) p_0_11111211112[color=#708040, process="0"]: - [ State_11111211112( lock, req, s, sk ) ] --> [ ] +rule (modulo E) insertFstatussreq_0_111111211111111[color=#708040, + process="insert <'F_status', s.1>,req.1;"]: + [ State_111111211111111( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Insert( <'F_status', s.1>, req.1 ) ]-> + [ State_1111112111111111( lock, req.1, s.1, sk.1, status.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertFstatussreq_0_111111211111111[color=#708040, + process="insert <'F_status', s.1>,req.1;"]: + [ State_111111211111111( lock, req, s, sk, status ) ] + --[ Insert( <'F_status', s>, req ) ]-> + [ State_1111112111111111( lock, req, s, sk, status ) ] + */ -rule (modulo E) p_0_11111212[color=#708040, process="!"]: - [ State_11111212( s, sk ) ] --> [ !Semistate_111112121( s, sk ) ] +rule (modulo E) unlocks_0_1111112111111111[color=#708040, + process="unlock s.1;"]: + [ State_1111112111111111( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Unlock_0( '0', lock, s.1 ), Unlock( '0', lock, s.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlocks_0_1111112111111111[color=#708040, + process="unlock s.1;"]: + [ State_1111112111111111( lock, req, s, sk, status ) ] + --[ Unlock_0( '0', lock, s ), Unlock( '0', lock, s ) ]-> + [ ] + */ -rule (modulo E) p_1_11111212[color=#708040, process="!"]: - [ !Semistate_111112121( s, sk ) ] --> [ State_111112121( s, sk ) ] +rule (modulo E) ifreqleft_1_1111112111111[color=#708040, + process="if req.1='left'"]: + [ State_1111112111111( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Pred_Not_Eq( req.1, 'left' ) ]-> + [ State_11111121111112( lock, req.1, s.1, sk.1, status.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifreqleft_1_1111112111111[color=#708040, + process="if req.1='left'"]: + [ State_1111112111111( lock, req, s, sk, status ) ] + --[ Pred_Not_Eq( req, 'left' ) ]-> + [ State_11111121111112( lock, req, s, sk, status ) ] + */ -rule (modulo E) locks_0_111112121[color=#708040, process="lock s;"]: - [ State_111112121( s, sk ), Fr( lock.1 ) ] - --[ Lock_1( '1', lock.1, s ), Lock( '1', lock.1, s ) ]-> - [ State_1111121211( s, sk, lock.1 ) ] +rule (modulo E) ifreqright_0_11111121111112[color=#708040, + process="if req.1='right'"]: + [ State_11111121111112( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Pred_Eq( req.1, 'right' ) ]-> + [ State_111111211111121( lock, req.1, s.1, sk.1, status.1 ) ] /* - rule (modulo AC) locks_0_111112121[color=#708040, process="lock s;"]: - [ State_111112121( s, sk ), Fr( lock ) ] - --[ Lock_1( '1', lock, s ), Lock( '1', lock, s ) ]-> - [ State_1111121211( s, sk, lock ) ] + rule (modulo AC) ifreqright_0_11111121111112[color=#708040, + process="if req.1='right'"]: + [ State_11111121111112( lock, req, s, sk, status ) ] + --[ Pred_Eq( req, 'right' ) ]-> + [ State_111111211111121( lock, req, s, sk, status ) ] */ -rule (modulo E) inaencxypksk_0_1111121211[color=#708040, - process="in(aenc(, pk(sk)));"]: - [ State_1111121211( s, sk, lock.1 ), In( aenc(, pk(sk)) ) ] - --> - [ State_11111212111( s, sk, x, y, lock.1 ) ] +rule (modulo E) eventInitDevices_0_111111211111121[color=#708040, + process="event InitDevice( s.1 );"]: + [ State_111111211111121( lock, req.1, s.1, sk.1, status.1 ) ] + --[ InitDevice( s.1 ) ]-> + [ State_1111112111111211( lock, req.1, s.1, sk.1, status.1 ) ] /* - rule (modulo AC) inaencxypksk_0_1111121211[color=#708040, - process="in(aenc(, pk(sk)));"]: - [ State_1111121211( s, sk, lock ), In( aenc(, pk(sk)) ) ] - --> - [ State_11111212111( s, sk, x, y, lock ) ] + rule (modulo AC) eventInitDevices_0_111111211111121[color=#708040, + process="event InitDevice( s.1 );"]: + [ State_111111211111121( lock, req, s, sk, status ) ] + --[ InitDevice( s ) ]-> + [ State_1111112111111211( lock, req, s, sk, status ) ] */ -rule (modulo E) lookupFstatussasstatus_0_11111212111[color=#708040, - process="lookup <'F_status', s> as status"]: - [ State_11111212111( s, sk, x, y, lock.1 ) ] - --[ IsIn( <'F_status', s>, status ) ]-> - [ State_111112121111( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) insertFstatussreq_0_1111112111111211[color=#708040, + process="insert <'F_status', s.1>,req.1;"]: + [ State_1111112111111211( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Insert( <'F_status', s.1>, req.1 ) ]-> + [ State_11111121111112111( lock, req.1, s.1, sk.1, status.1 ) ] /* - rule (modulo AC) lookupFstatussasstatus_0_11111212111[color=#708040, - process="lookup <'F_status', s> as status"]: - [ State_11111212111( s, sk, x, y, lock ) ] - --[ IsIn( <'F_status', s>, status ) ]-> - [ State_111112121111( s, sk, status, x, y, lock ) ] + rule (modulo AC) insertFstatussreq_0_1111112111111211[color=#708040, + process="insert <'F_status', s.1>,req.1;"]: + [ State_1111112111111211( lock, req, s, sk, status ) ] + --[ Insert( <'F_status', s>, req ) ]-> + [ State_11111121111112111( lock, req, s, sk, status ) ] */ -rule (modulo E) lookupFstatussasstatus_1_11111212111[color=#708040, - process="lookup <'F_status', s> as status"]: - [ State_11111212111( s, sk, x, y, lock.1 ) ] - --[ IsNotSet( <'F_status', s> ) ]-> - [ State_111112121112( s, sk, x, y, lock.1 ) ] +rule (modulo E) unlocks_0_11111121111112111[color=#708040, + process="unlock s.1;"]: + [ State_11111121111112111( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Unlock_0( '0', lock, s.1 ), Unlock( '0', lock, s.1 ) ]-> + [ ] /* - rule (modulo AC) lookupFstatussasstatus_1_11111212111[color=#708040, - process="lookup <'F_status', s> as status"]: - [ State_11111212111( s, sk, x, y, lock ) ] - --[ IsNotSet( <'F_status', s> ) ]-> - [ State_111112121112( s, sk, x, y, lock ) ] + rule (modulo AC) unlocks_0_11111121111112111[color=#708040, + process="unlock s.1;"]: + [ State_11111121111112111( lock, req, s, sk, status ) ] + --[ Unlock_0( '0', lock, s ), Unlock( '0', lock, s ) ]-> + [ ] */ -rule (modulo E) ifstatusleft_0_111112121111[color=#708040, - process="if status='left'"]: - [ State_111112121111( s, sk, status, x, y, lock.1 ) ] - --[ Pred_Eq( status, 'left' ) ]-> - [ State_1111121211111( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) ifreqright_1_11111121111112[color=#708040, + process="if req.1='right'"]: + [ State_11111121111112( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Pred_Not_Eq( req.1, 'right' ) ]-> + [ ] /* - rule (modulo AC) ifstatusleft_0_111112121111[color=#708040, - process="if status='left'"]: - [ State_111112121111( s, sk, status, x, y, lock ) ] - --[ Pred_Eq( status, 'left' ) ]-> - [ State_1111121211111( s, sk, status, x, y, lock ) ] + rule (modulo AC) ifreqright_1_11111121111112[color=#708040, + process="if req.1='right'"]: + [ State_11111121111112( lock, req, s, sk, status ) ] + --[ Pred_Not_Eq( req, 'right' ) ]-> + [ ] */ -rule (modulo E) ifstatusleft_1_111112121111[color=#708040, - process="if status='left'"]: - [ State_111112121111( s, sk, status, x, y, lock.1 ) ] - --[ Pred_Not_Eq( status, 'left' ) ]-> - [ State_1111121211112( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) ifstatusinit_1_111111211111[color=#708040, + process="if status.1='init'"]: + [ State_111111211111( lock, req.1, s.1, sk.1, status.1 ) ] + --[ Pred_Not_Eq( status.1, 'init' ) ]-> + [ ] /* - rule (modulo AC) ifstatusleft_1_111112121111[color=#708040, - process="if status='left'"]: - [ State_111112121111( s, sk, status, x, y, lock ) ] - --[ Pred_Not_Eq( status, 'left' ) ]-> - [ State_1111121211112( s, sk, status, x, y, lock ) ] + rule (modulo AC) ifstatusinit_1_111111211111[color=#708040, + process="if status.1='init'"]: + [ State_111111211111( lock, req, s, sk, status ) ] + --[ Pred_Not_Eq( status, 'init' ) ]-> + [ ] */ -rule (modulo E) eventAccessx_0_1111121211111[color=#708040, - process="event Access( x );"]: - [ State_1111121211111( s, sk, status, x, y, lock.1 ) ] - --[ Access( x ) ]-> - [ State_11111212111111( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) lookupFstatussasstatus_1_11111121111[color=#708040, + process="lookup <'F_status', s.1> as status.1"]: + [ State_11111121111( lock, req.1, s.1, sk.1 ) ] + --[ IsNotSet( <'F_status', s.1> ) ]-> + [ ] /* - rule (modulo AC) eventAccessx_0_1111121211111[color=#708040, - process="event Access( x );"]: - [ State_1111121211111( s, sk, status, x, y, lock ) ] - --[ Access( x ) ]-> - [ State_11111212111111( s, sk, status, x, y, lock ) ] + rule (modulo AC) lookupFstatussasstatus_1_11111121111[color=#708040, + process="lookup <'F_status', s.1> as status.1"]: + [ State_11111121111( lock, req, s, sk ) ] + --[ IsNotSet( <'F_status', s> ) ]-> + [ ] */ -rule (modulo E) outx_0_11111212111111[color=#708040, process="out(x);"]: - [ State_11111212111111( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) p_1_1111112[color=#708040, process="!"]: + [ !Semistate_11111121( s.1, sk.1 ) ] --> - [ State_111112121111111( s, sk, status, x, y, lock.1 ), Out( x ) ] + [ !Semistate_1111112121( s.1, sk.1 ), State_111111211( s.1, sk.1 ) ] /* - rule (modulo AC) outx_0_11111212111111[color=#708040, process="out(x);"]: - [ State_11111212111111( s, sk, status, x, y, lock ) ] + rule (modulo AC) p_1_1111112[color=#708040, process="!"]: + [ !Semistate_11111121( s, sk ) ] --> - [ State_111112121111111( s, sk, status, x, y, lock ), Out( x ) ] + [ !Semistate_1111112121( s, sk ), State_111111211( s, sk ) ] */ -rule (modulo E) unlocks_0_111112121111111[color=#708040, - process="unlock s;"]: - [ State_111112121111111( s, sk, status, x, y, lock.1 ) ] - --[ Unlock_1( '1', lock.1, s ), Unlock( '1', lock.1, s ) ]-> - [ State_1111121211111111( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) p_1_111111212[color=#708040, process="!"]: + [ + !Semistate_1111112121( s.1, sk.1 ), Fr( lock.1 ), + In( aenc(, pk(sk.1)) ) + ] + --[ Lock_1( '1', lock.1, s.1 ), Lock( '1', lock.1, s.1 ) ]-> + [ State_111111212111( lock.1, s.1, sk.1, x.1, y.1 ) ] /* - rule (modulo AC) unlocks_0_111112121111111[color=#708040, - process="unlock s;"]: - [ State_111112121111111( s, sk, status, x, y, lock ) ] - --[ Unlock_1( '1', lock, s ), Unlock( '1', lock, s ) ]-> - [ State_1111121211111111( s, sk, status, x, y, lock ) ] + rule (modulo AC) p_1_111111212[color=#708040, process="!"]: + [ !Semistate_1111112121( s, sk ), Fr( lock ), In( aenc(, pk(sk)) ) + ] + --[ Lock_1( '1', lock, s ), Lock( '1', lock, s ) ]-> + [ State_111111212111( lock, s, sk, x, y ) ] */ -rule (modulo E) p_0_1111121211111111[color=#708040, process="0"]: - [ State_1111121211111111( s, sk, status, x, y, lock.1 ) ] --> [ ] +rule (modulo E) lookupFstatussasstatus_0_111111212111[color=#708040, + process="lookup <'F_status', s.1> as status.2"]: + [ State_111111212111( lock.1, s.1, sk.1, x.1, y.1 ) ] + --[ IsIn( <'F_status', s.1>, status.2 ) ]-> + [ State_1111112121111( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] /* - rule (modulo AC) p_0_1111121211111111[color=#708040, process="0"]: - [ State_1111121211111111( s, sk, status, x, y, lock ) ] --> [ ] + rule (modulo AC) lookupFstatussasstatus_0_111111212111[color=#708040, + process="lookup <'F_status', s.1> as status.2"]: + [ State_111111212111( lock, s, sk, x, y ) ] + --[ IsIn( <'F_status', s>, status ) ]-> + [ State_1111112121111( lock, s, sk, x, y, status ) ] */ -rule (modulo E) ifstatusright_0_1111121211112[color=#708040, - process="if status='right'"]: - [ State_1111121211112( s, sk, status, x, y, lock.1 ) ] - --[ Pred_Eq( status, 'right' ) ]-> - [ State_11111212111121( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) ifstatusleft_0_1111112121111[color=#708040, + process="if status.2='left'"]: + [ State_1111112121111( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Pred_Eq( status.2, 'left' ) ]-> + [ State_11111121211111( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] /* - rule (modulo AC) ifstatusright_0_1111121211112[color=#708040, - process="if status='right'"]: - [ State_1111121211112( s, sk, status, x, y, lock ) ] - --[ Pred_Eq( status, 'right' ) ]-> - [ State_11111212111121( s, sk, status, x, y, lock ) ] + rule (modulo AC) ifstatusleft_0_1111112121111[color=#708040, + process="if status.2='left'"]: + [ State_1111112121111( lock, s, sk, x, y, status ) ] + --[ Pred_Eq( status, 'left' ) ]-> + [ State_11111121211111( lock, s, sk, x, y, status ) ] */ -rule (modulo E) ifstatusright_1_1111121211112[color=#708040, - process="if status='right'"]: - [ State_1111121211112( s, sk, status, x, y, lock.1 ) ] - --[ Pred_Not_Eq( status, 'right' ) ]-> - [ State_11111212111122( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) eventAccessx_0_11111121211111[color=#708040, + process="event Access( x.1 );"]: + [ State_11111121211111( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Access( x.1 ) ]-> + [ + State_1111112121111111( lock.1, s.1, sk.1, x.1, y.1, status.2 ), + Out( x.1 ) + ] /* - rule (modulo AC) ifstatusright_1_1111121211112[color=#708040, - process="if status='right'"]: - [ State_1111121211112( s, sk, status, x, y, lock ) ] - --[ Pred_Not_Eq( status, 'right' ) ]-> - [ State_11111212111122( s, sk, status, x, y, lock ) ] + rule (modulo AC) eventAccessx_0_11111121211111[color=#708040, + process="event Access( x.1 );"]: + [ State_11111121211111( lock, s, sk, x, y, status ) ] + --[ Access( x ) ]-> + [ State_1111112121111111( lock, s, sk, x, y, status ), Out( x ) ] */ -rule (modulo E) eventAccessy_0_11111212111121[color=#708040, - process="event Access( y );"]: - [ State_11111212111121( s, sk, status, x, y, lock.1 ) ] - --[ Access( y ) ]-> - [ State_111112121111211( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) unlocks_0_1111112121111111[color=#708040, + process="unlock s.1;"]: + [ State_1111112121111111( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Unlock_1( '1', lock.1, s.1 ), Unlock( '1', lock.1, s.1 ) ]-> + [ ] /* - rule (modulo AC) eventAccessy_0_11111212111121[color=#708040, - process="event Access( y );"]: - [ State_11111212111121( s, sk, status, x, y, lock ) ] - --[ Access( y ) ]-> - [ State_111112121111211( s, sk, status, x, y, lock ) ] + rule (modulo AC) unlocks_0_1111112121111111[color=#708040, + process="unlock s.1;"]: + [ State_1111112121111111( lock, s, sk, x, y, status ) ] + --[ Unlock_1( '1', lock, s ), Unlock( '1', lock, s ) ]-> + [ ] */ -rule (modulo E) outy_0_111112121111211[color=#708040, process="out(y);"]: - [ State_111112121111211( s, sk, status, x, y, lock.1 ) ] - --> - [ State_1111121211112111( s, sk, status, x, y, lock.1 ), Out( y ) ] +rule (modulo E) ifstatusleft_1_1111112121111[color=#708040, + process="if status.2='left'"]: + [ State_1111112121111( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Pred_Not_Eq( status.2, 'left' ) ]-> + [ State_11111121211112( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] /* - rule (modulo AC) outy_0_111112121111211[color=#708040, - process="out(y);"]: - [ State_111112121111211( s, sk, status, x, y, lock ) ] - --> - [ State_1111121211112111( s, sk, status, x, y, lock ), Out( y ) ] + rule (modulo AC) ifstatusleft_1_1111112121111[color=#708040, + process="if status.2='left'"]: + [ State_1111112121111( lock, s, sk, x, y, status ) ] + --[ Pred_Not_Eq( status, 'left' ) ]-> + [ State_11111121211112( lock, s, sk, x, y, status ) ] */ -rule (modulo E) unlocks_0_1111121211112111[color=#708040, - process="unlock s;"]: - [ State_1111121211112111( s, sk, status, x, y, lock.1 ) ] - --[ Unlock_1( '1', lock.1, s ), Unlock( '1', lock.1, s ) ]-> - [ State_11111212111121111( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) ifstatusright_0_11111121211112[color=#708040, + process="if status.2='right'"]: + [ State_11111121211112( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Pred_Eq( status.2, 'right' ) ]-> + [ State_111111212111121( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] /* - rule (modulo AC) unlocks_0_1111121211112111[color=#708040, - process="unlock s;"]: - [ State_1111121211112111( s, sk, status, x, y, lock ) ] - --[ Unlock_1( '1', lock, s ), Unlock( '1', lock, s ) ]-> - [ State_11111212111121111( s, sk, status, x, y, lock ) ] + rule (modulo AC) ifstatusright_0_11111121211112[color=#708040, + process="if status.2='right'"]: + [ State_11111121211112( lock, s, sk, x, y, status ) ] + --[ Pred_Eq( status, 'right' ) ]-> + [ State_111111212111121( lock, s, sk, x, y, status ) ] */ -rule (modulo E) p_0_11111212111121111[color=#708040, process="0"]: - [ State_11111212111121111( s, sk, status, x, y, lock.1 ) ] --> [ ] +rule (modulo E) eventAccessy_0_111111212111121[color=#708040, + process="event Access( y.1 );"]: + [ State_111111212111121( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Access( y.1 ) ]-> + [ + State_11111121211112111( lock.1, s.1, sk.1, x.1, y.1, status.2 ), + Out( y.1 ) + ] /* - rule (modulo AC) p_0_11111212111121111[color=#708040, process="0"]: - [ State_11111212111121111( s, sk, status, x, y, lock ) ] --> [ ] + rule (modulo AC) eventAccessy_0_111111212111121[color=#708040, + process="event Access( y.1 );"]: + [ State_111111212111121( lock, s, sk, x, y, status ) ] + --[ Access( y ) ]-> + [ State_11111121211112111( lock, s, sk, x, y, status ), Out( y ) ] */ -rule (modulo E) unlocks_0_11111212111122[color=#708040, - process="unlock s;"]: - [ State_11111212111122( s, sk, status, x, y, lock.1 ) ] - --[ Unlock_1( '1', lock.1, s ), Unlock( '1', lock.1, s ) ]-> - [ State_111112121111221( s, sk, status, x, y, lock.1 ) ] +rule (modulo E) unlocks_0_11111121211112111[color=#708040, + process="unlock s.1;"]: + [ State_11111121211112111( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Unlock_1( '1', lock.1, s.1 ), Unlock( '1', lock.1, s.1 ) ]-> + [ ] /* - rule (modulo AC) unlocks_0_11111212111122[color=#708040, - process="unlock s;"]: - [ State_11111212111122( s, sk, status, x, y, lock ) ] + rule (modulo AC) unlocks_0_11111121211112111[color=#708040, + process="unlock s.1;"]: + [ State_11111121211112111( lock, s, sk, x, y, status ) ] --[ Unlock_1( '1', lock, s ), Unlock( '1', lock, s ) ]-> - [ State_111112121111221( s, sk, status, x, y, lock ) ] + [ ] */ -rule (modulo E) p_0_111112121111221[color=#708040, process="0"]: - [ State_111112121111221( s, sk, status, x, y, lock.1 ) ] --> [ ] +rule (modulo E) ifstatusright_1_11111121211112[color=#708040, + process="if status.2='right'"]: + [ State_11111121211112( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Pred_Not_Eq( status.2, 'right' ) ]-> + [ State_111111212111122( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] /* - rule (modulo AC) p_0_111112121111221[color=#708040, process="0"]: - [ State_111112121111221( s, sk, status, x, y, lock ) ] --> [ ] + rule (modulo AC) ifstatusright_1_11111121211112[color=#708040, + process="if status.2='right'"]: + [ State_11111121211112( lock, s, sk, x, y, status ) ] + --[ Pred_Not_Eq( status, 'right' ) ]-> + [ State_111111212111122( lock, s, sk, x, y, status ) ] */ -rule (modulo E) p_0_111112121112[color=#708040, process="0"]: - [ State_111112121112( s, sk, x, y, lock.1 ) ] --> [ ] +rule (modulo E) unlocks_0_111111212111122[color=#708040, + process="unlock s.1;"]: + [ State_111111212111122( lock.1, s.1, sk.1, x.1, y.1, status.2 ) ] + --[ Unlock_1( '1', lock.1, s.1 ), Unlock( '1', lock.1, s.1 ) ]-> + [ ] /* - rule (modulo AC) p_0_111112121112[color=#708040, process="0"]: - [ State_111112121112( s, sk, x, y, lock ) ] --> [ ] + rule (modulo AC) unlocks_0_111111212111122[color=#708040, + process="unlock s.1;"]: + [ State_111111212111122( lock, s, sk, x, y, status ) ] + --[ Unlock_1( '1', lock, s ), Unlock( '1', lock, s ) ]-> + [ ] */ -rule (modulo E) p_0_11112[color=#ffffff, process="!"]: - [ State_11112( s, sk ) ] --> [ !Semistate_111121( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_11112[color=#ffffff, process="!"]: - [ !Semistate_111121( s, sk ) ] --> [ State_111121( s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newlm_0_111121[color=#80406c, process="new lm;"]: - [ State_111121( s, sk ), Fr( lm ) ] --> [ State_1111211( lm, s, sk ) ] +rule (modulo E) lookupFstatussasstatus_1_111111212111[color=#708040, + process="lookup <'F_status', s.1> as status.2"]: + [ State_111111212111( lock.1, s.1, sk.1, x.1, y.1 ) ] + --[ IsNotSet( <'F_status', s.1> ) ]-> + [ ] - /* has exactly the trivial AC variant */ - -rule (modulo E) newrm_0_1111211[color=#80406c, process="new rm;"]: - [ State_1111211( lm, s, sk ), Fr( rm ) ] - --> - [ State_11112111( lm, rm, s, sk ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventExclusivelmrm_0_11112111[color=#80406c, - process="event Exclusive( lm, rm );"]: - [ State_11112111( lm, rm, s, sk ) ] - --[ Exclusive( lm, rm ) ]-> - [ State_111121111( lm, rm, s, sk ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupFstatussasstatus_1_111111212111[color=#708040, + process="lookup <'F_status', s.1> as status.2"]: + [ State_111111212111( lock, s, sk, x, y ) ] + --[ IsNotSet( <'F_status', s> ) ]-> + [ ] + */ -rule (modulo E) outaenclmrmpksk_0_111121111[color=#80406c, - process="out(aenc(, pk(sk)));"]: - [ State_111121111( lm, rm, s, sk ) ] - --> - [ State_1111211111( lm, rm, s, sk ), Out( aenc(, pk(sk)) ) ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( sk.1 ), Fr( s.1 ) ] + --[ Insert( <'F_status', s.1>, 'init' ) ]-> + [ + !Semistate_111121( s.1, sk.1 ), !Semistate_11111121( s.1, sk.1 ), + Out( pk(sk.1) ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ), Fr( sk ), Fr( s ) ] + --[ Insert( <'F_status', s>, 'init' ) ]-> + [ !Semistate_111121( s, sk ), !Semistate_11111121( s, sk ), Out( pk(sk) ) + ] + */ -rule (modulo E) p_0_1111211111[color=#80406c, process="0"]: - [ State_1111211111( lm, rm, s, sk ) ] --> [ ] +rule (modulo E) p_1_11112[color=#ffffff, process="!"]: + [ !Semistate_111121( s.1, sk.1 ), Fr( lm.1 ), Fr( rm.1 ) ] + --[ Exclusive( lm.1, rm.1 ) ]-> + [ Out( aenc(, pk(sk.1)) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11112[color=#ffffff, process="!"]: + [ !Semistate_111121( s, sk ), Fr( lm ), Fr( rm ) ] + --[ Exclusive( lm, rm ) ]-> + [ Out( aenc(, pk(sk)) ) ] + */ restriction set_in: "∀ x y #t3. @@ -2215,7 +1963,7 @@ restriction locking_1: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -2225,11 +1973,11 @@ analyzing: examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy analyzed: examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy output: examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy.tmp - processing time: 18.790370709s - source (all-traces): verified (174 steps) + processing time: 11.093962963s + source (all-traces): verified (122 steps) reachability_left (exists-trace): verified (14 steps) reachability_right (exists-trace): verified (14 steps) - secrecy (all-traces): verified (204 steps) + secrecy (all-traces): verified (192 steps) ------------------------------------------------------------------------------ @@ -2239,11 +1987,11 @@ summary of summaries: analyzed: examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy output: examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy.tmp - processing time: 18.790370709s - source (all-traces): verified (174 steps) + processing time: 11.093962963s + source (all-traces): verified (122 steps) reachability_left (exists-trace): verified (14 steps) reachability_right (exists-trace): verified (14 steps) - secrecy (all-traces): verified (204 steps) + secrecy (all-traces): verified (192 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/slow/NSL/nsl-no_as-untagged_analyzed.spthy b/case-studies-regression/sapic/slow/NSL/nsl-no_as-untagged_analyzed.spthy index 36bfe5ace..320ec9b65 100644 --- a/case-studies-regression/sapic/slow/NSL/nsl-no_as-untagged_analyzed.spthy +++ b/case-studies-regression/sapic/slow/NSL/nsl-no_as-untagged_analyzed.spthy @@ -2,7 +2,8 @@ theory NeedhamSchroeder begin // Function signature and definition of the equational theory E -functions: adec/2, aenc/2, fst/1, pair/2, pk/1, snd/1 +functions: adec/2[destructor], aenc/2, fst/1[destructor], pair/2, pk/1, + snd/1[destructor] equations: adec(aenc(x.1, pk(x.2)), x.2) = x.1, fst() = x.1, @@ -10,11 +11,70 @@ equations: heuristic: p + + + + +lemma sanity1: + all-traces "¬(∃ pka pkb k #t1. SessionA( pka, pkb, k ) @ #t1)" +/* +guarded formula characterizing all counter-examples: +"∃ pka pkb k #t1. (SessionA( pka, pkb, k ) @ #t1)" +*/ +simplify +solve( State_11111111111111111( Na, cypher, k, mess, pkb, skA, xNb + ) ▶₀ #t1 ) + case eventOUTIaencxNbkpkB_0_111111111111111 + solve( !KU( aenc(<~n, xNb, pkb>, pk(~n.1)) ) @ #vk ) + case c_aenc + solve( !KU( ~n ) @ #vk.5 ) + case p_1_11111 + solve( !KU( pk(x) ) @ #vk.2 ) + case c_pk + solve( !KU( pk(~n.1) ) @ #vk.5 ) + case newskA_0_11 + SOLVED // trace found + qed + qed + qed + qed +qed + +lemma sanity2: + all-traces "¬(∃ pka pkb k #t1. SessionB( pka, pkb, k ) @ #t1)" +/* +guarded formula characterizing all counter-examples: +"∃ pka pkb k #t1. (SessionB( pka, pkb, k ) @ #t1)" +*/ +simplify +solve( State_12111111111111111( Nb, cypher1, cypher2, mess1, mess2, pka, + skB, xNa, k + ) ▶₀ #t1 ) + case letNbxkmess_1_1211111111111111 + solve( !KU( aenc(<~n, k>, pk(~n.1)) ) @ #vk ) + case c_aenc + solve( !KU( aenc(, pk(~n.1)) ) @ #vk.1 ) + case c_aenc + solve( !KU( ~n ) @ #vk.4 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( pk(x) ) @ #vk.8 ) + case c_pk + solve( !KU( pk(~n.1) ) @ #vk.5 ) + case p_1_12 + SOLVED // trace found + qed + qed + qed + qed + qed +qed + lemma source [sources, reuse]: all-traces "(∀ ni m1 #i. (IN_R_1_ni( ni, m1 ) @ #i) ⇒ - ((∃ #j. (!KU( ni ) @ #j) ∧ (#j < #i)) ∨ (∃ #j. OUT_I_1( m1 ) @ #j))) ∧ + (((∃ #j. (!KU( ni ) @ #j) ∧ (#j < #i)) ∨ (∃ #j. OUT_I_1( m1 ) @ #j)) ∨ + (∃ #j. OUT_I_2( m1 ) @ #j))) ∧ (∀ nr m2 #i. (IN_I_2_nr( nr, m2 ) @ #i) ⇒ ((∃ #j. (!KU( nr ) @ #j) ∧ (#j < #i)) ∨ (∃ #j. OUT_R_1( m2 ) @ #j)))" @@ -24,7 +84,8 @@ guarded formula characterizing all counter-examples: (IN_R_1_ni( ni, m1 ) @ #i) ∧ (∀ #j. (!KU( ni ) @ #j) ⇒ ¬(#j < #i)) ∧ - (∀ #j. (OUT_I_1( m1 ) @ #j) ⇒ ⊥)) ∨ + (∀ #j. (OUT_I_1( m1 ) @ #j) ⇒ ⊥) ∧ + (∀ #j. (OUT_I_2( m1 ) @ #j) ⇒ ⊥)) ∨ (∃ nr m2 #i. (IN_I_2_nr( nr, m2 ) @ #i) ∧ @@ -41,7 +102,8 @@ next (IN_R_1_ni( ni, m1 ) @ #i) ∧ (∀ #j. (!KU( ni ) @ #j) ⇒ ¬(#j < #i)) ∧ - (∀ #j. (OUT_I_1( m1 ) @ #j) ⇒ ⊥)) ∥ + (∀ #j. (OUT_I_1( m1 ) @ #j) ⇒ ⊥) ∧ + (∀ #j. (OUT_I_2( m1 ) @ #j) ⇒ ⊥)) ∥ (∃ nr m2 #i. (IN_I_2_nr( nr, m2 ) @ #i) ∧ @@ -50,43 +112,67 @@ next case case_1 solve( (last(#i)) ∥ (∃ #j. (!KU( ni ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i)) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(skB)) ) @ #j) ∧ ¬(last(#j))) ) + (∃ #j. (OUT_I_1( aenc(, pk(skB)) ) @ #j) ∧ ¬(last(#j))) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(skB)) ) @ #j) ∧ ¬(last(#j))) ) case case_1 - solve( State_12111111( skB, xA, ni ) ▶₀ #i ) - case inaencxNapkxApkskB_0_1211111 - solve( !KU( aenc(, pk(~n)) ) @ #vk ) + solve( State_1211111111( cypher1, mess1, pkA, skB, ni ) ▶₀ #i ) + case letxNapkAmess_1_121111111 + solve( !KU( aenc(, pk(~n)) ) @ #vk ) case c_aenc by contradiction /* from formulas */ next - case outaencNapkskApkxB_0_111111111 + case eventOUTIaencxNbkpkB_0_111111111111111_case_1 by contradiction /* from formulas */ next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.17)) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.2)) ) @ #j) ∧ ¬(last(#j))) ) + case eventOUTIaencxNbkpkB_0_111111111111111_case_2 + solve( (∃ #j. (!KU( xNb ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.10)) ∥ + (∃ #j. + (OUT_R_1( aenc(<~n.3, xNb, pk(x)>, pk(~n.4)) ) @ #j) ∧ ¬(last(#j))) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_11111111( xNa, xA.1, ~n.2 ) ▶₀ #j ) - case newNa_0_1111111 + solve( State_121111111111( xNb, cypher1, mess1, pk(~n.4), x, ~n.3 + ) ▶₀ #j ) + case eventINRnixNaaencxNapkApkskB_0_1211111111 by contradiction /* impossible chain */ qed qed next - case outaencxNbkpkxB_0_1111111111111 - solve( (∃ #j. (!KU( xNb ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.16)) ∥ - (∃ #j. - (OUT_R_1( aenc(<~n.2, xNb, pk(xB)>, pk(~n.3)) ) @ #j) ∧ ¬(last(#j))) ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111_case_1 + solve( (∃ #j. (!KU( ni ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.8)) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.1)) ) @ #j) ∧ ¬(last(#j))) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.1)) ) @ #j) ∧ ¬(last(#j))) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by solve( !Semistate_111111( ~n.3 ) ▶₀ #j ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n.2), mess, pk(~n.1), + skA, ni + ) ▶₀ #j ) + qed + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111_case_2 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.10)) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.3)) ) @ #j) ∧ ¬(last(#j))) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.3)) ) @ #j) ∧ ¬(last(#j))) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_1211111111( xNb, xB, ~n.3, ~n.2 ) ▶₀ #j ) - case newNb_0_121111111 - by contradiction /* impossible chain */ - qed + by contradiction /* impossible chain */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.3), skA, + xNa + ) ▶₀ #j ) qed + next + case p_1_11111 + by contradiction /* from formulas */ qed qed next @@ -95,47 +181,54 @@ next next case case_3 by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ qed next case case_2 solve( (last(#i)) ∥ (∃ #j. (!KU( nr ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i)) ∥ - (∃ #j. (OUT_R_1( aenc(, pk(skA)) ) @ #j) ∧ ¬(last(#j))) ) + (∃ #j. (OUT_R_1( aenc(, pk(skA)) ) @ #j) ∧ ¬(last(#j))) ) case case_1 - solve( State_11111111111( Na, skA, xB, nr ) ▶₀ #i ) - case inaencNaxNbpkxBpkskA_0_1111111111 - solve( !KU( aenc(<~n, nr, pk(xB)>, pk(~n.1)) ) @ #vk ) + solve( State_1111111111111( Na, cypher, mess, pkB, skA, nr ) ▶₀ #i ) + case letNaxNbpkBmess_1_111111111111 + solve( !KU( aenc(<~n, nr, pkB>, pk(~n.1)) ) @ #vk ) case c_aenc by contradiction /* from formulas */ next - case outaencxNaNbpkskBpkxA_0_12111111111_case_1 - by contradiction /* from formulas */ - next - case outaencxNaNbpkskBpkxA_0_12111111111_case_2 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.19)) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.3)) ) @ #j) ∧ ¬(last(#j))) ) + case eventOUTIaencxNbkpkB_0_111111111111111 + solve( (∃ #j. (!KU( xNb ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.11)) ∥ + (∃ #j. + (OUT_R_1( aenc(<~n.4, xNb, pk(x)>, pk(~n.5)) ) @ #j) ∧ ¬(last(#j))) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_11111111( xNa, xA, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 + solve( State_121111111111( xNb, cypher1, mess1, pk(~n.5), x, ~n.4 + ) ▶₀ #j ) + case eventINRnixNaaencxNapkApkskB_0_1211111111 by contradiction /* impossible chain */ qed qed next - case outaencxNbkpkxB_0_1111111111111 - solve( (∃ #j. (!KU( xNb ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.18)) ∥ - (∃ #j. - (OUT_R_1( aenc(<~n.3, xNb, pk(xB.1)>, pk(~n.4)) ) @ #j) ∧ ¬(last(#j))) ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111_case_1 + by contradiction /* from formulas */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111_case_2 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #vr.11)) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.4)) ) @ #j) ∧ ¬(last(#j))) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.4)) ) @ #j) ∧ ¬(last(#j))) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_1211111111( xNb, xB.1, ~n.4, ~n.3 ) ▶₀ #j ) - case newNb_0_121111111 - by contradiction /* impossible chain */ - qed + by contradiction /* impossible chain */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.4), skA, + xNa + ) ▶₀ #j ) qed qed qed @@ -151,1720 +244,1261 @@ qed lemma secrecy: all-traces - "¬(∃ pka pkb k #t1 #t2. - (((SessionA( pka, pkb, k ) @ #t1) ∧ (K( k ) @ #t2)) ∧ - (∃ #i. HonestA( pka ) @ #i)) ∧ - (∃ #i. HonestB( pkb ) @ #i))" + "¬(∃ pka pkb k #t1 #t2 #i1 #i2. + (((SessionA( pka, pkb, k ) @ #t1) ∧ (!KU( k ) @ #t2)) ∧ + (HonestA( pka ) @ #i1)) ∧ + (HonestB( pkb ) @ #i2))" /* guarded formula characterizing all counter-examples: -"∃ pka pkb k #t1 #t2. - (SessionA( pka, pkb, k ) @ #t1) ∧ (K( k ) @ #t2) - ∧ - (∃ #i. (HonestA( pka ) @ #i)) ∧ (∃ #i. (HonestB( pkb ) @ #i))" +"∃ pka pkb k #t1 #t2 #i1 #i2. + (SessionA( pka, pkb, k ) @ #t1) ∧ + (!KU( k ) @ #t2) ∧ + (HonestA( pka ) @ #i1) ∧ + (HonestB( pkb ) @ #i2)" */ simplify -solve( State_11111111111111( Na, k, skA, xB, xNb ) ▶₀ #t1 ) - case outaencxNbkpkxB_0_1111111111111 - solve( (∃ #j. (!KU( xNb ) @ #j) ∧ #j < #vr.2) ∥ - (∃ #j. (OUT_R_1( aenc(<~n.1, xNb, pk(xB)>, pk(~n)) ) @ #j)) ) +solve( State_11111111111111111( Na, cypher, k, mess, pk(~n), ~n.1, xNb + ) ▶₀ #t1 ) + case eventOUTIaencxNbkpkB_0_111111111111111 + solve( (∃ #j. (!KU( xNb ) @ #j) ∧ #j < #vr.1) ∥ + (∃ #j. (OUT_R_1( aenc(<~n.2, xNb, pk(~n.1)>, pk(~n)) ) @ #j)) ) case case_1 - solve( State_111( ~n ) ▶₀ #i ) - case newskA_0_11 - solve( State_1211( xB ) ▶₀ #i.1 ) - case newskB_0_121 - solve( !KU( aenc(<~n.1, xNb, pk(~n.3)>, pk(~n)) ) @ #vk.1 ) - case c_aenc - solve( !KU( pk(~n.3) ) @ #vk.3 ) + solve( !Semistate_121( ) ▶₀ #i2 ) + case p_1_ + solve( !KU( aenc(<~n.2, xNb, pk(~n.1)>, pk(~n)) ) @ #vk ) + case c_aenc + solve( !KU( ~n.3 ) @ #t2 ) + case eventOUTIaencxNbkpkB_0_111111111111111 + solve( !KU( pk(~n.1) ) @ #vk.3 ) case c_pk - solve( !KU( ~n.2 ) @ #vk.4 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( pk(~n) ) @ #vk.5 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.3 ) @ #vk.7 ) + solve( !KU( pk(~n) ) @ #vk.4 ) + case c_pk + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.15) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) + qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) + qed + next + case newskA_0_11 + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.15) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) + qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) + qed + next + case p_1_11111 + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.18) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.28) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) + case case_2 + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) + qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) + qed + qed + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.16) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.1)) ) @ #j)) ) + case case_1 + solve( !KU( pk(~n) ) @ #vk.4 ) + case c_pk + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.24) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - by solve( !KU( ~n.2 ) @ #vk.7 ) - qed + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) qed next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.3 ) @ #vk.7 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.35) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) + case newskA_0_11 + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.24) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - by solve( !KU( ~n.2 ) @ #vk.7 ) - qed + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) qed next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.3 ) @ #vk.7 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.28) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) + case p_1_11111 + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.27) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - by solve( !KU( ~n.2 ) @ #vk.7 ) - qed + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) qed qed + next + case case_2 + by contradiction /* cyclic */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.1), skA, + xNa + ) ▶₀ #j ) qed next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.27) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.3)) ) @ #j)) ) - case case_1 - solve( !KU( ~n.2 ) @ #vk.4 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( pk(~n) ) @ #vk.5 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( aenc(, pk(~n.3)) ) @ #vk.8 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed + case p_1_12 + solve( !KU( pk(~n) ) @ #vk.4 ) + case c_pk + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.15) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) + qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) + qed + next + case newskA_0_11 + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.15) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) + qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) + qed + next + case p_1_11111 + solve( !KU( ~n.2 ) @ #vk.5 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.18) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by solve( !KU( ~n.1 ) @ #vk.6 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) + qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) + qed + qed + qed + qed + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.11) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + solve( !KU( ~n.4 ) @ #t2 ) + case eventOUTIaencxNbkpkB_0_111111111111111 + solve( !KU( pk(~n.1) ) @ #vk.1 ) + case c_pk + solve( !KU( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by contradiction /* cyclic */ next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.39) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.4 ) + qed + qed + next + case p_1_11111 + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.24) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - solve( !KU( aenc(, pk(~n.2)) ) @ #vk.8 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( aenc(, pk(~n.3)) ) @ #vk.8 ) - case c_aenc - by contradiction /* cyclic */ + by solve( !KU( ~n.1 ) @ #vk.3 ) next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) qed next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.46) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) - case case_1 + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) + qed + qed + qed + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.22) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.1)) ) @ #j)) ) + case case_1 + solve( !KU( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 by contradiction /* cyclic */ next - case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - solve( !KU( aenc(, pk(~n.2)) ) @ #vk.8 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed - qed + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.4 ) qed qed next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( aenc(, pk(~n.3)) ) @ #vk.8 ) - case c_aenc - by contradiction /* cyclic */ + case p_1_11111 + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.33) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by solve( !KU( ~n.1 ) @ #vk.3 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) + qed next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed + qed + qed + next + case case_2 + by contradiction /* cyclic */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.1), skA, + xNa + ) ▶₀ #j ) + qed + next + case p_1_12 + solve( !KU( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by contradiction /* cyclic */ next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.39) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.4 ) + qed + qed + next + case p_1_11111 + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.24) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - solve( !KU( aenc(, pk(~n.2)) ) @ #vk.8 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed - qed + by solve( !KU( ~n.1 ) @ #vk.3 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed qed qed - next - case case_2 - solve( State_11111111( xNa, xA, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - by contradiction /* cyclic */ - qed qed - next - case outpkskB_0_12111 - solve( !KU( ~n.2 ) @ #vk.4 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( pk(~n) ) @ #vk.5 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.3 ) @ #vk.7 ) + qed + next + case case_2 + solve( !KU( ~n.4 ) @ #t2 ) + case eventOUTIaencxNbkpkB_0_111111111111111 + solve( !KU( pk(~n.1) ) @ #vk.1 ) + case c_pk + solve( !KU( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.29) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - by solve( !KU( ~n.2 ) @ #vk.7 ) - qed - qed + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.3 ) @ #vk.7 ) + case p_1_11111 + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.36) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) - case case_1 + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by solve( !KU( ~n.1 ) @ #vk.3 ) + qed + qed + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.22) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.1)) ) @ #j)) ) + case case_1 + solve( !KU( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 by contradiction /* cyclic */ next - case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - by solve( !KU( ~n.2 ) @ #vk.7 ) - qed + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.6 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.3 ) @ #vk.7 ) next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.29) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) - case case_1 + case p_1_11111 + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 by contradiction /* cyclic */ next - case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - by solve( !KU( ~n.2 ) @ #vk.7 ) - qed + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed qed + next + case case_2 + by contradiction /* cyclic */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.1), skA, + xNa + ) ▶₀ #j ) + qed + next + case p_1_12 + solve( !KU( aenc(<~n.2, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by solve( !KU( ~n.1 ) @ #vk.3 ) + qed + next + case p_1_11111 + solve( !KU( ~n.3 ) @ #j ) + case eventOUTIaencxNbkpkB_0_111111111111111 + by contradiction /* cyclic */ + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by solve( !KU( ~n.1 ) @ #vk.3 ) + qed qed qed qed next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.1 ) @ #j) ∧ #j < #vr.24) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #j)) ) - case case_1 - solve( !KU( ~n.2 ) @ #vk.1 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( pk(~n.3) ) @ #vk.2 ) + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.2 + ) ▶₀ #j ) + qed + qed + qed + next + case case_2 + solve( !Semistate_121( ) ▶₀ #i2 ) + case p_1_ + solve( State_121111111111( xNb, cypher1, mess1, pk(~n), ~n.1, ~n.2 + ) ▶₀ #j ) + case eventINRnixNaaencxNapkApkskB_0_1211111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.10) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + solve( !KU( ~n.4 ) @ #t2 ) + case eventOUTIaencxNbkpkB_0_111111111111111 + solve( !KU( aenc(<~n.3, ~n.2, pk(~n.1)>, pk(~n)) ) @ #vk ) + case c_aenc + solve( !KU( pk(~n.1) ) @ #vk.2 ) case c_pk - solve( !KU( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #vk.3 ) + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.4 ) case c_aenc - solve( !KU( ~n.4 ) @ #j ) - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( !KU( ~n.2 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.4 ) @ #vk.5 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNbkpkxB_0_1111111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 by contradiction /* cyclic */ + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) qed next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.4 ) @ #j ) - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( !KU( ~n.2 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.4 ) @ #vk.4 ) + case p_1_11111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.20) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.39) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.4)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.2, ~n, ~n.4 ) ▶₀ #j.2 ) - case newNa_0_1111111 - by solve( !KU( ~n.4 ) @ #vk.4 ) - qed - qed + case case_2 + by solve( !KU( ~n.1 ) @ #vk.5 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) qed next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.5 ) qed qed next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.37) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.3)) ) @ #j)) ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.21) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.1)) ) @ #j)) ) case case_1 - solve( !KU( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #vk.3 ) + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.4 ) case c_aenc - solve( !KU( ~n.4 ) @ #j ) - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( !KU( ~n.2 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.4 ) @ #vk.5 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNbkpkxB_0_1111111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 by contradiction /* cyclic */ + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) qed next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.4 ) @ #j ) - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( !KU( ~n.2 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.4 ) @ #vk.4 ) + case p_1_11111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.29) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ + next + case case_2 + by solve( !KU( ~n.1 ) @ #vk.5 ) next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.48) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.4)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.2, ~n, ~n.4 ) ▶₀ #j.2 ) - case newNa_0_1111111 - by solve( !KU( ~n.4 ) @ #vk.4 ) - qed - qed + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) qed next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.5 ) qed qed next case case_2 - solve( State_11111111( xNa, xA, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - by contradiction /* cyclic */ - qed + by contradiction /* cyclic */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.1), skA, + xNa + ) ▶₀ #j.1 ) qed next - case outpkskB_0_12111 - solve( !KU( aenc(<~n.1, pk(~n)>, pk(~n.3)) ) @ #vk.3 ) + case p_1_12 + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.4 ) case c_aenc - solve( !KU( ~n.4 ) @ #j ) - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( !KU( ~n.2 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.4 ) @ #vk.5 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNbkpkxB_0_1111111111111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 by contradiction /* cyclic */ + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.6 ) qed next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.4 ) @ #j ) - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( !KU( ~n.2 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.4 ) @ #vk.4 ) + case p_1_11111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.20) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 + by contradiction /* cyclic */ next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.2 ) @ #j) ∧ #j < #vr.39) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.2, pk(~n)>, pk(~n.4)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.2, ~n, ~n.4 ) ▶₀ #j.2 ) - case newNa_0_1111111 - by solve( !KU( ~n.4 ) @ #vk.4 ) - qed - qed + case case_2 + by solve( !KU( ~n.1 ) @ #vk.5 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) qed next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.5 ) qed qed qed - qed - next - case case_2 - solve( State_11111111( ~n.1, ~n, ~n.3 ) ▶₀ #j ) - case newNa_0_1111111 - solve( !KU( ~n.3 ) @ #vk.1 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( pk(~n.2) ) @ #vk.2 ) - case c_pk - solve( !KU( aenc(<~n.1, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - solve( !KU( ~n.4 ) @ #j.1 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( pk(~n.1) ) @ #vk.1 ) + case c_pk + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by contradiction /* cyclic */ next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.4 ) @ #j.1 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.4 ) qed next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.36) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.2)) ) @ #j)) ) - case case_1 - solve( !KU( aenc(<~n.1, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - solve( !KU( ~n.4 ) @ #j.1 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.4 ) @ #j.1 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_11111111( xNa, xA, ~n.2 ) ▶₀ #j.1 ) - case newNa_0_1111111 + case p_1_11111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.20) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 by contradiction /* cyclic */ - qed - qed - next - case outpkskB_0_12111 - solve( !KU( aenc(<~n.1, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - solve( !KU( ~n.4 ) @ #j.1 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.4 ) @ #j.1 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) + case case_2 + by solve( !KU( ~n.1 ) @ #vk.3 ) next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_111( ~n ) ▶₀ #i ) - case newskA_0_11 - solve( State_1211( xB ) ▶₀ #i.1 ) - case newskB_0_121 - solve( State_1211111111( xNb, ~n.1, ~n, ~n.2 ) ▶₀ #j ) - case newNb_0_121111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.22) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - solve( !KU( aenc(<~n.3, ~n.1, pk(~n.2)>, pk(~n)) ) @ #vk.1 ) - case c_aenc - solve( !KU( ~n.4 ) @ #vk.1 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( pk(~n.2) ) @ #vk.3 ) - case c_pk - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.5 ) + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.21) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.1)) ) @ #j)) ) + case case_1 + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) case c_aenc solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.7 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 by contradiction /* cyclic */ + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.4 ) qed next - case outaencNapkskApkxB_0_111111111 + case p_1_11111 solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.34) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.29) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) case case_1 by contradiction /* cyclic */ next case case_2 - solve( State_11111111( ~n.3, ~n, ~n.2 ) ▶₀ #j.2 ) - case newNa_0_1111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.35) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.2)) ) @ #j)) ) - case case_1 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.7 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed + by solve( !KU( ~n.1 ) @ #vk.3 ) next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) qed next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.43) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.3, ~n, ~n.2 ) ▶₀ #j.2 ) - case newNa_0_1111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed + qed + next + case case_2 + by contradiction /* cyclic */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.1), skA, + xNa + ) ▶₀ #j.1 ) + qed + next + case p_1_12 + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + by contradiction /* cyclic */ next - case case_2 - solve( State_11111111( xNa, xA, ~n.2 ) ▶₀ #j.1 ) - case newNa_0_1111111 - by contradiction /* cyclic */ - qed + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.4 ) qed next - case outpkskB_0_12111 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.7 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 + case p_1_11111 + solve( !KU( ~n.3 ) @ #j.1 ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.20) ∥ + (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #j)) ) + case case_1 by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.34) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.3, ~n, ~n.2 ) ▶₀ #j.2 ) - case newNa_0_1111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.1 ) @ #vk.7 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.8 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed + case case_2 + by solve( !KU( ~n.1 ) @ #vk.3 ) + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.2 ) qed + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed qed qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( !KU( pk(~n.2) ) @ #vk.2 ) + qed + qed + next + case case_2 + solve( !KU( ~n.4 ) @ #t2 ) + case eventOUTIaencxNbkpkB_0_111111111111111 + solve( !KU( aenc(<~n.3, ~n.2, pk(~n.1)>, pk(~n)) ) @ #vk ) + case c_aenc + solve( !KU( pk(~n.1) ) @ #vk.1 ) case c_pk - solve( !KU( ~n.4 ) @ #vk.2 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.2 ) @ #vk.5 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.35) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.3, ~n, ~n.2 ) ▶₀ #j.2 ) - case newNa_0_1111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - qed - qed - qed - qed + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.4 ) + case c_aenc + by solve( !KU( ~n.1 ) @ #vk.5 ) + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.5 ) qed next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.34) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.2)) ) @ #j)) ) + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.21) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.1)) ) @ #j)) ) case case_1 - solve( !KU( ~n.4 ) @ #vk.2 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( aenc(, pk(~n.2)) ) @ #vk.6 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( aenc(, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.44) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.3, ~n, ~n.2 ) ▶₀ #j.2 ) - case newNa_0_1111111 - solve( !KU( aenc(, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.4 ) + case c_aenc + by solve( !KU( ~n.1 ) @ #vk.5 ) + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.5 ) qed next case case_2 - solve( State_11111111( xNa, xA, ~n.2 ) ▶₀ #j.1 ) - case newNa_0_1111111 - by contradiction /* cyclic */ - qed + by contradiction /* cyclic */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.1), skA, + xNa + ) ▶₀ #j.1 ) qed next - case outpkskB_0_12111 - solve( !KU( ~n.4 ) @ #vk.2 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.2 ) @ #vk.5 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #j.1 ) - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.35) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( State_11111111( ~n.3, ~n, ~n.2 ) ▶₀ #j.2 ) - case newNa_0_1111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - qed - qed - qed - qed + case p_1_12 + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.4 ) + case c_aenc + by solve( !KU( ~n.1 ) @ #vk.5 ) + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.5 ) qed qed - qed - next - case case_2 - solve( State_11111111( ~n.3, ~n, ~n.2 ) ▶₀ #j.1 ) - case newNa_0_1111111 - solve( !KU( aenc(<~n.3, ~n.1, pk(~n.2)>, pk(~n)) ) @ #vk.1 ) - case c_aenc - solve( !KU( ~n.4 ) @ #vk.1 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( pk(~n.2) ) @ #vk.2 ) - case c_pk - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.33) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.40) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.33) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.34) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.2)) ) @ #j)) ) - case case_1 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.42) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.49) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.42) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - next - case case_2 - solve( State_11111111( xNa, xA, ~n.2 ) ▶₀ #j.2 ) - case newNa_0_1111111 - by contradiction /* cyclic */ - qed - qed - next - case outpkskB_0_12111 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.3 ) @ #vk.8 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.9 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.10 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - by contradiction /* cyclic */ - qed - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( pk(~n) ) @ #vk.6 ) - case c_pk - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.33) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.40) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case outpkskA_0_1111 - solve( !KU( ~n.3 ) @ #vk.7 ) - case outaencNapkskApkxB_0_111111111 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( ~n.3 ) @ #j) ∧ #j < #vr.33) ∥ - (∃ #j. (OUT_I_1( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #j)) ) - case case_1 - by contradiction /* cyclic */ - next - case case_2 - solve( !KU( ~n.1 ) @ #vk.8 ) - case outaencxNaNbpkskBpkxA_0_12111111111 - by solve( !KU( ~n.2 ) @ #vk.9 ) - next - case outaencxNbkpkxB_0_1111111111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed + next + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( !KU( pk(~n.1) ) @ #vk.1 ) + case c_pk + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + by solve( !KU( ~n.1 ) @ #vk.3 ) + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( !KU( pk(~n.2) ) @ #vk.2 ) - case c_pk - solve( !KU( ~n.4 ) @ #vk.2 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - qed - qed - next - case outaencxNaNbpkskBpkxA_0_12111111111 - solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.33) ∥ - (∃ #j. (OUT_I_1( aenc(, pk(~n.2)) ) @ #j)) ) - case case_1 - solve( !KU( ~n.4 ) @ #vk.2 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - solve( !KU( aenc(, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed - next - case outaencNapkskApkxB_0_111111111 - solve( !KU( aenc(, pk(~n.2)) ) @ #vk.5 ) - case c_aenc - by contradiction /* cyclic */ - next - case outaencNapkskApkxB_0_111111111 - by contradiction /* cyclic */ - qed - qed - qed + case eventOUTRaencxNaNbpkskBpkA_0_121111111111 + solve( (∃ #j. (!KU( xNa ) @ #j) ∧ #j < #vr.21) ∥ + (∃ #j. (OUT_I_1( aenc(, pk(~n.1)) ) @ #j)) ∥ + (∃ #j. (OUT_I_2( aenc(, pk(~n.1)) ) @ #j)) ) + case case_1 + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + by solve( !KU( ~n.1 ) @ #vk.3 ) next - case case_2 - solve( State_11111111( xNa, xA, ~n.2 ) ▶₀ #j.2 ) - case newNa_0_1111111 - by contradiction /* cyclic */ - qed + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed next - case outpkskB_0_12111 - solve( !KU( ~n.4 ) @ #vk.2 ) - case outaencxNbkpkxB_0_1111111111111 - solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.2)) ) @ #vk.3 ) - case c_aenc - by solve( !KU( ~n.2 ) @ #vk.4 ) - next - case outaencNapkskApkxB_0_111111111 - by solve( !KU( ~n.2 ) @ #vk.4 ) - qed - qed + case case_2 + by contradiction /* cyclic */ + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(x), mess, pk(~n.1), skA, + xNa + ) ▶₀ #j.1 ) + qed + next + case p_1_12 + solve( !KU( aenc(<~n.3, pk(~n)>, pk(~n.1)) ) @ #vk.2 ) + case c_aenc + by solve( !KU( ~n.1 ) @ #vk.3 ) + next + case p_1_11111 + by solve( !KU( ~n.1 ) @ #vk.3 ) qed qed qed qed + next + case case_3 + by solve( State_111111111111111( Na, cypher, pk(~n), mess, pk(~n.1), skA, + ~n.3 + ) ▶₀ #j.1 ) qed qed qed qed qed -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newskA_0_11[color=#ffffff, process="new skA;"]: - [ State_11( ), Fr( skA ) ] --> [ State_111( skA ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) eventHonestApkskA_0_111[color=#ffffff, - process="event HonestA( pk(skA) );"]: - [ State_111( skA ) ] --[ HonestA( pk(skA) ) ]-> [ State_1111( skA ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) outpkskA_0_1111[color=#ffffff, process="out(pk(skA));"]: - [ State_1111( skA ) ] --> [ State_11111( skA ), Out( pk(skA) ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11111[color=#ffffff, process="!"]: - [ State_11111( skA ) ] --> [ !Semistate_111111( skA ) ] +rule (modulo E) newskA_0_11[color=#ffffff, process="new skA.1;"]: + [ State_11( ), Fr( skA.1 ) ] + --[ HonestA( pk(skA.1) ) ]-> + [ !Semistate_111111( skA.1 ), Out( pk(skA.1) ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newskA_0_11[color=#ffffff, process="new skA.1;"]: + [ State_11( ), Fr( skA ) ] + --[ HonestA( pk(skA) ) ]-> + [ !Semistate_111111( skA ), Out( pk(skA) ) ] + */ rule (modulo E) p_1_11111[color=#ffffff, process="!"]: - [ !Semistate_111111( skA ) ] --> [ State_111111( skA ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inpkxB_0_111111[color=#ffffff, process="in(pk(xB));"]: - [ State_111111( skA ), In( pk(xB) ) ] --> [ State_1111111( skA, xB ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newNa_0_1111111[color=#ffffff, process="new Na;"]: - [ State_1111111( skA, xB ), Fr( Na ) ] - --> - [ State_11111111( Na, skA, xB ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventOUTIaencNapkskApkxB_0_11111111[color=#ffffff, - process="event OUT_I_1( aenc(, pk(xB)) );"]: - [ State_11111111( Na, skA, xB ) ] - --[ OUT_I_1( aenc(, pk(xB)) ) ]-> - [ State_111111111( Na, skA, xB ) ] + [ !Semistate_111111( skA.1 ), In( pkB.1 ), Fr( Na.1 ) ] + --[ OUT_I_1( aenc(, pkB.1) ) ]-> + [ + State_1111111111( Na.1, pkB.1, skA.1 ), + Out( aenc(, pkB.1) ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11111[color=#ffffff, process="!"]: + [ !Semistate_111111( skA ), In( pkB ), Fr( Na ) ] + --[ OUT_I_1( aenc(, pkB) ) ]-> + [ State_1111111111( Na, pkB, skA ), Out( aenc(, pkB) ) ] + */ -rule (modulo E) outaencNapkskApkxB_0_111111111[color=#ffffff, - process="out(aenc(, pk(xB)));"]: - [ State_111111111( Na, skA, xB ) ] +rule (modulo E) incypher_0_1111111111[color=#ffffff, + process="in(cypher.1);"]: + [ State_1111111111( Na.1, pkB.1, skA.1 ), In( cypher.1 ) ] --> - [ State_1111111111( Na, skA, xB ), Out( aenc(, pk(xB)) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inaencNaxNbpkxBpkskA_0_1111111111[color=#ffffff, - process="in(aenc(, pk(skA)));"]: - [ State_1111111111( Na, skA, xB ), In( aenc(, pk(skA)) ) + [ Let_111111111111( , Na.1, cypher.1, pkB.1, skA.1 ) ] + + /* + rule (modulo AC) incypher_0_1111111111[color=#ffffff, + process="in(cypher.1);"]: + [ State_1111111111( Na, pkB, skA ), In( cypher ) ] + --> + [ Let_111111111111( , Na, cypher, pkB, skA ) ] + */ + +rule (modulo E) letmessadeccypherskA_1_11111111111[color=#ffffff, + process="let mess.1=adec(cypher.1, skA.1)"]: + [ + Let_111111111111( , Na.1, cypher.1, pkB.1, + skA.1 + ) ] --> - [ State_11111111111( Na, skA, xB, xNb ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventINInrxNbaencNaxNbpkxBpkskA_0_11111111111[color=#ffffff, - process="event IN_I_2_nr( xNb, aenc(, pk(skA)) );"]: - [ State_11111111111( Na, skA, xB, xNb ) ] - --[ IN_I_2_nr( xNb, aenc(, pk(skA)) ) ]-> - [ State_111111111111( Na, skA, xB, xNb ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_111111111111[color=#ffffff, process="new k;"]: - [ State_111111111111( Na, skA, xB, xNb ), Fr( k ) ] + [ State_111111111111( Na.1, cypher.1, mess.1, pkB.1, skA.1 ) ] + + /* + rule (modulo AC) letmessadeccypherskA_1_11111111111[color=#ffffff, + process="let mess.1=adec(cypher.1, skA.1)"]: + [ Let_111111111111( , Na, cypher, pkB, skA ) ] + --> + [ State_111111111111( Na, cypher, mess, pkB, skA ) ] + */ + +rule (modulo E) letNaxNbpkBmess_0_111111111111[color=#ffffff, + process="let <=Na.1, xNb.1, =pkB.1>=mess.1"]: + [ State_111111111111( Na.1, cypher.1, mess.1, pkB.1, skA.1 ) ] --> - [ State_1111111111111( Na, k, skA, xB, xNb ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outaencxNbkpkxB_0_1111111111111[color=#ffffff, - process="out(aenc(, pk(xB)));"]: - [ State_1111111111111( Na, k, skA, xB, xNb ) ] + [ Let_1111111111111( mess.1, Na.1, cypher.1, mess.1, pkB.1, skA.1 ) ] + + /* + rule (modulo AC) letNaxNbpkBmess_0_111111111111[color=#ffffff, + process="let <=Na.1, xNb.1, =pkB.1>=mess.1"]: + [ State_111111111111( Na, cypher, mess, pkB, skA ) ] + --> + [ Let_1111111111111( mess, Na, cypher, mess, pkB, skA ) ] + */ + +rule (modulo E) letNaxNbpkBmess_1_111111111111[color=#ffffff, + process="let <=Na.1, xNb.1, =pkB.1>=mess.1"]: + [ + Let_1111111111111( , Na.1, cypher.1, mess.1, pkB.1, + skA.1 + ) + ] --> + [ State_1111111111111( Na.1, cypher.1, mess.1, pkB.1, skA.1, xNb.1 ) ] + + /* + rule (modulo AC) letNaxNbpkBmess_1_111111111111[color=#ffffff, + process="let <=Na.1, xNb.1, =pkB.1>=mess.1"]: + [ Let_1111111111111( , Na, cypher, mess, pkB, skA ) ] + --> + [ State_1111111111111( Na, cypher, mess, pkB, skA, xNb ) ] + */ + +rule (modulo E) eventINInrxNbaencNaxNbpkBpkskA_0_1111111111111[color=#ffffff, + process="event IN_I_2_nr( xNb.1, aenc(, pk(skA.1)) );"]: [ - State_11111111111111( Na, k, skA, xB, xNb ), - Out( aenc(, pk(xB)) ) + State_1111111111111( Na.1, cypher.1, mess.1, pkB.1, skA.1, xNb.1 ), + Fr( k.1 ) + ] + --[ IN_I_2_nr( xNb.1, aenc(, pk(skA.1)) ) ]-> + [ + State_111111111111111( Na.1, cypher.1, k.1, mess.1, pkB.1, skA.1, xNb.1 ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) eventSessionApkskApkxBk_0_11111111111111[color=#ffffff, - process="event SessionA( pk(skA), pk(xB), k );"]: - [ State_11111111111111( Na, k, skA, xB, xNb ) ] - --[ SessionA( pk(skA), pk(xB), k ) ]-> - [ State_111111111111111( Na, k, skA, xB, xNb ) ] + /* + rule (modulo AC) eventINInrxNbaencNaxNbpkBpkskA_0_1111111111111[color=#ffffff, + process="event IN_I_2_nr( xNb.1, aenc(, pk(skA.1)) );"]: + [ State_1111111111111( Na, cypher, mess, pkB, skA, xNb ), Fr( k ) ] + --[ IN_I_2_nr( xNb, aenc(, pk(skA)) ) ]-> + [ State_111111111111111( Na, cypher, k, mess, pkB, skA, xNb ) ] + */ - /* has exactly the trivial AC variant */ +rule (modulo E) eventOUTIaencxNbkpkB_0_111111111111111[color=#ffffff, + process="event OUT_I_2( aenc(, pkB.1) );"]: + [ + State_111111111111111( Na.1, cypher.1, k.1, mess.1, pkB.1, skA.1, xNb.1 ) + ] + --[ OUT_I_2( aenc(, pkB.1) ) ]-> + [ + State_11111111111111111( Na.1, cypher.1, k.1, mess.1, pkB.1, skA.1, xNb.1 + ), + Out( aenc(, pkB.1) ) + ] -rule (modulo E) p_0_111111111111111[color=#ffffff, process="0"]: - [ State_111111111111111( Na, k, skA, xB, xNb ) ] --> [ ] + /* + rule (modulo AC) eventOUTIaencxNbkpkB_0_111111111111111[color=#ffffff, + process="event OUT_I_2( aenc(, pkB.1) );"]: + [ State_111111111111111( Na, cypher, k, mess, pkB, skA, xNb ) ] + --[ OUT_I_2( aenc(, pkB) ) ]-> + [ + State_11111111111111111( Na, cypher, k, mess, pkB, skA, xNb ), + Out( aenc(, pkB) ) + ] + */ + +rule (modulo E) eventSessionApkskApkBk_0_11111111111111111[color=#ffffff, + process="event SessionA( pk(skA.1), pkB.1, k.1 );"]: + [ + State_11111111111111111( Na.1, cypher.1, k.1, mess.1, pkB.1, skA.1, xNb.1 + ) + ] + --[ SessionA( pk(skA.1), pkB.1, k.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventSessionApkskApkBk_0_11111111111111111[color=#ffffff, + process="event SessionA( pk(skA.1), pkB.1, k.1 );"]: + [ State_11111111111111111( Na, cypher, k, mess, pkB, skA, xNb ) ] + --[ SessionA( pk(skA), pkB, k ) ]-> + [ ] + */ -rule (modulo E) p_0_12[color=#ffffff, process="!"]: - [ State_12( ) ] --> [ !Semistate_121( ) ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] --> [ !Semistate_121( ), State_11( ) ] /* has exactly the trivial AC variant */ rule (modulo E) p_1_12[color=#ffffff, process="!"]: - [ !Semistate_121( ) ] --> [ State_121( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newskB_0_121[color=#ffffff, process="new skB;"]: - [ State_121( ), Fr( skB ) ] --> [ State_1211( skB ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventHonestBpkskB_0_1211[color=#ffffff, - process="event HonestB( pk(skB) );"]: - [ State_1211( skB ) ] --[ HonestB( pk(skB) ) ]-> [ State_12111( skB ) ] + [ !Semistate_121( ), Fr( skB.1 ) ] + --[ HonestB( pk(skB.1) ) ]-> + [ !Semistate_1211111( skB.1 ), Out( pk(skB.1) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) outpkskB_0_12111[color=#ffffff, process="out(pk(skB));"]: - [ State_12111( skB ) ] --> [ State_121111( skB ), Out( pk(skB) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_121111[color=#ffffff, process="!"]: - [ State_121111( skB ) ] --> [ !Semistate_1211111( skB ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_12[color=#ffffff, process="!"]: + [ !Semistate_121( ), Fr( skB ) ] + --[ HonestB( pk(skB) ) ]-> + [ !Semistate_1211111( skB ), Out( pk(skB) ) ] + */ rule (modulo E) p_1_121111[color=#ffffff, process="!"]: - [ !Semistate_1211111( skB ) ] --> [ State_1211111( skB ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inaencxNapkxApkskB_0_1211111[color=#ffffff, - process="in(aenc(, pk(skB)));"]: - [ State_1211111( skB ), In( aenc(, pk(skB)) ) ] + [ !Semistate_1211111( skB.1 ), In( cypher1.1 ) ] --> - [ State_12111111( skB, xA, xNa ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventINRnixNaaencxNapkxApkskB_0_12111111[color=#ffffff, - process="event IN_R_1_ni( xNa, aenc(, pk(skB)) );"]: - [ State_12111111( skB, xA, xNa ) ] - --[ IN_R_1_ni( xNa, aenc(, pk(skB)) ) ]-> - [ State_121111111( skB, xA, xNa ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newNb_0_121111111[color=#ffffff, process="new Nb;"]: - [ State_121111111( skB, xA, xNa ), Fr( Nb ) ] + [ Let_121111111( , cypher1.1, skB.1 ) ] + + /* + rule (modulo AC) p_1_121111[color=#ffffff, process="!"]: + [ !Semistate_1211111( skB ), In( cypher1 ) ] + --> + [ Let_121111111( , cypher1, skB ) ] + */ + +rule (modulo E) letmessadeccypherskB_1_12111111[color=#ffffff, + process="let mess1.1=adec(cypher1.1, skB.1)"]: + [ Let_121111111( , cypher1.1, skB.1 ) ] --> - [ State_1211111111( Nb, skB, xA, xNa ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventOUTRaencxNaNbpkskBpkxA_0_1211111111[color=#ffffff, - process="event OUT_R_1( aenc(, pk(xA)) );"]: - [ State_1211111111( Nb, skB, xA, xNa ) ] - --[ OUT_R_1( aenc(, pk(xA)) ) ]-> - [ State_12111111111( Nb, skB, xA, xNa ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outaencxNaNbpkskBpkxA_0_12111111111[color=#ffffff, - process="out(aenc(, pk(xA)));"]: - [ State_12111111111( Nb, skB, xA, xNa ) ] + [ State_121111111( cypher1.1, mess1.1, skB.1 ) ] + + /* + rule (modulo AC) letmessadeccypherskB_1_12111111[color=#ffffff, + process="let mess1.1=adec(cypher1.1, skB.1)"]: + [ Let_121111111( , cypher1, skB ) ] + --> + [ State_121111111( cypher1, mess1, skB ) ] + */ + +rule (modulo E) letxNapkAmess_0_121111111[color=#ffffff, + process="let =mess1.1"]: + [ State_121111111( cypher1.1, mess1.1, skB.1 ) ] + --> + [ Let_1211111111( mess1.1, cypher1.1, mess1.1, skB.1 ) ] + + /* + rule (modulo AC) letxNapkAmess_0_121111111[color=#ffffff, + process="let =mess1.1"]: + [ State_121111111( cypher1, mess1, skB ) ] + --> + [ Let_1211111111( mess1, cypher1, mess1, skB ) ] + */ + +rule (modulo E) letxNapkAmess_1_121111111[color=#ffffff, + process="let =mess1.1"]: + [ Let_1211111111( , cypher1.1, mess1.1, skB.1 ) ] --> + [ State_1211111111( cypher1.1, mess1.1, pkA.1, skB.1, xNa.1 ) ] + + /* + rule (modulo AC) letxNapkAmess_1_121111111[color=#ffffff, + process="let =mess1.1"]: + [ Let_1211111111( , cypher1, mess1, skB ) ] + --> + [ State_1211111111( cypher1, mess1, pkA, skB, xNa ) ] + */ + +rule (modulo E) eventINRnixNaaencxNapkApkskB_0_1211111111[color=#ffffff, + process="event IN_R_1_ni( xNa.1, aenc(, pk(skB.1)) );"]: + [ State_1211111111( cypher1.1, mess1.1, pkA.1, skB.1, xNa.1 ), Fr( Nb.1 ) + ] + --[ IN_R_1_ni( xNa.1, aenc(, pk(skB.1)) ) ]-> + [ State_121111111111( Nb.1, cypher1.1, mess1.1, pkA.1, skB.1, xNa.1 ) ] + + /* + rule (modulo AC) eventINRnixNaaencxNapkApkskB_0_1211111111[color=#ffffff, + process="event IN_R_1_ni( xNa.1, aenc(, pk(skB.1)) );"]: + [ State_1211111111( cypher1, mess1, pkA, skB, xNa ), Fr( Nb ) ] + --[ IN_R_1_ni( xNa, aenc(, pk(skB)) ) ]-> + [ State_121111111111( Nb, cypher1, mess1, pkA, skB, xNa ) ] + */ + +rule (modulo E) eventOUTRaencxNaNbpkskBpkA_0_121111111111[color=#ffffff, + process="event OUT_R_1( aenc(, pkA.1) );"]: + [ State_121111111111( Nb.1, cypher1.1, mess1.1, pkA.1, skB.1, xNa.1 ) ] + --[ OUT_R_1( aenc(, pkA.1) ) ]-> [ - State_121111111111( Nb, skB, xA, xNa ), - Out( aenc(, pk(xA)) ) + State_12111111111111( Nb.1, cypher1.1, mess1.1, pkA.1, skB.1, xNa.1 ), + Out( aenc(, pkA.1) ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) inaencNbxkpkskB_0_121111111111[color=#ffffff, - process="in(aenc(, pk(skB)));"]: - [ State_121111111111( Nb, skB, xA, xNa ), In( aenc(, pk(skB)) ) ] + /* + rule (modulo AC) eventOUTRaencxNaNbpkskBpkA_0_121111111111[color=#ffffff, + process="event OUT_R_1( aenc(, pkA.1) );"]: + [ State_121111111111( Nb, cypher1, mess1, pkA, skB, xNa ) ] + --[ OUT_R_1( aenc(, pkA) ) ]-> + [ + State_12111111111111( Nb, cypher1, mess1, pkA, skB, xNa ), + Out( aenc(, pkA) ) + ] + */ + +rule (modulo E) incypher_0_12111111111111[color=#ffffff, + process="in(cypher2.1);"]: + [ + State_12111111111111( Nb.1, cypher1.1, mess1.1, pkA.1, skB.1, xNa.1 ), + In( cypher2.1 ) + ] --> - [ State_1211111111111( Nb, skB, xA, xNa, xk ) ] - - /* has exactly the trivial AC variant */ + [ + Let_1211111111111111( , Nb.1, cypher1.1, cypher2.1, + mess1.1, pkA.1, skB.1, xNa.1 + ) + ] -rule (modulo E) eventSessionBpkxApkskBxk_0_1211111111111[color=#ffffff, - process="event SessionB( pk(xA), pk(skB), xk );"]: - [ State_1211111111111( Nb, skB, xA, xNa, xk ) ] - --[ SessionB( pk(xA), pk(skB), xk ) ]-> - [ State_12111111111111( Nb, skB, xA, xNa, xk ) ] + /* + rule (modulo AC) incypher_0_12111111111111[color=#ffffff, + process="in(cypher2.1);"]: + [ + State_12111111111111( Nb, cypher1, mess1, pkA, skB, xNa ), In( cypher2 ) + ] + --> + [ + Let_1211111111111111( , Nb, cypher1, cypher2, mess1, pkA, + skB, xNa + ) + ] + */ + +rule (modulo E) letmessadeccypherskB_1_121111111111111[color=#ffffff, + process="let mess2.1=adec(cypher2.1, skB.1)"]: + [ + Let_1211111111111111( , Nb.1, cypher1.1, + cypher2.1, mess1.1, pkA.1, skB.1, xNa.1 + ) + ] + --> + [ + State_1211111111111111( Nb.1, cypher1.1, cypher2.1, mess1.1, mess2.1, + pkA.1, skB.1, xNa.1 + ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letmessadeccypherskB_1_121111111111111[color=#ffffff, + process="let mess2.1=adec(cypher2.1, skB.1)"]: + [ + Let_1211111111111111( , Nb, cypher1, cypher2, + mess1, pkA, skB, xNa + ) + ] + --> + [ + State_1211111111111111( Nb, cypher1, cypher2, mess1, mess2, pkA, skB, xNa + ) + ] + */ + +rule (modulo E) letNbxkmess_0_1211111111111111[color=#ffffff, + process="let <=Nb.1, xk.1>=mess2.1"]: + [ + State_1211111111111111( Nb.1, cypher1.1, cypher2.1, mess1.1, mess2.1, + pkA.1, skB.1, xNa.1 + ) + ] + --> + [ + Let_12111111111111111( mess2.1, Nb.1, cypher1.1, cypher2.1, mess1.1, + mess2.1, pkA.1, skB.1, xNa.1 + ) + ] -rule (modulo E) p_0_12111111111111[color=#ffffff, process="0"]: - [ State_12111111111111( Nb, skB, xA, xNa, xk ) ] --> [ ] + /* + rule (modulo AC) letNbxkmess_0_1211111111111111[color=#ffffff, + process="let <=Nb.1, xk.1>=mess2.1"]: + [ + State_1211111111111111( Nb, cypher1, cypher2, mess1, mess2, pkA, skB, xNa + ) + ] + --> + [ + Let_12111111111111111( mess2, Nb, cypher1, cypher2, mess1, mess2, pkA, + skB, xNa + ) + ] + */ + +rule (modulo E) letNbxkmess_1_1211111111111111[color=#ffffff, + process="let <=Nb.1, xk.1>=mess2.1"]: + [ + Let_12111111111111111( , Nb.1, cypher1.1, cypher2.1, mess1.1, + mess2.1, pkA.1, skB.1, xNa.1 + ) + ] + --> + [ + State_12111111111111111( Nb.1, cypher1.1, cypher2.1, mess1.1, mess2.1, + pkA.1, skB.1, xNa.1, xk.1 + ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) letNbxkmess_1_1211111111111111[color=#ffffff, + process="let <=Nb.1, xk.1>=mess2.1"]: + [ + Let_12111111111111111( , Nb, cypher1, cypher2, mess1, mess2, pkA, + skB, xNa + ) + ] + --> + [ + State_12111111111111111( Nb, cypher1, cypher2, mess1, mess2, pkA, skB, + xNa, xk + ) + ] + */ + +rule (modulo E) eventSessionBpkApkskBxk_0_12111111111111111[color=#ffffff, + process="event SessionB( pkA.1, pk(skB.1), xk.1 );"]: + [ + State_12111111111111111( Nb.1, cypher1.1, cypher2.1, mess1.1, mess2.1, + pkA.1, skB.1, xNa.1, xk.1 + ) + ] + --[ SessionB( pkA.1, pk(skB.1), xk.1 ) ]-> + [ ] + + /* + rule (modulo AC) eventSessionBpkApkskBxk_0_12111111111111111[color=#ffffff, + process="event SessionB( pkA.1, pk(skB.1), xk.1 );"]: + [ + State_12111111111111111( Nb, cypher1, cypher2, mess1, mess2, pkA, skB, + xNa, xk + ) + ] + --[ SessionB( pkA, pk(skB), xk ) ]-> + [ ] + */ restriction single_session: "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" @@ -1875,7 +1509,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -1885,9 +1519,11 @@ analyzing: examples/sapic/slow/NSL/nsl-no_as-untagged.spthy analyzed: examples/sapic/slow/NSL/nsl-no_as-untagged.spthy output: examples/sapic/slow/NSL/nsl-no_as-untagged.spthy.tmp - processing time: 24.697543152s - source (all-traces): verified (34 steps) - secrecy (all-traces): verified (483 steps) + processing time: 11.625918325s + sanity1 (all-traces): falsified - found trace (7 steps) + sanity2 (all-traces): falsified - found trace (8 steps) + source (all-traces): verified (40 steps) + secrecy (all-traces): verified (244 steps) ------------------------------------------------------------------------------ @@ -1897,9 +1533,11 @@ summary of summaries: analyzed: examples/sapic/slow/NSL/nsl-no_as-untagged.spthy output: examples/sapic/slow/NSL/nsl-no_as-untagged.spthy.tmp - processing time: 24.697543152s - source (all-traces): verified (34 steps) - secrecy (all-traces): verified (483 steps) + processing time: 11.625918325s + sanity1 (all-traces): falsified - found trace (7 steps) + sanity2 (all-traces): falsified - found trace (8 steps) + source (all-traces): verified (40 steps) + secrecy (all-traces): verified (244 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/slow/PKCS11/pkcs11-templates_analyzed.spthy b/case-studies-regression/sapic/slow/PKCS11/pkcs11-templates_analyzed.spthy index fd92b7f4e..dd8fab224 100644 --- a/case-studies-regression/sapic/slow/PKCS11/pkcs11-templates_analyzed.spthy +++ b/case-studies-regression/sapic/slow/PKCS11/pkcs11-templates_analyzed.spthy @@ -3,8 +3,8 @@ theory PKCS11TemplatePolicy begin // Function signature and definition of the equational theory E functions: attdec/1, attenc/1, attextr/1, attsens/1, atttrus/1, - attunwrap/1, attut/1, attwrap/1, attwt/1, attwwt/1, fst/1, key/1, pair/2, - sdec/2, senc/2, snd/1, tem/1 + attunwrap/1, attut/1, attwrap/1, attwt/1, attwwt/1, fst/1[destructor], + key/1, pair/2, sdec/2[destructor], senc/2, snd/1[destructor], tem/1 equations: attdec() = dec, attenc() = enc, @@ -25,6 +25,8 @@ equations: heuristic: p + + predicate: Can_encrypt( wrap, unwrap, enc, dec, sens, extr, trus, wwt, wt, ut )<=>enc = 'on' @@ -55,6 +57,20 @@ predicate: Permits( t_wrap, t_unwrap, t_enc, t_dec, t_sens, t_extr, t_trus, (t_wt = wt)) ∧ (t_ut = ut) + + + + + + + + + + + + + + lemma dec_limits [use_induction, reuse]: all-traces "(((((∀ k m #t1. @@ -479,36 +495,20 @@ next ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)) ) case case_1 - solve( State_11111111211111( L_h, k, m, v, lock ) ▶₀ #t1 ) - case ifkeyvk_0_1111111121111 + solve( State_111111112111111( lock, m, v, L_h, k ) ▶₀ #t1 ) + case ifkeyvk_0_11111111211111 solve( !KU( senc(m, k) ) @ #vk.2 ) case c_senc solve( Insert( <'obj', L_h>, ) @ #t2 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, lock, ptr, - templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k.1, k, v, L_h, + lock ) ▶₀ #t2 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( Insert( <'F_template', ptr>, - - ) @ #t2.2 ) - case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - by contradiction /* from formulas */ - next - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - by contradiction /* from formulas */ - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , L_h, k.1, k, ut, - v, lock - ) ▶₀ #t2 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z>, ) @ #t2.2 ) @@ -516,59 +516,66 @@ next by contradiction /* cyclic */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.13 < #t2.2) ∥ (#vr.13 = #t2.2) ) + solve( (#vr.6 < #t2.2) ∥ (#vr.6 = #t2.2) ) case case_1 - solve( State_111112111111111111111( L_h.1, atts, h2, k.2, m.1, ut, v, - ~n.2 + solve( State_1111121111111111111111( ut, atts, h2, k.2, m.1, v, L_h.1, + ~n.2 ) ▶₀ #t2.1 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 by contradiction /* from formulas */ qed next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.2, m.1, ut, v, - ~n.2 + solve( State_1111121111111111111111( ut, atts, h2, k.2, m.1, v, L_h.1, + ~n.2 ) ▶₀ #t2.1 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 by contradiction /* from formulas */ qed qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , k, ptr, templ + ) ▶₀ #t2 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( Insert( <'F_template', ptr>, + + ) @ #t2.2 ) + case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 + by contradiction /* from formulas */ + next + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + by contradiction /* from formulas */ + qed + qed qed next - case outkeyv_0_1111211111 - solve( State_111111111111111( L_h.2, - , t, - lock, ptr, templ - ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by contradiction /* impossible chain */ - qed - next - case outm_0_111111112111111 + case eventDecUsingkm_0_111111112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2, 'on' ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.9) ∧ (#t3 < #vr.9)) ∥ (∃ h2 #t2 #t3 #t4. (NewKey( h2, k.1, 'off' ) @ #t2) ∧ (!KU( k.1 ) @ #t3) ∧ (!KU( t ) @ #t4) ∧ (¬(last(#t4))) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.17) ∧ - (#t3 < #vr.17) ∧ - (#t4 < #vr.17)) ∥ - (∃ #t2. (EncUsing( k.1, t ) @ #t2) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.17)) ∥ + (#t2 < #vr.9) ∧ + (#t3 < #vr.9) ∧ + (#t4 < #vr.9)) ∥ + (∃ #t2. (EncUsing( k.1, t ) @ #t2) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.9)) ∥ (∃ h2 k2 #t2 #t3 a. (Unwrapped( h2, k2, a ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.9) ∧ (#t3 < #vr.9)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2, 'on' ) @ #t2) ∧ (DecKey( h1, k2, 'on' ) @ #t3) ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ) + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.9) ∧ (#t3 < #vr.9)) ) case case_1 by contradiction /* from formulas */ next @@ -576,15 +583,19 @@ next by contradiction /* cyclic */ next case case_3 - solve( State_1111111121111111( L_h.1, k.1, m.1, v, ~n.1 ) ▶₀ #t2 ) - case outm_0_111111112111111 + solve( State_11111111211111111( ~n.1, m.1, v, L_h.1, k.1 ) ▶₀ #t2 ) + case eventDecUsingkm_0_111111112111111 solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111111121111( L_h.2, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , + L_h.2 + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed qed @@ -597,7 +608,19 @@ next by contradiction /* from formulas */ qed next - case outsenckeyvkeyv_0_111111211111111_case_1 + case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111 + by contradiction /* from formulas */ + next + case ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111 + solve( State_111111111111111( lock, L_h.2, + , t, ptr, + + ) ▶₀ #t1.1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by contradiction /* impossible chain */ + qed + next + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_1 solve( (z.8 = 'off') ∥ ((z.8 = 'on') ∧ (z = 'on')) ) case case_1 solve( Insert( <'F_template', z.1>, @@ -615,10 +638,10 @@ next by contradiction /* cyclic */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.13 < #t2.1) ∥ (#vr.13 = #t2.1) ) + solve( (#vr.6 < #t2.1) ∥ (#vr.6 = #t2.1) ) case case_1 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.1 ) ▶₀ #t2 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.1 ) ▶₀ #t2 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -629,7 +652,7 @@ next by contradiction /* from formulas */ next case case_2 - solve( (#vr.13 < #t2.5) ∥ (#vr.13 = #t2.5) ) + solve( (#vr.6 < #t2.5) ∥ (#vr.6 = #t2.5) ) case case_1 solve( (#t2.1 < #t2.5) ∥ (#t2.1 = #t2.5) ) case case_1 @@ -650,8 +673,8 @@ next qed next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.1 ) ▶₀ #t2 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.1 ) ▶₀ #t2 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -670,316 +693,438 @@ next solve( Insert( <'obj', L_h>, ) @ #t2.2 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , - k, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , + k.1, k, v, L_h, lock ) ▶₀ #t2.2 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( Insert( <'F_template', ptr>, - - ) @ #t2.6 ) - case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - solve( (#vr.12 < #t2.4) ∥ (#vr.12 = #t2.4) ) - case case_1 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ - ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#vr.12 < #t2.7) ∥ (#vr.12 = #t2.7) ) - case case_1 - solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.19 < #vr.13) ∥ (#t2 < #vr.19) ) + case case_1 + solve( Insert( <'F_template', z>, + + ) @ #t2.6 ) + case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 + by contradiction /* cyclic */ + next + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.9 < #t2.4) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2.1, k.2, m.1, v, L_h.1, + ~n.3 + ) ▶₀ #t2.3 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_11( ) ▶₀ #t2.4 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ - ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h2>, - - ) @ #t2.5 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - m, lock, ptr, templ - ) ▶₀ #t2.5 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.50 < #vr.32) ∥ (#t2.3 < #vr.50) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h2>, + + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + k.2, m, v, L_h.1, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( ((#vr.19 < #vr.30) ∧ + (∃ #t2. + (Unlock_4( '4', ~n.4, 'device' ) @ #t2) + ∧ + (#vr.19 < #t2) ∧ + (#t2 < #vr.30) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.19) ∨ (#t0 = #vr.19) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.19) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.30 < #vr.19) ∥ (#vr.19 = #vr.30) ) case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.7, ptr, - templ - ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 - solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + solve( Insert( <'F_template', z>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ + (#vr.15 < #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, + solve( State_1111121111111111111111( ut, atts, h2, k.3, + m.1, v, L_h.2, ~n.5 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.9 < #t2.1) ∥ (#t2.9 = #t2.1) ∥ + (#vr.15 < #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6>, - ~n.1, lock, ptr, templ - ) ▶₀ #t2.7 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - h1, k, ~n.1, ut, v, lock - ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + k.3, k, v, L_h.2, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.41 < #vr.19) ∥ (#t2.3 < #vr.41) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( (#vr.41 < #vr.30) ∥ (#t2.5 < #vr.41) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', x.6 + > + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', x.6 + > + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, + x.2, x.3, x.4, + 'on', x.5, + 'usage', x.6>, + k, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) + case case_1 + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case case_3 + by contradiction /* from formulas */ qed qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed - qed - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.7, ptr, - templ - ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 - solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + solve( Insert( <'F_template', z>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ + (#vr.15 < #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - ~n.1, lock, ptr, templ - ) ▶₀ #t2.7 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - h1, k, ~n.1, ut, v, lock - ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.50) ∥ (#t2.6 < #vr.69) ) + solve( State_1111121111111111111111( ut, atts, h2, k.3, + m.1, v, L_h.2, ~n.5 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed + by contradiction /* from formulas */ next case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + k.3, k, v, L_h.2, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.41 < #vr.19) ∥ (#t2.3 < #vr.41) ) + case case_1 + solve( (#vr.41 < #vr.30) ∥ (#t2.5 < #vr.41) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', x.6 + > + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', x.6 + > + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, + x.2, x.3, x.4, + 'on', x.5, + 'usage', x.6>, + k, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.39 < #vr.30) ∥ (#t2.5 < #vr.39) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) + case case_1 + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + qed + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) + case case_1 + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed qed qed qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed - qed - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k, m, ut, v, lock - ) ▶₀ #t2.5 ) - case newh_0_1111121111111 - solve( (#vr.51 < #vr.32) ∥ (#t2.3 < #vr.51) ) - case case_1 - solve( Insert( <'F_template', z>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.6 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) + case case_3 + solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - ~n.1, lock, ptr, - templ - ) ▶₀ #t2.7 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.1, ~n.1, ut, v, - lock - ) ▶₀ #t2.7 ) - case newh_0_1111121111111 + solve( Insert( <'obj', h1>, + + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.2, k, v, L_h.1, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.30 < #vr.19) ∥ (#t2.3 < #vr.30) ) + case case_1 solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.7 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ by contradiction /* cyclic */ qed qed qed - qed - qed - qed - qed - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.6 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ next - case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - ~n.1, lock, ptr, - templ - ) ▶₀ #t2.7 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.1, ~n.1, ut, v, - lock - ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.68 < #vr.51) ∥ (#t2.6 < #vr.68) ) + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + k, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + solve( (#vr.6 < #t2.6) ∥ (#vr.6 = #t2.6) ) case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( State_11111111111111111111111( ~n.6, L_h.1, + atts, k.1, + ptr, templ + ) ▶₀ #t2.5 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ qed next case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( State_11111111111111111111111( ~n.6, L_h.1, + atts, k.1, + ptr, templ + ) ▶₀ #t2.5 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ qed qed qed @@ -989,113 +1134,159 @@ next qed qed qed - qed - qed - qed - qed - qed - qed - next - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.18 < #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ - ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h2>, - - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - m, lock, ptr, templ - ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( ((#vr.33 < #vr.51) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.6, 'device' ) @ #t2) - ∧ - (#vr.33 < #t2) ∧ - (#t2 < #vr.51) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.6, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.33) ∨ (#t0 = #vr.33) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.33) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.51 < #vr.33) ∥ (#vr.33 = #vr.51) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.7 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.30 < #t2.6) ) + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', + 'undef'>, + m, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.28 < #vr.19) ∥ (#t2.3 < #vr.28) ) case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.7, ptr, - templ - ) ▶₀ #t2.5 ) - case outLh_0_111111111111111111111 - solve( (#t2.7 < #t2.1) ∥ (#t2.7 = #t2.1) ∥ - (#vr.30 < #t2.7) ) + solve( Insert( <'F_template', ptr>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ + (#vr.15 < #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - ~n.1, lock, ptr, templ - ) ▶₀ #t2.6 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - h1, k, ~n.1, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.70 < #vr.51) ∥ (#t2.5 < #vr.70) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.8 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( State_11111111111111111111111( ~n.6, L_h.1, atts, + k.2, ptr, templ + ) ▶₀ #t2.5 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + k.2, k, v, L_h.1, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.19) ∥ (#t2.3 < #vr.38) ) + case case_1 + solve( (#vr.38 < #vr.28) ∥ (#t2.5 < #vr.38) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed qed next - case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.8 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', + x.5, 'usage', x.6>, + k, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.36 < #vr.28) ∥ (#t2.5 < #vr.36) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) + case case_1 + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + qed + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) + case case_1 + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed qed qed qed @@ -1105,284 +1296,145 @@ next by contradiction /* from formulas */ qed qed - next - case case_3 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.7 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.30 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.7, ptr, - templ - ) ▶₀ #t2.5 ) - case outLh_0_111111111111111111111 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + solve( Insert( <'F_template', ptr>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ + (#vr.15 < #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - ~n.1, lock, ptr, templ - ) ▶₀ #t2.6 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - h1, k, ~n.1, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, 'on', + solve( State_11111111111111111111111( ~n.6, L_h.1, atts, + k.2, ptr, templ + ) ▶₀ #t2.5 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ + (#vr.15 < #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + - ) @ #t2.8 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - next - case case_3 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - solve( (#t2.1 < #t2.5) ∥ (#t2.1 = #t2.5) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, 'on', x.5, - 'usage', x.6> - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - ~n.1, lock, ptr, templ - ) ▶₀ #t2.4 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + k.2, k, v, L_h.1, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.19) ∥ (#t2.3 < #vr.38) ) + case case_1 + solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6>, - h1, k, ~n.1, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, - 'usage', x.6> - ) @ #t2.6 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k, m, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( (#vr.52 < #vr.33) ∥ (#t2.3 < #vr.52) ) - case case_1 - solve( Insert( <'F_template', z>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.7 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.30 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - ~n.1, lock, ptr, - templ - ) ▶₀ #t2.6 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.1, ~n.1, ut, v, - lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( (#vr.38 < #vr.28) ∥ (#t2.5 < #vr.38) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + qed qed - qed - qed - qed - qed - qed - next - case case_3 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.7 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.30 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ - (#vr.30 < #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - <~n.1, 'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h1, + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6>, - ~n.1, lock, ptr, - templ - ) ▶₀ #t2.6 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.1, ~n.1, ut, v, - lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.52) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, + k, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) + case case_1 + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ + qed + qed qed qed qed + next + case case_3 + by contradiction /* from formulas */ qed - next - case case_3 - by contradiction /* from formulas */ qed + next + case case_3 + by contradiction /* from formulas */ qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed qed qed qed qed - qed - next - case case_3 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ - ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - by contradiction /* cyclic */ + next + case case_3 + solve( State_1111121111111111111111( ut, atts, h2.1, k.2, m.1, v, L_h.1, + ~n.3 + ) ▶₀ #t2.3 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + by contradiction /* cyclic */ + qed qed qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , - L_h, k.1, k, ut, v, lock - ) ▶₀ #t2.2 ) - case newh_0_1111121111111 - solve( (#vr.34 < #vr.22) ∥ (#t2 < #vr.34) ) - case case_1 + next + case case_2 solve( Insert( <'F_template', z>, ) @ #t2.6 ) @@ -1390,21 +1442,21 @@ next by contradiction /* cyclic */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.18 < #t2.4) ) + solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.9 < #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2.1, k.2, m.1, ut, v, - ~n.3 + solve( State_1111121111111111111111( ut, atts, h2.1, k.2, m.1, v, L_h.1, + ~n.3 ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + solve( (#t2.7 < #t2.1) ∥ (#t2.7 = #t2.1) ∥ (#vr.9 < #t2.7) ) case case_1 by contradiction /* from formulas */ next @@ -1413,32 +1465,34 @@ next ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', - 'undef'>, - m, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + k.2, m, v, L_h.1, lock ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.50 < #vr.34) ∥ (#t2.3 < #vr.50) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ - (#vr.30 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.2, - ~n.6, ptr, templ - ) ▶₀ #t2.5 ) - case outLh_0_111111111111111111111 - solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.3, m.1, + v, L_h.2, ~n.5 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) case case_1 by contradiction /* from formulas */ next @@ -1447,43 +1501,74 @@ next ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - k, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + k.3, k, v, L_h.2, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.41 < #vr.30) ∥ (#t2.5 < #vr.41) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', + x.5, 'usage', x.6>, + k, ptr, templ ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.68 < #vr.50) ∥ (#t2.5 < #vr.68) ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.39 < #vr.30) ∥ (#t2.5 < #vr.39) ) case case_1 solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) + ) @ #t2.10 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ (#vr.13 = #t2.8) ) + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) case case_1 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed next case case_2 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed qed @@ -1493,588 +1578,525 @@ next solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) + ) @ #t2.10 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ (#vr.13 = #t2.8) ) + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) case case_1 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed next case case_2 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ + solve( State_11111111111111111111111( ~n.8, + L_h.2, + atts, + k.2, + ptr, + templ ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed qed qed qed qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - h1, k.2, k, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.34) ∥ (#t2.3 < #vr.69) ) - case case_1 - solve( (#vr.69 < #vr.50) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - qed qed qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ - (#vr.30 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.2, - ~n.6, ptr, templ - ) ▶₀ #t2.5 ) - case outLh_0_111111111111111111111 - solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ - (#vr.30 < #t2.8) ) - case case_1 - by contradiction /* from formulas */ + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', + 'undef'>, + m, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( Insert( <'F_template', ptr>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_11111111111111111111111( ~n.6, L_h.1, atts, + k.2, ptr, templ + ) ▶₀ #t2.5 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.2, k, v, L_h.1, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.28) ∥ (#t2.5 < #vr.38) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + qed next - case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - k, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + k, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.36 < #vr.28) ∥ (#t2.5 < #vr.36) ) + case case_1 solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ (#vr.13 = #t2.8) ) + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) case case_1 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed next case case_2 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed qed qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - h1, k.2, k, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.34) ∥ (#t2.3 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( (#vr.69 < #vr.50) ∥ (#t2.5 < #vr.69) ) + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + solve( (#vr.6 < #t2.8) ∥ (#vr.6 = #t2.8) ) case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ qed next case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( State_11111111111111111111111( ~n.9, + L_h.1, + atts, + k.1, + ptr, + templ + ) ▶₀ #t2.7 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* from formulas */ qed qed qed qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed qed qed + qed + next + case case_3 + by contradiction /* from formulas */ + qed + qed + qed + next + case case_3 + solve( State_1111121111111111111111( ut, atts, h2.1, k.2, m.1, v, L_h.1, + ~n.3 + ) ▶₀ #t2.3 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ (#vr.9 < #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t2.4 < #t2.8) ∥ (#t2.4 = #t2.8) ) + case case_1 + by contradiction /* from formulas */ next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', 'undef' - >, - h2, k.2, m, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( ((#vr.34 < #vr.51) ∧ - (∃ #t2. - (Unlock_4( '4', ~n.4, 'device' ) @ #t2) - ∧ - (#vr.34 < #t2) ∧ - (#t2 < #vr.51) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.34) ∨ (#t0 = #vr.34) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.34) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.51 < #vr.34) ∥ (#vr.34 = #vr.51) ) - case case_1 - solve( Insert( <'F_template', z>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ - (#vr.30 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.2, atts, h2, k.3, - m.1, ut, v, ~n.5 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.9 < #t2.1) ∥ (#t2.9 = #t2.1) ∥ - (#vr.30 < #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, - x.2, x.3, x.4, - 'on', x.5, - 'usage', x.6>, - k, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ (#vr.13 = #t2.8) ) - case case_1 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.2, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - h1, k.3, k, ut, v, - lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.68 < #vr.34) ∥ (#t2.3 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( (#vr.68 < #vr.51) ∥ (#t2.5 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', x.6 - > - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', x.6 - > - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - qed - qed + case case_2 + solve( State_1( ) ▶₀ #t2.4 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , + k, ptr, templ + ) ▶₀ #t2.2 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( Insert( <'F_template', ptr>, + + ) @ #t2.6 ) + case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 + solve( (#vr.5 < #t2.4) ∥ (#vr.5 = #t2.4) ) + case case_1 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ + ) ▶₀ #t2.3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_11( ) ▶₀ #t2.4 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + by contradiction /* cyclic */ + qed + qed + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ + ) ▶₀ #t2.3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h2>, + + ) @ #t2.5 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k, m, v, L_h, lock + ) ▶₀ #t2.5 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.26 < #vr.16) ∥ (#t2.3 < #vr.26) ) + case case_1 + solve( Insert( <'F_template', z>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, + v, L_h.1, ~n.6 + ) ▶₀ #t2.6 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + <~n.1, 'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.7 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, ~n.1, v, L_h.1, lock + ) ▶₀ #t2.7 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed - next - case case_3 - by contradiction /* from formulas */ qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, + <'on', x, x.1, + x.2, x.3, x.4, + 'on', x.5, + 'usage', x.6>, + ~n.1, ptr, templ + ) ▶₀ #t2.7 ) qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed + qed + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ next case case_2 - solve( Insert( <'F_template', z>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ - (#vr.30 < #t2.6) ) + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, + v, L_h.1, ~n.6 + ) ▶₀ #t2.6 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.2, atts, h2, k.3, - m.1, ut, v, ~n.5 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, - x.2, x.3, x.4, - 'on', x.5, - 'usage', x.6>, - k, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.67 < #vr.51) ∥ (#t2.5 < #vr.67) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ - (#vr.13 = #t2.8) ) - case case_1 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ - (#vr.13 = #t2.8) ) - case case_1 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + <~n.1, 'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.7 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, ~n.1, v, L_h.1, lock + ) ▶₀ #t2.7 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.37 < #vr.26) ∥ (#t2.6 < #vr.37) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.2, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - h1, k.3, k, ut, v, - lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.68 < #vr.34) ∥ (#t2.3 < #vr.68) ) - case case_1 - solve( (#vr.68 < #vr.51) ∥ (#t2.5 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', x.6 - > - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', x.6 - > - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, + <'on', x, x.1, + x.2, x.3, x.4, + 'on', x.5, + 'usage', x.6>, + ~n.1, ptr, templ + ) ▶₀ #t2.7 ) qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed + qed + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + m, ptr, templ + ) ▶₀ #t2.5 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.24 < #vr.16) ∥ (#t2.3 < #vr.24) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ next - case case_3 - solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) + case case_2 + solve( State_11111111111111111111111( ~n.7, L_h, atts, k, ptr, + templ + ) ▶₀ #t2.6 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 solve( Insert( <'obj', h1>, - - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - k, lock, ptr, templ - ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( Insert( <'F_template', ptr>, + ) @ #t2.7 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k, ~n.2, v, L_h, lock + ) ▶₀ #t2.7 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.7 ) + ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.6) ∥ (#vr.13 = #t2.6) ) - case case_1 - solve( State_1111111111111111111111( L_h.1, atts, - k.1, ~n.6, - ptr, templ - ) ▶₀ #t2.5 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.1, atts, - k.1, ~n.6, - ptr, templ - ) ▶₀ #t2.5 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - qed + by contradiction /* cyclic */ qed qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - h1, k.2, k, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( (#vr.51 < #vr.34) ∥ (#t2.3 < #vr.51) ) + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', + x.5, 'usage', x.6>, + ~n.2, ptr, templ + ) ▶₀ #t2.7 ) + qed + qed + qed + qed + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_11111111111111111111111( ~n.7, L_h, atts, k, ptr, + templ + ) ▶₀ #t2.6 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + <~n.2, 'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.7 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k, ~n.2, v, L_h, lock + ) ▶₀ #t2.7 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.34 < #vr.24) ∥ (#t2.6 < #vr.34) ) case case_1 solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.7 ) + ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ by contradiction /* cyclic */ qed @@ -2083,12 +2105,20 @@ next solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.7 ) + ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ by contradiction /* cyclic */ qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', + x.5, 'usage', x.6>, + ~n.2, ptr, templ + ) ▶₀ #t2.7 ) qed qed qed @@ -2098,379 +2128,392 @@ next qed qed qed - next - case case_3 - solve( State_111112111111111111111( L_h.1, atts, h2.1, k.2, m.1, ut, v, - ~n.3 - ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - by contradiction /* cyclic */ - qed qed qed next - case case_2 - solve( Insert( <'F_template', z>, - - ) @ #t2.6 ) - case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - by contradiction /* cyclic */ + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.9 < #t2.4) ) + case case_1 + by contradiction /* from formulas */ next - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.18 < #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2.1, k.2, m.1, ut, v, - ~n.3 - ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.7 < #t2.1) ∥ (#t2.7 = #t2.1) ∥ (#vr.18 < #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h2>, - - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', - 'undef'>, - m, lock, ptr, templ - ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( Insert( <'F_template', ptr>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.2, ~n.6, - ptr, templ - ) ▶₀ #t2.5 ) - case outLh_0_111111111111111111111 + case case_2 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ + ) ▶₀ #t2.3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h2>, + + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k, m, v, L_h, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.27 < #vr.17) ∥ (#t2.3 < #vr.27) ) + case case_1 + solve( Insert( <'F_template', z>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.7 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.16 < #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, + v, L_h.1, ~n.6 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 solve( Insert( <'obj', h1>, - + <~n.1, 'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, ~n.1, v, L_h.1, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, + <'on', x, x.1, + x.2, x.3, x.4, + 'on', x.5, + 'usage', x.6>, + ~n.1, ptr, templ + ) ▶₀ #t2.6 ) + qed + qed + qed + qed + next + case case_3 + by contradiction /* from formulas */ + qed + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.7 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.16 < #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, + v, L_h.1, ~n.6 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ + (#vr.16 < #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + <~n.1, 'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - k, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, ~n.1, v, L_h.1, lock ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.68 < #vr.50) ∥ (#t2.5 < #vr.68) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.27) ∥ (#t2.5 < #vr.38) ) case case_1 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ (#vr.13 = #t2.8) ) - case case_1 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - qed + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ (#vr.13 = #t2.8) ) - case case_1 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.1, - atts, - k.1, - ~n.9, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - qed + by contradiction /* cyclic */ qed qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.2, k, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.50) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed + qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, + <'on', x, x.1, + x.2, x.3, x.4, + 'on', x.5, + 'usage', x.6>, + ~n.1, ptr, templ + ) ▶₀ #t2.6 ) + qed + next + case case_3 + by contradiction /* from formulas */ + qed + qed + qed + next + case case_3 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + m, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( ((#vr.17 < #vr.25) ∧ + (∃ #t2. + (Unlock_0( '0', ~n.6, 'device' ) @ #t2) + ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.25) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.6, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.25 < #vr.17) ∥ (#vr.17 = #vr.25) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.7 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.16 < #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_11111111111111111111111( ~n.7, L_h, atts, k, ptr, + templ + ) ▶₀ #t2.5 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.7 < #t2.1) ∥ (#t2.7 = #t2.1) ∥ + (#vr.16 < #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + <~n.2, 'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k, ~n.2, v, L_h, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.35 < #vr.25) ∥ (#t2.5 < #vr.35) ) + case case_1 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.8 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.8 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', + x.5, 'usage', x.6>, + ~n.2, ptr, templ + ) ▶₀ #t2.6 ) qed + next + case case_3 + by contradiction /* from formulas */ qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', 'undef' - >, - h2, k.2, m, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.2, atts, h2, k.3, - m.1, ut, v, ~n.5 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - , + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.7 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.16 < #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_11111111111111111111111( ~n.7, L_h, atts, k, ptr, + templ + ) ▶₀ #t2.5 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + <~n.2, 'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k, ~n.2, v, L_h, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, + ) @ #t2.8 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6>, - k, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.67 < #vr.51) ∥ (#t2.5 < #vr.67) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ (#vr.13 = #t2.8) ) - case case_1 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.13 < #t2.8) ∥ (#vr.13 = #t2.8) ) - case case_1 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.2, - atts, - k.2, - ~n.8, - ptr, - templ - ) ▶₀ #t2.7 ) - case outLh_0_111111111111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.2, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - h1, k.3, k, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.68 < #vr.51) ∥ (#t2.5 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - qed - qed - qed + ~n.2, ptr, templ + ) ▶₀ #t2.6 ) qed qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed - qed - next - case case_3 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_3 - solve( State_111112111111111111111( L_h.1, atts, h2.1, k.2, m.1, ut, v, - ~n.3 - ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ (#vr.18 < #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t2.4 < #t2.8) ∥ (#t2.4 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ next - case case_2 - solve( State_1( ) ▶₀ #t2.4 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + case case_3 + solve( (#t2.1 < #t2.5) ∥ (#t2.1 = #t2.5) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + <~n.1, 'on', x, x.1, x.2, x.3, x.4, 'on', x.5, + 'usage', x.6> + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6>, + k, ~n.1, v, L_h, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z>, + <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, + 'usage', x.6> + ) @ #t2.6 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + ~n.1, ptr, templ + ) ▶₀ #t2.4 ) + qed qed qed qed qed qed qed + next + case case_3 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ + ) ▶₀ #t2.3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* cyclic */ + qed qed qed qed @@ -2483,7 +2526,7 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_2 + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_2 solve( Insert( <'F_template', z.3>, ) @ #t2.2 ) @@ -2491,7 +2534,7 @@ next by contradiction /* cyclic */ qed next - case outsenckeyvkeyv_0_111111211111111_case_3 + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_3 solve( Insert( <'F_template', z.2>, ) @ #t2.2 ) @@ -2499,10 +2542,10 @@ next by contradiction /* cyclic */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.13 < #t2.1) ∥ (#vr.13 = #t2.1) ) + solve( (#vr.6 < #t2.1) ∥ (#vr.6 = #t2.1) ) case case_1 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.1 ) ▶₀ #t2 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.1 ) ▶₀ #t2 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -2513,7 +2556,7 @@ next by contradiction /* from formulas */ next case case_2 - solve( (#vr.13 < #t2.5) ∥ (#vr.13 = #t2.5) ) + solve( (#vr.6 < #t2.5) ∥ (#vr.6 = #t2.5) ) case case_1 solve( (#t2.1 < #t2.5) ∥ (#t2.1 = #t2.5) ) case case_1 @@ -2534,8 +2577,8 @@ next qed next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.1 ) ▶₀ #t2 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.1 ) ▶₀ #t2 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -2554,295 +2597,307 @@ next solve( Insert( <'obj', L_h>, ) @ #t2.2 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, - lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k.1, + k, v, L_h, lock ) ▶₀ #t2.2 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.34 < #vr.23) ∥ (#t2 < #vr.34) ) - case case_1 - solve( Insert( <'F_template', ptr>, - - ) @ #t2.6 ) - case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - solve( (#vr.12 < #t2.4) ∥ (#vr.12 = #t2.4) ) - case case_1 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ - ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#vr.12 < #t2.7) ∥ (#vr.12 = #t2.7) ) - case case_1 - solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_11( ) ▶₀ #t2.4 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.20 < #vr.14) ∥ (#t2 < #vr.20) ) + case case_1 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.6 ) + case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 + by contradiction /* cyclic */ + next + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.10 < #t2.4) ) + case case_1 + by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ + solve( State_1111121111111111111111( ut, atts, h2.1, k.2, m.1, v, L_h.1, + ~n.3 ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h2>, - - ) @ #t2.5 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - z.1, lock, ptr, templ - ) ▶₀ #t2.5 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k, z.1, ut, v, lock - ) ▶₀ #t2.5 ) - case newh_0_1111121111111 - solve( (#vr.52 < #vr.33) ∥ (#t2.3 < #vr.52) ) - case case_1 - solve( Insert( <'F_template', z.2>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.6 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + case case_2 + solve( Insert( <'obj', h2>, + + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k.2, z.1, v, L_h.1, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( ((#vr.20 < #vr.31) ∧ + (∃ #t2. + (Unlock_4( '4', ~n.4, 'device' ) @ #t2) + ∧ + (#vr.20 < #t2) ∧ + (#t2 < #vr.31) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.20) ∨ (#t0 = #vr.20) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.20) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.31 < #vr.20) ∥ (#vr.20 = #vr.31) ) + case case_1 + solve( Insert( <'F_template', z.2>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ + (#vr.16 < #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.3, m.1, + v, L_h.2, ~n.5 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.68 < #vr.33) ∥ (#t2.3 < #vr.68) ) - case case_1 - solve( (#vr.68 < #vr.52) ∥ (#t2.6 < #vr.68) ) + solve( (#t2.9 < #t2.1) ∥ (#t2.9 = #t2.1) ∥ + (#vr.16 < #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + k.3, z, v, L_h.2, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.42 < #vr.20) ∥ (#t2.3 < #vr.42) ) case case_1 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z.1>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> ) @ #t2.10 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + solve( (#vr.42 < #vr.31) ∥ (#t2.5 < #vr.42) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed qed qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.1, z, ut, v, lock - ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.33) ∥ (#t2.3 < #vr.69) ) - case case_1 - solve( (#vr.69 < #vr.52) ∥ (#t2.6 < #vr.69) ) + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', + x.5, 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.40 < #vr.20) ∥ (#t2.3 < #vr.40) ) case case_1 - solve( Insert( <'F_template', z.1>, + solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> ) @ #t2.10 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + by contradiction /* from formulas */ qed next case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( (#vr.40 < #vr.31) ∥ (#t2.5 < #vr.40) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed qed qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed - qed - next - case case_2 - solve( Insert( <'F_template', z.2>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.6 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + next + case case_2 + solve( Insert( <'F_template', z.2>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ + (#vr.16 < #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.3, m.1, + v, L_h.2, ~n.5 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.68 < #vr.33) ∥ (#t2.3 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#vr.68 < #vr.52) ∥ (#t2.6 < #vr.68) ) + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + k.3, z, v, L_h.2, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.42 < #vr.20) ∥ (#t2.3 < #vr.42) ) case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + solve( (#vr.42 < #vr.31) ∥ (#t2.5 < #vr.42) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed qed next case case_2 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z.1>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> ) @ #t2.10 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + by contradiction /* cyclic */ qed qed qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.1, z, ut, v, lock - ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.33) ∥ (#t2.3 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( (#vr.69 < #vr.52) ∥ (#t2.6 < #vr.69) ) + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', + x.5, 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.40 < #vr.20) ∥ (#t2.3 < #vr.40) ) case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + solve( (#vr.40 < #vr.31) ∥ (#t2.5 < #vr.40) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed qed next case case_2 - solve( Insert( <'F_template', z.1>, + solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> ) @ #t2.10 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + by contradiction /* from formulas */ qed qed qed @@ -2850,73 +2905,174 @@ next qed qed qed + next + case case_3 + by contradiction /* from formulas */ + qed + qed + next + case case_3 + solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6>, + k.2, z, v, L_h.1, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.31 < #vr.20) ∥ (#t2.3 < #vr.31) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + z, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.29 < #vr.20) ∥ (#t2.3 < #vr.29) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + qed qed qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef' + >, + z.1, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed qed + next + case case_3 + solve( State_1111121111111111111111( ut, atts, h2.1, k.2, m.1, v, L_h.1, + ~n.3 + ) ▶₀ #t2.3 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + by contradiction /* cyclic */ + qed qed + qed + next + case case_2 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.6 ) + case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 + by contradiction /* cyclic */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.19 < #t2.4) ) + solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.10 < #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ + solve( State_1111121111111111111111( ut, atts, h2.1, k.2, m.1, v, L_h.1, + ~n.3 ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h2>, - - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - z.1, lock, ptr, templ - ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed + solve( (#t2.7 < #t2.1) ∥ (#t2.7 = #t2.1) ∥ (#vr.10 < #t2.7) ) + case case_1 + by contradiction /* from formulas */ next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k, z.1, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( (#vr.53 < #vr.34) ∥ (#t2.3 < #vr.53) ) - case case_1 + case case_2 + solve( Insert( <'obj', h2>, + + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k.2, z.1, v, L_h.1, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> - ) @ #t2.7 ) + ) @ #t2.8 ) case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.31 < #t2.6) ) + solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 + solve( State_1111121111111111111111( ut, atts, h2, k.3, m.1, + v, L_h.2, ~n.5 ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) case case_1 by contradiction /* from formulas */ next @@ -2925,267 +3081,160 @@ next ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.69 < #vr.34) ∥ (#t2.3 < #vr.69) ) - case case_1 - solve( (#vr.69 < #vr.53) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.1, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.3, z, v, L_h.2, lock ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.70 < #vr.34) ∥ (#t2.3 < #vr.70) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.42 < #vr.31) ∥ (#t2.5 < #vr.42) ) case case_1 - solve( (#vr.70 < #vr.53) ∥ (#t2.5 < #vr.70) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - next - case case_2 solve( Insert( <'F_template', z.1>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - qed - qed - qed - qed - qed - qed - next - case case_3 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( Insert( <'F_template', z.2>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.7 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.31 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ - (#vr.31 < #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.69 < #vr.34) ∥ (#t2.3 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) + ) @ #t2.10 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + by contradiction /* cyclic */ qed next case case_2 - solve( (#vr.69 < #vr.53) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed qed qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.1, z, ut, v, lock + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + z, ptr, templ ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.70 < #vr.34) ∥ (#t2.3 < #vr.70) ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.40 < #vr.31) ∥ (#t2.5 < #vr.40) ) case case_1 - solve( Insert( <'F_template', z.1>, + solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) + ) @ #t2.10 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + by contradiction /* from formulas */ qed next case case_2 - solve( (#vr.70 < #vr.53) ∥ (#t2.5 < #vr.70) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ qed qed qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef' + >, + z.1, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ + solve( State_1111121111111111111111( ut, atts, h2.1, k.2, m.1, v, L_h.1, + ~n.3 ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - by contradiction /* cyclic */ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ (#vr.10 < #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + solve( (#t2.4 < #t2.8) ∥ (#t2.4 = #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1( ) ▶₀ #t2.4 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + qed + qed qed qed qed - next - case case_2 + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , + k, ptr, templ + ) ▶₀ #t2.2 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.18 < #vr.14) ∥ (#t2 < #vr.18) ) + case case_1 solve( Insert( <'F_template', ptr>, ) @ #t2.6 ) case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - solve( (#vr.12 < #t2.4) ∥ (#vr.12 = #t2.4) ) + solve( (#vr.5 < #t2.4) ∥ (#vr.5 = #t2.4) ) case case_1 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#vr.12 < #t2.7) ∥ (#vr.12 = #t2.7) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 - solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_11( ) ▶₀ #t2.4 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - by contradiction /* cyclic */ - qed - qed + by contradiction /* from formulas */ next case case_2 - by contradiction /* from formulas */ + solve( State_11( ) ▶₀ #t2.4 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + by contradiction /* cyclic */ + qed qed qed next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -3195,105 +3244,125 @@ next ) @ #t2.5 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - z.1, lock, ptr, templ - ) ▶₀ #t2.5 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k, z.1, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k, z.1, v, L_h, lock ) ▶₀ #t2.5 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z.2>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', - 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.6 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.27 < #vr.17) ∥ (#t2.3 < #vr.27) ) + case case_1 + solve( Insert( <'F_template', z.2>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, + v, L_h.1, ~n.6 + ) ▶₀ #t2.6 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.68 < #vr.52) ∥ (#t2.6 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - h1, k.1, z, ut, v, lock - ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.52) ∥ (#t2.6 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.7 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, z, v, L_h.1, lock + ) ▶₀ #t2.7 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.17) ∥ (#t2.3 < #vr.38) ) + case case_1 + solve( (#vr.38 < #vr.27) ∥ (#t2.6 < #vr.38) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.36 < #vr.17) ∥ (#t2.3 < #vr.36) ) + case case_1 + solve( (#vr.36 < #vr.27) ∥ (#t2.6 < #vr.36) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed qed qed qed @@ -3302,130 +3371,117 @@ next qed qed qed - qed - qed - qed - qed - qed - qed - next - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.19 < #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ - ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.19 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h2>, - - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - z.1, lock, ptr, templ - ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k, z.1, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z.2>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', - 'undef', 'undef'> - ) @ #t2.7 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, - ut, v, ~n.6 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + next + case case_2 + solve( Insert( <'F_template', z.2>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, + v, L_h.1, ~n.6 + ) ▶₀ #t2.6 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.69 < #vr.53) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - h1, k.1, z, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.70 < #vr.53) ∥ (#t2.5 < #vr.70) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.7 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, z, v, L_h.1, lock + ) ▶₀ #t2.7 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.17) ∥ (#t2.3 < #vr.38) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( (#vr.38 < #vr.27) ∥ (#t2.6 < #vr.38) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + qed qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.36 < #vr.17) ∥ (#t2.3 < #vr.36) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (#vr.36 < #vr.27) ∥ (#t2.6 < #vr.36) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed qed qed qed @@ -3436,430 +3492,448 @@ next qed qed qed - qed - next - case case_3 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - solve( State_1111111111111111111111( L_h, atts, k, ~n.4, ptr, templ - ) ▶₀ #t2.3 ) - case outLh_0_111111111111111111111 - solve( (#t2.7 < #t2.1) ∥ (#t2.7 = #t2.1) ∥ (#vr.19 < #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ next - case case_2 - solve( State_1( ) ▶₀ #t2.4 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + z.1, ptr, templ + ) ▶₀ #t2.5 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ qed qed qed qed qed - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , L_h, - k.1, k, ut, v, lock - ) ▶₀ #t2.2 ) - case newh_0_1111121111111 - solve( (#vr.35 < #vr.23) ∥ (#t2 < #vr.35) ) - case case_1 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.6 ) - case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - by contradiction /* cyclic */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.19 < #t2.4) ) + solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.10 < #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2.1, k.2, m.1, ut, v, - ~n.3 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h2>, - - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', 'undef' - >, - z.1, lock, ptr, templ - ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k.2, z.1, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( ((#vr.35 < #vr.52) ∧ - (∃ #t2. - (Unlock_4( '4', ~n.4, 'device' ) @ #t2) - ∧ - (#vr.35 < #t2) ∧ - (#t2 < #vr.52) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.35) ∨ (#t0 = #vr.35) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.35) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.52 < #vr.35) ∥ (#vr.35 = #vr.52) ) - case case_1 - solve( Insert( <'F_template', z.2>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ - (#vr.31 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.2, atts, h2, k.3, - m.1, ut, v, ~n.5 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h2>, + + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k, z.1, v, L_h, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.28 < #vr.18) ∥ (#t2.3 < #vr.28) ) + case case_1 + solve( Insert( <'F_template', z.2>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.7 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.17 < #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, + v, L_h.1, ~n.6 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.9 < #t2.1) ∥ (#t2.9 = #t2.1) ∥ - (#vr.31 < #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.68 < #vr.35) ∥ (#t2.3 < #vr.68) ) + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, z, v, L_h.1, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.39 < #vr.18) ∥ (#t2.3 < #vr.39) ) + case case_1 + solve( (#vr.39 < #vr.28) ∥ (#t2.5 < #vr.39) ) case case_1 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z.1>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) + ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + by contradiction /* cyclic */ qed next case case_2 - solve( (#vr.68 < #vr.52) ∥ (#t2.5 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.2, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - h1, k.3, z, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.35) ∥ (#t2.3 < #vr.69) ) + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.37 < #vr.18) ∥ (#t2.3 < #vr.37) ) + case case_1 + solve( (#vr.37 < #vr.28) ∥ (#t2.5 < #vr.37) ) case case_1 - solve( Insert( <'F_template', z.1>, + solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) + ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + by contradiction /* from formulas */ qed next case case_2 - solve( (#vr.69 < #vr.52) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ qed qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed qed qed - next - case case_3 - by contradiction /* from formulas */ qed qed qed - next - case case_3 - by contradiction /* from formulas */ qed + next + case case_3 + by contradiction /* from formulas */ qed - next - case case_2 - solve( Insert( <'F_template', z.2>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ - (#vr.31 < #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.2, atts, h2, k.3, - m.1, ut, v, ~n.5 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) + qed + next + case case_2 + solve( Insert( <'F_template', z.2>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'> + ) @ #t2.7 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.17 < #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, + v, L_h.1, ~n.6 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ + (#vr.17 < #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', - x.5, 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.68 < #vr.35) ∥ (#t2.3 < #vr.68) ) + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, z, v, L_h.1, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.39 < #vr.18) ∥ (#t2.3 < #vr.39) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( (#vr.39 < #vr.28) ∥ (#t2.5 < #vr.39) ) case case_1 - solve( (#vr.68 < #vr.52) ∥ (#t2.5 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed next case case_2 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z.1>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) + ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + by contradiction /* cyclic */ qed qed qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.2, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - h1, k.3, z, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.35) ∥ (#t2.3 < #vr.69) ) - case case_1 - solve( (#vr.69 < #vr.52) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.37 < #vr.18) ∥ (#t2.3 < #vr.37) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (#vr.37 < #vr.28) ∥ (#t2.5 < #vr.37) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, + 'on', x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ qed next case case_2 - solve( Insert( <'F_template', z.1>, + solve( Insert( <'F_template', ptr>, <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) + ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + by contradiction /* from formulas */ qed qed qed qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed - next - case case_3 - by contradiction /* from formulas */ qed + next + case case_3 + by contradiction /* from formulas */ qed + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + z.1, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed + qed + qed + qed + next + case case_3 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ + ) ▶₀ #t2.3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by contradiction /* cyclic */ + qed + qed + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + + ) @ #t2.6 ) + case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 + solve( (#vr.5 < #t2.4) ∥ (#vr.5 = #t2.4) ) + case case_1 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ + ) ▶₀ #t2.3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_11( ) ▶₀ #t2.4 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + by contradiction /* cyclic */ + qed + qed + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ + ) ▶₀ #t2.3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h2>, + + ) @ #t2.5 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k, z.1, v, L_h, lock + ) ▶₀ #t2.5 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z.2>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'> + ) @ #t2.8 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.7) ∥ (#t2.1 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ next - case case_3 - solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, v, + L_h.1, ~n.6 + ) ▶₀ #t2.6 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', - x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.51 < #vr.35) ∥ (#t2.3 < #vr.51) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.7 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.7 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed + solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, 'usage', x.6 - >, - h1, k.2, z, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( (#vr.52 < #vr.35) ∥ (#t2.3 < #vr.52) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.7 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.7 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, z, v, L_h.1, lock + ) ▶₀ #t2.7 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.27) ∥ (#t2.6 < #vr.38) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, 'on', - x.5, 'usage', x.6> - ) @ #t2.7 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.36 < #vr.27) ∥ (#t2.6 < #vr.36) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.10 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed qed qed qed @@ -3869,152 +3943,131 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + z.1, ptr, templ + ) ▶₀ #t2.5 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed - next - case case_3 - solve( State_111112111111111111111( L_h.1, atts, h2.1, k.2, m.1, ut, v, - ~n.3 - ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - by contradiction /* cyclic */ - qed qed - qed - next - case case_2 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.6 ) - case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - by contradiction /* cyclic */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.19 < #t2.4) ) + solve( (#t2.4 < #t2.1) ∥ (#t2.4 = #t2.1) ∥ (#vr.10 < #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2.1, k.2, m.1, ut, v, - ~n.3 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.6 < #t2.1) ∥ (#t2.6 = #t2.1) ∥ (#vr.10 < #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.7 < #t2.1) ∥ (#t2.7 = #t2.1) ∥ (#vr.19 < #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h2>, - - ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', 'undef' - >, - z.1, lock, ptr, templ - ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k.2, z.1, ut, v, lock - ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z.2>, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'> - ) @ #t2.8 ) - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.2, atts, h2, k.3, m.1, - ut, v, ~n.5 - ) ▶₀ #t2.5 ) - case outh_0_11111211111111111111 - solve( (#t2.8 < #t2.10) ∥ (#t2.8 = #t2.10) ) + solve( Insert( <'obj', h2>, + + ) @ #t2.4 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k, z.1, v, L_h, lock + ) ▶₀ #t2.4 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z.2>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'> + ) @ #t2.7 ) + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.6) ∥ (#t2.1 = #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, v, + L_h.1, ~n.6 + ) ▶₀ #t2.5 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.1 < #t2.9) ∥ (#t2.1 = #t2.9) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, - x.3, x.4, 'on', x.5, - 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.68 < #vr.52) ∥ (#t2.5 < #vr.68) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed + solve( Insert( <'obj', h1>, + + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + <'on', x, x.1, x.2, x.3, + x.4, 'on', x.5, 'usage', + x.6>, + k.1, z, v, L_h.1, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.39 < #vr.28) ∥ (#t2.5 < #vr.39) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.2, - <'on', x, x.1, x.2, x.3, - x.4, 'on', x.5, - 'usage', x.6>, - h1, k.3, z, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.69 < #vr.52) ∥ (#t2.5 < #vr.69) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, - 'on', x.5, 'usage', x.6> - ) @ #t2.10 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, + x.3, x.4, 'on', x.5, + 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.37 < #vr.28) ∥ (#t2.5 < #vr.37) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', + x.5, 'usage', x.6> + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ qed qed qed @@ -4026,39 +4079,42 @@ next qed qed next - case case_3 - by contradiction /* from formulas */ + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef'>, + z.1, ptr, templ + ) ▶₀ #t2.4 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed + next + case case_3 + by contradiction /* from formulas */ qed qed next case case_3 - solve( State_111112111111111111111( L_h.1, atts, h2.1, k.2, m.1, ut, v, - ~n.3 + solve( State_11111111111111111111111( ~n.4, L_h, atts, k, ptr, templ ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (#t2.7 < #t2.9) ∥ (#t2.7 = #t2.9) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.7 < #t2.1) ∥ (#t2.7 = #t2.1) ∥ (#vr.10 < #t2.7) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.8 < #t2.1) ∥ (#t2.8 = #t2.1) ∥ (#vr.19 < #t2.8) ) + by contradiction /* from formulas */ + next + case case_3 + solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ next case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t2.4 < #t2.8) ∥ (#t2.4 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_1( ) ▶₀ #t2.4 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed + solve( State_1( ) ▶₀ #t2.4 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ qed qed qed @@ -4074,9 +4130,6 @@ next qed qed qed - next - case outsencmkeyv_0_1111111211111 - by contradiction /* from formulas */ qed qed next @@ -4885,26 +4938,21 @@ next solve( (last(#t2)) ∥ (∃ L_h #t1. (NewKey( L_h, k, 'off' ) @ #t1) ∧ ¬(last(#t1))) ) case case_1 - solve( State_111121111( L_h, v, lock ) ▶₀ #t2 ) - case ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11112111 + solve( State_111121111( , + L_h, lock + ) ▶₀ #t2 ) + case lookupobjLhasv_0_11112111 solve( Insert( <'obj', L_h>, ) @ #t2.1 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, lock, ptr, - templ - ) ▶₀ #t2.1 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* from formulas */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , L_h, k.1, k, ut, - v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k.1, k, v, L_h, + lock ) ▶₀ #t2.1 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z>, ) @ #t2.3 ) @@ -4912,6 +4960,14 @@ next by contradiction /* cyclic */ qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , k, ptr, templ + ) ▶₀ #t2.1 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* from formulas */ + qed qed qed next @@ -5720,24 +5776,25 @@ next solve( Insert( <'obj', L_h>, ) @ #t ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, - lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k, k.1, + v, L_h, lock ) ▶₀ #t ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by solve( Insert( <'F_template', ptr>, + case lookupFtemplateattuttemvasut_0_111112111111 + by solve( Insert( <'F_template', z>, ) @ #t2 ) qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - , L_h.1, k, - k.1, ut, v, lock + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , k, + ptr, templ ) ▶₀ #t ) - case newh_0_1111121111111 - by solve( Insert( <'F_template', z>, + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by solve( Insert( <'F_template', ptr>, ) @ #t2 ) qed @@ -6532,24 +6589,25 @@ next solve( Insert( <'obj', L_h>, ) @ #t ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, - lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k, k.1, + v, L_h, lock ) ▶₀ #t ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by solve( Insert( <'F_template', ptr>, + case lookupFtemplateattuttemvasut_0_111112111111 + by solve( Insert( <'F_template', z>, ) @ #t2 ) qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - , L_h.1, - k, k.1, ut, v, lock + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , k, + ptr, templ ) ▶₀ #t ) - case newh_0_1111121111111 - by solve( Insert( <'F_template', z>, + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by solve( Insert( <'F_template', ptr>, ) @ #t2 ) qed @@ -7344,24 +7402,25 @@ next solve( Insert( <'obj', L_h>, ) @ #t ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, - lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k, k.1, + v, L_h, lock ) ▶₀ #t ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by solve( Insert( <'F_template', ptr>, + case lookupFtemplateattuttemvasut_0_111112111111 + by solve( Insert( <'F_template', z>, ) @ #t2 ) qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - , L_h.1, k, - k.1, ut.1, v, lock + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , k, + ptr, templ ) ▶₀ #t ) - case newh_0_1111121111111 - by solve( Insert( <'F_template', z>, + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by solve( Insert( <'F_template', ptr>, ) @ #t2 ) qed @@ -8156,24 +8215,25 @@ next solve( Insert( <'obj', L_h>, ) @ #t ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, - lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k, k.1, + v, L_h, lock ) ▶₀ #t ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by solve( Insert( <'F_template', ptr>, + case lookupFtemplateattuttemvasut_0_111112111111 + by solve( Insert( <'F_template', z>, ) @ #t2 ) qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - , L_h.1, - k, k.1, ut.1, v, lock + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , k, + ptr, templ ) ▶₀ #t ) - case newh_0_1111121111111 - by solve( Insert( <'F_template', z>, + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by solve( Insert( <'F_template', ptr>, ) @ #t2 ) qed @@ -8987,8 +9047,8 @@ next ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2) ∧ (#t1 < #t2)) ) case case_1 - solve( State_111112111111111( L_h, a, h2, k, k.1, ut, v, lock ) ▶₀ #t2 ) - case insertobjhmatts_0_11111211111111 + solve( State_1111121111111111( ut, a, h2, k, k.1, v, L_h, lock ) ▶₀ #t2 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 solve( Insert( <'F_template', z>, ut ) @ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ by contradiction /* from formulas */ @@ -8997,7 +9057,7 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.14 < #t2.1) ∥ (#vr.14 = #t2.1) ) + solve( (#vr.8 < #t2.1) ∥ (#vr.8 = #t2.1) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -9010,13 +9070,14 @@ next solve( Insert( <'obj', L_h>, ) @ #t2.2 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, lock, - ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k.2, k, v, + L_h, lock ) ▶₀ #t2.2 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( Insert( <'F_template', ptr>, + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z>, ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -9024,13 +9085,13 @@ next qed qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , L_h, k.2, - k, ut, v, lock + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , k, ptr, + templ ) ▶₀ #t2.2 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z>, + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( Insert( <'F_template', ptr>, ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -9039,33 +9100,24 @@ next qed qed next - case outkeyv_0_1111211111 - solve( State_111111111111111( L_h.2, - , t, - lock, ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by contradiction /* impossible chain */ - qed - next - case outm_0_111111112111111 + case eventDecUsingkm_0_111111112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2, 'on' ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.10) ∧ (#t3 < #vr.10)) ∥ (∃ h2 #t2 #t3 #t4. (NewKey( h2, k.2, 'off' ) @ #t2) ∧ (!KU( k.2 ) @ #t3) ∧ (!KU( t ) @ #t4) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17) ∧ (#t4 < #vr.17)) ∥ - (∃ #t2. (EncUsing( k.2, t ) @ #t2) ∧ #t2 < #vr.17) ∥ + (#t2 < #vr.10) ∧ (#t3 < #vr.10) ∧ (#t4 < #vr.10)) ∥ + (∃ #t2. (EncUsing( k.2, t ) @ #t2) ∧ #t2 < #vr.10) ∥ (∃ h2 k2 #t2 #t3 a. (Unwrapped( h2, k2, a ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.10) ∧ (#t3 < #vr.10)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2, 'on' ) @ #t2) ∧ (DecKey( h1, k2, 'on' ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ) + (#t2 < #vr.10) ∧ (#t3 < #vr.10)) ) case case_1 by contradiction /* from formulas */ next @@ -9073,53 +9125,187 @@ next by contradiction /* cyclic */ next case case_3 - solve( State_1111111121111111( L_h.1, k.2, m, v, ~n.2 ) ▶₀ #t2.2 ) - case outm_0_111111112111111 + solve( State_11111111211111111( ~n.2, m, v, L_h.1, k.2 ) ▶₀ #t2.2 ) + case eventDecUsingkm_0_111111112111111 solve( (#t2.5 < #t2.6) ∥ (#t2.5 = #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111111121111( L_h.2, m, v, lock ) ▶₀ #t2.3 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, m, + , + L_h.2 + ) ▶₀ #t2.3 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed qed qed - next - case case_4 - solve( (∃ h1 #t1. - (NewKey( h1, k2, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.3)) ∥ - (∃ L_h k2 #t1 #t0. - (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.3) ∧ (#t0 < #t2.3)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2.3) ∧ (#t1 < #t2.3)) ∥ - (∃ #t0 #t1 h1 h2 k. - (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2.3) ∧ (#t1 < #t2.3)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - next - case case_5 - by contradiction /* from formulas */ + next + case case_4 + solve( (∃ h1 #t1. + (NewKey( h1, k2, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.3)) ∥ + (∃ L_h k2 #t1 #t0. + (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.3) ∧ (#t0 < #t2.3)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2.3) ∧ (#t1 < #t2.3)) ∥ + (∃ #t0 #t1 h1 h2 k. + (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2.3) ∧ (#t1 < #t2.3)) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + next + case case_5 + by contradiction /* from formulas */ + qed + next + case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111 + solve( State_111111121111111( ~n.2, m, v, L_h.2 ) ▶₀ #t2.2 ) + case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111 + solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', L_h>, + + ) @ #t2.3 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , k.1, k, + v, L_h.1, lock + ) ▶₀ #t2.3 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.18 < #vr.12) ∥ (#t2.2 < #vr.18) ) + case case_1 + solve( Insert( <'F_template', z>, + + ) @ #t2.6 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + + ) @ #t2.6 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , k, + ptr, templ + ) ▶₀ #t2.3 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( Insert( <'F_template', ptr>, + + ) @ #t2.6 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + solve( (#vr.8 < #t2.5) ∥ (#vr.8 = #t2.5) ) + case case_1 + solve( State_11111111111111111111111( ~n.5, L_h.1, atts, k, ptr, templ + ) ▶₀ #t2.4 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_( ) ▶₀ #t2.5 ) + case Init + by contradiction /* cyclic */ + qed + qed + qed + next + case case_2 + solve( State_11111111111111111111111( ~n.5, L_h.1, atts, k, ptr, templ + ) ▶₀ #t2.4 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', L_h>, + <~n.1, x, x.1, 'on', x.2, x.3, x.4, x.5, x.6, x.7, x.8> + ) @ #t2.6 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , + k, ~n.1, v, L_h, lock + ) ▶₀ #t2.6 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( Insert( <'F_template', z>, + + ) @ #t2.8 ) + case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 + by contradiction /* from formulas */ + next + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m.1, v, L_h.1, + ~n.7 + ) ▶₀ #t2.7 ) + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, L_h, + , + ~n.1, ptr, templ + ) ▶₀ #t2.6 ) + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111 + solve( State_111111111111111( lock, L_h.2, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by contradiction /* impossible chain */ qed next - case outsenckeyvkeyv_0_111111211111111_case_1 + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_1 solve( (z.8 = 'off') ∥ ((z.8 = 'on') ∧ (z = 'on')) ) case case_1 solve( Insert( <'F_template', z.1>, @@ -9142,8 +9328,8 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.2 ) ▶₀ #t2.2 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.2 ) ▶₀ #t2.2 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) case case_1 by contradiction /* from formulas */ @@ -9162,44 +9348,65 @@ next solve( Insert( <'obj', L_h>, ) @ #t2.3 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , - k, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , + k.2, k, v, L_h, lock + ) ▶₀ #t2.3 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.21 < #vr.15) ∥ (#t2.2 < #vr.21) ) + case case_1 + solve( Insert( <'F_template', z>, + + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , + k, ptr, templ ) ▶₀ #t2.3 ) - case eventNewKeyLhkattsensatts_0_111111111111111 + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 solve( Insert( <'F_template', ptr>, ) @ #t2.7 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.14 < #t2.5) ∥ (#vr.14 = #t2.5) ) + solve( (#vr.8 < #t2.5) ∥ (#vr.8 = #t2.5) ) case case_1 - solve( State_1111111111111111111111( L_h, atts, k.1, ~n.5, ptr, templ + solve( State_11111111111111111111111( ~n.5, L_h, atts, k.1, ptr, templ ) ▶₀ #t2.4 ) - case outLh_0_111111111111111111111 - solve( (#vr.14 < #t2.8) ∥ (#vr.14 = #t2.8) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) case case_1 - solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_( ) ▶₀ #t2.5 ) - case Init - by contradiction /* cyclic */ - qed - qed + by contradiction /* from formulas */ next case case_2 - by contradiction /* from formulas */ + solve( State_( ) ▶₀ #t2.5 ) + case Init + by contradiction /* cyclic */ + qed qed qed next case case_2 - solve( State_1111111111111111111111( L_h, atts, k.1, ~n.5, ptr, templ + solve( State_11111111111111111111111( ~n.5, L_h, atts, k.1, ptr, templ ) ▶₀ #t2.4 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) case case_1 by contradiction /* from formulas */ @@ -9209,25 +9416,15 @@ next ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', 'undef' - >, - k, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* from formulas */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k.1, k, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k.1, k, v, L_h, lock ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.52 < #vr.33) ∥ (#t2.4 < #vr.52) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.28 < #vr.18) ∥ (#t2.4 < #vr.28) ) case case_1 solve( Insert( <'F_template', z>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', @@ -9239,38 +9436,38 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.2, m, - ut, v, ~n.7 + solve( State_1111121111111111111111( ut, atts, h2, k.2, m, + v, L_h.1, ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, k, 'on' ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.62)) ∥ + (¬(last(#t1))) ∧ (#t1 < #vr.34)) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.62) ∧ - (#t0 < #vr.62)) ∥ + (#t1 < #vr.34) ∧ + (#t0 < #vr.34)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.62) ∧ - (#t1 < #vr.62)) ∥ + (#t0 < #vr.34) ∧ + (#t1 < #vr.34)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.62) ∧ - (#t1 < #vr.62)) ) + (#t0 < #vr.34) ∧ + (#t1 < #vr.34)) ) case case_1 by contradiction /* from formulas */ next @@ -9298,38 +9495,38 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.2, m, - ut, v, ~n.7 + solve( State_1111121111111111111111( ut, atts, h2, k.2, m, + v, L_h.1, ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, k, 'on' ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.62)) ∥ + (¬(last(#t1))) ∧ (#t1 < #vr.34)) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.62) ∧ - (#t0 < #vr.62)) ∥ + (#t1 < #vr.34) ∧ + (#t0 < #vr.34)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.62) ∧ - (#t1 < #vr.62)) ∥ + (#t0 < #vr.34) ∧ + (#t1 < #vr.34)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.62) ∧ - (#t1 < #vr.62)) ) + (#t0 < #vr.34) ∧ + (#t1 < #vr.34)) ) case case_1 by contradiction /* from formulas */ next @@ -9347,38 +9544,23 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef' + >, + k, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* from formulas */ + qed qed qed qed qed qed qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , - L_h, k.2, k, ut, v, lock - ) ▶₀ #t2.3 ) - case newh_0_1111121111111 - solve( (#vr.35 < #vr.23) ∥ (#t2.2 < #vr.35) ) - case case_1 - solve( Insert( <'F_template', z>, - - ) @ #t2.7 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, - - ) @ #t2.7 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed qed qed qed @@ -9388,7 +9570,7 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_2 + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_2 solve( Insert( <'F_template', z.3>, ) @ #t2.4 ) @@ -9396,7 +9578,7 @@ next by contradiction /* from formulas */ qed next - case outsenckeyvkeyv_0_111111211111111_case_3 + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_3 solve( Insert( <'F_template', z.2>, ) @ #t2.4 ) @@ -9409,8 +9591,8 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.2 ) ▶₀ #t2.2 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.2 ) ▶₀ #t2.2 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) case case_1 by contradiction /* from formulas */ @@ -9429,46 +9611,66 @@ next solve( Insert( <'obj', L_h>, ) @ #t2.3 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , - k, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , + k.2, k, v, L_h, lock + ) ▶₀ #t2.3 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.22 < #vr.16) ∥ (#t2.2 < #vr.22) ) + case case_1 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.7 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , + k, ptr, templ ) ▶₀ #t2.3 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.35 < #vr.24) ∥ (#t2.2 < #vr.35) ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.20 < #vr.16) ∥ (#t2.2 < #vr.20) ) case case_1 solve( Insert( <'F_template', ptr>, ) @ #t2.7 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.14 < #t2.5) ∥ (#vr.14 = #t2.5) ) + solve( (#vr.8 < #t2.5) ∥ (#vr.8 = #t2.5) ) case case_1 - solve( State_1111111111111111111111( L_h, atts, k.1, ~n.5, ptr, templ + solve( State_11111111111111111111111( ~n.5, L_h, atts, k.1, ptr, templ ) ▶₀ #t2.4 ) - case outLh_0_111111111111111111111 - solve( (#vr.14 < #t2.8) ∥ (#vr.14 = #t2.8) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) case case_1 - solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_( ) ▶₀ #t2.5 ) - case Init - by contradiction /* cyclic */ - qed - qed + by contradiction /* from formulas */ next case case_2 - by contradiction /* from formulas */ + solve( State_( ) ▶₀ #t2.5 ) + case Init + by contradiction /* cyclic */ + qed qed qed next case case_2 - solve( State_1111111111111111111111( L_h, atts, k.1, ~n.5, ptr, templ + solve( State_11111111111111111111111( ~n.5, L_h, atts, k.1, ptr, templ ) ▶₀ #t2.4 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) case case_1 by contradiction /* from formulas */ @@ -9478,25 +9680,15 @@ next ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', 'undef' - >, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k.1, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k.1, z, v, L_h, lock ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.53 < #vr.34) ∥ (#t2.4 < #vr.53) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.29 < #vr.19) ∥ (#t2.4 < #vr.29) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', @@ -9508,38 +9700,38 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.2, m, - ut, v, ~n.7 + solve( State_1111121111111111111111( ut, atts, h2, k.2, m, + v, L_h.1, ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.63)) ∥ + (¬(last(#t1))) ∧ (#t1 < #vr.35)) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.63) ∧ - (#t0 < #vr.63)) ∥ + (#t1 < #vr.35) ∧ + (#t0 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ∥ + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ) + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ) case case_1 solve( (#t2.9 < #t2.11) ∥ (#t2.9 = #t2.11) ) case case_1 @@ -9551,13 +9743,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed qed @@ -9587,38 +9782,38 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.2, m, - ut, v, ~n.7 + solve( State_1111121111111111111111( ut, atts, h2, k.2, m, + v, L_h.1, ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.63)) ∥ + (¬(last(#t1))) ∧ (#t1 < #vr.35)) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.63) ∧ - (#t0 < #vr.63)) ∥ + (#t1 < #vr.35) ∧ + (#t0 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ∥ + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ) + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ) case case_1 solve( (#t2.9 < #t2.11) ∥ (#t2.9 = #t2.11) ) case case_1 @@ -9630,13 +9825,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed qed @@ -9656,6 +9854,17 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef' + >, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed @@ -9667,33 +9876,27 @@ next ) @ #t2.7 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.14 < #t2.5) ∥ (#vr.14 = #t2.5) ) + solve( (#vr.8 < #t2.5) ∥ (#vr.8 = #t2.5) ) case case_1 - solve( State_1111111111111111111111( L_h, atts, k.1, ~n.5, ptr, templ + solve( State_11111111111111111111111( ~n.5, L_h, atts, k.1, ptr, templ ) ▶₀ #t2.4 ) - case outLh_0_111111111111111111111 - solve( (#vr.14 < #t2.8) ∥ (#vr.14 = #t2.8) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) case case_1 - solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_( ) ▶₀ #t2.5 ) - case Init - by contradiction /* cyclic */ - qed - qed + by contradiction /* from formulas */ next case case_2 - by contradiction /* from formulas */ + solve( State_( ) ▶₀ #t2.5 ) + case Init + by contradiction /* cyclic */ + qed qed qed next case case_2 - solve( State_1111111111111111111111( L_h, atts, k.1, ~n.5, ptr, templ + solve( State_11111111111111111111111( ~n.5, L_h, atts, k.1, ptr, templ ) ▶₀ #t2.4 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.5 < #t2.8) ∥ (#t2.5 = #t2.8) ) case case_1 by contradiction /* from formulas */ @@ -9703,24 +9906,14 @@ next ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', - 'on', 'off', 'on', 'undef', 'undef' - >, - z, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + k.1, z, v, L_h, lock ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', - 'off', 'on', 'undef', 'undef'>, - h2, k.1, z, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> @@ -9731,37 +9924,37 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.2, m, - ut, v, ~n.7 + solve( State_1111121111111111111111( ut, atts, h2, k.2, m, v, + L_h.1, ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.63)) ∥ + (¬(last(#t1))) ∧ (#t1 < #vr.35)) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.63) ∧ - (#t0 < #vr.63)) ∥ + (#t1 < #vr.35) ∧ + (#t0 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ∥ + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ) + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ) case case_1 solve( (#t2.9 < #t2.11) ∥ (#t2.9 = #t2.11) ) case case_1 @@ -9773,13 +9966,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed qed @@ -9798,6 +9994,17 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', + 'on', 'off', 'on', 'undef', 'undef' + >, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed @@ -9805,162 +10012,10 @@ next qed qed qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , - L_h, k.2, k, ut, v, lock - ) ▶₀ #t2.3 ) - case newh_0_1111121111111 - solve( (#vr.36 < #vr.24) ∥ (#t2.2 < #vr.36) ) - case case_1 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.7 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.7 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case outsencmkeyv_0_1111111211111 - solve( State_11111112111111( L_h.2, m, v, ~n.2 ) ▶₀ #t2.2 ) - case outsencmkeyv_0_1111111211111 - solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', L_h>, - - ) @ #t2.3 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , k, - lock, ptr, templ - ) ▶₀ #t2.3 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( Insert( <'F_template', ptr>, - - ) @ #t2.6 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.14 < #t2.5) ∥ (#vr.14 = #t2.5) ) - case case_1 - solve( State_1111111111111111111111( L_h.1, atts, k, ~n.5, ptr, templ - ) ▶₀ #t2.4 ) - case outLh_0_111111111111111111111 - solve( (#vr.14 < #t2.7) ∥ (#vr.14 = #t2.7) ) - case case_1 - solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_( ) ▶₀ #t2.5 ) - case Init - by contradiction /* cyclic */ - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k, ~n.5, ptr, templ - ) ▶₀ #t2.4 ) - case outLh_0_111111111111111111111 - solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', L_h>, - <~n.2, x, x.1, 'on', x.2, x.3, x.4, x.5, x.6, x.7, x.8> - ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( L_h, - , - ~n.2, lock, ptr, templ - ) ▶₀ #t2.6 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , - L_h, k, ~n.2, ut, v, lock - ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( Insert( <'F_template', z>, - - ) @ #t2.8 ) - case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - by contradiction /* from formulas */ - next - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.1 < #t2.8) ∥ (#t2.1 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m.1, ut, v, - ~n.7 - ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed qed qed qed qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.2, - , L_h, - k.1, k, ut, v, lock - ) ▶₀ #t2.3 ) - case newh_0_1111121111111 - solve( (#vr.33 < #vr.20) ∥ (#t2.2 < #vr.33) ) - case case_1 - solve( Insert( <'F_template', z>, - - ) @ #t2.6 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, - - ) @ #t2.6 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed qed qed qed @@ -10791,17 +10846,16 @@ next ((((#t0 < #t2) ∧ (#t1 < #t2)) ∨ ((#t0 < #t3) ∧ (#t1 < #t3))))) ) case case_1 solve( DecKey( h1, k, 'on' ) @ #t2 ) - case eventDecKeyLhkattdecatts_0_111111111111111111 - solve( State_111111111111111111( h1, - , k, lock, ptr, - templ + case eventDecKeyLhkattdecatts_0_1111111111111111111 + solve( State_1111111111111111111( lock, h1, + , k, ptr, templ ) ▶₀ #t2 ) - case eventWrapKeyLhkattwrapatts_0_11111111111111111 + case eventWrapKeyLhkattwrapatts_0_111111111111111111 solve( Insert( <'F_template', ptr>, ) @ #t2.1 ) case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - solve( (#vr.16 < #t2.1) ∥ (#vr.16 = #t2.1) ) + solve( (#vr.6 < #t2.1) ∥ (#vr.6 = #t2.1) ) case case_1 solve( State_11( ) ▶₀ #t2.1 ) case insertFtemplateusageoffoffononononoffonundefundef_0_1 @@ -10809,32 +10863,32 @@ next qed next case case_2 - solve( WrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventWrapKeyLhkattwrapatts_0_11111111111111111 - by solve( State_11111111111111111( h2, - <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, ~n.1, - lock, ptr, templ + solve( WrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventWrapKeyLhkattwrapatts_0_111111111111111111 + by solve( State_111111111111111111( lock, h2, + <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, ~n.2, + ptr, templ ) ▶₀ #t3 ) next - case eventWrapKeyhmattwrapatts_0_1111121111111111 - solve( State_1111121111111111( L_h, - <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, h2, k, ~n.1, - ut, v, lock + case eventWrapKeyhmattwrapatts_0_11111211111111111 + solve( State_11111211111111111( ut, + <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, h2, k, + ~n.2, v, L_h, lock ) ▶₀ #t3 ) - case eventUnwrappedhmatts_0_111112111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.19) ∥ + case eventUnwrappedhmatts_0_1111121111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.9) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∥ + (#t1 < #vr.9) ∧ (#t0 < #vr.9)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ∥ + (#t0 < #vr.9) ∧ (#t1 < #vr.9)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ) + (#t0 < #vr.9) ∧ (#t1 < #vr.9)) ) case case_1 solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8> @@ -10874,7 +10928,7 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.17 < #t2.1) ∥ (#vr.17 = #t2.1) ) + solve( (#vr.7 < #t2.1) ∥ (#vr.7 = #t2.1) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -10882,32 +10936,32 @@ next qed next case case_2 - solve( WrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventWrapKeyLhkattwrapatts_0_11111111111111111 - by solve( State_11111111111111111( h2, - <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, ~n.1, - lock, ptr, templ + solve( WrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventWrapKeyLhkattwrapatts_0_111111111111111111 + by solve( State_111111111111111111( lock, h2, + <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, ~n.2, + ptr, templ ) ▶₀ #t3 ) next - case eventWrapKeyhmattwrapatts_0_1111121111111111 - solve( State_1111121111111111( L_h, - <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, h2, k, ~n.1, - ut, v, lock + case eventWrapKeyhmattwrapatts_0_11111211111111111 + solve( State_11111211111111111( ut, + <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, h2, k, + ~n.2, v, L_h, lock ) ▶₀ #t3 ) - case eventUnwrappedhmatts_0_111112111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.19) ∥ + case eventUnwrappedhmatts_0_1111121111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.9) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∥ + (#t1 < #vr.9) ∧ (#t0 < #vr.9)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ∥ + (#t0 < #vr.9) ∧ (#t1 < #vr.9)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ) + (#t0 < #vr.9) ∧ (#t1 < #vr.9)) ) case case_1 solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8> @@ -10948,12 +11002,12 @@ next qed qed next - case eventDecKeyhmattdecatts_0_11111211111111111 - solve( State_11111211111111111( L_h, - , h1, k, k.1, ut, v, - lock + case eventDecKeyhmattdecatts_0_111112111111111111 + solve( State_111112111111111111( ut, + , h1, k, k.1, v, + L_h, lock ) ▶₀ #t2 ) - case eventWrapKeyhmattwrapatts_0_1111121111111111 + case eventWrapKeyhmattwrapatts_0_11111211111111111 solve( (∃ h1 #t1. (NewKey( h1, k.1, 'on' ) @ #t1) ∧ #t1 < #vr.1) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -10975,18 +11029,18 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.16 < #t2.1) ∥ (#vr.16 = #t2.1) ) + solve( (#vr.10 < #t2.1) ∥ (#vr.10 = #t2.1) ) case case_1 - solve( State_111111111111111( h1, - , k, lock, ptr, - templ + solve( State_111111111111111( lock, h1, + , k, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.17 < #t2.3) ∥ (#vr.17 = #t2.3) ) + solve( (#vr.11 < #t2.3) ∥ (#vr.11 = #t2.3) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -11001,9 +11055,9 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.5 < #t2.3) ) + solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.3 < #t2.3) ) case case_1 - solve( (#vr.16 < #t2.3) ∥ (#vr.16 = #t2.3) ) + solve( (#vr.10 < #t2.3) ∥ (#vr.10 = #t2.3) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -11033,63 +11087,57 @@ next qed next case case_2 - solve( State_111111111111111( h1, - , k, lock, ptr, - templ + solve( State_111111111111111( lock, h1, + , k, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.16 < #t2.3) ∥ (#vr.16 = #t2.3) ) + solve( (#vr.10 < #t2.3) ∥ (#vr.10 = #t2.3) ) case case_1 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 - solve( (#vr.16 < #t2.5) ∥ (#vr.16 = #t2.5) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 - solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) + by contradiction /* from formulas */ + next + case case_2 + solve( (last(#t2)) ∥ + (∃ L_h k2 #t1 #t0. + (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ + (¬(last(#t1))) ∧ + ((((#t1 < #vr.18) ∧ (#t0 < #vr.18)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ∥ + (∃ #t0 #t1 h1 h2 k. + (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + ((((#t0 < #t2) ∧ (#t1 < #t2)) ∨ ((#t0 < #vr.18) ∧ (#t1 < #vr.18))))) ) case case_1 - by contradiction /* from formulas */ + solve( State_( ) ▶₀ #t2.3 ) + case Init + by contradiction /* cyclic */ + qed next case case_2 - solve( (last(#t2)) ∥ - (∃ L_h k2 #t1 #t0. - (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ - (¬(last(#t1))) ∧ - ((((#t1 < #vr.34) ∧ (#t0 < #vr.34)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ∥ - (∃ #t0 #t1 h1 h2 k. - (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - ((((#t0 < #t2) ∧ (#t1 < #t2)) ∨ ((#t0 < #vr.34) ∧ (#t1 < #vr.34))))) ) - case case_1 - solve( State_( ) ▶₀ #t2.3 ) - case Init - by contradiction /* cyclic */ - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - qed + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ qed - next - case case_2 - by contradiction /* from formulas */ qed qed next case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 by contradiction /* from formulas */ @@ -11101,15 +11149,15 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - ((((#t1 < #vr.33) ∧ (#t0 < #vr.33)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ∥ + ((((#t1 < #vr.17) ∧ (#t0 < #vr.17)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - ((((#t0 < #t2) ∧ (#t1 < #t2)) ∨ ((#t0 < #vr.33) ∧ (#t1 < #vr.33))))) ) + ((((#t0 < #t2) ∧ (#t1 < #t2)) ∨ ((#t0 < #vr.17) ∧ (#t1 < #vr.17))))) ) case case_1 - by solve( WrapKey( h2, ~n.1, 'on' ) @ #t2 ) + by solve( WrapKey( h2, ~n.2, 'on' ) @ #t2 ) next case case_2 by contradiction /* from formulas */ @@ -11122,64 +11170,64 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.5 < #t2.3) ) + solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.3 < #t2.3) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( WrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventWrapKeyLhkattwrapatts_0_11111111111111111 - by solve( State_11111111111111111( h2, - <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, - x.15, x.16>, - ~n.1, lock, ptr, templ + solve( WrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventWrapKeyLhkattwrapatts_0_111111111111111111 + by solve( State_111111111111111111( lock, h2, + <'on', x.8, x.9, x.10, x.11, x.12, x.13, + x.14, x.15, x.16>, + ~n.2, ptr, templ ) ▶₀ #t3 ) next - case eventWrapKeyhmattwrapatts_0_1111121111111111 - solve( State_1111121111111111( L_h.1, - <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, - x.15, x.16>, - h2, k.1, ~n.1, ut, v, lock + case eventWrapKeyhmattwrapatts_0_11111211111111111 + solve( State_11111211111111111( ut, + <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, + x.15, x.16>, + h2, k.1, ~n.2, v, L_h.1, lock ) ▶₀ #t3 ) - case eventUnwrappedhmatts_0_111112111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.36) ∥ + case eventUnwrappedhmatts_0_1111121111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.20) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.36) ∧ (#t0 < #vr.36)) ∥ + (#t1 < #vr.20) ∧ (#t0 < #vr.20)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.36) ∧ (#t1 < #vr.36)) ∥ + (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.36) ∧ (#t1 < #vr.36)) ) + (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ) case case_1 - solve( ((#vr.9 < #vr.44) ∧ + solve( ((#vr.7 < #vr.26) ∧ (∃ #t2. (Unlock_4( '4', ~n.4, 'device' ) @ #t2) ∧ - (#vr.9 < #t2) ∧ - (#t2 < #vr.44) ∧ + (#vr.7 < #t2) ∧ + (#t2 < #vr.26) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.9) ∨ (#t0 = #vr.9) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.7) ∨ (#t0 = #vr.7) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.9) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.44 < #vr.9) ) + ((#t0 < #vr.7) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.26 < #vr.7) ) case case_1 solve( Insert( <'F_template', z>, <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, x.15, x.16> @@ -11201,22 +11249,22 @@ next by contradiction /* from formulas */ next case case_3 - solve( ((#vr.9 < #vr.44) ∧ + solve( ((#vr.7 < #vr.26) ∧ (∃ #t2. (Unlock_4( '4', ~n.4, 'device' ) @ #t2) ∧ - (#vr.9 < #t2) ∧ - (#t2 < #vr.44) ∧ + (#vr.7 < #t2) ∧ + (#t2 < #vr.26) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.9) ∨ (#t0 = #vr.9) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.7) ∨ (#t0 = #vr.7) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.9) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.44 < #vr.9) ) + ((#t0 < #vr.7) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.26 < #vr.7) ) case case_1 solve( (∃ L_h k2 #t1.2 #t0.1. (NewKey( L_h, k2, 'on' ) @ #t0.1) ∧ (!KU( k2 ) @ #t1.2) @@ -11273,9 +11321,9 @@ next qed next case case_3 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* cyclic */ qed qed @@ -11315,17 +11363,16 @@ next next case case_2 solve( DecKey( h1, k, 'on' ) @ #t2 ) - case eventDecKeyLhkattdecatts_0_111111111111111111 - solve( State_111111111111111111( h1, - , k, lock, ptr, - templ + case eventDecKeyLhkattdecatts_0_1111111111111111111 + solve( State_1111111111111111111( lock, h1, + , k, ptr, templ ) ▶₀ #t2 ) - case eventWrapKeyLhkattwrapatts_0_11111111111111111 + case eventWrapKeyLhkattwrapatts_0_111111111111111111 solve( Insert( <'F_template', ptr>, ) @ #t2.1 ) case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - solve( (#vr.16 < #t2.1) ∥ (#vr.16 = #t2.1) ) + solve( (#vr.6 < #t2.1) ∥ (#vr.6 = #t2.1) ) case case_1 solve( State_11( ) ▶₀ #t2.1 ) case insertFtemplateusageoffoffononononoffonundefundef_0_1 @@ -11333,32 +11380,32 @@ next qed next case case_2 - solve( WrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventWrapKeyLhkattwrapatts_0_11111111111111111 - by solve( State_11111111111111111( h2, - <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, ~n.1, - lock, ptr, templ + solve( WrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventWrapKeyLhkattwrapatts_0_111111111111111111 + by solve( State_111111111111111111( lock, h2, + <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, ~n.2, + ptr, templ ) ▶₀ #t3 ) next - case eventWrapKeyhmattwrapatts_0_1111121111111111 - solve( State_1111121111111111( L_h, - <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, h2, k, ~n.1, - ut, v, lock + case eventWrapKeyhmattwrapatts_0_11111211111111111 + solve( State_11111211111111111( ut, + <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, h2, k, + ~n.2, v, L_h, lock ) ▶₀ #t3 ) - case eventUnwrappedhmatts_0_111112111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.19) ∥ + case eventUnwrappedhmatts_0_1111121111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.9) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∥ + (#t1 < #vr.9) ∧ (#t0 < #vr.9)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ∥ + (#t0 < #vr.9) ∧ (#t1 < #vr.9)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ) + (#t0 < #vr.9) ∧ (#t1 < #vr.9)) ) case case_1 solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8> @@ -11398,7 +11445,7 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.17 < #t2.1) ∥ (#vr.17 = #t2.1) ) + solve( (#vr.7 < #t2.1) ∥ (#vr.7 = #t2.1) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -11406,32 +11453,32 @@ next qed next case case_2 - solve( WrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventWrapKeyLhkattwrapatts_0_11111111111111111 - by solve( State_11111111111111111( h2, - <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, ~n.1, - lock, ptr, templ + solve( WrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventWrapKeyLhkattwrapatts_0_111111111111111111 + by solve( State_111111111111111111( lock, h2, + <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, ~n.2, + ptr, templ ) ▶₀ #t3 ) next - case eventWrapKeyhmattwrapatts_0_1111121111111111 - solve( State_1111121111111111( L_h, - <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, h2, k, ~n.1, - ut, v, lock + case eventWrapKeyhmattwrapatts_0_11111211111111111 + solve( State_11111211111111111( ut, + <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8>, h2, k, + ~n.2, v, L_h, lock ) ▶₀ #t3 ) - case eventUnwrappedhmatts_0_111112111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.19) ∥ + case eventUnwrappedhmatts_0_1111121111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.9) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∥ + (#t1 < #vr.9) ∧ (#t0 < #vr.9)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ∥ + (#t0 < #vr.9) ∧ (#t1 < #vr.9)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ) + (#t0 < #vr.9) ∧ (#t1 < #vr.9)) ) case case_1 solve( Insert( <'F_template', z>, <'on', x, x.1, x.2, x.3, x.4, x.5, x.6, x.7, x.8> @@ -11472,12 +11519,12 @@ next qed qed next - case eventDecKeyhmattdecatts_0_11111211111111111 - solve( State_11111211111111111( L_h, - , h1, k, k.1, ut, v, - lock + case eventDecKeyhmattdecatts_0_111112111111111111 + solve( State_111112111111111111( ut, + , h1, k, k.1, v, + L_h, lock ) ▶₀ #t2 ) - case eventWrapKeyhmattwrapatts_0_1111121111111111 + case eventWrapKeyhmattwrapatts_0_11111211111111111 solve( (∃ h1 #t1. (NewKey( h1, k.1, 'on' ) @ #t1) ∧ #t1 < #vr.1) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -11499,18 +11546,18 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.16 < #t2.1) ∥ (#vr.16 = #t2.1) ) + solve( (#vr.10 < #t2.1) ∥ (#vr.10 = #t2.1) ) case case_1 - solve( State_111111111111111( h1, - , k, lock, ptr, - templ + solve( State_111111111111111( lock, h1, + , k, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.17 < #t2.3) ∥ (#vr.17 = #t2.3) ) + solve( (#vr.11 < #t2.3) ∥ (#vr.11 = #t2.3) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -11525,9 +11572,9 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.5 < #t2.3) ) + solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.3 < #t2.3) ) case case_1 - solve( (#vr.16 < #t2.3) ∥ (#vr.16 = #t2.3) ) + solve( (#vr.10 < #t2.3) ∥ (#vr.10 = #t2.3) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -11557,107 +11604,78 @@ next qed next case case_2 - solve( State_111111111111111( h1, - , k, lock, ptr, - templ + solve( State_111111111111111( lock, h1, + , k, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.16 < #t2.3) ∥ (#vr.16 = #t2.3) ) + solve( (#vr.10 < #t2.3) ∥ (#vr.10 = #t2.3) ) case case_1 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 - solve( (#vr.16 < #t2.5) ∥ (#vr.16 = #t2.5) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 - solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_( ) ▶₀ #t2.3 ) - case Init - by contradiction /* cyclic */ - qed - qed + by contradiction /* from formulas */ next case case_2 - by contradiction /* from formulas */ + solve( State_( ) ▶₀ #t2.3 ) + case Init + by contradiction /* cyclic */ + qed qed qed next case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( WrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventWrapKeyLhkattwrapatts_0_11111111111111111 - solve( State_11111111111111111( h2, - <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, - x.15, x.16>, - ~n.1, lock, ptr, templ + solve( WrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventWrapKeyLhkattwrapatts_0_111111111111111111 + solve( State_111111111111111111( lock, h2, + <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, + x.15, x.16>, + ~n.2, ptr, templ ) ▶₀ #t3 ) - case insertobjLhkatts_0_1111111111111111 + case insertobjLhkatts_0_11111111111111111 solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( senc(~n.1, k) ) @ #vk.3 ) + solve( !KU( senc(~n.2, k) ) @ #vk.3 ) case c_senc by contradiction /* from formulas */ next - case outkeyv_0_1111211111 - solve( (#vr.38 < #vr.21) ∥ (#t2.2 < #vr.38) ) - case case_1 - solve( State_111111111111111( L_h.1, - , - t, lock, ptr, templ - ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by contradiction /* impossible chain */ - qed - next - case case_2 - solve( State_111111111111111( L_h.1, - , - t, lock, ptr, templ - ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by contradiction /* impossible chain */ - qed - qed - next - case outm_0_111111112111111 + case eventDecUsingkm_0_111111112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2, 'on' ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.35) ∧ (#t3 < #vr.35)) ∥ + (#t2 < #vr.18) ∧ (#t3 < #vr.18)) ∥ (∃ h2 #t2 #t3 #t4. (NewKey( h2, k.1, 'off' ) @ #t2) ∧ (!KU( k.1 ) @ #t3) ∧ (!KU( t ) @ #t4) ∧ - (#t2 < #vr.35) ∧ (#t3 < #vr.35) ∧ (#t4 < #vr.35)) ∥ - (∃ #t2. (EncUsing( k.1, t ) @ #t2) ∧ #t2 < #vr.35) ∥ + (#t2 < #vr.18) ∧ (#t3 < #vr.18) ∧ (#t4 < #vr.18)) ∥ + (∃ #t2. (EncUsing( k.1, t ) @ #t2) ∧ #t2 < #vr.18) ∥ (∃ h2 k2 #t2 #t3 a. (Unwrapped( h2, k2, a ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.35) ∧ (#t3 < #vr.35)) ∥ + (#t2 < #vr.18) ∧ (#t3 < #vr.18)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2, 'on' ) @ #t2) ∧ (DecKey( h1, k2, 'on' ) @ #t3) ∧ - (#t2 < #vr.35) ∧ (#t3 < #vr.35)) ) + (#t2 < #vr.18) ∧ (#t3 < #vr.18)) ) case case_1 by contradiction /* from formulas */ next @@ -11665,32 +11683,40 @@ next by contradiction /* cyclic */ next case case_3 - solve( (#vr.39 < #vr.21) ∥ (#t2.2 < #vr.39) ) + solve( (#vr.22 < #vr.12) ∥ (#t2.2 < #vr.22) ) case case_1 - solve( State_1111111121111111( L_h.1, k.1, m, v, ~n.5 ) ▶₀ #t2.4 ) - case outm_0_111111112111111 + solve( State_11111111211111111( ~n.5, m, v, L_h.1, k.1 ) ▶₀ #t2.4 ) + case eventDecUsingkm_0_111111112111111 solve( (#t2.7 < #t2.8) ∥ (#t2.7 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111111121111( L_h.2, m, v, lock ) ▶₀ #t2.5 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, m, + , + L_h.2 + ) ▶₀ #t2.5 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed qed qed next case case_2 - solve( State_1111111121111111( L_h.1, k.1, m, v, ~n.5 ) ▶₀ #t2.4 ) - case outm_0_111111112111111 + solve( State_11111111211111111( ~n.5, m, v, L_h.1, k.1 ) ▶₀ #t2.4 ) + case eventDecUsingkm_0_111111112111111 solve( (#t2.7 < #t2.8) ∥ (#t2.7 = #t2.8) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111111121111( L_h.2, m, v, lock ) ▶₀ #t2.5 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, m, + , + L_h.2 + ) ▶₀ #t2.5 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed qed @@ -11698,7 +11724,7 @@ next qed next case case_4 - solve( (#vr.39 < #vr.21) ∥ (#t2.2 < #vr.39) ) + solve( (#vr.22 < #vr.12) ∥ (#t2.2 < #vr.22) ) case case_1 solve( (∃ h1 #t1. (NewKey( h1, k2, 'on' ) @ #t1) ∧ #t1 < #t2.5) ∥ (∃ L_h k2 #t1 #t0. @@ -11797,7 +11823,7 @@ next qed next case case_5 - solve( (#vr.39 < #vr.21) ∥ (#t2.2 < #vr.39) ) + solve( (#vr.22 < #vr.12) ∥ (#t2.2 < #vr.22) ) case case_1 solve( (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -11846,10 +11872,40 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_1 + case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111 + by contradiction /* from formulas */ + next + case ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111 + solve( (#vr.20 < #vr.12) ∥ (#t2.2 < #vr.20) ) + case case_1 + solve( State_111111111111111( lock, L_h.1, + , + t, ptr, + + ) ▶₀ #t1.1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by contradiction /* impossible chain */ + qed + next + case case_2 + solve( State_111111111111111( lock, L_h.1, + , + t, ptr, + + ) ▶₀ #t1.1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by contradiction /* impossible chain */ + qed + qed + next + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_1 solve( (z.8 = 'off') ∥ ((z.8 = 'on') ∧ (z = 'on')) ) case case_1 - solve( (#vr.41 < #vr.21) ∥ (#t2.2 < #vr.41) ) + solve( (#vr.23 < #vr.12) ∥ (#t2.2 < #vr.23) ) case case_1 solve( Insert( <'F_template', z.1>, @@ -11868,7 +11924,7 @@ next qed next case case_2 - solve( (#vr.41 < #vr.21) ∥ (#t2.2 < #vr.41) ) + solve( (#vr.23 < #vr.12) ∥ (#t2.2 < #vr.23) ) case case_1 solve( Insert( <'F_template', z>, @@ -11882,8 +11938,9 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.5 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.5 + ) ▶₀ #t2.4 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 by contradiction /* cyclic */ qed qed @@ -11902,8 +11959,9 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.5 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.5 + ) ▶₀ #t2.4 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.7 < #t2.10) ∥ (#t2.7 = #t2.10) ) case case_1 by contradiction /* from formulas */ @@ -11923,37 +11981,78 @@ next ) @ #t2.5 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , - k, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , + k.1, k, v, L_h, lock + ) ▶₀ #t2.5 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.29 < #vr.12) ∥ (#t2.2 < #vr.29) ) + case case_1 + solve( Insert( <'F_template', z>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (#vr.29 < #vr.23) ∥ (#t2.4 < #vr.29) ) + case case_1 + solve( Insert( <'F_template', z>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', z>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , + k, ptr, templ ) ▶₀ #t2.5 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( ((#vr.21 < #vr.52) ∧ + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( ((#vr.12 < #vr.27) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.21 < #t2) ∧ - (#t2 < #vr.52) ∧ + (#vr.12 < #t2) ∧ + (#t2 < #vr.27) ∧ (∀ #t0 pp. - (Unlock( pp, ~n.2, 'device' ) @ #t0) + (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.21) ∨ - (#t0 = #vr.21) ∨ + ((#t0 < #vr.12) ∨ + (#t0 = #vr.12) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.21) ∨ + ((#t0 < #vr.12) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.52 < #vr.21) ∥ (#vr.21 = #vr.52) ) + (#vr.27 < #vr.12) ∥ (#vr.12 = #vr.27) ) case case_1 solve( Insert( <'F_template', ptr>, , - <~n.1, 'off', 'off', 'on', + <~n.2, 'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h2, - <'off', - 'off', - 'on', - 'on', - 'on', - 'on', - 'off', - 'on', - 'undef', - 'undef'>, - ~n.1, - lock, ptr, - templ - ) ▶₀ #t2.7 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - h2, k, ~n.1, - ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + k, ~n.2, v, L_h, + lock ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.71 < #vr.52) ∥ - (#t2.6 < #vr.71) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.37 < #vr.27) ∥ + (#t2.6 < #vr.37) ) case case_1 solve( Insert( <'F_template', z>, <'off', 'off', 'on', @@ -12027,16 +12114,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 by contradiction /* from formulas */ qed @@ -12057,16 +12144,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 by contradiction /* from formulas */ qed @@ -12074,6 +12161,24 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h2, + <'off', + 'off', + 'on', + 'on', + 'on', + 'on', + 'off', + 'on', + 'undef', + 'undef' + >, + ~n.2, + ptr, + templ + ) ▶₀ #t2.7 ) qed next case case_3 @@ -12082,13 +12187,13 @@ next qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.10 < #t2.3) ∥ (#t2.10 = #t2.3) ∥ - (#vr.18 < #t2.10) ) + (#vr.11 < #t2.10) ) case case_1 by contradiction /* from formulas */ next @@ -12118,55 +12223,43 @@ next ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ solve( (#t2.7 < #t2.3) ∥ (#t2.7 = #t2.3) ∥ - (#vr.18 < #t2.7) ) + (#vr.11 < #t2.7) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.3 < #t2.9) ∥ (#t2.3 = #t2.9) ) case case_1 by contradiction /* from formulas */ next case case_2 solve( Insert( <'obj', h2>, - <~n.1, 'off', 'off', 'on', + <~n.2, 'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h2, - <'off', - 'off', - 'on', - 'on', - 'on', - 'on', - 'off', - 'on', - 'undef', - 'undef'>, - ~n.1, - lock, ptr, - templ - ) ▶₀ #t2.7 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - h2, k, ~n.1, - ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + k, ~n.2, v, L_h, + lock ) ▶₀ #t2.7 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', @@ -12179,31 +12272,49 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 by contradiction /* from formulas */ qed qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h2, + <'off', + 'off', + 'on', + 'on', + 'on', + 'on', + 'off', + 'on', + 'undef', + 'undef' + >, + ~n.2, + ptr, + templ + ) ▶₀ #t2.7 ) qed qed qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* cyclic */ qed qed @@ -12216,32 +12327,22 @@ next next case case_2 solve( Insert( <'obj', h2>, - <~n.1, 'off', 'off', 'on', 'on', + <~n.2, 'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - by solve( State_1111111111111111( h2, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - ~n.1, lock, ptr, - templ - ) ▶₀ #t2.6 ) - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', - 'on', 'on', 'on', - 'off', 'on', - 'undef', 'undef'>, - h2, k, ~n.1, ut, v, - lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', + 'on', 'on', 'on', + 'off', 'on', + 'undef', 'undef'>, + <'off', 'off', 'on', + 'on', 'on', 'on', + 'off', 'on', + 'undef', 'undef'>, + k, ~n.2, v, L_h, lock ) ▶₀ #t2.6 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', @@ -12253,59 +12354,32 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, k.1, - m, ut, - v, ~n.7 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, m, + v, + L_h.1, + ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 by contradiction /* from formulas */ qed qed qed qed - qed - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , - L_h, k.1, k, ut, v, lock - ) ▶₀ #t2.5 ) - case newh_0_1111121111111 - solve( (#vr.53 < #vr.21) ∥ (#t2.2 < #vr.53) ) - case case_1 - solve( Insert( <'F_template', z>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#vr.53 < #vr.41) ∥ (#t2.4 < #vr.53) ) - case case_1 - solve( Insert( <'F_template', z>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', z>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + next + case insertobjLhkatts_0_11111111111111111 + by solve( State_11111111111111111( lock, h2, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + ~n.2, ptr, + templ + ) ▶₀ #t2.6 ) qed qed qed @@ -12320,8 +12394,8 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_2 - solve( (#vr.42 < #vr.21) ∥ (#t2.2 < #vr.42) ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_2 + solve( (#vr.24 < #vr.12) ∥ (#t2.2 < #vr.24) ) case case_1 solve( Insert( <'F_template', z.3>, @@ -12339,8 +12413,8 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_3 - solve( (#vr.42 < #vr.21) ∥ (#t2.2 < #vr.42) ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_3 + solve( (#vr.24 < #vr.12) ∥ (#t2.2 < #vr.24) ) case case_1 solve( Insert( <'F_template', z.2>, @@ -12354,8 +12428,8 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.5 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.5 ) ▶₀ #t2.4 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.7 < #t2.10) ∥ (#t2.7 = #t2.10) ) case case_1 by contradiction /* from formulas */ @@ -12375,37 +12449,78 @@ next ) @ #t2.5 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , - k, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , + k.1, k, v, L_h, lock + ) ▶₀ #t2.5 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.30 < #vr.12) ∥ (#t2.2 < #vr.30) ) + case case_1 + solve( (#vr.30 < #vr.24) ∥ (#t2.4 < #vr.30) ) + case case_1 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + next + case case_2 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , + k, ptr, templ ) ▶₀ #t2.5 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( ((#vr.21 < #vr.53) ∧ + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( ((#vr.12 < #vr.28) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.21 < #t2) ∧ - (#t2 < #vr.53) ∧ + (#vr.12 < #t2) ∧ + (#t2 < #vr.28) ∧ (∀ #t0 pp. - (Unlock( pp, ~n.2, 'device' ) @ #t0) + (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.21) ∨ - (#t0 = #vr.21) ∨ + ((#t0 < #vr.12) ∨ + (#t0 = #vr.12) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.21) ∨ + ((#t0 < #vr.12) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.53 < #vr.21) ∥ (#vr.21 = #vr.53) ) + (#vr.28 < #vr.12) ∥ (#vr.12 = #vr.28) ) case case_1 solve( Insert( <'F_template', ptr>, ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - z, lock, ptr, - templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', 'undef' - >, - h2, k, z, ut, v, - lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', 'undef' + >, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', 'undef' + >, + k, z, v, L_h, lock ) ▶₀ #t2.7 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', @@ -12473,41 +12577,41 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -12523,25 +12627,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -12607,6 +12722,21 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', + 'off', 'on', + 'on', 'on', + 'on', 'off', + 'on', + 'undef', + 'undef'>, + z, ptr, templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed next case case_3 @@ -12615,13 +12745,13 @@ next qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, ptr, + templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.10 < #t2.3) ∥ (#t2.10 = #t2.3) ∥ - (#vr.18 < #t2.10) ) + (#vr.11 < #t2.10) ) case case_1 by contradiction /* from formulas */ next @@ -12645,7 +12775,7 @@ next qed next case case_2 - solve( (#vr.53 < #vr.42) ∥ (#t2.4 < #vr.53) ) + solve( (#vr.28 < #vr.24) ∥ (#t2.4 < #vr.28) ) case case_1 solve( Insert( <'F_template', ptr>, ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', - 'off', - 'on', 'on', - 'on', 'on', - 'off', - 'on', - 'undef', - 'undef'>, - z, lock, ptr, - templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - h2, k, z, ut, - v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + k, z, v, L_h, + lock ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.72 < #vr.53) ∥ - (#t2.6 < #vr.72) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.28) ∥ + (#t2.6 < #vr.38) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', @@ -12718,44 +12836,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -12771,25 +12889,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -12876,44 +13005,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -12929,25 +13058,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -13021,16 +13161,35 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', + 'off', + 'on', + 'on', + 'on', + 'on', + 'off', + 'on', + 'undef', + 'undef'>, + z, ptr, + templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* cyclic */ qed qed @@ -13043,16 +13202,16 @@ next ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ solve( (#t2.7 < #t2.3) ∥ (#t2.7 = #t2.3) ∥ - (#vr.18 < #t2.7) ) + (#vr.11 < #t2.7) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.3 < #t2.9) ∥ (#t2.3 = #t2.9) ) case case_1 by contradiction /* from formulas */ @@ -13063,35 +13222,23 @@ next 'on', 'on', 'off', 'on', 'undef', 'undef'> ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', - 'off', - 'on', 'on', - 'on', 'on', - 'off', - 'on', - 'undef', - 'undef'>, - z, lock, ptr, - templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - h2, k, z, ut, - v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + k, z, v, L_h, + lock ) ▶₀ #t2.7 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', @@ -13104,44 +13251,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -13157,25 +13304,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -13245,16 +13403,35 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', + 'off', + 'on', + 'on', + 'on', + 'on', + 'off', + 'on', + 'undef', + 'undef'>, + z, ptr, + templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* cyclic */ qed qed @@ -13271,27 +13448,18 @@ next ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', - 'on', 'on', 'on', - 'off', 'on', - 'undef', 'undef'>, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', - 'on', 'on', 'on', - 'off', 'on', 'undef', - 'undef'>, - h2, k, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', + 'on', 'on', 'on', + 'off', 'on', 'undef', + 'undef'>, + <'off', 'off', 'on', + 'on', 'on', 'on', + 'off', 'on', 'undef', + 'undef'>, + k, z, v, L_h, lock ) ▶₀ #t2.6 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', @@ -13303,32 +13471,32 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, h2, - k.1, m, - ut, v, - ~n.7 + solve( State_1111121111111111111111( ut, atts, + h2, k.1, + m, v, + L_h.1, + ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.63) ∥ + #t1 < #vr.35) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.63) ∧ (#t0 < #vr.63)) ∥ + (#t1 < #vr.35) ∧ (#t0 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.63) ∧ (#t1 < #vr.63)) ∥ + (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.63) ∧ (#t1 < #vr.63)) ) + (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ) case case_1 solve( (#t2.9 < #t2.11) ∥ (#t2.9 = #t2.11) ) @@ -13342,22 +13510,31 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, - ptr, - templ + z.5, + z.6, + z.7, + z.8, + z.9>, + m, ptr, + ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -13419,50 +13596,22 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', + 'on', 'on', 'on', + 'on', 'off', 'on', + 'undef', 'undef'>, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , - L_h, k.1, k, ut, v, lock - ) ▶₀ #t2.5 ) - case newh_0_1111121111111 - solve( (#vr.54 < #vr.21) ∥ (#t2.2 < #vr.54) ) - case case_1 - solve( (#vr.54 < #vr.42) ∥ (#t2.4 < #vr.54) ) - case case_1 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed qed qed qed @@ -13484,8 +13633,8 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.5 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.5 ) ▶₀ #t2.4 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.7 < #t2.10) ∥ (#t2.7 = #t2.10) ) case case_1 by contradiction /* from formulas */ @@ -13505,39 +13654,80 @@ next ) @ #t2.5 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( L_h, - , - k, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( , + , + k.1, k, v, L_h, lock + ) ▶₀ #t2.5 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.30 < #vr.12) ∥ (#t2.2 < #vr.30) ) + case case_1 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( (#vr.30 < #vr.24) ∥ (#t2.4 < #vr.30) ) + case case_1 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', z.2>, + + ) @ #t2.9 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, L_h, + , + k, ptr, templ ) ▶₀ #t2.5 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( ((#vr.21 < #vr.53) ∧ + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( ((#vr.12 < #vr.28) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.21 < #t2) ∧ - (#t2 < #vr.53) ∧ + (#vr.12 < #t2) ∧ + (#t2 < #vr.28) ∧ (∀ #t0 pp. - (Unlock( pp, ~n.2, 'device' ) @ #t0) + (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.21) ∨ - (#t0 = #vr.21) ∨ + ((#t0 < #vr.12) ∨ + (#t0 = #vr.12) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.21) ∨ + ((#t0 < #vr.12) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.53 < #vr.21) ∥ (#vr.21 = #vr.53) ) + (#vr.28 < #vr.12) ∥ (#vr.12 = #vr.28) ) case case_1 - solve( (#vr.53 < #vr.42) ∥ (#t2.4 < #vr.53) ) + solve( (#vr.28 < #vr.24) ∥ (#t2.4 < #vr.28) ) case case_1 solve( Insert( <'F_template', ptr>, ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', - 'off', - 'on', 'on', - 'on', 'on', - 'off', - 'on', - 'undef', - 'undef'>, - z, lock, ptr, - templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - h2, k, z, ut, - v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + k, z, v, L_h, + lock ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.72 < #vr.21) ∥ - (#t2.2 < #vr.72) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.12) ∥ + (#t2.2 < #vr.38) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', @@ -13611,44 +13789,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -13664,25 +13842,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -13756,8 +13945,8 @@ next qed next case case_2 - solve( (#vr.72 < #vr.53) ∥ - (#t2.6 < #vr.72) ) + solve( (#vr.38 < #vr.28) ∥ + (#t2.6 < #vr.38) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', @@ -13773,44 +13962,44 @@ next /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -13826,25 +14015,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ @@ -13935,44 +14135,44 @@ next /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -13988,25 +14188,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ @@ -14084,6 +14295,25 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', + 'off', + 'on', + 'on', + 'on', + 'on', + 'off', + 'on', + 'undef', + 'undef'>, + z, ptr, + templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed next case case_3 @@ -14092,13 +14322,13 @@ next qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.10 < #t2.3) ∥ (#t2.10 = #t2.3) ∥ - (#vr.18 < #t2.10) ) + (#vr.11 < #t2.10) ) case case_1 by contradiction /* from formulas */ next @@ -14128,18 +14358,18 @@ next ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ solve( (#t2.7 < #t2.3) ∥ (#t2.7 = #t2.3) ∥ - (#vr.18 < #t2.7) ) + (#vr.11 < #t2.7) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.9 < #t2.3) ∥ (#t2.9 = #t2.3) ∥ - (#vr.18 < #t2.9) ) + (#vr.11 < #t2.9) ) case case_1 by contradiction /* from formulas */ next @@ -14149,37 +14379,25 @@ next 'on', 'on', 'off', 'on', 'undef', 'undef'> ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', - 'off', - 'on', 'on', - 'on', 'on', - 'off', - 'on', - 'undef', - 'undef'>, - z, lock, ptr, - templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - h2, k, z, ut, - v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', + 'undef'>, + k, z, v, L_h, + lock ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.72 < #vr.21) ∥ - (#t2.2 < #vr.72) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.12) ∥ + (#t2.2 < #vr.38) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', @@ -14194,44 +14412,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -14247,25 +14465,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -14352,44 +14581,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -14405,25 +14634,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -14497,6 +14737,25 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', + 'off', + 'on', + 'on', + 'on', + 'on', + 'off', + 'on', + 'undef', + 'undef'>, + z, ptr, + templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed next case case_3 @@ -14505,13 +14764,13 @@ next qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, + ptr, templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.10 < #t2.3) ∥ (#t2.10 = #t2.3) ∥ - (#vr.18 < #t2.10) ) + (#vr.11 < #t2.10) ) case case_1 by contradiction /* from formulas */ next @@ -14542,16 +14801,16 @@ next ) @ #t2.9 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ solve( (#t2.7 < #t2.3) ∥ (#t2.7 = #t2.3) ∥ - (#vr.18 < #t2.7) ) + (#vr.11 < #t2.7) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, ptr, + templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.3 < #t2.9) ∥ (#t2.3 = #t2.9) ) case case_1 by contradiction /* from formulas */ @@ -14562,38 +14821,27 @@ next 'on', 'on', 'off', 'on', 'undef', 'undef'> ) @ #t2.7 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', - 'undef'>, - z, lock, ptr, - templ - ) ▶₀ #t2.7 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', - 'on', 'on', - 'on', 'on', - 'off', 'on', - 'undef', 'undef' - >, - h2, k, z, ut, v, - lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', 'undef' + >, + <'off', 'off', + 'on', 'on', + 'on', 'on', + 'off', 'on', + 'undef', 'undef' + >, + k, z, v, L_h, lock ) ▶₀ #t2.7 ) - case newh_0_1111121111111 - solve( (#vr.72 < #vr.21) ∥ - (#t2.2 < #vr.72) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.38 < #vr.12) ∥ + (#t2.2 < #vr.38) ) case case_1 - solve( (#vr.72 < #vr.53) ∥ - (#t2.6 < #vr.72) ) + solve( (#vr.38 < #vr.28) ∥ + (#t2.6 < #vr.38) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', @@ -14608,44 +14856,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -14661,25 +14909,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -14766,44 +15025,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -14819,25 +15078,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -14924,44 +15194,44 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, - k.1, - m, - ut, - v, - ~n.10 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, + m, + v, + L_h.1, + ~n.10 ) ▶₀ #t2.8 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.82) ∥ + #t1 < #vr.44) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.82) ∧ - (#t0 < #vr.82)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.82) ∧ - (#t1 < #vr.82)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 solve( (#t2.10 < #t2.12) ∥ (#t2.10 = #t2.12) ) @@ -14977,25 +15247,36 @@ next /* from formulas */ next case case_2 - solve( State_111111111111111( h1, + solve( State_111111111111111( lock, + h1, < - x, - x.1, - x.2, - x.3, + z.1, + z.2, + z.3, + z.4, 'on', - x.4, - x.5, - x.6, - x.7, - x.8 + z.5, + z.6, + z.7, + z.8, + z.9 >, m, - lock, ptr, - templ + < + z.1, + z.2, + z.3, + z.4, + 'on', + z.5, + z.6, + z.7, + z.8, + z.9 + > ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -15066,16 +15347,31 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', + 'off', 'on', + 'on', 'on', + 'on', 'off', + 'on', + 'undef', + 'undef'>, + z, ptr, templ + ) ▶₀ #t2.7 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, - ~n.8, ptr, - templ + solve( State_11111111111111111111111( ~n.8, L_h, + atts, k, ptr, + templ ) ▶₀ #t2.6 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* cyclic */ qed qed @@ -15091,28 +15387,19 @@ next ) @ #t2.6 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', - 'on', 'on', 'on', - 'off', 'on', - 'undef', 'undef'>, - z, lock, ptr, templ - ) ▶₀ #t2.6 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by contradiction /* impossible chain */ - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', - 'on', 'on', 'on', - 'off', 'on', 'undef', - 'undef'>, - h2, k, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', + 'on', 'on', 'on', + 'off', 'on', 'undef', + 'undef'>, + <'off', 'off', 'on', + 'on', 'on', 'on', + 'off', 'on', 'undef', + 'undef'>, + k, z, v, L_h, lock ) ▶₀ #t2.6 ) - case newh_0_1111121111111 - solve( (#vr.53 < #vr.21) ∥ (#t2.2 < #vr.53) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.29 < #vr.12) ∥ (#t2.2 < #vr.29) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', @@ -15125,36 +15412,38 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, k.1, - m, ut, - v, ~n.7 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, m, + v, + L_h.1, + ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.63) ∥ + #t1 < #vr.35) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.63) ∧ - (#t0 < #vr.63)) ∥ + (#t1 < #vr.35) ∧ + (#t0 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ∥ + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ) + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ) case case_1 solve( (#t2.9 < #t2.11) ∥ (#t2.9 = #t2.11) ) @@ -15168,23 +15457,32 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , + z.5, + z.6, + z.7, + z.8, + z.9>, m, - lock, ptr, - templ + ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -15260,36 +15558,38 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, - atts, - h2, k.1, - m, ut, - v, ~n.7 + solve( State_1111121111111111111111( ut, + atts, + h2, + k.1, m, + v, + L_h.1, + ~n.7 ) ▶₀ #t2.7 ) - case outh_0_11111211111111111111 + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ - #t1 < #vr.63) ∥ + #t1 < #vr.35) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.63) ∧ - (#t0 < #vr.63)) ∥ + (#t1 < #vr.35) ∧ + (#t0 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ∥ + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.63) ∧ - (#t1 < #vr.63)) ) + (#t0 < #vr.35) ∧ + (#t1 < #vr.35)) ) case case_1 solve( (#t2.9 < #t2.11) ∥ (#t2.9 = #t2.11) ) @@ -15303,23 +15603,32 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , + z.5, + z.6, + z.7, + z.8, + z.9>, m, - lock, ptr, - templ + ) ▶₀ #t1.1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 by contradiction /* impossible chain */ qed @@ -15384,46 +15693,18 @@ next qed qed qed - qed - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - , - L_h, k.1, k, ut, v, lock - ) ▶₀ #t2.5 ) - case newh_0_1111121111111 - solve( (#vr.54 < #vr.21) ∥ (#t2.2 < #vr.54) ) - case case_1 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#vr.54 < #vr.42) ∥ (#t2.4 < #vr.54) ) - case case_1 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', z.2>, - - ) @ #t2.9 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', + 'on', 'on', 'on', + 'on', 'off', 'on', + 'undef', 'undef'>, + z, ptr, templ + ) ▶₀ #t2.6 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by contradiction /* impossible chain */ + qed qed qed qed @@ -15436,50 +15717,47 @@ next qed qed qed - next - case outsencmkeyv_0_1111111211111 - by contradiction /* from formulas */ qed qed qed next - case eventWrapKeyhmattwrapatts_0_1111121111111111 - solve( State_1111121111111111( L_h.1, - <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, - x.15, x.16>, - h2, k.1, ~n.1, ut, v, lock + case eventWrapKeyhmattwrapatts_0_11111211111111111 + solve( State_11111211111111111( ut, + <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, + x.15, x.16>, + h2, k.1, ~n.2, v, L_h.1, lock ) ▶₀ #t3 ) - case eventUnwrappedhmatts_0_111112111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.35) ∥ + case eventUnwrappedhmatts_0_1111121111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.19) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.35) ∧ (#t0 < #vr.35)) ∥ + (#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ∥ + (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ) + (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ) case case_1 - solve( ((#vr.9 < #vr.43) ∧ + solve( ((#vr.7 < #vr.25) ∧ (∃ #t2. (Unlock_4( '4', ~n.4, 'device' ) @ #t2) ∧ - (#vr.9 < #t2) ∧ - (#t2 < #vr.43) ∧ + (#vr.7 < #t2) ∧ + (#t2 < #vr.25) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.9) ∨ (#t0 = #vr.9) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.7) ∨ (#t0 = #vr.7) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.9) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.43 < #vr.9) ) + ((#t0 < #vr.7) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.25 < #vr.7) ) case case_1 solve( Insert( <'F_template', z>, <'on', x.8, x.9, x.10, x.11, x.12, x.13, x.14, x.15, x.16> @@ -15501,22 +15779,22 @@ next by contradiction /* from formulas */ next case case_3 - solve( ((#vr.9 < #vr.43) ∧ + solve( ((#vr.7 < #vr.25) ∧ (∃ #t2. (Unlock_4( '4', ~n.4, 'device' ) @ #t2) ∧ - (#vr.9 < #t2) ∧ - (#t2 < #vr.43) ∧ + (#vr.7 < #t2) ∧ + (#t2 < #vr.25) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.9) ∨ (#t0 = #vr.9) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.7) ∨ (#t0 = #vr.7) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.9) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.43 < #vr.9) ) + ((#t0 < #vr.7) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.25 < #vr.7) ) case case_1 solve( (∃ L_h k2 #t1.2 #t0.1. (NewKey( L_h, k2, 'on' ) @ #t0.1) ∧ (!KU( k2 ) @ #t1.2) @@ -15574,14 +15852,14 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.5 < #t2.3) ) + solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.3 < #t2.3) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ) case case_1 by contradiction /* from formulas */ @@ -15593,15 +15871,15 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - ((((#t1 < #t3) ∧ (#t0 < #t3)) ∨ ((#t1 < #vr.33) ∧ (#t0 < #vr.33))))) ∥ + ((((#t1 < #t3) ∧ (#t0 < #t3)) ∨ ((#t1 < #vr.17) ∧ (#t0 < #vr.17))))) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - ((((#t0 < #vr.33) ∧ (#t1 < #vr.33)) ∨ ((#t0 < #t3) ∧ (#t1 < #t3))))) ) + ((((#t0 < #vr.17) ∧ (#t1 < #vr.17)) ∨ ((#t0 < #t3) ∧ (#t1 < #t3))))) ) case case_1 - by solve( WrapKey( h2, ~n.1, 'on' ) @ #t2 ) + by solve( WrapKey( h2, ~n.2, 'on' ) @ #t2 ) next case case_2 by contradiction /* from formulas */ @@ -15613,9 +15891,9 @@ next qed next case case_3 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* cyclic */ qed qed @@ -16447,17 +16725,16 @@ next ((((#t1 < #t3) ∧ (#t0 < #t3)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) case case_1 solve( EncKey( h1, k, 'on' ) @ #t2 ) - case eventEncKeyLhkattencatts_0_1111111111111111111 - solve( State_1111111111111111111( h1, - , k, lock, ptr, - templ + case eventEncKeyLhkattencatts_0_11111111111111111111 + solve( State_11111111111111111111( lock, h1, + , k, ptr, templ ) ▶₀ #t2 ) - case eventDecKeyLhkattdecatts_0_111111111111111111 + case eventDecKeyLhkattdecatts_0_1111111111111111111 solve( Insert( <'F_template', ptr>, ) @ #t2.1 ) case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - solve( (#vr.17 < #t2.1) ∥ (#vr.17 = #t2.1) ) + solve( (#vr.7 < #t2.1) ∥ (#vr.7 = #t2.1) ) case case_1 solve( State_11( ) ▶₀ #t2.1 ) case insertFtemplateusageoffoffononononoffonundefundef_0_1 @@ -16465,32 +16742,32 @@ next qed next case case_2 - solve( UnwrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventUnwrapKeyLhkattunwrapatts_0_11111111111111111111 - by solve( State_11111111111111111111( h2, - , ~n.1, - lock, ptr, templ + solve( UnwrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by solve( State_111111111111111111111( lock, h2, + , + ~n.2, ptr, templ ) ▶₀ #t3 ) next - case eventUnwrapKeyhmattunwrapatts_0_1111121111111111111 - solve( State_1111121111111111111( L_h, - , h2, k, - ~n.1, ut, v, lock + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( State_11111211111111111111( ut, + , h2, k, + ~n.2, v, L_h, lock ) ▶₀ #t3 ) - case eventEncKeyhmattencatts_0_111112111111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.23) ∥ + case eventEncKeyhmattencatts_0_1111121111111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.13) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.23) ∧ (#t0 < #vr.23)) ∥ + (#t1 < #vr.13) ∧ (#t0 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ∥ + (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ) + (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ) case case_1 solve( Insert( <'F_template', z>, @@ -16533,7 +16810,7 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.18 < #t2.1) ∥ (#vr.18 = #t2.1) ) + solve( (#vr.8 < #t2.1) ∥ (#vr.8 = #t2.1) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -16541,32 +16818,32 @@ next qed next case case_2 - solve( UnwrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventUnwrapKeyLhkattunwrapatts_0_11111111111111111111 - by solve( State_11111111111111111111( h2, - , ~n.1, - lock, ptr, templ + solve( UnwrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by solve( State_111111111111111111111( lock, h2, + , + ~n.2, ptr, templ ) ▶₀ #t3 ) next - case eventUnwrapKeyhmattunwrapatts_0_1111121111111111111 - solve( State_1111121111111111111( L_h, - , h2, k, - ~n.1, ut, v, lock + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( State_11111211111111111111( ut, + , h2, k, + ~n.2, v, L_h, lock ) ▶₀ #t3 ) - case eventEncKeyhmattencatts_0_111112111111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.23) ∥ + case eventEncKeyhmattencatts_0_1111121111111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.13) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.23) ∧ (#t0 < #vr.23)) ∥ + (#t1 < #vr.13) ∧ (#t0 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ∥ + (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ) + (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ) case case_1 solve( Insert( <'F_template', z>, @@ -16610,12 +16887,12 @@ next qed qed next - case eventEncKeyhmattencatts_0_111112111111111111 - solve( State_111112111111111111( L_h, - , h1, k, k.1, ut, v, - lock + case eventEncKeyhmattencatts_0_1111121111111111111 + solve( State_1111121111111111111( ut, + , h1, k, k.1, v, + L_h, lock ) ▶₀ #t2 ) - case eventDecKeyhmattdecatts_0_11111211111111111 + case eventDecKeyhmattdecatts_0_111112111111111111 solve( (∃ h1 #t1. (NewKey( h1, k.1, 'on' ) @ #t1) ∧ #t1 < #vr.2) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -16637,18 +16914,18 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.17 < #t2.1) ∥ (#vr.17 = #t2.1) ) + solve( (#vr.11 < #t2.1) ∥ (#vr.11 = #t2.1) ) case case_1 - solve( State_111111111111111( h1, - , k, lock, ptr, - templ + solve( State_111111111111111( lock, h1, + , k, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.18 < #t2.3) ∥ (#vr.18 = #t2.3) ) + solve( (#vr.12 < #t2.3) ∥ (#vr.12 = #t2.3) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -16663,9 +16940,9 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.6 < #t2.3) ) + solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.4 < #t2.3) ) case case_1 - solve( (#vr.17 < #t2.3) ∥ (#vr.17 = #t2.3) ) + solve( (#vr.11 < #t2.3) ∥ (#vr.11 = #t2.3) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -16695,116 +16972,116 @@ next qed next case case_2 - solve( State_111111111111111( h1, - , k, lock, ptr, - templ + solve( State_111111111111111( lock, h1, + , k, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.17 < #t2.3) ∥ (#vr.17 = #t2.3) ) + solve( (#vr.11 < #t2.3) ∥ (#vr.11 = #t2.3) ) case case_1 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 - solve( (#vr.17 < #t2.5) ∥ (#vr.17 = #t2.5) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (∃ L_h k2 #t1 #t0. + (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (((#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∨ ((#t1 < #vr) ∧ (#t0 < #vr)))) ∥ + (∃ #t0 #t1 h1 h2 k. + (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) + ∧ + (((#t0 < #vr) ∧ (#t1 < #vr)) ∨ ((#t0 < #vr.19) ∧ (#t1 < #vr.19)))) ) case case_1 - solve( (∃ L_h k2 #t1 #t0. - (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (((#t1 < #vr.35) ∧ (#t0 < #vr.35)) ∨ ((#t1 < #vr) ∧ (#t0 < #vr)))) ∥ - (∃ #t0 #t1 h1 h2 k. - (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) - ∧ - (((#t0 < #vr) ∧ (#t1 < #vr)) ∨ ((#t0 < #vr.35) ∧ (#t1 < #vr.35)))) ) + solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 - solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) + by contradiction /* from formulas */ + next + case case_2 + solve( (last(#t2)) ∥ + (∃ L_h k2 #t1 #t0. + (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ + (¬(last(#t1))) ∧ + ((((#t1 < #vr.16) ∧ (#t0 < #vr.16)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (last(#t2)) ∥ - (∃ L_h k2 #t1 #t0. - (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ - (¬(last(#t1))) ∧ - ((((#t1 < #vr.32) ∧ (#t0 < #vr.32)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed + by contradiction /* from formulas */ qed + qed + next + case case_2 + solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) + case case_1 + by contradiction /* from formulas */ next case case_2 - solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) + solve( (last(#t2)) ∥ + (∃ L_h k2 #t1 #t0. + (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ + (¬(last(#t1))) ∧ + ((((#t1 < #vr.16) ∧ (#t0 < #vr.16)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (last(#t2)) ∥ - (∃ L_h k2 #t1 #t0. - (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ - (¬(last(#t1))) ∧ - ((((#t1 < #vr.32) ∧ (#t0 < #vr.32)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) + solve( ((#t0 < #vr) ∧ (#t1.1 < #vr)) ∥ + ((#t0 < #vr.19) ∧ (#t1.1 < #vr.19)) ) case case_1 - solve( ((#t0 < #vr) ∧ (#t1.1 < #vr)) ∥ - ((#t0 < #vr.35) ∧ (#t1.1 < #vr.35)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed + by contradiction /* from formulas */ next case case_2 by contradiction /* from formulas */ qed + next + case case_2 + by contradiction /* from formulas */ qed qed - next - case case_2 - by contradiction /* from formulas */ qed qed next case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 - solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (∃ L_h k2 #t1 #t0. + (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (((#t1 < #vr.18) ∧ (#t0 < #vr.18)) ∨ ((#t1 < #vr) ∧ (#t0 < #vr)))) ∥ + (∃ #t0 #t1 h1 h2 k. + (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) + ∧ + (((#t0 < #vr) ∧ (#t1 < #vr)) ∨ ((#t0 < #vr.18) ∧ (#t1 < #vr.18)))) ) case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ L_h k2 #t1 #t0. - (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (((#t1 < #vr.34) ∧ (#t0 < #vr.34)) ∨ ((#t1 < #vr) ∧ (#t0 < #vr)))) ∥ - (∃ #t0 #t1 h1 h2 k. - (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) - ∧ - (((#t0 < #vr) ∧ (#t1 < #vr)) ∨ ((#t0 < #vr.34) ∧ (#t1 < #vr.34)))) ) + solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 + by contradiction /* from formulas */ + next + case case_2 solve( (last(#t2)) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - ((((#t1 < #vr.31) ∧ (#t0 < #vr.31)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) + ((((#t1 < #vr.15) ∧ (#t0 < #vr.15)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) case case_1 by contradiction /* from formulas */ next case case_2 by contradiction /* from formulas */ qed + qed + next + case case_2 + solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) + case case_1 + by contradiction /* from formulas */ next case case_2 solve( (last(#t2)) ∥ @@ -16813,10 +17090,10 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - ((((#t1 < #vr.31) ∧ (#t0 < #vr.31)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) + ((((#t1 < #vr.15) ∧ (#t0 < #vr.15)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) case case_1 solve( ((#t0 < #vr) ∧ (#t1.1 < #vr)) ∥ - ((#t0 < #vr.34) ∧ (#t1.1 < #vr.34)) ) + ((#t0 < #vr.18) ∧ (#t1.1 < #vr.18)) ) case case_1 by contradiction /* from formulas */ next @@ -16833,64 +17110,64 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.6 < #t2.3) ) + solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.4 < #t2.3) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( UnwrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventUnwrapKeyLhkattunwrapatts_0_11111111111111111111 - by solve( State_11111111111111111111( h2, - , - ~n.1, lock, ptr, templ + solve( UnwrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by solve( State_111111111111111111111( lock, h2, + , + ~n.2, ptr, templ ) ▶₀ #t3 ) next - case eventUnwrapKeyhmattunwrapatts_0_1111121111111111111 - solve( State_1111121111111111111( L_h.1, - , - h2, k.1, ~n.1, ut, v, lock + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( State_11111211111111111111( ut, + , + h2, k.1, ~n.2, v, L_h.1, lock ) ▶₀ #t3 ) - case eventEncKeyhmattencatts_0_111112111111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.40) ∥ + case eventEncKeyhmattencatts_0_1111121111111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.24) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.40) ∧ (#t0 < #vr.40)) ∥ + (#t1 < #vr.24) ∧ (#t0 < #vr.24)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.40) ∧ (#t1 < #vr.40)) ∥ + (#t0 < #vr.24) ∧ (#t1 < #vr.24)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.40) ∧ (#t1 < #vr.40)) ) + (#t0 < #vr.24) ∧ (#t1 < #vr.24)) ) case case_1 - solve( ((#vr.10 < #vr.48) ∧ + solve( ((#vr.8 < #vr.30) ∧ (∃ #t2. (Unlock_4( '4', ~n.4, 'device' ) @ #t2) ∧ - (#vr.10 < #t2) ∧ - (#t2 < #vr.48) ∧ + (#vr.8 < #t2) ∧ + (#t2 < #vr.30) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.10) ∨ (#t0 = #vr.10) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.8) ∨ (#t0 = #vr.8) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.10) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.48 < #vr.10) ) + ((#t0 < #vr.8) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.30 < #vr.8) ) case case_1 solve( Insert( <'F_template', z>, @@ -16912,22 +17189,22 @@ next by contradiction /* from formulas */ next case case_3 - solve( ((#vr.10 < #vr.48) ∧ + solve( ((#vr.8 < #vr.30) ∧ (∃ #t2. (Unlock_4( '4', ~n.4, 'device' ) @ #t2) ∧ - (#vr.10 < #t2) ∧ - (#t2 < #vr.48) ∧ + (#vr.8 < #t2) ∧ + (#t2 < #vr.30) ∧ (∀ #t0 pp. (Unlock( pp, ~n.4, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.10) ∨ (#t0 = #vr.10) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.8) ∨ (#t0 = #vr.8) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.10) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.48 < #vr.10) ) + ((#t0 < #vr.8) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.30 < #vr.8) ) case case_1 solve( (∃ L_h k2 #t1.2 #t0.1. (NewKey( L_h, k2, 'on' ) @ #t0.1) ∧ (!KU( k2 ) @ #t1.2) @@ -16990,9 +17267,9 @@ next qed next case case_3 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* cyclic */ qed qed @@ -17042,17 +17319,16 @@ next next case case_2 solve( EncKey( h1, k, 'on' ) @ #t2 ) - case eventEncKeyLhkattencatts_0_1111111111111111111 - solve( State_1111111111111111111( h1, - , k, lock, ptr, - templ + case eventEncKeyLhkattencatts_0_11111111111111111111 + solve( State_11111111111111111111( lock, h1, + , k, ptr, templ ) ▶₀ #t2 ) - case eventDecKeyLhkattdecatts_0_111111111111111111 + case eventDecKeyLhkattdecatts_0_1111111111111111111 solve( Insert( <'F_template', ptr>, ) @ #t2.1 ) case insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11 - solve( (#vr.17 < #t2.1) ∥ (#vr.17 = #t2.1) ) + solve( (#vr.7 < #t2.1) ∥ (#vr.7 = #t2.1) ) case case_1 solve( State_11( ) ▶₀ #t2.1 ) case insertFtemplateusageoffoffononononoffonundefundef_0_1 @@ -17060,32 +17336,32 @@ next qed next case case_2 - solve( UnwrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventUnwrapKeyLhkattunwrapatts_0_11111111111111111111 - by solve( State_11111111111111111111( h2, - , ~n.1, - lock, ptr, templ + solve( UnwrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by solve( State_111111111111111111111( lock, h2, + , + ~n.2, ptr, templ ) ▶₀ #t3 ) next - case eventUnwrapKeyhmattunwrapatts_0_1111121111111111111 - solve( State_1111121111111111111( L_h, - , h2, k, - ~n.1, ut, v, lock + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( State_11111211111111111111( ut, + , h2, k, + ~n.2, v, L_h, lock ) ▶₀ #t3 ) - case eventEncKeyhmattencatts_0_111112111111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.23) ∥ + case eventEncKeyhmattencatts_0_1111121111111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.13) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.23) ∧ (#t0 < #vr.23)) ∥ + (#t1 < #vr.13) ∧ (#t0 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ∥ + (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ) + (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ) case case_1 solve( Insert( <'F_template', z>, @@ -17128,7 +17404,7 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.18 < #t2.1) ∥ (#vr.18 = #t2.1) ) + solve( (#vr.8 < #t2.1) ∥ (#vr.8 = #t2.1) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -17136,32 +17412,32 @@ next qed next case case_2 - solve( UnwrapKey( h2, ~n.1, 'on' ) @ #t3 ) - case eventUnwrapKeyLhkattunwrapatts_0_11111111111111111111 - by solve( State_11111111111111111111( h2, - , ~n.1, - lock, ptr, templ + solve( UnwrapKey( h2, ~n.2, 'on' ) @ #t3 ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + by solve( State_111111111111111111111( lock, h2, + , + ~n.2, ptr, templ ) ▶₀ #t3 ) next - case eventUnwrapKeyhmattunwrapatts_0_1111121111111111111 - solve( State_1111121111111111111( L_h, - , h2, k, - ~n.1, ut, v, lock + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( State_11111211111111111111( ut, + , h2, k, + ~n.2, v, L_h, lock ) ▶₀ #t3 ) - case eventEncKeyhmattencatts_0_111112111111111111 - solve( (∃ h1 #t1. (NewKey( h1, ~n.1, 'on' ) @ #t1) ∧ #t1 < #vr.23) ∥ + case eventEncKeyhmattencatts_0_1111121111111111111 + solve( (∃ h1 #t1. (NewKey( h1, ~n.2, 'on' ) @ #t1) ∧ #t1 < #vr.13) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.23) ∧ (#t0 < #vr.23)) ∥ + (#t1 < #vr.13) ∧ (#t0 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ∥ + (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ) + (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ) case case_1 solve( Insert( <'F_template', z>, @@ -17205,12 +17481,12 @@ next qed qed next - case eventEncKeyhmattencatts_0_111112111111111111 - solve( State_111112111111111111( L_h, - , h1, k, k.1, ut, v, - lock + case eventEncKeyhmattencatts_0_1111121111111111111 + solve( State_1111121111111111111( ut, + , h1, k, k.1, v, + L_h, lock ) ▶₀ #t2 ) - case eventDecKeyhmattdecatts_0_11111211111111111 + case eventDecKeyhmattdecatts_0_111112111111111111 solve( (∃ h1 #t1. (NewKey( h1, k.1, 'on' ) @ #t1) ∧ #t1 < #vr.2) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -17232,18 +17508,18 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.17 < #t2.1) ∥ (#vr.17 = #t2.1) ) + solve( (#vr.11 < #t2.1) ∥ (#vr.11 = #t2.1) ) case case_1 - solve( State_111111111111111( h1, - , k, lock, ptr, - templ + solve( State_111111111111111( lock, h1, + , k, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.18 < #t2.3) ∥ (#vr.18 = #t2.3) ) + solve( (#vr.12 < #t2.3) ∥ (#vr.12 = #t2.3) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -17258,9 +17534,9 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.6 < #t2.3) ) + solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.4 < #t2.3) ) case case_1 - solve( (#vr.17 < #t2.3) ∥ (#vr.17 = #t2.3) ) + solve( (#vr.11 < #t2.3) ∥ (#vr.11 = #t2.3) ) case case_1 solve( State_1( ) ▶₀ #t2.1 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -17290,78 +17566,72 @@ next qed next case case_2 - solve( State_111111111111111( h1, - , k, lock, ptr, - templ + solve( State_111111111111111( lock, h1, + , k, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2.4 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.17 < #t2.3) ∥ (#vr.17 = #t2.3) ) + solve( (#vr.11 < #t2.3) ∥ (#vr.11 = #t2.3) ) case case_1 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 - solve( (#vr.17 < #t2.5) ∥ (#vr.17 = #t2.5) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (∃ L_h k2 #t1 #t0. + (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (((#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∨ ((#t1 < #vr) ∧ (#t0 < #vr)))) ∥ + (∃ #t0 #t1 h1 h2 k. + (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) + ∧ + (((#t0 < #vr) ∧ (#t1 < #vr)) ∨ ((#t0 < #vr.19) ∧ (#t1 < #vr.19)))) ) case case_1 - solve( (∃ L_h k2 #t1 #t0. - (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (((#t1 < #vr.35) ∧ (#t0 < #vr.35)) ∨ ((#t1 < #vr) ∧ (#t0 < #vr)))) ∥ - (∃ #t0 #t1 h1 h2 k. - (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) - ∧ - (((#t0 < #vr) ∧ (#t1 < #vr)) ∨ ((#t0 < #vr.35) ∧ (#t1 < #vr.35)))) ) + by contradiction /* from formulas */ + next + case case_2 + solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) + solve( ((#t0 < #vr) ∧ (#t1.1 < #vr)) ∥ + ((#t0 < #vr.19) ∧ (#t1.1 < #vr.19)) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( ((#t0 < #vr) ∧ (#t1.1 < #vr)) ∥ - ((#t0 < #vr.35) ∧ (#t1.1 < #vr.35)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed + by contradiction /* from formulas */ qed qed - next - case case_2 - by contradiction /* from formulas */ qed qed next case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 - solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 + solve( (∃ L_h k2 #t1 #t0. + (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (((#t1 < #vr.18) ∧ (#t0 < #vr.18)) ∨ ((#t1 < #vr) ∧ (#t0 < #vr)))) ∥ + (∃ #t0 #t1 h1 h2 k. + (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) + ∧ + (((#t0 < #vr) ∧ (#t1 < #vr)) ∨ ((#t0 < #vr.18) ∧ (#t1 < #vr.18)))) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (∃ L_h k2 #t1 #t0. - (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (((#t1 < #vr.34) ∧ (#t0 < #vr.34)) ∨ ((#t1 < #vr) ∧ (#t0 < #vr)))) ∥ - (∃ #t0 #t1 h1 h2 k. - (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) - ∧ - (((#t0 < #vr) ∧ (#t1 < #vr)) ∨ ((#t0 < #vr.34) ∧ (#t1 < #vr.34)))) ) + solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_1 by contradiction /* from formulas */ next case case_2 solve( ((#t0 < #vr) ∧ (#t1.1 < #vr)) ∥ - ((#t0 < #vr.34) ∧ (#t1.1 < #vr.34)) ) + ((#t0 < #vr.18) ∧ (#t1.1 < #vr.18)) ) case case_1 by contradiction /* from formulas */ next @@ -17374,14 +17644,14 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.6 < #t2.3) ) + solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.4 < #t2.3) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ) case case_1 by contradiction /* from formulas */ @@ -17393,9 +17663,9 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - ((((#t1 < #t3) ∧ (#t0 < #t3)) ∨ ((#t1 < #vr.33) ∧ (#t0 < #vr.33))))) ) + ((((#t1 < #t3) ∧ (#t0 < #t3)) ∨ ((#t1 < #vr.17) ∧ (#t0 < #vr.17))))) ) case case_1 - by solve( UnwrapKey( h2, ~n.1, 'on' ) @ #t2 ) + by solve( UnwrapKey( h2, ~n.2, 'on' ) @ #t2 ) next case case_2 by contradiction /* from formulas */ @@ -17404,9 +17674,9 @@ next qed next case case_3 - solve( State_1111111111111111111111( L_h.1, atts, k.1, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h.1, atts, k.1, ptr, templ ) ▶₀ #t2.2 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* cyclic */ qed qed @@ -18207,15 +18477,16 @@ next case case_1 solve( (last(#j)) ∥ (last(#i)) ) case case_1 - solve( State_111111111111111( L_h, - , k, lock, ptr, templ + solve( State_111111111111111( lock, L_h, + , k, ptr, + ) ▶₀ #i ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.15 < #t2) ∥ (#vr.15 = #t2) ) + solve( (#vr.5 < #t2) ∥ (#vr.5 = #t2) ) case case_1 solve( State_( ) ▶₀ #t2 ) case Init @@ -18223,61 +18494,25 @@ next qed next case case_2 - solve( !KU( ~n.1 ) @ #j ) - case outkeyv_0_1111211111 - solve( ((#vr.4 < #vr.20) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) - ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.20) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.20 < #vr.4) ) - case case_1 - solve( State_111111111111111( L_h, - , t, lock, - ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by solve( (#vl, 0) ~~> (#j, 0) ) - qed - next - case case_2 - solve( State_111111111111111( L_h, - , t, lock, - ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by solve( (#vl, 0) ~~> (#j, 0) ) - qed - qed - next - case outm_0_111111112111111 + solve( !KU( ~n.2 ) @ #j ) + case eventDecUsingkm_0_111111112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2, 'on' ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ∥ (∃ h2 #t2 #t3 #t4. (NewKey( h2, k, 'off' ) @ #t2) ∧ (!KU( k ) @ #t3) ∧ (!KU( t ) @ #t4) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17) ∧ (#t4 < #vr.17)) ∥ - (∃ #t2. (EncUsing( k, t ) @ #t2) ∧ #t2 < #vr.17) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6) ∧ (#t4 < #vr.6)) ∥ + (∃ #t2. (EncUsing( k, t ) @ #t2) ∧ #t2 < #vr.6) ∥ (∃ h2 k2 #t2 #t3 a. (Unwrapped( h2, k2, a ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2, 'on' ) @ #t2) ∧ (DecKey( h1, k2, 'on' ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ) + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ) case case_1 by contradiction /* from formulas */ next @@ -18285,52 +18520,56 @@ next by contradiction /* cyclic */ next case case_3 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 - solve( State_111111121111( L_h, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , L_h + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed next case case_2 - solve( State_111111121111( L_h, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , L_h + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed qed next case case_4 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 solve( (∃ h1 #t1. (NewKey( h1, k2, 'on' ) @ #t1) ∧ #t1 < #t2.1) ∥ (∃ L_h k2 #t1 #t0. @@ -18413,22 +18652,22 @@ next qed next case case_5 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 solve( (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -18463,23 +18702,59 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_1 - solve( ((#vr.4 < #vr.24) ∧ + case ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111 + solve( ((#vr.1 < #vr.8) ∧ + (∃ #t2. + (Unlock_0( '0', ~n, 'device' ) @ #t2) + ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.8) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.8 < #vr.1) ) + case case_1 + solve( State_111111111111111( lock, L_h, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by solve( (#vl, 0) ~~> (#j, 0) ) + qed + next + case case_2 + solve( State_111111111111111( lock, L_h, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by solve( (#vl, 0) ~~> (#j, 0) ) + qed + qed + next + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_1 + solve( ((#vr.1 < #vr.12) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.1) ) case case_1 solve( Insert( <'F_template', z.3>, @@ -18497,23 +18772,23 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_2 - solve( ((#vr.4 < #vr.24) ∧ + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_2 + solve( ((#vr.1 < #vr.12) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.1) ) case case_1 solve( Insert( <'F_template', z.2>, @@ -18522,11 +18797,11 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.14 < #t2.2) ∥ (#vr.14 = #t2.2) ) + solve( (#vr.4 < #t2.2) ∥ (#vr.4 = #t2.2) ) case case_1 - solve( State_1111111111111111111111( L_h, atts, k, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h, atts, k, ptr, templ ) ▶₀ #t2.1 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2 < #t2.5) ∥ (#t2 = #t2.5) ) case case_1 by contradiction /* from formulas */ @@ -18540,9 +18815,9 @@ next qed next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h, atts, k, ptr, templ ) ▶₀ #t2.1 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2 < #t2.5) ∥ (#t2 = #t2.5) ) case case_1 by contradiction /* from formulas */ @@ -18552,24 +18827,15 @@ next ) @ #t2.3 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', - 'undef', 'undef'>, - z, lock, ptr, templ - ) ▶₀ #t2.3 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by solve( (#vr.16, 0) ~~> (#j, 0) ) - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', - 'undef', 'undef'>, - h2, k, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'>, + k, z, v, L_h, lock ) ▶₀ #t2.3 ) - case newh_0_1111121111111 - solve( (#vr.41 < #vr.4) ∥ (#t2.1 < #vr.41) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.22 < #vr.1) ∥ (#t2.1 < #vr.22) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', @@ -18581,22 +18847,22 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m, ut, v, ~n.4 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m, v, L_h.1, ~n.3 ) ▶₀ #t2.4 ) - case outh_0_11111211111111111111 - solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.51) ∥ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.28) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.51) ∧ (#t0 < #vr.51)) ∥ + (#t1 < #vr.28) ∧ (#t0 < #vr.28)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.51) ∧ (#t1 < #vr.51)) ∥ + (#t0 < #vr.28) ∧ (#t1 < #vr.28)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.51) ∧ (#t1 < #vr.51)) ) + (#t0 < #vr.28) ∧ (#t1 < #vr.28)) ) case case_1 solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) case case_1 @@ -18608,14 +18874,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - solve( (#vr.16, 0) ~~> (#j, 0) ) - case Var_fresh_4_n + case lookupFtemplateptrastempl_0_11111111111111 + solve( (#vr.6, 0) ~~> (#j, 0) ) + case Var_fresh_5_n by contradiction /* cyclic */ qed qed @@ -18674,22 +18942,22 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m, ut, v, ~n.4 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m, v, L_h.1, ~n.3 ) ▶₀ #t2.4 ) - case outh_0_11111211111111111111 - solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.51) ∥ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.28) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.51) ∧ (#t0 < #vr.51)) ∥ + (#t1 < #vr.28) ∧ (#t0 < #vr.28)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.51) ∧ (#t1 < #vr.51)) ∥ + (#t0 < #vr.28) ∧ (#t1 < #vr.28)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.51) ∧ (#t1 < #vr.51)) ) + (#t0 < #vr.28) ∧ (#t1 < #vr.28)) ) case case_1 solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) case case_1 @@ -18701,14 +18969,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - solve( (#vr.16, 0) ~~> (#j, 0) ) - case Var_fresh_4_n + case lookupFtemplateptrastempl_0_11111111111111 + solve( (#vr.6, 0) ~~> (#j, 0) ) + case Var_fresh_5_n by contradiction /* from formulas */ qed qed @@ -18757,6 +19027,16 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'>, + z, ptr, templ + ) ▶₀ #t2.3 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by solve( (#vr.6, 0) ~~> (#j, 0) ) + qed qed qed qed @@ -18771,10 +19051,10 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.14 < #t2.2) ∥ (#vr.14 = #t2.2) ) + solve( (#vr.4 < #t2.2) ∥ (#vr.4 = #t2.2) ) case case_1 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -18785,7 +19065,7 @@ next by contradiction /* from formulas */ next case case_2 - solve( (#vr.14 < #t2.5) ∥ (#vr.14 = #t2.5) ) + solve( (#vr.4 < #t2.5) ∥ (#vr.4 = #t2.5) ) case case_1 solve( (#t2.2 < #t2.5) ∥ (#t2.2 = #t2.5) ) case case_1 @@ -18806,8 +19086,8 @@ next qed next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -18827,23 +19107,14 @@ next ) @ #t2.3 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'>, - z, lock, ptr, templ - ) ▶₀ #t2.3 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by solve( (#vr.16, 0) ~~> (#j, 0) ) - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'>, - h2, k, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'>, + k, z, v, L_h, lock ) ▶₀ #t2.3 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> @@ -18854,23 +19125,23 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m, ut, v, ~n.5 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m, v, L_h.1, ~n.5 ) ▶₀ #t2.4 ) - case outh_0_11111211111111111111 - solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.45) ∥ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.23) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.45) ∧ (#t0 < #vr.45)) ∥ + (#t1 < #vr.23) ∧ (#t0 < #vr.23)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.45) ∧ (#t1 < #vr.45)) ∥ + (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.45) ∧ (#t1 < #vr.45)) ) + (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ) case case_1 solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) case case_1 @@ -18882,14 +19153,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - solve( (#vr.16, 0) ~~> (#j, 0) ) - case Var_fresh_4_n + case lookupFtemplateptrastempl_0_11111111111111 + solve( (#vr.6, 0) ~~> (#j, 0) ) + case Var_fresh_5_n by contradiction /* cyclic */ qed qed @@ -18937,6 +19210,16 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'>, + z, ptr, templ + ) ▶₀ #t2.3 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by solve( (#vr.6, 0) ~~> (#j, 0) ) + qed qed qed qed @@ -18945,73 +19228,37 @@ next qed qed qed - qed - qed - next - case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.14 < #t2) ∥ (#vr.14 = #t2) ) - case case_1 - solve( State_1( ) ▶₀ #t2 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* cyclic */ - qed - next - case case_2 - solve( !KU( ~n.1 ) @ #j ) - case outkeyv_0_1111211111 - solve( ((#vr.4 < #vr.20) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) - ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.20) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.20 < #vr.4) ) - case case_1 - solve( State_111111111111111( L_h, - , t, lock, - ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by solve( (#vl, 0) ~~> (#j, 0) ) - qed - next - case case_2 - solve( State_111111111111111( L_h, - , t, lock, - ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by solve( (#vl, 0) ~~> (#j, 0) ) - qed - qed - next - case outm_0_111111112111111 + qed + qed + next + case insertFtemplateusageoffoffononononoffonundefundef_0_1 + solve( (#vr.4 < #t2) ∥ (#vr.4 = #t2) ) + case case_1 + solve( State_1( ) ▶₀ #t2 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* cyclic */ + qed + next + case case_2 + solve( !KU( ~n.2 ) @ #j ) + case eventDecUsingkm_0_111111112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2, 'on' ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ∥ (∃ h2 #t2 #t3 #t4. (NewKey( h2, k, 'off' ) @ #t2) ∧ (!KU( k ) @ #t3) ∧ (!KU( t ) @ #t4) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17) ∧ (#t4 < #vr.17)) ∥ - (∃ #t2. (EncUsing( k, t ) @ #t2) ∧ #t2 < #vr.17) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6) ∧ (#t4 < #vr.6)) ∥ + (∃ #t2. (EncUsing( k, t ) @ #t2) ∧ #t2 < #vr.6) ∥ (∃ h2 k2 #t2 #t3 a. (Unwrapped( h2, k2, a ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2, 'on' ) @ #t2) ∧ (DecKey( h1, k2, 'on' ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ) + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ) case case_1 by contradiction /* from formulas */ next @@ -19019,52 +19266,56 @@ next by contradiction /* cyclic */ next case case_3 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 - solve( State_111111121111( L_h, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , L_h + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed next case case_2 - solve( State_111111121111( L_h, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , L_h + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed qed next case case_4 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 solve( (∃ h1 #t1. (NewKey( h1, k2, 'on' ) @ #t1) ∧ #t1 < #t2.1) ∥ (∃ L_h k2 #t1 #t0. @@ -19147,22 +19398,22 @@ next qed next case case_5 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 solve( (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -19197,23 +19448,59 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_1 - solve( ((#vr.4 < #vr.24) ∧ + case ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111 + solve( ((#vr.1 < #vr.8) ∧ + (∃ #t2. + (Unlock_0( '0', ~n, 'device' ) @ #t2) + ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.8) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.8 < #vr.1) ) + case case_1 + solve( State_111111111111111( lock, L_h, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by solve( (#vl, 0) ~~> (#j, 0) ) + qed + next + case case_2 + solve( State_111111111111111( lock, L_h, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by solve( (#vl, 0) ~~> (#j, 0) ) + qed + qed + next + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_1 + solve( ((#vr.1 < #vr.12) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.1) ) case case_1 solve( Insert( <'F_template', z.3>, @@ -19231,23 +19518,23 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_2 - solve( ((#vr.4 < #vr.24) ∧ + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_2 + solve( ((#vr.1 < #vr.12) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.1) ) case case_1 solve( Insert( <'F_template', z.2>, @@ -19256,14 +19543,14 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.2 < #t2) ∥ (#t2.2 = #t2) ∥ (#vr.1 < #t2.2) ) + solve( (#t2.2 < #t2) ∥ (#t2.2 = #t2) ∥ (#vr < #t2.2) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h, atts, k, ptr, templ ) ▶₀ #t2.1 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2 < #t2.4) ∥ (#t2 = #t2.4) ) case case_1 by contradiction /* from formulas */ @@ -19273,114 +19560,42 @@ next ) @ #t2.2 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', - 'undef', 'undef'>, - z, lock, ptr, templ - ) ▶₀ #t2.2 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.17, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - solve( (#t2 < #t2.4) ∥ (#t2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( <'obj', h1>, - - ) @ #t2.3 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, - 'usage', x.6>, - z, lock, ptr, templ - ) ▶₀ #t2.3 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.40 < #vr.4) ∥ (#t2.1 < #vr.40) ) - case case_1 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.5 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', ptr>, - <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.5 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, - 'usage', x.6>, - h1, k, z, ut, v, lock - ) ▶₀ #t2.3 ) - case newh_0_1111121111111 - solve( (#vr.41 < #vr.4) ∥ (#t2.1 < #vr.41) ) - case case_1 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.5 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - next - case case_2 - solve( Insert( <'F_template', z.1>, - <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> - ) @ #t2.5 ) - case insertFtemplatetrustedononoffoffononononusageusage_0_ - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', - 'undef', 'undef'>, - h2, k, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'>, + k, z, v, L_h, lock ) ▶₀ #t2.2 ) - case newh_0_1111121111111 - solve( (#vr.42 < #vr.4) ∥ (#t2.1 < #vr.42) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.23 < #vr.1) ∥ (#t2.1 < #vr.23) ) case case_1 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> ) @ #t2.5 ) case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2) ∥ (#t2.4 = #t2) ∥ (#vr.1 < #t2.4) ) + solve( (#t2.4 < #t2) ∥ (#t2.4 = #t2) ∥ (#vr < #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m, ut, v, ~n.4 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m, v, L_h.1, ~n.3 ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.52) ∥ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.29) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.52) ∧ (#t0 < #vr.52)) ∥ + (#t1 < #vr.29) ∧ (#t0 < #vr.29)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.52) ∧ (#t1 < #vr.52)) ∥ + (#t0 < #vr.29) ∧ (#t1 < #vr.29)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.52) ∧ (#t1 < #vr.52)) ) + (#t0 < #vr.29) ∧ (#t1 < #vr.29)) ) case case_1 solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) case case_1 @@ -19392,14 +19607,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - solve( (#vr.17, 0) ~~> (#j, 0) ) - case Var_fresh_4_n + case lookupFtemplateptrastempl_0_11111111111111 + solve( (#vr.7, 0) ~~> (#j, 0) ) + case Var_fresh_5_n by contradiction /* cyclic */ qed qed @@ -19456,46 +19673,48 @@ next 'undef'> ) @ #t2.5 ) case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.4 < #t2) ∥ (#t2.4 = #t2) ∥ (#vr.1 < #t2.4) ) + solve( (#t2.4 < #t2) ∥ (#t2.4 = #t2) ∥ (#vr < #t2.4) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m, ut, v, ~n.4 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m, v, L_h.1, ~n.3 ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.52) ∥ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.29) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.52) ∧ (#t0 < #vr.52)) ∥ + (#t1 < #vr.29) ∧ (#t0 < #vr.29)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.52) ∧ (#t1 < #vr.52)) ∥ + (#t0 < #vr.29) ∧ (#t1 < #vr.29)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.52) ∧ (#t1 < #vr.52)) ) + (#t0 < #vr.29) ∧ (#t1 < #vr.29)) ) case case_1 solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( (#t2.6 < #t2) ∥ (#t2.6 = #t2) ∥ (#vr.1 < #t2.6) ) + solve( (#t2.6 < #t2) ∥ (#t2.6 = #t2) ∥ (#vr < #t2.6) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - solve( (#vr.17, 0) ~~> (#j, 0) ) - case Var_fresh_4_n + case lookupFtemplateptrastempl_0_11111111111111 + solve( (#vr.7, 0) ~~> (#j, 0) ) + case Var_fresh_5_n solve( (#t2 < #t2.6) ∥ (#t2 = #t2.6) ) case case_1 by contradiction /* from formulas */ @@ -19505,17 +19724,19 @@ next ) @ #t2.4 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h1, - <'on', x.8, x.9, x.10, x.11, - x.12, 'on', x.13, 'usage', - x.14>, - z, lock, ptr, templ + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x.8, x.9, x.10, x.11, + x.12, 'on', x.13, 'usage', x.14 + >, + <'on', x.8, x.9, x.10, x.11, + x.12, 'on', x.13, 'usage', x.14 + >, + k.1, z, v, L_h.1, lock ) ▶₀ #t2.4 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.58 < #vr.4) ∥ (#t2.1 < #vr.58) ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.34 < #vr.1) ∥ (#t2.1 < #vr.34) ) case case_1 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z.1>, <'on', x.8, x.9, x.10, x.11, x.12, 'on', x.13, 'usage', x.14> ) @ #t2.7 ) @@ -19524,9 +19745,9 @@ next qed next case case_2 - solve( (#vr.58 < #vr.42) ∥ (#t2.3 < #vr.58) ) + solve( (#vr.34 < #vr.23) ∥ (#t2.3 < #vr.34) ) case case_1 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z.1>, <'on', x.8, x.9, x.10, x.11, x.12, 'on', x.13, 'usage', x.14> ) @ #t2.7 ) @@ -19535,7 +19756,7 @@ next qed next case case_2 - solve( Insert( <'F_template', ptr>, + solve( Insert( <'F_template', z.1>, <'on', x.8, x.9, x.10, x.11, x.12, 'on', x.13, 'usage', x.14> ) @ #t2.7 ) @@ -19546,17 +19767,17 @@ next qed qed next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h.1, - <'on', x.8, x.9, x.10, x.11, - x.12, 'on', x.13, 'usage', - x.14>, - h1, k.1, z, ut, v, lock + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x.8, x.9, x.10, + x.11, x.12, 'on', x.13, + 'usage', x.14>, + z, ptr, templ ) ▶₀ #t2.4 ) - case newh_0_1111121111111 - solve( (#vr.59 < #vr.4) ∥ (#t2.1 < #vr.59) ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.32 < #vr.1) ∥ (#t2.1 < #vr.32) ) case case_1 - solve( Insert( <'F_template', z.1>, + solve( Insert( <'F_template', ptr>, <'on', x.8, x.9, x.10, x.11, x.12, 'on', x.13, 'usage', x.14> ) @ #t2.7 ) @@ -19565,9 +19786,9 @@ next qed next case case_2 - solve( (#vr.59 < #vr.42) ∥ (#t2.3 < #vr.59) ) + solve( (#vr.32 < #vr.23) ∥ (#t2.3 < #vr.32) ) case case_1 - solve( Insert( <'F_template', z.1>, + solve( Insert( <'F_template', ptr>, <'on', x.8, x.9, x.10, x.11, x.12, 'on', x.13, 'usage', x.14> ) @ #t2.7 ) @@ -19576,7 +19797,7 @@ next qed next case case_2 - solve( Insert( <'F_template', z.1>, + solve( Insert( <'F_template', ptr>, <'on', x.8, x.9, x.10, x.11, x.12, 'on', x.13, 'usage', x.14> ) @ #t2.7 ) @@ -19605,7 +19826,7 @@ next by contradiction /* from formulas */ next case case_2 - solve( (#t2.6 < #t2) ∥ (#t2.6 = #t2) ∥ (#vr.1 < #t2.6) ) + solve( (#t2.6 < #t2) ∥ (#t2.6 = #t2) ∥ (#vr < #t2.6) ) case case_1 by contradiction /* from formulas */ next @@ -19644,14 +19865,88 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'>, + z, ptr, templ + ) ▶₀ #t2.2 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.7, 0) ~~> (#j, 0) ) + case Var_fresh_3_n + solve( (#t2 < #t2.4) ∥ (#t2 = #t2.4) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( <'obj', h1>, + + ) @ #t2.3 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, + 'usage', x.6>, + <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, + 'usage', x.6>, + k, z, v, L_h, lock + ) ▶₀ #t2.3 ) + case lookupFtemplateattuttemvasut_0_111112111111 + solve( (#vr.22 < #vr.1) ∥ (#t2.1 < #vr.22) ) + case case_1 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> + ) @ #t2.5 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', z.1>, + <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> + ) @ #t2.5 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h1, + <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, + 'usage', x.6>, + z, ptr, templ + ) ▶₀ #t2.3 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.20 < #vr.1) ∥ (#t2.1 < #vr.20) ) + case case_1 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> + ) @ #t2.5 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + next + case case_2 + solve( Insert( <'F_template', ptr>, + <'on', x, x.1, x.2, x.3, x.4, 'on', x.5, 'usage', x.6> + ) @ #t2.5 ) + case insertFtemplatetrustedononoffoffononononusageusage_0_ + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + qed qed qed qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h, atts, k, ptr, templ ) ▶₀ #t2.1 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 solve( (#t2 < #t2.5) ∥ (#t2 = #t2.5) ) case case_1 by contradiction /* from formulas */ @@ -19674,13 +19969,13 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.2 < #t2) ∥ (#t2.2 = #t2) ∥ (#vr.1 < #t2.2) ) + solve( (#t2.2 < #t2) ∥ (#t2.2 = #t2) ∥ (#vr < #t2.2) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.3 < #t2.6) ∥ (#t2.3 = #t2.6) ) case case_1 by contradiction /* from formulas */ @@ -19700,26 +19995,14 @@ next ) @ #t2.2 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'>, - z, lock, ptr, templ - ) ▶₀ #t2.2 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.17, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - by contradiction /* cyclic */ - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'>, - h2, k, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'>, + k, z, v, L_h, lock ) ▶₀ #t2.2 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> @@ -19730,23 +20013,23 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m, ut, v, ~n.5 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m, v, L_h.1, ~n.5 ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.46) ∥ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.24) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.46) ∧ (#t0 < #vr.46)) ∥ + (#t1 < #vr.24) ∧ (#t0 < #vr.24)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.46) ∧ (#t1 < #vr.46)) ∥ + (#t0 < #vr.24) ∧ (#t1 < #vr.24)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.46) ∧ (#t1 < #vr.46)) ) + (#t0 < #vr.24) ∧ (#t1 < #vr.24)) ) case case_1 solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) case case_1 @@ -19758,14 +20041,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - solve( (#vr.17, 0) ~~> (#j, 0) ) - case Var_fresh_4_n + case lookupFtemplateptrastempl_0_11111111111111 + solve( (#vr.7, 0) ~~> (#j, 0) ) + case Var_fresh_5_n by contradiction /* cyclic */ qed qed @@ -19813,6 +20098,19 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'>, + z, ptr, templ + ) ▶₀ #t2.2 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.7, 0) ~~> (#j, 0) ) + case Var_fresh_3_n + by contradiction /* cyclic */ + qed + qed qed qed qed @@ -19820,8 +20118,8 @@ next qed next case case_3 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 by contradiction /* cyclic */ qed qed @@ -19833,15 +20131,16 @@ next qed next case case_2 - solve( State_111111111111111( L_h, - , k, lock, ptr, templ + solve( State_111111111111111( lock, L_h, + , k, ptr, + ) ▶₀ #i ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 + case lookupFtemplateptrastempl_0_11111111111111 solve( Insert( <'F_template', ptr>, - + ) @ #t2 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ - solve( (#vr.15 < #t2) ∥ (#vr.15 = #t2) ) + solve( (#vr.5 < #t2) ∥ (#vr.5 = #t2) ) case case_1 solve( State_( ) ▶₀ #t2 ) case Init @@ -19849,61 +20148,25 @@ next qed next case case_2 - solve( !KU( ~n.1 ) @ #j ) - case outkeyv_0_1111211111 - solve( ((#vr.4 < #vr.20) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) - ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.20) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.20 < #vr.4) ) - case case_1 - solve( State_111111111111111( L_h, - , t, lock, - ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by solve( (#vl, 0) ~~> (#j, 0) ) - qed - next - case case_2 - solve( State_111111111111111( L_h, - , t, lock, - ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by solve( (#vl, 0) ~~> (#j, 0) ) - qed - qed - next - case outm_0_111111112111111 + solve( !KU( ~n.2 ) @ #j ) + case eventDecUsingkm_0_111111112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2, 'on' ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ∥ (∃ h2 #t2 #t3 #t4. (NewKey( h2, k, 'off' ) @ #t2) ∧ (!KU( k ) @ #t3) ∧ (!KU( t ) @ #t4) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17) ∧ (#t4 < #vr.17)) ∥ - (∃ #t2. (EncUsing( k, t ) @ #t2) ∧ #t2 < #vr.17) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6) ∧ (#t4 < #vr.6)) ∥ + (∃ #t2. (EncUsing( k, t ) @ #t2) ∧ #t2 < #vr.6) ∥ (∃ h2 k2 #t2 #t3 a. (Unwrapped( h2, k2, a ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2, 'on' ) @ #t2) ∧ (DecKey( h1, k2, 'on' ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ) + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ) case case_1 by contradiction /* from formulas */ next @@ -19911,52 +20174,56 @@ next by contradiction /* cyclic */ next case case_3 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 - solve( State_111111121111( L_h, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , L_h + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed next case case_2 - solve( State_111111121111( L_h, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , L_h + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed qed next case case_4 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 solve( (∃ h1 #t1. (NewKey( h1, k2, 'on' ) @ #t1) ∧ #t1 < #t2.1) ∥ (∃ L_h k2 #t1 #t0. @@ -20109,22 +20376,22 @@ next qed next case case_5 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 solve( (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -20213,23 +20480,59 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_1 - solve( ((#vr.4 < #vr.24) ∧ + case ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111 + solve( ((#vr.1 < #vr.8) ∧ + (∃ #t2. + (Unlock_0( '0', ~n, 'device' ) @ #t2) + ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.8) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.8 < #vr.1) ) + case case_1 + solve( State_111111111111111( lock, L_h, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by solve( (#vl, 0) ~~> (#j, 0) ) + qed + next + case case_2 + solve( State_111111111111111( lock, L_h, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by solve( (#vl, 0) ~~> (#j, 0) ) + qed + qed + next + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_1 + solve( ((#vr.1 < #vr.12) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.1) ) case case_1 solve( Insert( <'F_template', z.3>, @@ -20247,23 +20550,23 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_2 - solve( ((#vr.4 < #vr.24) ∧ + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_2 + solve( ((#vr.1 < #vr.12) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.1) ) case case_1 solve( Insert( <'F_template', z.2>, @@ -20272,18 +20575,18 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.14 < #t2.2) ∥ (#vr.14 = #t2.2) ) + solve( (#vr.4 < #t2.2) ∥ (#vr.4 = #t2.2) ) case case_1 - solve( State_1111111111111111111111( L_h, atts, k, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h, atts, k, ptr, templ ) ▶₀ #t2.1 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h, atts, k, ptr, templ ) ▶₀ #t2.1 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed qed @@ -20297,10 +20600,10 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.14 < #t2.2) ∥ (#vr.14 = #t2.2) ) + solve( (#vr.4 < #t2.2) ∥ (#vr.4 = #t2.2) ) case case_1 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -20311,7 +20614,7 @@ next by contradiction /* from formulas */ next case case_2 - solve( (#vr.14 < #t2.5) ∥ (#vr.14 = #t2.5) ) + solve( (#vr.4 < #t2.5) ∥ (#vr.4 = #t2.5) ) case case_1 solve( (#t2.2 < #t2.5) ∥ (#t2.2 = #t2.5) ) case case_1 @@ -20332,8 +20635,8 @@ next qed next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_1 by contradiction /* from formulas */ @@ -20353,23 +20656,14 @@ next ) @ #t2.3 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'>, - z, lock, ptr, templ - ) ▶₀ #t2.3 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - by solve( (#vr.16, 0) ~~> (#j, 0) ) - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'>, - h2, k, z, ut, v, lock + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'>, + k, z, v, L_h, lock ) ▶₀ #t2.3 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> @@ -20380,23 +20674,23 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m, ut, v, ~n.5 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m, v, L_h.1, ~n.5 ) ▶₀ #t2.4 ) - case outh_0_11111211111111111111 - solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.45) ∥ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.23) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.45) ∧ (#t0 < #vr.45)) ∥ + (#t1 < #vr.23) ∧ (#t0 < #vr.23)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.45) ∧ (#t1 < #vr.45)) ∥ + (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.45) ∧ (#t1 < #vr.45)) ) + (#t0 < #vr.23) ∧ (#t1 < #vr.23)) ) case case_1 solve( (#t2.6 < #t2.8) ∥ (#t2.6 = #t2.8) ) case case_1 @@ -20408,14 +20702,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - solve( (#vr.16, 0) ~~> (#j, 0) ) - case Var_fresh_4_n + case lookupFtemplateptrastempl_0_11111111111111 + solve( (#vr.6, 0) ~~> (#j, 0) ) + case Var_fresh_5_n by contradiction /* cyclic */ qed qed @@ -20510,6 +20806,16 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'>, + z, ptr, templ + ) ▶₀ #t2.3 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + by solve( (#vr.6, 0) ~~> (#j, 0) ) + qed qed qed qed @@ -20522,7 +20828,7 @@ next qed next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#vr.14 < #t2) ∥ (#vr.14 = #t2) ) + solve( (#vr.4 < #t2) ∥ (#vr.4 = #t2) ) case case_1 solve( State_1( ) ▶₀ #t2 ) case insertFtemplatetrustedononoffoffononononusageusage_0_ @@ -20530,61 +20836,25 @@ next qed next case case_2 - solve( !KU( ~n.1 ) @ #j ) - case outkeyv_0_1111211111 - solve( ((#vr.4 < #vr.20) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) - ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.20) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, 'device' ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.20 < #vr.4) ) - case case_1 - solve( State_111111111111111( L_h, - , t, lock, - ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by solve( (#vl, 0) ~~> (#j, 0) ) - qed - next - case case_2 - solve( State_111111111111111( L_h, - , t, lock, - ptr, templ - ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - by solve( (#vl, 0) ~~> (#j, 0) ) - qed - qed - next - case outm_0_111111112111111 + solve( !KU( ~n.2 ) @ #j ) + case eventDecUsingkm_0_111111112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2, 'on' ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ∥ (∃ h2 #t2 #t3 #t4. (NewKey( h2, k, 'off' ) @ #t2) ∧ (!KU( k ) @ #t3) ∧ (!KU( t ) @ #t4) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17) ∧ (#t4 < #vr.17)) ∥ - (∃ #t2. (EncUsing( k, t ) @ #t2) ∧ #t2 < #vr.17) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6) ∧ (#t4 < #vr.6)) ∥ + (∃ #t2. (EncUsing( k, t ) @ #t2) ∧ #t2 < #vr.6) ∥ (∃ h2 k2 #t2 #t3 a. (Unwrapped( h2, k2, a ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ∥ + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2, 'on' ) @ #t2) ∧ (DecKey( h1, k2, 'on' ) @ #t3) ∧ - (#t2 < #vr.17) ∧ (#t3 < #vr.17)) ) + (#t2 < #vr.6) ∧ (#t3 < #vr.6)) ) case case_1 by contradiction /* from formulas */ next @@ -20592,52 +20862,56 @@ next by contradiction /* cyclic */ next case case_3 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 - solve( State_111111121111( L_h, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , L_h + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed next case case_2 - solve( State_111111121111( L_h, t, v, lock ) ▶₀ #t2.1 ) - case ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111 + solve( State_111111121111( lock, t, + , L_h + ) ▶₀ #t2.1 ) + case lookupobjLhasv_0_11111112111 by contradiction /* cyclic */ qed qed next case case_4 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 solve( (∃ h1 #t1. (NewKey( h1, k2, 'on' ) @ #t1) ∧ #t1 < #t2.1) ∥ (∃ L_h k2 #t1 #t0. @@ -20790,22 +21064,22 @@ next qed next case case_5 - solve( ((#vr.4 < #vr.21) ∧ + solve( ((#vr.1 < #vr.10) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.21) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.10) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.21 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.1) ) case case_1 solve( (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) @@ -20894,23 +21168,59 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_1 - solve( ((#vr.4 < #vr.24) ∧ + case ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111 + solve( ((#vr.1 < #vr.8) ∧ + (∃ #t2. + (Unlock_0( '0', ~n, 'device' ) @ #t2) + ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.8) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, 'device' ) @ #t0) + ⇒ + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.8 < #vr.1) ) + case case_1 + solve( State_111111111111111( lock, L_h, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by solve( (#vl, 0) ~~> (#j, 0) ) + qed + next + case case_2 + solve( State_111111111111111( lock, L_h, + , t, ptr, + + ) ▶₀ #t1 ) + case lookupFtemplateptrastempl_0_11111111111111 + by solve( (#vl, 0) ~~> (#j, 0) ) + qed + qed + next + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_1 + solve( ((#vr.1 < #vr.12) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.1) ) case case_1 solve( Insert( <'F_template', z.3>, @@ -20928,23 +21238,23 @@ next qed qed next - case outsenckeyvkeyv_0_111111211111111_case_2 - solve( ((#vr.4 < #vr.24) ∧ + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_case_2 + solve( ((#vr.1 < #vr.12) ∧ (∃ #t2. - (Unlock_0( '0', ~n.2, 'device' ) @ #t2) + (Unlock_0( '0', ~n, 'device' ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.1 < #t2) ∧ + (#t2 < #vr.12) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, 'device' ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.1) ∨ (#t0 = #vr.1) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, 'device' ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.1) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.12 < #vr.1) ) case case_1 solve( Insert( <'F_template', z.2>, @@ -20953,21 +21263,21 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.2 < #t2) ∥ (#t2.2 = #t2) ∥ (#vr.1 < #t2.2) ) + solve( (#t2.2 < #t2) ∥ (#t2.2 = #t2) ∥ (#vr < #t2.2) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111111111111111111111( L_h, atts, k, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h, atts, k, ptr, templ ) ▶₀ #t2.1 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed next case case_3 - solve( State_1111111111111111111111( L_h, atts, k, ~n.2, ptr, templ + solve( State_11111111111111111111111( ~n, L_h, atts, k, ptr, templ ) ▶₀ #t2.1 ) - case outLh_0_111111111111111111111 + case eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111 by contradiction /* from formulas */ qed qed @@ -20981,13 +21291,13 @@ next by contradiction /* from formulas */ next case insertFtemplateusageoffoffononononoffonundefundef_0_1 - solve( (#t2.2 < #t2) ∥ (#t2.2 = #t2) ∥ (#vr.1 < #t2.2) ) + solve( (#t2.2 < #t2) ∥ (#t2.2 = #t2) ∥ (#vr < #t2.2) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 solve( (#t2.3 < #t2.6) ∥ (#t2.3 = #t2.6) ) case case_1 by contradiction /* from formulas */ @@ -21006,27 +21316,15 @@ next solve( Insert( <'obj', h2>, - ) @ #t2.2 ) - case insertobjLhkatts_0_1111111111111111 - solve( State_1111111111111111( h2, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'>, - z, lock, ptr, templ - ) ▶₀ #t2.2 ) - case eventNewKeyLhkattsensatts_0_111111111111111 - solve( (#vr.17, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - by contradiction /* cyclic */ - qed - qed - next - case insertobjhmatts_0_11111211111111 - solve( State_11111211111111( L_h, - <'off', 'off', 'on', 'on', 'on', 'on', 'off', - 'on', 'undef', 'undef'>, - h2, k, z, ut, v, lock + ) @ #t2.2 ) + case ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111 + solve( State_1111121111111( <'off', 'off', 'on', 'on', 'on', 'on', + 'off', 'on', 'undef', 'undef'>, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', + 'undef', 'undef'>, + k, z, v, L_h, lock ) ▶₀ #t2.2 ) - case newh_0_1111121111111 + case lookupFtemplateattuttemvasut_0_111112111111 solve( Insert( <'F_template', z.2>, <'off', 'off', 'on', 'on', 'on', 'on', 'off', 'on', 'undef', 'undef'> @@ -21037,23 +21335,23 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111112111111111111111( L_h.1, atts, h2, k.1, m, ut, v, ~n.5 + solve( State_1111121111111111111111( ut, atts, h2, k.1, m, v, L_h.1, ~n.5 ) ▶₀ #t2.3 ) - case outh_0_11111211111111111111 - solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.46) ∥ + case eventUnwrapKeyhmattunwrapatts_0_11111211111111111111 + solve( (∃ h1 #t1. (NewKey( h1, m, 'on' ) @ #t1) ∧ #t1 < #vr.24) ∥ (∃ L_h k2 #t1 #t0. (NewKey( L_h, k2, 'on' ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.46) ∧ (#t0 < #vr.46)) ∥ + (#t1 < #vr.24) ∧ (#t0 < #vr.24)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k, 'on' ) @ #t0) ∧ (DecKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.46) ∧ (#t1 < #vr.46)) ∥ + (#t0 < #vr.24) ∧ (#t1 < #vr.24)) ∥ (∃ #t0 #t1 h1 h2 k. (UnwrapKey( h2, k, 'on' ) @ #t0) ∧ (EncKey( h1, k, 'on' ) @ #t1) ∧ - (#t0 < #vr.46) ∧ (#t1 < #vr.46)) ) + (#t0 < #vr.24) ∧ (#t1 < #vr.24)) ) case case_1 solve( (#t2.5 < #t2.7) ∥ (#t2.5 = #t2.7) ) case case_1 @@ -21065,14 +21363,16 @@ next by contradiction /* from formulas */ next case case_2 - solve( State_111111111111111( h1, - , - m, lock, ptr, templ + solve( State_111111111111111( lock, h1, + , + m, ptr, + ) ▶₀ #t1 ) - case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111 - solve( (#vr.17, 0) ~~> (#j, 0) ) - case Var_fresh_4_n + case lookupFtemplateptrastempl_0_11111111111111 + solve( (#vr.7, 0) ~~> (#j, 0) ) + case Var_fresh_5_n by contradiction /* cyclic */ qed qed @@ -21167,6 +21467,19 @@ next qed qed qed + next + case insertobjLhkatts_0_11111111111111111 + solve( State_11111111111111111( lock, h2, + <'off', 'off', 'on', 'on', 'on', 'on', 'off', + 'on', 'undef', 'undef'>, + z, ptr, templ + ) ▶₀ #t2.2 ) + case ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111 + solve( (#vr.7, 0) ~~> (#j, 0) ) + case Var_fresh_3_n + by contradiction /* cyclic */ + qed + qed qed qed qed @@ -21174,8 +21487,8 @@ next qed next case case_3 - solve( State_1111112111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) - case outsenckeyvkeyv_0_111111211111111 + solve( State_11111121111111111( h1, h2, v1, v2, wt, ~n.3 ) ▶₀ #t2.1 ) + case ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111 by contradiction /* cyclic */ qed qed @@ -21712,6 +22025,32 @@ guarded formula characterizing all counter-examples: simplify by contradiction /* from formulas */ + + + + + + + + + + + + + + + + + + + + + + + + + + rule (modulo E) Init[color=#ffffff, process="insert <'F_template', 'trusted'>,<'on', 'on', 'off', 'off', 'on', 'on', 'on', 'on', 'usage', 'usage' >;"]: @@ -21754,1333 +22093,736 @@ rule (modulo E) insertFtemplateuntrustedoffoffononoffonoffoffundefundef_0_11[col <'off', 'off', 'on', 'on', 'off', 'on', 'off', 'off', 'undef', 'undef'> ) ]-> - [ State_111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="!"]: - [ State_111( ) ] --> [ !Semistate_1111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_111[color=#ffffff, process="!"]: - [ !Semistate_1111( ) ] --> [ State_1111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#ffffff, process="|"]: - [ State_1111( ) ] --> [ State_11111( ), State_11112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111[color=#ffffff, process="|"]: - [ State_11111( ) ] --> [ State_111111( ), State_111112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111[color=#ffffff, process="|"]: - [ State_111111( ) ] --> [ State_1111111( ), State_1111112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111[color=#ffffff, process="|"]: - [ State_1111111( ) ] --> [ State_11111111( ), State_11111112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111[color=#ffffff, process="|"]: - [ State_11111111( ) ] --> [ State_111111111( ), State_111111112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) increateattsptr_0_111111111[color=#638040, - process="in(<'create', atts, ptr>);"]: - [ State_111111111( ), In( <'create', atts, ptr> ) ] - --> - [ State_1111111111( atts, ptr ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockdevice_0_1111111111[color=#638040, - process="lock 'device';"]: - [ State_1111111111( atts, ptr ), Fr( lock ) ] - --[ Lock_0( '0', lock, 'device' ), Lock( '0', lock, 'device' ) ]-> - [ State_11111111111( atts, lock, ptr ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newLh_0_11111111111[color=#638040, process="new L_h;"]: - [ State_11111111111( atts, lock, ptr ), Fr( L_h ) ] - --> - [ State_111111111111( L_h, atts, lock, ptr ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_111111111111[color=#638040, process="new k;"]: - [ State_111111111111( L_h, atts, lock, ptr ), Fr( k ) ] - --> - [ State_1111111111111( L_h, atts, k, lock, ptr ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupFtemplateptrastempl_0_1111111111111[color=#638040, - process="lookup <'F_template', ptr> as templ"]: - [ State_1111111111111( L_h, atts, k, lock, ptr ) ] - --[ IsIn( <'F_template', ptr>, templ ) ]-> - [ State_11111111111111( L_h, atts, k, lock, ptr, templ ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupFtemplateptrastempl_1_1111111111111[color=#638040, - process="lookup <'F_template', ptr> as templ"]: - [ State_1111111111111( L_h, atts, k, lock, ptr ) ] - --[ IsNotSet( <'F_template', ptr> ) ]-> - [ State_11111111111112( L_h, atts, k, lock, ptr ) ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111_1: - "∀ x #NOW x.1 x.2 x.3 x.4 x.5 x.6 x.7 x.8 x.9 x.10 x.11 x.12 x.13 x.14 - x.15 x.16 x.17 x.18 x.19. - (Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111_1( x, - x.1, - x.2, - x.3, - x.4, - x.5, - x.6, - x.7, - x.8, - x.9, - x.10, - x.11, - x.12, - x.13, - x.14, - x.15, - x.16, - x.17, - x.18, - x.19 - ) @ #NOW) ⇒ - ((((((((((x = x.1) ∧ (x.2 = x.3)) ∧ (x.4 = x.5)) ∧ (x.6 = x.7)) ∧ - (x.8 = x.9)) ∧ - (x.10 = x.11)) ∧ - (x.12 = x.13)) ∧ - (x.14 = x.15)) ∧ - (x.16 = x.17)) ∧ - (x.18 = x.19))" - // safety formula - -rule (modulo E) ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111[color=#638040, - process="if Permits( attwrap(templ), attunwrap(templ), attenc(templ), - attdec(templ), attsens(templ), attextr(templ), atttrus(templ), - attwwt(templ), attwt(templ), attut(templ), attwrap(atts), - attunwrap(atts), attenc(atts), attdec(atts), attsens(atts), - attextr(atts), atttrus(atts), attwwt(atts), attwt(atts), - attut(atts) -)"]: - [ State_11111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ - Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111_1( attwrap(templ), - attwrap(atts), - attunwrap(templ), - attunwrap(atts), - attenc(templ), - attenc(atts), - attdec(templ), - attdec(atts), - attsens(templ), - attsens(atts), - attextr(templ), - attextr(atts), - atttrus(templ), - atttrus(atts), - attwwt(templ), - attwwt(atts), - attwt(templ), - attwt(atts), - attut(templ), - attut(atts) - ) - ]-> - [ State_111111111111111( L_h, atts, k, lock, ptr, templ ) ] - - /* - rule (modulo AC) ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111[color=#638040, - process="if Permits( attwrap(templ), attunwrap(templ), attenc(templ), - attdec(templ), attsens(templ), attextr(templ), atttrus(templ), - attwwt(templ), attwt(templ), attut(templ), attwrap(atts), - attunwrap(atts), attenc(atts), attdec(atts), attsens(atts), - attextr(atts), atttrus(atts), attwwt(atts), attwt(atts), - attut(atts) -)"]: - [ State_11111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ - Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_11111111111111_1( z, - z.1, - z.2, - z.3, - z.4, - z.5, - z.6, - z.7, - z.8, - z.9, - z.10, - z.11, - z.12, - z.13, - z.14, - z.15, - z.16, - z.17, - z.18, - z.19 - ) - ]-> - [ State_111111111111111( L_h, atts, k, lock, ptr, templ ) ] - variants (modulo AC) - 1. atts = atts.27 - templ = templ.27 - z = attwrap(templ.27) - z.1 = attwrap(atts.27) - z.2 = attunwrap(templ.27) - z.3 = attunwrap(atts.27) - z.4 = attenc(templ.27) - z.5 = attenc(atts.27) - z.6 = attdec(templ.27) - z.7 = attdec(atts.27) - z.8 = attsens(templ.27) - z.9 = attsens(atts.27) - z.10 = attextr(templ.27) - z.11 = attextr(atts.27) - z.12 = atttrus(templ.27) - z.13 = atttrus(atts.27) - z.14 = attwwt(templ.27) - z.15 = attwwt(atts.27) - z.16 = attwt(templ.27) - z.17 = attwt(atts.27) - z.18 = attut(templ.27) - z.19 = attut(atts.27) - - 2. atts = atts.37 - templ = - z = x.27 - z.1 = attwrap(atts.37) - z.2 = x.28 - z.3 = attunwrap(atts.37) - z.4 = x.29 - z.5 = attenc(atts.37) - z.6 = x.30 - z.7 = attdec(atts.37) - z.8 = x.31 - z.9 = attsens(atts.37) - z.10 = x.32 - z.11 = attextr(atts.37) - z.12 = x.33 - z.13 = atttrus(atts.37) - z.14 = x.34 - z.15 = attwwt(atts.37) - z.16 = x.35 - z.17 = attwt(atts.37) - z.18 = x.36 - z.19 = attut(atts.37) - - 3. atts = - templ = templ.37 - z = attwrap(templ.37) - z.1 = x.27 - z.2 = attunwrap(templ.37) - z.3 = x.28 - z.4 = attenc(templ.37) - z.5 = x.29 - z.6 = attdec(templ.37) - z.7 = x.30 - z.8 = attsens(templ.37) - z.9 = x.31 - z.10 = attextr(templ.37) - z.11 = x.32 - z.12 = atttrus(templ.37) - z.13 = x.33 - z.14 = attwwt(templ.37) - z.15 = x.34 - z.16 = attwt(templ.37) - z.17 = x.35 - z.18 = attut(templ.37) - z.19 = x.36 - - 4. atts = - templ = - z = x.40 - z.1 = x.27 - z.2 = x.41 - z.3 = x.28 - z.4 = x.42 - z.5 = x.29 - z.6 = x.43 - z.7 = x.30 - z.8 = x.44 - z.9 = x.31 - z.10 = x.45 - z.11 = x.32 - z.12 = x.46 - z.13 = x.33 - z.14 = x.47 - z.15 = x.34 - z.16 = x.48 - z.17 = x.35 - z.18 = x.49 - z.19 = x.36 - */ - -restriction Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_11111111111111_1: - "∀ x #NOW x.1 x.2 x.3 x.4 x.5 x.6 x.7 x.8 x.9 x.10 x.11 x.12 x.13 x.14 - x.15 x.16 x.17 x.18 x.19. - (Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_11111111111111_1( x, - x.1, - x.2, - x.3, - x.4, - x.5, - x.6, - x.7, - x.8, - x.9, - x.10, - x.11, - x.12, - x.13, - x.14, - x.15, - x.16, - x.17, - x.18, - x.19 - ) @ #NOW) ⇒ - (¬((((((((((x = x.1) ∧ (x.2 = x.3)) ∧ (x.4 = x.5)) ∧ (x.6 = x.7)) ∧ - (x.8 = x.9)) ∧ - (x.10 = x.11)) ∧ - (x.12 = x.13)) ∧ - (x.14 = x.15)) ∧ - (x.16 = x.17)) ∧ - (x.18 = x.19)))" - // safety formula - -rule (modulo E) ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_11111111111111[color=#638040, - process="if Permits( attwrap(templ), attunwrap(templ), attenc(templ), - attdec(templ), attsens(templ), attextr(templ), atttrus(templ), - attwwt(templ), attwt(templ), attut(templ), attwrap(atts), - attunwrap(atts), attenc(atts), attdec(atts), attsens(atts), - attextr(atts), atttrus(atts), attwwt(atts), attwt(atts), - attut(atts) -)"]: - [ State_11111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ - Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_11111111111111_1( attwrap(templ), - attwrap(atts), - attunwrap(templ), - attunwrap(atts), - attenc(templ), - attenc(atts), - attdec(templ), - attdec(atts), - attsens(templ), - attsens(atts), - attextr(templ), - attextr(atts), - atttrus(templ), - atttrus(atts), - attwwt(templ), - attwwt(atts), - attwt(templ), - attwt(atts), - attut(templ), - attut(atts) - ) - ]-> - [ State_111111111111112( L_h, atts, k, lock, ptr, templ ) ] - - /* - rule (modulo AC) ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_11111111111111[color=#638040, - process="if Permits( attwrap(templ), attunwrap(templ), attenc(templ), - attdec(templ), attsens(templ), attextr(templ), atttrus(templ), - attwwt(templ), attwt(templ), attut(templ), attwrap(atts), - attunwrap(atts), attenc(atts), attdec(atts), attsens(atts), - attextr(atts), atttrus(atts), attwwt(atts), attwt(atts), - attut(atts) -)"]: - [ State_11111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ - Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_11111111111111_1( z, - z.1, - z.2, - z.3, - z.4, - z.5, - z.6, - z.7, - z.8, - z.9, - z.10, - z.11, - z.12, - z.13, - z.14, - z.15, - z.16, - z.17, - z.18, - z.19 - ) - ]-> - [ State_111111111111112( L_h, atts, k, lock, ptr, templ ) ] - variants (modulo AC) - 1. atts = atts.27 - templ = templ.27 - z = attwrap(templ.27) - z.1 = attwrap(atts.27) - z.2 = attunwrap(templ.27) - z.3 = attunwrap(atts.27) - z.4 = attenc(templ.27) - z.5 = attenc(atts.27) - z.6 = attdec(templ.27) - z.7 = attdec(atts.27) - z.8 = attsens(templ.27) - z.9 = attsens(atts.27) - z.10 = attextr(templ.27) - z.11 = attextr(atts.27) - z.12 = atttrus(templ.27) - z.13 = atttrus(atts.27) - z.14 = attwwt(templ.27) - z.15 = attwwt(atts.27) - z.16 = attwt(templ.27) - z.17 = attwt(atts.27) - z.18 = attut(templ.27) - z.19 = attut(atts.27) - - 2. atts = atts.37 - templ = - z = x.27 - z.1 = attwrap(atts.37) - z.2 = x.28 - z.3 = attunwrap(atts.37) - z.4 = x.29 - z.5 = attenc(atts.37) - z.6 = x.30 - z.7 = attdec(atts.37) - z.8 = x.31 - z.9 = attsens(atts.37) - z.10 = x.32 - z.11 = attextr(atts.37) - z.12 = x.33 - z.13 = atttrus(atts.37) - z.14 = x.34 - z.15 = attwwt(atts.37) - z.16 = x.35 - z.17 = attwt(atts.37) - z.18 = x.36 - z.19 = attut(atts.37) - - 3. atts = - templ = templ.37 - z = attwrap(templ.37) - z.1 = x.27 - z.2 = attunwrap(templ.37) - z.3 = x.28 - z.4 = attenc(templ.37) - z.5 = x.29 - z.6 = attdec(templ.37) - z.7 = x.30 - z.8 = attsens(templ.37) - z.9 = x.31 - z.10 = attextr(templ.37) - z.11 = x.32 - z.12 = atttrus(templ.37) - z.13 = x.33 - z.14 = attwwt(templ.37) - z.15 = x.34 - z.16 = attwt(templ.37) - z.17 = x.35 - z.18 = attut(templ.37) - z.19 = x.36 - - 4. atts = - templ = - z = x.40 - z.1 = x.27 - z.2 = x.41 - z.3 = x.28 - z.4 = x.42 - z.5 = x.29 - z.6 = x.43 - z.7 = x.30 - z.8 = x.44 - z.9 = x.31 - z.10 = x.45 - z.11 = x.32 - z.12 = x.46 - z.13 = x.33 - z.14 = x.47 - z.15 = x.34 - z.16 = x.48 - z.17 = x.35 - z.18 = x.49 - z.19 = x.36 - */ - -rule (modulo E) eventNewKeyLhkattsensatts_0_111111111111111[color=#638040, - process="event NewKey( L_h, k, attsens(atts) );"]: - [ State_111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ NewKey( L_h, k, attsens(atts) ) ]-> - [ State_1111111111111111( L_h, atts, k, lock, ptr, templ ) ] - - /* - rule (modulo AC) eventNewKeyLhkattsensatts_0_111111111111111[color=#638040, - process="event NewKey( L_h, k, attsens(atts) );"]: - [ State_111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ NewKey( L_h, k, z ) ]-> - [ State_1111111111111111( L_h, atts, k, lock, ptr, templ ) ] - variants (modulo AC) - 1. atts = atts.8 - z = attsens(atts.8) - - 2. atts = - z = x.12 - */ - -rule (modulo E) insertobjLhkatts_0_1111111111111111[color=#638040, - process="insert <'obj', L_h>,;"]: - [ State_1111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ Insert( <'obj', L_h>, ) ]-> - [ State_11111111111111111( L_h, atts, k, lock, ptr, templ ) ] + [ !Semistate_1111( ) ] /* has exactly the trivial AC variant */ -rule (modulo E) eventWrapKeyLhkattwrapatts_0_11111111111111111[color=#638040, - process="event WrapKey( L_h, k, attwrap(atts) );"]: - [ State_11111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ WrapKey( L_h, k, attwrap(atts) ) ]-> - [ State_111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - - /* - rule (modulo AC) eventWrapKeyLhkattwrapatts_0_11111111111111111[color=#638040, - process="event WrapKey( L_h, k, attwrap(atts) );"]: - [ State_11111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ WrapKey( L_h, k, z ) ]-> - [ State_111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - variants (modulo AC) - 1. atts = atts.8 - z = attwrap(atts.8) - - 2. atts = - z = x.8 - */ - -rule (modulo E) eventDecKeyLhkattdecatts_0_111111111111111111[color=#638040, - process="event DecKey( L_h, k, attdec(atts) );"]: - [ State_111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ DecKey( L_h, k, attdec(atts) ) ]-> - [ State_1111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - - /* - rule (modulo AC) eventDecKeyLhkattdecatts_0_111111111111111111[color=#638040, - process="event DecKey( L_h, k, attdec(atts) );"]: - [ State_111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ DecKey( L_h, k, z ) ]-> - [ State_1111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - variants (modulo AC) - 1. atts = atts.8 - z = attdec(atts.8) - - 2. atts = - z = x.11 - */ - -rule (modulo E) eventEncKeyLhkattencatts_0_1111111111111111111[color=#638040, - process="event EncKey( L_h, k, attenc(atts) );"]: - [ State_1111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ EncKey( L_h, k, attenc(atts) ) ]-> - [ State_11111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - - /* - rule (modulo AC) eventEncKeyLhkattencatts_0_1111111111111111111[color=#638040, - process="event EncKey( L_h, k, attenc(atts) );"]: - [ State_1111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ EncKey( L_h, k, z ) ]-> - [ State_11111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - variants (modulo AC) - 1. atts = atts.8 - z = attenc(atts.8) - - 2. atts = - z = x.10 - */ - -rule (modulo E) eventUnwrapKeyLhkattunwrapatts_0_11111111111111111111[color=#638040, - process="event UnwrapKey( L_h, k, attunwrap(atts) );"]: - [ State_11111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ UnwrapKey( L_h, k, attunwrap(atts) ) ]-> - [ State_111111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - - /* - rule (modulo AC) eventUnwrapKeyLhkattunwrapatts_0_11111111111111111111[color=#638040, - process="event UnwrapKey( L_h, k, attunwrap(atts) );"]: - [ State_11111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ UnwrapKey( L_h, k, z ) ]-> - [ State_111111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - variants (modulo AC) - 1. atts = atts.8 - z = attunwrap(atts.8) - - 2. atts = - z = x.9 - */ - -rule (modulo E) outLh_0_111111111111111111111[color=#638040, - process="out(L_h);"]: - [ State_111111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --> +rule (modulo E) increateattsptr_0_1111111111[color=#638040, + process="in(<'create', atts.1, ptr.1>);"]: [ - State_1111111111111111111111( L_h, atts, k, lock, ptr, templ ), - Out( L_h ) + State_1111111111( ), In( <'create', atts.1, ptr.1> ), Fr( lock ), + Fr( L_h.1 ), Fr( k.1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockdevice_0_1111111111111111111111[color=#638040, - process="unlock 'device';"]: - [ State_1111111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --[ Unlock_0( '0', lock, 'device' ), Unlock( '0', lock, 'device' ) ]-> - [ State_11111111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111111111111111[color=#638040, process="0"]: - [ State_11111111111111111111111( L_h, atts, k, lock, ptr, templ ) ] - --> - [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111111111112[color=#638040, process="0"]: - [ State_111111111111112( L_h, atts, k, lock, ptr, templ ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111112[color=#638040, process="0"]: - [ State_11111111111112( L_h, atts, k, lock, ptr ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inLhsencmk_0_111111112[color=#414080, - process="in();"]: - [ State_111111112( ), In( ) ] - --> - [ State_1111111121( L_h, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockdevice_0_1111111121[color=#414080, - process="lock 'device';"]: - [ State_1111111121( L_h, k, m ), Fr( lock.1 ) ] - --[ Lock_1( '1', lock.1, 'device' ), Lock( '1', lock.1, 'device' ) ]-> - [ State_11111111211( L_h, k, m, lock.1 ) ] - - /* - rule (modulo AC) lockdevice_0_1111111121[color=#414080, - process="lock 'device';"]: - [ State_1111111121( L_h, k, m ), Fr( lock ) ] - --[ Lock_1( '1', lock, 'device' ), Lock( '1', lock, 'device' ) ]-> - [ State_11111111211( L_h, k, m, lock ) ] - */ - -rule (modulo E) lookupobjLhasv_0_11111111211[color=#414080, - process="lookup <'obj', L_h> as v"]: - [ State_11111111211( L_h, k, m, lock.1 ) ] - --[ IsIn( <'obj', L_h>, v ) ]-> - [ State_111111112111( L_h, k, m, v, lock.1 ) ] - - /* - rule (modulo AC) lookupobjLhasv_0_11111111211[color=#414080, - process="lookup <'obj', L_h> as v"]: - [ State_11111111211( L_h, k, m, lock ) ] - --[ IsIn( <'obj', L_h>, v ) ]-> - [ State_111111112111( L_h, k, m, v, lock ) ] - */ - -rule (modulo E) lookupobjLhasv_1_11111111211[color=#414080, - process="lookup <'obj', L_h> as v"]: - [ State_11111111211( L_h, k, m, lock.1 ) ] - --[ IsNotSet( <'obj', L_h> ) ]-> - [ State_111111112112( L_h, k, m, lock.1 ) ] + --[ Lock_0( '0', lock, 'device' ), Lock( '0', lock, 'device' ) ]-> + [ State_11111111111111( lock, L_h.1, atts.1, k.1, ptr.1 ) ] /* - rule (modulo AC) lookupobjLhasv_1_11111111211[color=#414080, - process="lookup <'obj', L_h> as v"]: - [ State_11111111211( L_h, k, m, lock ) ] - --[ IsNotSet( <'obj', L_h> ) ]-> - [ State_111111112112( L_h, k, m, lock ) ] - */ - -restriction Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111112111_1: - "∀ x #NOW. - (Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111112111_1( x - ) @ #NOW) ⇒ - (x = 'on')" - // safety formula - -rule (modulo E) ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111112111[color=#414080, - process="if Can_decrypt( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) -)"]: - [ State_111111112111( L_h, k, m, v, lock.1 ) ] - --[ - Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111112111_1( attdec(tem(v)) - ) - ]-> - [ State_1111111121111( L_h, k, m, v, lock.1 ) ] + rule (modulo AC) increateattsptr_0_1111111111[color=#638040, + process="in(<'create', atts.1, ptr.1>);"]: + [ + State_1111111111( ), In( <'create', atts, ptr> ), Fr( lock ), Fr( L_h ), + Fr( k ) + ] + --[ Lock_0( '0', lock, 'device' ), Lock( '0', lock, 'device' ) ]-> + [ State_11111111111111( lock, L_h, atts, k, ptr ) ] + */ + +rule (modulo E) lookupFtemplateptrastempl_0_11111111111111[color=#638040, + process="lookup <'F_template', ptr.1> as templ.1"]: + [ State_11111111111111( lock, L_h.1, atts.1, k.1, ptr.1 ) ] + --[ IsIn( <'F_template', ptr.1>, templ.1 ) ]-> + [ State_111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) ] /* - rule (modulo AC) ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111112111[color=#414080, - process="if Can_decrypt( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) -)"]: - [ State_111111112111( L_h, k, m, v, lock ) ] - --[ - Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111112111_1( z - ) - ]-> - [ State_1111111121111( L_h, k, m, v, lock ) ] - variants (modulo AC) - 1. v = v.8 - z = attdec(tem(v.8)) - - 2. v = - z = attdec(x.9) - - 3. v = - z = x.12 + rule (modulo AC) lookupFtemplateptrastempl_0_11111111111111[color=#638040, + process="lookup <'F_template', ptr.1> as templ.1"]: + [ State_11111111111111( lock, L_h, atts, k, ptr ) ] + --[ IsIn( <'F_template', ptr>, templ ) ]-> + [ State_111111111111111( lock, L_h, atts, k, ptr, templ ) ] */ -restriction Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111111112111_1: - "∀ x #NOW. - (Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111111112111_1( x +restriction Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111_1: + "∀ x #NOW x.1 x.2 x.3 x.4 x.5 x.6 x.7 x.8 x.9 x.10 x.11 x.12 x.13 x.14 + x.15 x.16 x.17 x.18 x.19. + (Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111_1( x, + x.1, + x.2, + x.3, + x.4, + x.5, + x.6, + x.7, + x.8, + x.9, + x.10, + x.11, + x.12, + x.13, + x.14, + x.15, + x.16, + x.17, + x.18, + x.19 ) @ #NOW) ⇒ - (¬(x = 'on'))" + ((((((((((x = x.1) ∧ (x.2 = x.3)) ∧ (x.4 = x.5)) ∧ (x.6 = x.7)) ∧ + (x.8 = x.9)) ∧ + (x.10 = x.11)) ∧ + (x.12 = x.13)) ∧ + (x.14 = x.15)) ∧ + (x.16 = x.17)) ∧ + (x.18 = x.19))" // safety formula -rule (modulo E) ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111111112111[color=#414080, - process="if Can_decrypt( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) +rule (modulo E) ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111[color=#638040, + process="if Permits( attwrap(templ.1), attunwrap(templ.1), attenc(templ.1), + attdec(templ.1), attsens(templ.1), attextr(templ.1), + atttrus(templ.1), attwwt(templ.1), attwt(templ.1), attut(templ.1), + attwrap(atts.1), attunwrap(atts.1), attenc(atts.1), attdec(atts.1), + attsens(atts.1), attextr(atts.1), atttrus(atts.1), attwwt(atts.1), + attwt(atts.1), attut(atts.1) )"]: - [ State_111111112111( L_h, k, m, v, lock.1 ) ] + [ State_111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) ] --[ - Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111111112111_1( attdec(tem(v)) + NewKey( L_h.1, k.1, attsens(atts.1) ), + Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111_1( attwrap(templ.1), + attwrap(atts.1), + attunwrap(templ.1), + attunwrap(atts.1), + attenc(templ.1), + attenc(atts.1), + attdec(templ.1), + attdec(atts.1), + attsens(templ.1), + attsens(atts.1), + attextr(templ.1), + attextr(atts.1), + atttrus(templ.1), + atttrus(atts.1), + attwwt(templ.1), + attwwt(atts.1), + attwt(templ.1), + attwt(atts.1), + attut(templ.1), + attut(atts.1) ) ]-> - [ State_1111111121112( L_h, k, m, v, lock.1 ) ] + [ State_11111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) ] /* - rule (modulo AC) ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111111112111[color=#414080, - process="if Can_decrypt( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) + rule (modulo AC) ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111[color=#638040, + process="if Permits( attwrap(templ.1), attunwrap(templ.1), attenc(templ.1), + attdec(templ.1), attsens(templ.1), attextr(templ.1), + atttrus(templ.1), attwwt(templ.1), attwt(templ.1), attut(templ.1), + attwrap(atts.1), attunwrap(atts.1), attenc(atts.1), attdec(atts.1), + attsens(atts.1), attextr(atts.1), atttrus(atts.1), attwwt(atts.1), + attwt(atts.1), attut(atts.1) )"]: - [ State_111111112111( L_h, k, m, v, lock ) ] + [ State_111111111111111( lock, L_h, atts, k, ptr, templ ) ] --[ - Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111111112111_1( z + NewKey( L_h, k, z ), + Restr_ifPermitsattwraptemplattunwraptemplattenctemplattdectemplattsenstemplattextrtemplatttrustemplattwwttemplattwttemplattuttemplattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111111111111111_1( z.1, + z.2, + z.3, + z.4, + z.5, + z.6, + z.7, + z.8, + z.9, + z, + z.10, + z.11, + z.12, + z.13, + z.14, + z.15, + z.16, + z.17, + z.18, + z.19 ) ]-> - [ State_1111111121112( L_h, k, m, v, lock ) ] + [ State_11111111111111111( lock, L_h, atts, k, ptr, templ ) ] variants (modulo AC) - 1. v = v.8 - z = attdec(tem(v.8)) + 1. atts = atts.29 + templ = templ.29 + z = attsens(atts.29) + z.1 = attwrap(templ.29) + z.2 = attwrap(atts.29) + z.3 = attunwrap(templ.29) + z.4 = attunwrap(atts.29) + z.5 = attenc(templ.29) + z.6 = attenc(atts.29) + z.7 = attdec(templ.29) + z.8 = attdec(atts.29) + z.9 = attsens(templ.29) + z.10 = attextr(templ.29) + z.11 = attextr(atts.29) + z.12 = atttrus(templ.29) + z.13 = atttrus(atts.29) + z.14 = attwwt(templ.29) + z.15 = attwwt(atts.29) + z.16 = attwt(templ.29) + z.17 = attwt(atts.29) + z.18 = attut(templ.29) + z.19 = attut(atts.29) - 2. v = - z = attdec(x.9) + 2. atts = atts.39 + templ = + z = attsens(atts.39) + z.1 = x.28 + z.2 = attwrap(atts.39) + z.3 = x.29 + z.4 = attunwrap(atts.39) + z.5 = x.30 + z.6 = attenc(atts.39) + z.7 = x.31 + z.8 = attdec(atts.39) + z.9 = x.32 + z.10 = x.33 + z.11 = attextr(atts.39) + z.12 = x.34 + z.13 = atttrus(atts.39) + z.14 = x.35 + z.15 = attwwt(atts.39) + z.16 = x.36 + z.17 = attwt(atts.39) + z.18 = x.37 + z.19 = attut(atts.39) - 3. v = - z = x.12 + 3. atts = + templ = templ.39 + z = x.32 + z.1 = attwrap(templ.39) + z.2 = x.28 + z.3 = attunwrap(templ.39) + z.4 = x.29 + z.5 = attenc(templ.39) + z.6 = x.30 + z.7 = attdec(templ.39) + z.8 = x.31 + z.9 = attsens(templ.39) + z.10 = attextr(templ.39) + z.11 = x.33 + z.12 = atttrus(templ.39) + z.13 = x.34 + z.14 = attwwt(templ.39) + z.15 = x.35 + z.16 = attwt(templ.39) + z.17 = x.36 + z.18 = attut(templ.39) + z.19 = x.37 + + 4. atts = + templ = + z = x.32 + z.1 = x.40 + z.2 = x.28 + z.3 = x.41 + z.4 = x.29 + z.5 = x.42 + z.6 = x.30 + z.7 = x.43 + z.8 = x.31 + z.9 = x.44 + z.10 = x.45 + z.11 = x.33 + z.12 = x.46 + z.13 = x.34 + z.14 = x.47 + z.15 = x.35 + z.16 = x.48 + z.17 = x.36 + z.18 = x.49 + z.19 = x.37 */ -rule (modulo E) ifkeyvk_0_1111111121111[color=#414080, - process="if key(v)=k"]: - [ State_1111111121111( L_h, k, m, v, lock.1 ) ] - --[ Pred_Eq( key(v), k ) ]-> - [ State_11111111211111( L_h, k, m, v, lock.1 ) ] +rule (modulo E) insertobjLhkatts_0_11111111111111111[color=#638040, + process="insert <'obj', L_h.1>,;"]: + [ State_11111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) ] + --[ Insert( <'obj', L_h.1>, ) ]-> + [ State_111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) ] /* - rule (modulo AC) ifkeyvk_0_1111111121111[color=#414080, - process="if key(v)=k"]: - [ State_1111111121111( L_h, k, m, v, lock ) ] - --[ Pred_Eq( z, k ) ]-> - [ State_11111111211111( L_h, k, m, v, lock ) ] - variants (modulo AC) - 1. v = v.8 - z = key(v.8) - - 2. v = - z = x.8 + rule (modulo AC) insertobjLhkatts_0_11111111111111111[color=#638040, + process="insert <'obj', L_h.1>,;"]: + [ State_11111111111111111( lock, L_h, atts, k, ptr, templ ) ] + --[ Insert( <'obj', L_h>, ) ]-> + [ State_111111111111111111( lock, L_h, atts, k, ptr, templ ) ] */ -rule (modulo E) ifkeyvk_1_1111111121111[color=#414080, - process="if key(v)=k"]: - [ State_1111111121111( L_h, k, m, v, lock.1 ) ] - --[ Pred_Not_Eq( key(v), k ) ]-> - [ State_11111111211112( L_h, k, m, v, lock.1 ) ] +rule (modulo E) eventWrapKeyLhkattwrapatts_0_111111111111111111[color=#638040, + process="event WrapKey( L_h.1, k.1, attwrap(atts.1) );"]: + [ State_111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) ] + --[ WrapKey( L_h.1, k.1, attwrap(atts.1) ) ]-> + [ State_1111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) ] /* - rule (modulo AC) ifkeyvk_1_1111111121111[color=#414080, - process="if key(v)=k"]: - [ State_1111111121111( L_h, k, m, v, lock ) ] - --[ Pred_Not_Eq( z, k ) ]-> - [ State_11111111211112( L_h, k, m, v, lock ) ] + rule (modulo AC) eventWrapKeyLhkattwrapatts_0_111111111111111111[color=#638040, + process="event WrapKey( L_h.1, k.1, attwrap(atts.1) );"]: + [ State_111111111111111111( lock, L_h, atts, k, ptr, templ ) ] + --[ WrapKey( L_h, k, z ) ]-> + [ State_1111111111111111111( lock, L_h, atts, k, ptr, templ ) ] variants (modulo AC) - 1. v = v.8 - z = key(v.8) + 1. atts = atts.10 + z = attwrap(atts.10) - 2. v = - z = x.8 - */ - -rule (modulo E) eventDecUsingkm_0_11111111211111[color=#414080, - process="event DecUsing( k, m );"]: - [ State_11111111211111( L_h, k, m, v, lock.1 ) ] - --[ DecUsing( k, m ) ]-> - [ State_111111112111111( L_h, k, m, v, lock.1 ) ] - - /* - rule (modulo AC) eventDecUsingkm_0_11111111211111[color=#414080, - process="event DecUsing( k, m );"]: - [ State_11111111211111( L_h, k, m, v, lock ) ] - --[ DecUsing( k, m ) ]-> - [ State_111111112111111( L_h, k, m, v, lock ) ] - */ - -rule (modulo E) outm_0_111111112111111[color=#414080, process="out(m);"]: - [ State_111111112111111( L_h, k, m, v, lock.1 ) ] - --> - [ State_1111111121111111( L_h, k, m, v, lock.1 ), Out( m ) ] - - /* - rule (modulo AC) outm_0_111111112111111[color=#414080, - process="out(m);"]: - [ State_111111112111111( L_h, k, m, v, lock ) ] - --> - [ State_1111111121111111( L_h, k, m, v, lock ), Out( m ) ] + 2. atts = + z = x.9 */ -rule (modulo E) unlockdevice_0_1111111121111111[color=#414080, - process="unlock 'device';"]: - [ State_1111111121111111( L_h, k, m, v, lock.1 ) ] - --[ Unlock_1( '1', lock.1, 'device' ), Unlock( '1', lock.1, 'device' ) - ]-> - [ State_11111111211111111( L_h, k, m, v, lock.1 ) ] +rule (modulo E) eventDecKeyLhkattdecatts_0_1111111111111111111[color=#638040, + process="event DecKey( L_h.1, k.1, attdec(atts.1) );"]: + [ State_1111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) ] + --[ DecKey( L_h.1, k.1, attdec(atts.1) ) ]-> + [ State_11111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) + ] /* - rule (modulo AC) unlockdevice_0_1111111121111111[color=#414080, - process="unlock 'device';"]: - [ State_1111111121111111( L_h, k, m, v, lock ) ] - --[ Unlock_1( '1', lock, 'device' ), Unlock( '1', lock, 'device' ) ]-> - [ State_11111111211111111( L_h, k, m, v, lock ) ] + rule (modulo AC) eventDecKeyLhkattdecatts_0_1111111111111111111[color=#638040, + process="event DecKey( L_h.1, k.1, attdec(atts.1) );"]: + [ State_1111111111111111111( lock, L_h, atts, k, ptr, templ ) ] + --[ DecKey( L_h, k, z ) ]-> + [ State_11111111111111111111( lock, L_h, atts, k, ptr, templ ) ] + variants (modulo AC) + 1. atts = atts.10 + z = attdec(atts.10) + + 2. atts = + z = x.12 */ -rule (modulo E) p_0_11111111211111111[color=#414080, process="0"]: - [ State_11111111211111111( L_h, k, m, v, lock.1 ) ] --> [ ] +rule (modulo E) eventEncKeyLhkattencatts_0_11111111111111111111[color=#638040, + process="event EncKey( L_h.1, k.1, attenc(atts.1) );"]: + [ State_11111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) + ] + --[ EncKey( L_h.1, k.1, attenc(atts.1) ) ]-> + [ State_111111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) + ] /* - rule (modulo AC) p_0_11111111211111111[color=#414080, process="0"]: - [ State_11111111211111111( L_h, k, m, v, lock ) ] --> [ ] + rule (modulo AC) eventEncKeyLhkattencatts_0_11111111111111111111[color=#638040, + process="event EncKey( L_h.1, k.1, attenc(atts.1) );"]: + [ State_11111111111111111111( lock, L_h, atts, k, ptr, templ ) ] + --[ EncKey( L_h, k, z ) ]-> + [ State_111111111111111111111( lock, L_h, atts, k, ptr, templ ) ] + variants (modulo AC) + 1. atts = atts.10 + z = attenc(atts.10) + + 2. atts = + z = x.11 */ -rule (modulo E) p_0_11111111211112[color=#414080, process="0"]: - [ State_11111111211112( L_h, k, m, v, lock.1 ) ] --> [ ] +rule (modulo E) eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111[color=#638040, + process="event UnwrapKey( L_h.1, k.1, attunwrap(atts.1) );"]: + [ State_111111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) + ] + --[ UnwrapKey( L_h.1, k.1, attunwrap(atts.1) ) ]-> + [ + State_11111111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 + ), + Out( L_h.1 ) + ] /* - rule (modulo AC) p_0_11111111211112[color=#414080, process="0"]: - [ State_11111111211112( L_h, k, m, v, lock ) ] --> [ ] + rule (modulo AC) eventUnwrapKeyLhkattunwrapatts_0_111111111111111111111[color=#638040, + process="event UnwrapKey( L_h.1, k.1, attunwrap(atts.1) );"]: + [ State_111111111111111111111( lock, L_h, atts, k, ptr, templ ) ] + --[ UnwrapKey( L_h, k, z ) ]-> + [ + State_11111111111111111111111( lock, L_h, atts, k, ptr, templ ), + Out( L_h ) + ] + variants (modulo AC) + 1. atts = atts.10 + z = attunwrap(atts.10) + + 2. atts = + z = x.10 */ -rule (modulo E) p_0_1111111121112[color=#414080, process="0"]: - [ State_1111111121112( L_h, k, m, v, lock.1 ) ] --> [ ] +rule (modulo E) unlockdevice_0_11111111111111111111111[color=#638040, + process="unlock 'device';"]: + [ + State_11111111111111111111111( lock, L_h.1, atts.1, k.1, ptr.1, templ.1 ) + ] + --[ Unlock_0( '0', lock, 'device' ), Unlock( '0', lock, 'device' ) ]-> + [ ] /* - rule (modulo AC) p_0_1111111121112[color=#414080, process="0"]: - [ State_1111111121112( L_h, k, m, v, lock ) ] --> [ ] + rule (modulo AC) unlockdevice_0_11111111111111111111111[color=#638040, + process="unlock 'device';"]: + [ State_11111111111111111111111( lock, L_h, atts, k, ptr, templ ) ] + --[ Unlock_0( '0', lock, 'device' ), Unlock( '0', lock, 'device' ) ]-> + [ ] */ -rule (modulo E) p_0_111111112112[color=#414080, process="0"]: - [ State_111111112112( L_h, k, m, lock.1 ) ] --> [ ] +rule (modulo E) lookupFtemplateptrastempl_1_11111111111111[color=#638040, + process="lookup <'F_template', ptr.1> as templ.1"]: + [ State_11111111111111( lock, L_h.1, atts.1, k.1, ptr.1 ) ] + --[ IsNotSet( <'F_template', ptr.1> ) ]-> + [ ] /* - rule (modulo AC) p_0_111111112112[color=#414080, process="0"]: - [ State_111111112112( L_h, k, m, lock ) ] --> [ ] + rule (modulo AC) lookupFtemplateptrastempl_1_11111111111111[color=#638040, + process="lookup <'F_template', ptr.1> as templ.1"]: + [ State_11111111111111( lock, L_h, atts, k, ptr ) ] + --[ IsNotSet( <'F_template', ptr> ) ]-> + [ ] */ -rule (modulo E) inLhm_0_11111112[color=#408075, process="in();"]: - [ State_11111112( ), In( ) ] --> [ State_111111121( L_h, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockdevice_0_111111121[color=#408075, - process="lock 'device';"]: - [ State_111111121( L_h, m ), Fr( lock.2 ) ] - --[ Lock_2( '2', lock.2, 'device' ), Lock( '2', lock.2, 'device' ) ]-> - [ State_1111111211( L_h, m, lock.2 ) ] +rule (modulo E) inLhsencmk_0_1111111121[color=#414080, + process="in();"]: + [ State_1111111121( ), In( ), Fr( lock.1 ) ] + --[ Lock_1( '1', lock.1, 'device' ), Lock( '1', lock.1, 'device' ) ]-> + [ State_111111112111( lock.1, m.1, L_h.2, k.2 ) ] /* - rule (modulo AC) lockdevice_0_111111121[color=#408075, - process="lock 'device';"]: - [ State_111111121( L_h, m ), Fr( lock ) ] - --[ Lock_2( '2', lock, 'device' ), Lock( '2', lock, 'device' ) ]-> - [ State_1111111211( L_h, m, lock ) ] + rule (modulo AC) inLhsencmk_0_1111111121[color=#414080, + process="in();"]: + [ State_1111111121( ), In( ), Fr( lock ) ] + --[ Lock_1( '1', lock, 'device' ), Lock( '1', lock, 'device' ) ]-> + [ State_111111112111( lock, m, L_h, k ) ] */ -rule (modulo E) lookupobjLhasv_0_1111111211[color=#408075, - process="lookup <'obj', L_h> as v"]: - [ State_1111111211( L_h, m, lock.2 ) ] - --[ IsIn( <'obj', L_h>, v ) ]-> - [ State_11111112111( L_h, m, v, lock.2 ) ] +rule (modulo E) lookupobjLhasv_0_111111112111[color=#414080, + process="lookup <'obj', L_h.2> as v.1"]: + [ State_111111112111( lock.1, m.1, L_h.2, k.2 ) ] + --[ IsIn( <'obj', L_h.2>, v.1 ) ]-> + [ State_1111111121111( lock.1, m.1, v.1, L_h.2, k.2 ) ] /* - rule (modulo AC) lookupobjLhasv_0_1111111211[color=#408075, - process="lookup <'obj', L_h> as v"]: - [ State_1111111211( L_h, m, lock ) ] + rule (modulo AC) lookupobjLhasv_0_111111112111[color=#414080, + process="lookup <'obj', L_h.2> as v.1"]: + [ State_111111112111( lock, m, L_h, k ) ] --[ IsIn( <'obj', L_h>, v ) ]-> - [ State_11111112111( L_h, m, v, lock ) ] - */ - -rule (modulo E) lookupobjLhasv_1_1111111211[color=#408075, - process="lookup <'obj', L_h> as v"]: - [ State_1111111211( L_h, m, lock.2 ) ] - --[ IsNotSet( <'obj', L_h> ) ]-> - [ State_11111112112( L_h, m, lock.2 ) ] - - /* - rule (modulo AC) lookupobjLhasv_1_1111111211[color=#408075, - process="lookup <'obj', L_h> as v"]: - [ State_1111111211( L_h, m, lock ) ] - --[ IsNotSet( <'obj', L_h> ) ]-> - [ State_11111112112( L_h, m, lock ) ] + [ State_1111111121111( lock, m, v, L_h, k ) ] */ -restriction Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111_1: +restriction Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111111121111_1: "∀ x #NOW. - (Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111_1( x + (Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111111121111_1( x ) @ #NOW) ⇒ (x = 'on')" // safety formula -rule (modulo E) ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111[color=#408075, - process="if Can_encrypt( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) -)"]: - [ State_11111112111( L_h, m, v, lock.2 ) ] - --[ - Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111_1( attenc(tem(v)) - ) - ]-> - [ State_111111121111( L_h, m, v, lock.2 ) ] - - /* - rule (modulo AC) ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111[color=#408075, - process="if Can_encrypt( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) -)"]: - [ State_11111112111( L_h, m, v, lock ) ] - --[ - Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111112111_1( z - ) - ]-> - [ State_111111121111( L_h, m, v, lock ) ] - variants (modulo AC) - 1. v = v.8 - z = attenc(tem(v.8)) - - 2. v = - z = attenc(x.9) - - 3. v = - z = x.11 - */ - -restriction Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111112111_1: - "∀ x #NOW. - (Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111112111_1( x - ) @ #NOW) ⇒ - (¬(x = 'on'))" - // safety formula - -rule (modulo E) ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111112111[color=#408075, - process="if Can_encrypt( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) +rule (modulo E) ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111111121111[color=#414080, + process="if Can_decrypt( attwrap(tem(v.1)), attunwrap(tem(v.1)), + attenc(tem(v.1)), attdec(tem(v.1)), attsens(tem(v.1)), + attextr(tem(v.1)), atttrus(tem(v.1)), attwwt(tem(v.1)), + attwt(tem(v.1)), attut(tem(v.1)) )"]: - [ State_11111112111( L_h, m, v, lock.2 ) ] + [ State_1111111121111( lock.1, m.1, v.1, L_h.2, k.2 ) ] --[ - Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111112111_1( attenc(tem(v)) + Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111111121111_1( attdec(tem(v.1)) ) ]-> - [ State_111111121112( L_h, m, v, lock.2 ) ] + [ State_11111111211111( lock.1, m.1, v.1, L_h.2, k.2 ) ] /* - rule (modulo AC) ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111112111[color=#408075, - process="if Can_encrypt( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) + rule (modulo AC) ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111111121111[color=#414080, + process="if Can_decrypt( attwrap(tem(v.1)), attunwrap(tem(v.1)), + attenc(tem(v.1)), attdec(tem(v.1)), attsens(tem(v.1)), + attextr(tem(v.1)), atttrus(tem(v.1)), attwwt(tem(v.1)), + attwt(tem(v.1)), attut(tem(v.1)) )"]: - [ State_11111112111( L_h, m, v, lock ) ] + [ State_1111111121111( lock, m, v, L_h, k ) ] --[ - Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111112111_1( z + Restr_ifCandecryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111111121111_1( z ) ]-> - [ State_111111121112( L_h, m, v, lock ) ] + [ State_11111111211111( lock, m, v, L_h, k ) ] variants (modulo AC) - 1. v = v.8 - z = attenc(tem(v.8)) + 1. v = v.9 + z = attdec(tem(v.9)) - 2. v = - z = attenc(x.9) + 2. v = + z = attdec(x.10) - 3. v = - z = x.11 + 3. v = + z = x.13 */ -rule (modulo E) eventEncUsingkeyvm_0_111111121111[color=#408075, - process="event EncUsing( key(v), m );"]: - [ State_111111121111( L_h, m, v, lock.2 ) ] - --[ EncUsing( key(v), m ) ]-> - [ State_1111111211111( L_h, m, v, lock.2 ) ] +rule (modulo E) ifkeyvk_0_11111111211111[color=#414080, + process="if key(v.1)=k.2"]: + [ State_11111111211111( lock.1, m.1, v.1, L_h.2, k.2 ) ] + --[ Pred_Eq( key(v.1), k.2 ) ]-> + [ State_111111112111111( lock.1, m.1, v.1, L_h.2, k.2 ) ] /* - rule (modulo AC) eventEncUsingkeyvm_0_111111121111[color=#408075, - process="event EncUsing( key(v), m );"]: - [ State_111111121111( L_h, m, v, lock ) ] - --[ EncUsing( z, m ) ]-> - [ State_1111111211111( L_h, m, v, lock ) ] + rule (modulo AC) ifkeyvk_0_11111111211111[color=#414080, + process="if key(v.1)=k.2"]: + [ State_11111111211111( lock, m, v, L_h, k ) ] + --[ Pred_Eq( z, k ) ]-> + [ State_111111112111111( lock, m, v, L_h, k ) ] variants (modulo AC) - 1. v = v.8 - z = key(v.8) + 1. v = v.9 + z = key(v.9) - 2. v = - z = x.8 + 2. v = + z = x.9 */ -rule (modulo E) outsencmkeyv_0_1111111211111[color=#408075, - process="out(senc(m, key(v)));"]: - [ State_1111111211111( L_h, m, v, lock.2 ) ] - --> - [ State_11111112111111( L_h, m, v, lock.2 ), Out( senc(m, key(v)) ) ] +rule (modulo E) eventDecUsingkm_0_111111112111111[color=#414080, + process="event DecUsing( k.2, m.1 );"]: + [ State_111111112111111( lock.1, m.1, v.1, L_h.2, k.2 ) ] + --[ DecUsing( k.2, m.1 ) ]-> + [ State_11111111211111111( lock.1, m.1, v.1, L_h.2, k.2 ), Out( m.1 ) ] /* - rule (modulo AC) outsencmkeyv_0_1111111211111[color=#408075, - process="out(senc(m, key(v)));"]: - [ State_1111111211111( L_h, m, v, lock ) ] - --> - [ State_11111112111111( L_h, m, v, lock ), Out( senc(m, z) ) ] - variants (modulo AC) - 1. v = v.8 - z = key(v.8) - - 2. v = - z = x.8 + rule (modulo AC) eventDecUsingkm_0_111111112111111[color=#414080, + process="event DecUsing( k.2, m.1 );"]: + [ State_111111112111111( lock, m, v, L_h, k ) ] + --[ DecUsing( k, m ) ]-> + [ State_11111111211111111( lock, m, v, L_h, k ), Out( m ) ] */ -rule (modulo E) unlockdevice_0_11111112111111[color=#408075, - process="unlock 'device';"]: - [ State_11111112111111( L_h, m, v, lock.2 ) ] - --[ Unlock_2( '2', lock.2, 'device' ), Unlock( '2', lock.2, 'device' ) - ]-> - [ State_111111121111111( L_h, m, v, lock.2 ) ] - - /* - rule (modulo AC) unlockdevice_0_11111112111111[color=#408075, +rule (modulo E) unlockdevice_0_11111111211111111[color=#414080, process="unlock 'device';"]: - [ State_11111112111111( L_h, m, v, lock ) ] - --[ Unlock_2( '2', lock, 'device' ), Unlock( '2', lock, 'device' ) ]-> - [ State_111111121111111( L_h, m, v, lock ) ] - */ - -rule (modulo E) p_0_111111121111111[color=#408075, process="0"]: - [ State_111111121111111( L_h, m, v, lock.2 ) ] --> [ ] - - /* - rule (modulo AC) p_0_111111121111111[color=#408075, process="0"]: - [ State_111111121111111( L_h, m, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_111111121112[color=#408075, process="0"]: - [ State_111111121112( L_h, m, v, lock.2 ) ] --> [ ] - - /* - rule (modulo AC) p_0_111111121112[color=#408075, process="0"]: - [ State_111111121112( L_h, m, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_11111112112[color=#408075, process="0"]: - [ State_11111112112( L_h, m, lock.2 ) ] --> [ ] - - /* - rule (modulo AC) p_0_11111112112[color=#408075, process="0"]: - [ State_11111112112( L_h, m, lock ) ] --> [ ] - */ - -rule (modulo E) inhh_0_1111112[color=#806040, process="in();"]: - [ State_1111112( ), In( ) ] --> [ State_11111121( h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockdevice_0_11111121[color=#806040, - process="lock 'device';"]: - [ State_11111121( h1, h2 ), Fr( lock.3 ) ] - --[ Lock_3( '3', lock.3, 'device' ), Lock( '3', lock.3, 'device' ) ]-> - [ State_111111211( h1, h2, lock.3 ) ] + [ State_11111111211111111( lock.1, m.1, v.1, L_h.2, k.2 ) ] + --[ Unlock_1( '1', lock.1, 'device' ), Unlock( '1', lock.1, 'device' ) + ]-> + [ ] /* - rule (modulo AC) lockdevice_0_11111121[color=#806040, - process="lock 'device';"]: - [ State_11111121( h1, h2 ), Fr( lock ) ] - --[ Lock_3( '3', lock, 'device' ), Lock( '3', lock, 'device' ) ]-> - [ State_111111211( h1, h2, lock ) ] + rule (modulo AC) unlockdevice_0_11111111211111111[color=#414080, + process="unlock 'device';"]: + [ State_11111111211111111( lock, m, v, L_h, k ) ] + --[ Unlock_1( '1', lock, 'device' ), Unlock( '1', lock, 'device' ) ]-> + [ ] */ -rule (modulo E) lookupobjhasv_0_111111211[color=#806040, - process="lookup <'obj', h1> as v1"]: - [ State_111111211( h1, h2, lock.3 ) ] - --[ IsIn( <'obj', h1>, v1 ) ]-> - [ State_1111112111( h1, h2, v1, lock.3 ) ] +rule (modulo E) ifkeyvk_1_11111111211111[color=#414080, + process="if key(v.1)=k.2"]: + [ State_11111111211111( lock.1, m.1, v.1, L_h.2, k.2 ) ] + --[ Pred_Not_Eq( key(v.1), k.2 ) ]-> + [ ] /* - rule (modulo AC) lookupobjhasv_0_111111211[color=#806040, - process="lookup <'obj', h1> as v1"]: - [ State_111111211( h1, h2, lock ) ] - --[ IsIn( <'obj', h1>, v1 ) ]-> - [ State_1111112111( h1, h2, v1, lock ) ] + rule (modulo AC) ifkeyvk_1_11111111211111[color=#414080, + process="if key(v.1)=k.2"]: + [ State_11111111211111( lock, m, v, L_h, k ) ] + --[ Pred_Not_Eq( z, k ) ]-> + [ ] + variants (modulo AC) + 1. v = v.9 + z = key(v.9) + + 2. v = + z = x.9 */ -rule (modulo E) lookupobjhasv_1_111111211[color=#806040, - process="lookup <'obj', h1> as v1"]: - [ State_111111211( h1, h2, lock.3 ) ] - --[ IsNotSet( <'obj', h1> ) ]-> - [ State_1111112112( h1, h2, lock.3 ) ] +rule (modulo E) lookupobjLhasv_1_111111112111[color=#414080, + process="lookup <'obj', L_h.2> as v.1"]: + [ State_111111112111( lock.1, m.1, L_h.2, k.2 ) ] + --[ IsNotSet( <'obj', L_h.2> ) ]-> + [ ] /* - rule (modulo AC) lookupobjhasv_1_111111211[color=#806040, - process="lookup <'obj', h1> as v1"]: - [ State_111111211( h1, h2, lock ) ] - --[ IsNotSet( <'obj', h1> ) ]-> - [ State_1111112112( h1, h2, lock ) ] + rule (modulo AC) lookupobjLhasv_1_111111112111[color=#414080, + process="lookup <'obj', L_h.2> as v.1"]: + [ State_111111112111( lock, m, L_h, k ) ] + --[ IsNotSet( <'obj', L_h> ) ]-> + [ ] */ -rule (modulo E) lookupobjhasv_0_1111112111[color=#806040, - process="lookup <'obj', h2> as v2"]: - [ State_1111112111( h1, h2, v1, lock.3 ) ] - --[ IsIn( <'obj', h2>, v2 ) ]-> - [ State_11111121111( h1, h2, v1, v2, lock.3 ) ] +rule (modulo E) inLhm_0_111111121[color=#408075, + process="in();"]: + [ State_111111121( ), In( ), Fr( lock.2 ) ] + --[ Lock_2( '2', lock.2, 'device' ), Lock( '2', lock.2, 'device' ) ]-> + [ State_11111112111( lock.2, m.2, L_h.3 ) ] /* - rule (modulo AC) lookupobjhasv_0_1111112111[color=#806040, - process="lookup <'obj', h2> as v2"]: - [ State_1111112111( h1, h2, v1, lock ) ] - --[ IsIn( <'obj', h2>, v2 ) ]-> - [ State_11111121111( h1, h2, v1, v2, lock ) ] + rule (modulo AC) inLhm_0_111111121[color=#408075, + process="in();"]: + [ State_111111121( ), In( ), Fr( lock ) ] + --[ Lock_2( '2', lock, 'device' ), Lock( '2', lock, 'device' ) ]-> + [ State_11111112111( lock, m, L_h ) ] */ -rule (modulo E) lookupobjhasv_1_1111112111[color=#806040, - process="lookup <'obj', h2> as v2"]: - [ State_1111112111( h1, h2, v1, lock.3 ) ] - --[ IsNotSet( <'obj', h2> ) ]-> - [ State_11111121112( h1, h2, v1, lock.3 ) ] +rule (modulo E) lookupobjLhasv_0_11111112111[color=#408075, + process="lookup <'obj', L_h.3> as v.2"]: + [ State_11111112111( lock.2, m.2, L_h.3 ) ] + --[ IsIn( <'obj', L_h.3>, v.2 ) ]-> + [ State_111111121111( lock.2, m.2, v.2, L_h.3 ) ] /* - rule (modulo AC) lookupobjhasv_1_1111112111[color=#806040, - process="lookup <'obj', h2> as v2"]: - [ State_1111112111( h1, h2, v1, lock ) ] - --[ IsNotSet( <'obj', h2> ) ]-> - [ State_11111121112( h1, h2, v1, lock ) ] + rule (modulo AC) lookupobjLhasv_0_11111112111[color=#408075, + process="lookup <'obj', L_h.3> as v.2"]: + [ State_11111112111( lock, m, L_h ) ] + --[ IsIn( <'obj', L_h>, v ) ]-> + [ State_111111121111( lock, m, v, L_h ) ] */ -restriction Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111_1: - "∀ x #NOW x.1 x.2 x.3 x.4. - (Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111_1( x, - x.1, - x.2, - x.3, - x.4 +restriction Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111_1: + "∀ x #NOW. + (Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111_1( x ) @ #NOW) ⇒ - (((x = 'on') ∧ (x.1 = 'on')) ∧ - ((x.2 = 'off') ∨ ((x.3 = 'on') ∧ (x.4 = 'on'))))" + (x = 'on')" // safety formula -rule (modulo E) ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111[color=#806040, - process="if Can_wrap( attwrap(tem(v1)), attunwrap(tem(v1)), attenc(tem(v1)), - attdec(tem(v1)), attsens(tem(v1)), attextr(tem(v1)), - atttrus(tem(v1)), attwwt(tem(v1)), attwt(tem(v1)), attut(tem(v1)), - attwrap(tem(v2)), attunwrap(tem(v2)), attenc(tem(v2)), - attdec(tem(v2)), attsens(tem(v2)), attextr(tem(v2)), - atttrus(tem(v2)), attwwt(tem(v2)), attwt(tem(v2)), attut(tem(v2)) +rule (modulo E) ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111[color=#408075, + process="if Can_encrypt( attwrap(tem(v.2)), attunwrap(tem(v.2)), + attenc(tem(v.2)), attdec(tem(v.2)), attsens(tem(v.2)), + attextr(tem(v.2)), atttrus(tem(v.2)), attwwt(tem(v.2)), + attwt(tem(v.2)), attut(tem(v.2)) )"]: - [ State_11111121111( h1, h2, v1, v2, lock.3 ) ] + [ State_111111121111( lock.2, m.2, v.2, L_h.3 ) ] --[ - Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111_1( attwrap(tem(v1)), - attextr(tem(v2)), - attwwt(tem(v2)), - attwwt(tem(v2)), - atttrus(tem(v1)) + EncUsing( key(v.2), m.2 ), + Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111_1( attenc(tem(v.2)) ) ]-> - [ State_111111211111( h1, h2, v1, v2, lock.3 ) ] + [ + State_111111121111111( lock.2, m.2, v.2, L_h.3 ), + Out( senc(m.2, key(v.2)) ) + ] /* - rule (modulo AC) ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111[color=#806040, - process="if Can_wrap( attwrap(tem(v1)), attunwrap(tem(v1)), attenc(tem(v1)), - attdec(tem(v1)), attsens(tem(v1)), attextr(tem(v1)), - atttrus(tem(v1)), attwwt(tem(v1)), attwt(tem(v1)), attut(tem(v1)), - attwrap(tem(v2)), attunwrap(tem(v2)), attenc(tem(v2)), - attdec(tem(v2)), attsens(tem(v2)), attextr(tem(v2)), - atttrus(tem(v2)), attwwt(tem(v2)), attwt(tem(v2)), attut(tem(v2)) + rule (modulo AC) ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111[color=#408075, + process="if Can_encrypt( attwrap(tem(v.2)), attunwrap(tem(v.2)), + attenc(tem(v.2)), attdec(tem(v.2)), attsens(tem(v.2)), + attextr(tem(v.2)), atttrus(tem(v.2)), attwwt(tem(v.2)), + attwt(tem(v.2)), attut(tem(v.2)) )"]: - [ State_11111121111( h1, h2, v1, v2, lock ) ] + [ State_111111121111( lock, m, v, L_h ) ] --[ - Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111_1( z, - z.1, - z.2, - z.2, - z.3 + EncUsing( z, m ), + Restr_ifCanencryptattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111121111_1( z.1 ) ]-> - [ State_111111211111( h1, h2, v1, v2, lock ) ] + [ State_111111121111111( lock, m, v, L_h ), Out( senc(m, z) ) ] variants (modulo AC) - 1. v1 = v1.13 - v2 = v2.13 - z = attwrap(tem(v1.13)) - z.1 = attextr(tem(v2.13)) - z.2 = attwwt(tem(v2.13)) - z.3 = atttrus(tem(v1.13)) - - 2. v1 = v1.15 - v2 = - z = attwrap(tem(v1.15)) - z.1 = attextr(x.14) - z.2 = attwwt(x.14) - z.3 = atttrus(tem(v1.15)) - - 3. v1 = v1.24 - v2 = - z = attwrap(tem(v1.24)) - z.1 = x.19 - z.2 = x.21 - z.3 = atttrus(tem(v1.24)) - - 4. v1 = - v2 = v2.15 - z = attwrap(x.14) - z.1 = attextr(tem(v2.15)) - z.2 = attwwt(tem(v2.15)) - z.3 = atttrus(x.14) - - 5. v1 = - v2 = - z = attwrap(x.14) - z.1 = attextr(x.16) - z.2 = attwwt(x.16) - z.3 = atttrus(x.14) - - 6. v1 = - v2 = - z = attwrap(x.14) - z.1 = x.21 - z.2 = x.23 - z.3 = atttrus(x.14) - - 7. v1 = - v2 = v2.24 - z = x.14 - z.1 = attextr(tem(v2.24)) - z.2 = attwwt(tem(v2.24)) - z.3 = x.20 + 1. v = v.10 + z = key(v.10) + z.1 = attenc(tem(v.10)) - 8. v1 = - v2 = - z = x.14 - z.1 = attextr(x.25) - z.2 = attwwt(x.25) - z.3 = x.20 + 2. v = + z = x.10 + z.1 = attenc(x.11) - 9. v1 = - v2 = - z = x.14 - z.1 = x.30 - z.2 = x.32 - z.3 = x.20 + 3. v = + z = x.10 + z.1 = x.13 + */ + +rule (modulo E) unlockdevice_0_111111121111111[color=#408075, + process="unlock 'device';"]: + [ State_111111121111111( lock.2, m.2, v.2, L_h.3 ) ] + --[ Unlock_2( '2', lock.2, 'device' ), Unlock( '2', lock.2, 'device' ) + ]-> + [ ] + + /* + rule (modulo AC) unlockdevice_0_111111121111111[color=#408075, + process="unlock 'device';"]: + [ State_111111121111111( lock, m, v, L_h ) ] + --[ Unlock_2( '2', lock, 'device' ), Unlock( '2', lock, 'device' ) ]-> + [ ] + */ + +rule (modulo E) lookupobjLhasv_1_11111112111[color=#408075, + process="lookup <'obj', L_h.3> as v.2"]: + [ State_11111112111( lock.2, m.2, L_h.3 ) ] + --[ IsNotSet( <'obj', L_h.3> ) ]-> + [ ] + + /* + rule (modulo AC) lookupobjLhasv_1_11111112111[color=#408075, + process="lookup <'obj', L_h.3> as v.2"]: + [ State_11111112111( lock, m, L_h ) ] + --[ IsNotSet( <'obj', L_h> ) ]-> + [ ] + */ + +rule (modulo E) inhh_0_11111121[color=#806040, + process="in();"]: + [ State_11111121( ), In( ), Fr( lock.3 ) ] + --[ Lock_3( '3', lock.3, 'device' ), Lock( '3', lock.3, 'device' ) ]-> + [ State_1111112111( h1.1, h2.1, lock.3 ) ] + + /* + rule (modulo AC) inhh_0_11111121[color=#806040, + process="in();"]: + [ State_11111121( ), In( ), Fr( lock ) ] + --[ Lock_3( '3', lock, 'device' ), Lock( '3', lock, 'device' ) ]-> + [ State_1111112111( h1, h2, lock ) ] + */ + +rule (modulo E) lookupobjhasv_0_1111112111[color=#806040, + process="lookup <'obj', h1.1> as v1.1"]: + [ State_1111112111( h1.1, h2.1, lock.3 ) ] + --[ IsIn( <'obj', h1.1>, v1.1 ) ]-> + [ State_11111121111( h1.1, h2.1, v1.1, lock.3 ) ] + + /* + rule (modulo AC) lookupobjhasv_0_1111112111[color=#806040, + process="lookup <'obj', h1.1> as v1.1"]: + [ State_1111112111( h1, h2, lock ) ] + --[ IsIn( <'obj', h1>, v1 ) ]-> + [ State_11111121111( h1, h2, v1, lock ) ] + */ + +rule (modulo E) lookupobjhasv_0_11111121111[color=#806040, + process="lookup <'obj', h2.1> as v2.1"]: + [ State_11111121111( h1.1, h2.1, v1.1, lock.3 ) ] + --[ IsIn( <'obj', h2.1>, v2.1 ) ]-> + [ State_111111211111( h1.1, h2.1, v1.1, v2.1, lock.3 ) ] + + /* + rule (modulo AC) lookupobjhasv_0_11111121111[color=#806040, + process="lookup <'obj', h2.1> as v2.1"]: + [ State_11111121111( h1, h2, v1, lock ) ] + --[ IsIn( <'obj', h2>, v2 ) ]-> + [ State_111111211111( h1, h2, v1, v2, lock ) ] */ -restriction Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111121111_1: +restriction Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111211111_1: "∀ x #NOW x.1 x.2 x.3 x.4. - (Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111121111_1( x, - x.1, - x.2, - x.3, - x.4 + (Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111211111_1( x, + x.1, + x.2, + x.3, + x.4 ) @ #NOW) ⇒ - (¬(((x = 'on') ∧ (x.1 = 'on')) ∧ - ((x.2 = 'off') ∨ ((x.3 = 'on') ∧ (x.4 = 'on')))))" + (((x = 'on') ∧ (x.1 = 'on')) ∧ + ((x.2 = 'off') ∨ ((x.3 = 'on') ∧ (x.4 = 'on'))))" // safety formula -rule (modulo E) ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111121111[color=#806040, - process="if Can_wrap( attwrap(tem(v1)), attunwrap(tem(v1)), attenc(tem(v1)), - attdec(tem(v1)), attsens(tem(v1)), attextr(tem(v1)), - atttrus(tem(v1)), attwwt(tem(v1)), attwt(tem(v1)), attut(tem(v1)), - attwrap(tem(v2)), attunwrap(tem(v2)), attenc(tem(v2)), - attdec(tem(v2)), attsens(tem(v2)), attextr(tem(v2)), - atttrus(tem(v2)), attwwt(tem(v2)), attwt(tem(v2)), attut(tem(v2)) +rule (modulo E) ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111211111[color=#806040, + process="if Can_wrap( attwrap(tem(v1.1)), attunwrap(tem(v1.1)), + attenc(tem(v1.1)), attdec(tem(v1.1)), attsens(tem(v1.1)), + attextr(tem(v1.1)), atttrus(tem(v1.1)), attwwt(tem(v1.1)), + attwt(tem(v1.1)), attut(tem(v1.1)), attwrap(tem(v2.1)), + attunwrap(tem(v2.1)), attenc(tem(v2.1)), attdec(tem(v2.1)), + attsens(tem(v2.1)), attextr(tem(v2.1)), atttrus(tem(v2.1)), + attwwt(tem(v2.1)), attwt(tem(v2.1)), attut(tem(v2.1)) )"]: - [ State_11111121111( h1, h2, v1, v2, lock.3 ) ] + [ State_111111211111( h1.1, h2.1, v1.1, v2.1, lock.3 ) ] --[ - Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111121111_1( attwrap(tem(v1)), - attextr(tem(v2)), - attwwt(tem(v2)), - attwwt(tem(v2)), - atttrus(tem(v1)) + Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111211111_1( attwrap(tem(v1.1)), + attextr(tem(v2.1)), + attwwt(tem(v2.1)), + attwwt(tem(v2.1)), + atttrus(tem(v1.1)) ) ]-> - [ State_111111211112( h1, h2, v1, v2, lock.3 ) ] + [ State_1111112111111( h1.1, h2.1, v1.1, v2.1, lock.3 ) ] /* - rule (modulo AC) ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111121111[color=#806040, - process="if Can_wrap( attwrap(tem(v1)), attunwrap(tem(v1)), attenc(tem(v1)), - attdec(tem(v1)), attsens(tem(v1)), attextr(tem(v1)), - atttrus(tem(v1)), attwwt(tem(v1)), attwt(tem(v1)), attut(tem(v1)), - attwrap(tem(v2)), attunwrap(tem(v2)), attenc(tem(v2)), - attdec(tem(v2)), attsens(tem(v2)), attextr(tem(v2)), - atttrus(tem(v2)), attwwt(tem(v2)), attwt(tem(v2)), attut(tem(v2)) + rule (modulo AC) ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111211111[color=#806040, + process="if Can_wrap( attwrap(tem(v1.1)), attunwrap(tem(v1.1)), + attenc(tem(v1.1)), attdec(tem(v1.1)), attsens(tem(v1.1)), + attextr(tem(v1.1)), atttrus(tem(v1.1)), attwwt(tem(v1.1)), + attwt(tem(v1.1)), attut(tem(v1.1)), attwrap(tem(v2.1)), + attunwrap(tem(v2.1)), attenc(tem(v2.1)), attdec(tem(v2.1)), + attsens(tem(v2.1)), attextr(tem(v2.1)), atttrus(tem(v2.1)), + attwwt(tem(v2.1)), attwt(tem(v2.1)), attut(tem(v2.1)) )"]: - [ State_11111121111( h1, h2, v1, v2, lock ) ] + [ State_111111211111( h1, h2, v1, v2, lock ) ] --[ - Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11111121111_1( z, - z.1, - z.2, - z.2, - z.3 + Restr_ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemvattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111111211111_1( z, + z.1, + z.2, + z.2, + z.3 ) ]-> - [ State_111111211112( h1, h2, v1, v2, lock ) ] + [ State_1111112111111( h1, h2, v1, v2, lock ) ] variants (modulo AC) 1. v1 = v1.13 v2 = v2.13 @@ -23152,18 +22894,18 @@ rule (modulo E) ifCanwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemv z.3 = x.20 */ -rule (modulo E) lookupFtemplateattwttemvaswt_0_111111211111[color=#806040, - process="lookup <'F_template', attwt(tem(v1))> as wt"]: - [ State_111111211111( h1, h2, v1, v2, lock.3 ) ] - --[ IsIn( <'F_template', attwt(tem(v1))>, wt ) ]-> - [ State_1111112111111( h1, h2, v1, v2, wt, lock.3 ) ] +rule (modulo E) lookupFtemplateattwttemvaswt_0_1111112111111[color=#806040, + process="lookup <'F_template', attwt(tem(v1.1))> as wt.1"]: + [ State_1111112111111( h1.1, h2.1, v1.1, v2.1, lock.3 ) ] + --[ IsIn( <'F_template', attwt(tem(v1.1))>, wt.1 ) ]-> + [ State_11111121111111( h1.1, h2.1, v1.1, v2.1, wt.1, lock.3 ) ] /* - rule (modulo AC) lookupFtemplateattwttemvaswt_0_111111211111[color=#806040, - process="lookup <'F_template', attwt(tem(v1))> as wt"]: - [ State_111111211111( h1, h2, v1, v2, lock ) ] + rule (modulo AC) lookupFtemplateattwttemvaswt_0_1111112111111[color=#806040, + process="lookup <'F_template', attwt(tem(v1.1))> as wt.1"]: + [ State_1111112111111( h1, h2, v1, v2, lock ) ] --[ IsIn( <'F_template', z>, wt ) ]-> - [ State_1111112111111( h1, h2, v1, v2, wt, lock ) ] + [ State_11111121111111( h1, h2, v1, v2, wt, lock ) ] variants (modulo AC) 1. v1 = v1.13 z = attwt(tem(v1.13)) @@ -23176,53 +22918,29 @@ rule (modulo E) lookupFtemplateattwttemvaswt_0_111111211111[color=#806040, z = z.23 */ -rule (modulo E) lookupFtemplateattwttemvaswt_1_111111211111[color=#806040, - process="lookup <'F_template', attwt(tem(v1))> as wt"]: - [ State_111111211111( h1, h2, v1, v2, lock.3 ) ] - --[ IsNotSet( <'F_template', attwt(tem(v1))> ) ]-> - [ State_1111112111112( h1, h2, v1, v2, lock.3 ) ] - - /* - rule (modulo AC) lookupFtemplateattwttemvaswt_1_111111211111[color=#806040, - process="lookup <'F_template', attwt(tem(v1))> as wt"]: - [ State_111111211111( h1, h2, v1, v2, lock ) ] - --[ IsNotSet( <'F_template', z> ) ]-> - [ State_1111112111112( h1, h2, v1, v2, lock ) ] - variants (modulo AC) - 1. v1 = v1.12 - z = attwt(tem(v1.12)) - - 2. v1 = - z = attwt(x.14) - - 3. v1 = - z = z.22 - */ - -restriction Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111112111111_1: +restriction Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_1: "∀ x #NOW x.1 x.2 x.3 x.4 x.5 x.6 x.7 x.8 x.9 x.10 x.11 x.12 x.13 x.14 x.15 x.16 x.17 x.18 x.19. - (Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111112111111_1( x, - x.1, - x.2, - x.3, - x.4, - x.5, - x.6, - x.7, - x.8, - x.9, - x.10, - x.11, - x.12, - x.13, - x.14, - x.15, - x.16, - x.17, - x.18, - x.19 + (Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_1( x, + x.1, + x.2, + x.3, + x.4, + x.5, + x.6, + x.7, + x.8, + x.9, + x.10, + x.11, + x.12, + x.13, + x.14, + x.15, + x.16, + x.17, + x.18, + x.19 ) @ #NOW) ⇒ ((((((((((x = x.1) ∧ (x.2 = x.3)) ∧ (x.4 = x.5)) ∧ (x.6 = x.7)) ∧ (x.8 = x.9)) ∧ @@ -23233,717 +22951,528 @@ restriction Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrw (x.18 = x.19))" // safety formula -rule (modulo E) ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111112111111[color=#806040, - process="if Permits( attwrap(wt), attunwrap(wt), attenc(wt), attdec(wt), - attsens(wt), attextr(wt), atttrus(wt), attwwt(wt), attwt(wt), - attut(wt), attwrap(tem(v2)), attunwrap(tem(v2)), attenc(tem(v2)), - attdec(tem(v2)), attsens(tem(v2)), attextr(tem(v2)), - atttrus(tem(v2)), attwwt(tem(v2)), attwt(tem(v2)), attut(tem(v2)) +rule (modulo E) ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111[color=#806040, + process="if Permits( attwrap(wt.1), attunwrap(wt.1), attenc(wt.1), + attdec(wt.1), attsens(wt.1), attextr(wt.1), atttrus(wt.1), + attwwt(wt.1), attwt(wt.1), attut(wt.1), attwrap(tem(v2.1)), + attunwrap(tem(v2.1)), attenc(tem(v2.1)), attdec(tem(v2.1)), + attsens(tem(v2.1)), attextr(tem(v2.1)), atttrus(tem(v2.1)), + attwwt(tem(v2.1)), attwt(tem(v2.1)), attut(tem(v2.1)) )"]: - [ State_1111112111111( h1, h2, v1, v2, wt, lock.3 ) ] + [ State_11111121111111( h1.1, h2.1, v1.1, v2.1, wt.1, lock.3 ) ] --[ - Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111112111111_1( attwrap(wt), - attwrap(tem(v2)), - attunwrap(wt), - attunwrap(tem(v2)), - attenc(wt), - attenc(tem(v2)), - attdec(wt), - attdec(tem(v2)), - attsens(wt), - attsens(tem(v2)), - attextr(wt), - attextr(tem(v2)), - atttrus(wt), - atttrus(tem(v2)), - attwwt(wt), - attwwt(tem(v2)), - attwt(wt), - attwt(tem(v2)), - attut(wt), - attut(tem(v2)) + Wrap( key(v1.1), key(v2.1) ), + Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_1( attwrap(wt.1), + attwrap(tem(v2.1)), + attunwrap(wt.1), + attunwrap(tem(v2.1)), + attenc(wt.1), + attenc(tem(v2.1)), + attdec(wt.1), + attdec(tem(v2.1)), + attsens(wt.1), + attsens(tem(v2.1)), + attextr(wt.1), + attextr(tem(v2.1)), + atttrus(wt.1), + atttrus(tem(v2.1)), + attwwt(wt.1), + attwwt(tem(v2.1)), + attwt(wt.1), + attwt(tem(v2.1)), + attut(wt.1), + attut(tem(v2.1)) ) ]-> - [ State_11111121111111( h1, h2, v1, v2, wt, lock.3 ) ] + [ + State_11111121111111111( h1.1, h2.1, v1.1, v2.1, wt.1, lock.3 ), + Out( senc(key(v2.1), key(v1.1)) ) + ] /* - rule (modulo AC) ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111112111111[color=#806040, - process="if Permits( attwrap(wt), attunwrap(wt), attenc(wt), attdec(wt), - attsens(wt), attextr(wt), atttrus(wt), attwwt(wt), attwt(wt), - attut(wt), attwrap(tem(v2)), attunwrap(tem(v2)), attenc(tem(v2)), - attdec(tem(v2)), attsens(tem(v2)), attextr(tem(v2)), - atttrus(tem(v2)), attwwt(tem(v2)), attwt(tem(v2)), attut(tem(v2)) + rule (modulo AC) ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111[color=#806040, + process="if Permits( attwrap(wt.1), attunwrap(wt.1), attenc(wt.1), + attdec(wt.1), attsens(wt.1), attextr(wt.1), atttrus(wt.1), + attwwt(wt.1), attwt(wt.1), attut(wt.1), attwrap(tem(v2.1)), + attunwrap(tem(v2.1)), attenc(tem(v2.1)), attdec(tem(v2.1)), + attsens(tem(v2.1)), attextr(tem(v2.1)), atttrus(tem(v2.1)), + attwwt(tem(v2.1)), attwt(tem(v2.1)), attut(tem(v2.1)) )"]: - [ State_1111112111111( h1, h2, v1, v2, wt, lock ) ] - --[ - Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111112111111_1( z, - z.1, - z.2, - z.3, - z.4, - z.5, - z.6, - z.7, - z.8, - z.9, - z.10, - z.11, - z.12, - z.13, - z.14, - z.15, - z.16, - z.17, - z.18, - z.19 - ) - ]-> [ State_11111121111111( h1, h2, v1, v2, wt, lock ) ] - variants (modulo AC) - 1. v2 = v2.30 - wt = wt.30 - z = attwrap(wt.30) - z.1 = attwrap(tem(v2.30)) - z.2 = attunwrap(wt.30) - z.3 = attunwrap(tem(v2.30)) - z.4 = attenc(wt.30) - z.5 = attenc(tem(v2.30)) - z.6 = attdec(wt.30) - z.7 = attdec(tem(v2.30)) - z.8 = attsens(wt.30) - z.9 = attsens(tem(v2.30)) - z.10 = attextr(wt.30) - z.11 = attextr(tem(v2.30)) - z.12 = atttrus(wt.30) - z.13 = atttrus(tem(v2.30)) - z.14 = attwwt(wt.30) - z.15 = attwwt(tem(v2.30)) - z.16 = attwt(wt.30) - z.17 = attwt(tem(v2.30)) - z.18 = attut(wt.30) - z.19 = attut(tem(v2.30)) - - 2. v2 = v2.40 - wt = - z = x.30 - z.1 = attwrap(tem(v2.40)) - z.2 = x.31 - z.3 = attunwrap(tem(v2.40)) - z.4 = x.32 - z.5 = attenc(tem(v2.40)) - z.6 = x.33 - z.7 = attdec(tem(v2.40)) - z.8 = x.34 - z.9 = attsens(tem(v2.40)) - z.10 = x.35 - z.11 = attextr(tem(v2.40)) - z.12 = x.36 - z.13 = atttrus(tem(v2.40)) - z.14 = x.37 - z.15 = attwwt(tem(v2.40)) - z.16 = x.38 - z.17 = attwt(tem(v2.40)) - z.18 = x.39 - z.19 = attut(tem(v2.40)) - - 3. v2 = - wt = wt.32 - z = attwrap(wt.32) - z.1 = attwrap(x.31) - z.2 = attunwrap(wt.32) - z.3 = attunwrap(x.31) - z.4 = attenc(wt.32) - z.5 = attenc(x.31) - z.6 = attdec(wt.32) - z.7 = attdec(x.31) - z.8 = attsens(wt.32) - z.9 = attsens(x.31) - z.10 = attextr(wt.32) - z.11 = attextr(x.31) - z.12 = atttrus(wt.32) - z.13 = atttrus(x.31) - z.14 = attwwt(wt.32) - z.15 = attwwt(x.31) - z.16 = attwt(wt.32) - z.17 = attwt(x.31) - z.18 = attut(wt.32) - z.19 = attut(x.31) - - 4. v2 = - wt = - z = x.32 - z.1 = attwrap(x.31) - z.2 = x.33 - z.3 = attunwrap(x.31) - z.4 = x.34 - z.5 = attenc(x.31) - z.6 = x.35 - z.7 = attdec(x.31) - z.8 = x.36 - z.9 = attsens(x.31) - z.10 = x.37 - z.11 = attextr(x.31) - z.12 = x.38 - z.13 = atttrus(x.31) - z.14 = x.39 - z.15 = attwwt(x.31) - z.16 = x.40 - z.17 = attwt(x.31) - z.18 = x.41 - z.19 = attut(x.31) - - 5. v2 = - wt = wt.41 - z = attwrap(wt.41) - z.1 = x.31 - z.2 = attunwrap(wt.41) - z.3 = x.32 - z.4 = attenc(wt.41) - z.5 = x.33 - z.6 = attdec(wt.41) - z.7 = x.34 - z.8 = attsens(wt.41) - z.9 = x.35 - z.10 = attextr(wt.41) - z.11 = x.36 - z.12 = atttrus(wt.41) - z.13 = x.37 - z.14 = attwwt(wt.41) - z.15 = x.38 - z.16 = attwt(wt.41) - z.17 = x.39 - z.18 = attut(wt.41) - z.19 = x.40 - - 6. v2 = - wt = - z = x.41 - z.1 = x.31 - z.2 = x.42 - z.3 = x.32 - z.4 = x.43 - z.5 = x.33 - z.6 = x.44 - z.7 = x.34 - z.8 = x.45 - z.9 = x.35 - z.10 = x.46 - z.11 = x.36 - z.12 = x.47 - z.13 = x.37 - z.14 = x.48 - z.15 = x.38 - z.16 = x.49 - z.17 = x.39 - z.18 = x.50 - z.19 = x.40 - */ - -restriction Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_1111112111111_1: - "∀ x #NOW x.1 x.2 x.3 x.4 x.5 x.6 x.7 x.8 x.9 x.10 x.11 x.12 x.13 x.14 - x.15 x.16 x.17 x.18 x.19. - (Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_1111112111111_1( x, - x.1, - x.2, - x.3, - x.4, - x.5, - x.6, - x.7, - x.8, - x.9, - x.10, - x.11, - x.12, - x.13, - x.14, - x.15, - x.16, - x.17, - x.18, - x.19 - ) @ #NOW) ⇒ - (¬((((((((((x = x.1) ∧ (x.2 = x.3)) ∧ (x.4 = x.5)) ∧ (x.6 = x.7)) ∧ - (x.8 = x.9)) ∧ - (x.10 = x.11)) ∧ - (x.12 = x.13)) ∧ - (x.14 = x.15)) ∧ - (x.16 = x.17)) ∧ - (x.18 = x.19)))" - // safety formula - -rule (modulo E) ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_1111112111111[color=#806040, - process="if Permits( attwrap(wt), attunwrap(wt), attenc(wt), attdec(wt), - attsens(wt), attextr(wt), atttrus(wt), attwwt(wt), attwt(wt), - attut(wt), attwrap(tem(v2)), attunwrap(tem(v2)), attenc(tem(v2)), - attdec(tem(v2)), attsens(tem(v2)), attextr(tem(v2)), - atttrus(tem(v2)), attwwt(tem(v2)), attwt(tem(v2)), attut(tem(v2)) -)"]: - [ State_1111112111111( h1, h2, v1, v2, wt, lock.3 ) ] - --[ - Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_1111112111111_1( attwrap(wt), - attwrap(tem(v2)), - attunwrap(wt), - attunwrap(tem(v2)), - attenc(wt), - attenc(tem(v2)), - attdec(wt), - attdec(tem(v2)), - attsens(wt), - attsens(tem(v2)), - attextr(wt), - attextr(tem(v2)), - atttrus(wt), - atttrus(tem(v2)), - attwwt(wt), - attwwt(tem(v2)), - attwt(wt), - attwt(tem(v2)), - attut(wt), - attut(tem(v2)) - ) - ]-> - [ State_11111121111112( h1, h2, v1, v2, wt, lock.3 ) ] - - /* - rule (modulo AC) ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_1111112111111[color=#806040, - process="if Permits( attwrap(wt), attunwrap(wt), attenc(wt), attdec(wt), - attsens(wt), attextr(wt), atttrus(wt), attwwt(wt), attwt(wt), - attut(wt), attwrap(tem(v2)), attunwrap(tem(v2)), attenc(tem(v2)), - attdec(tem(v2)), attsens(tem(v2)), attextr(tem(v2)), - atttrus(tem(v2)), attwwt(tem(v2)), attwt(tem(v2)), attut(tem(v2)) -)"]: - [ State_1111112111111( h1, h2, v1, v2, wt, lock ) ] --[ - Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_1111112111111_1( z, - z.1, - z.2, - z.3, - z.4, - z.5, - z.6, - z.7, - z.8, - z.9, - z.10, - z.11, - z.12, - z.13, - z.14, - z.15, - z.16, - z.17, - z.18, - z.19 + Wrap( z.1, z ), + Restr_ifPermitsattwrapwtattunwrapwtattencwtattdecwtattsenswtattextrwtatttruswtattwwtwtattwtwtattutwtattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11111121111111_1( z.2, + z.3, + z.4, + z.5, + z.6, + z.7, + z.8, + z.9, + z.10, + z.11, + z.12, + z.13, + z.14, + z.15, + z.16, + z.17, + z.18, + z.19, + z.20, + z.21 ) ]-> - [ State_11111121111112( h1, h2, v1, v2, wt, lock ) ] + [ + State_11111121111111111( h1, h2, v1, v2, wt, lock ), Out( senc(z, z.1) ) + ] variants (modulo AC) - 1. v2 = v2.30 - wt = wt.30 - z = attwrap(wt.30) - z.1 = attwrap(tem(v2.30)) - z.2 = attunwrap(wt.30) - z.3 = attunwrap(tem(v2.30)) - z.4 = attenc(wt.30) - z.5 = attenc(tem(v2.30)) - z.6 = attdec(wt.30) - z.7 = attdec(tem(v2.30)) - z.8 = attsens(wt.30) - z.9 = attsens(tem(v2.30)) - z.10 = attextr(wt.30) - z.11 = attextr(tem(v2.30)) - z.12 = atttrus(wt.30) - z.13 = atttrus(tem(v2.30)) - z.14 = attwwt(wt.30) - z.15 = attwwt(tem(v2.30)) - z.16 = attwt(wt.30) - z.17 = attwt(tem(v2.30)) - z.18 = attut(wt.30) - z.19 = attut(tem(v2.30)) + 1. v1 = v1.32 + v2 = v2.32 + wt = wt.32 + z = key(v2.32) + z.1 = key(v1.32) + z.2 = attwrap(wt.32) + z.3 = attwrap(tem(v2.32)) + z.4 = attunwrap(wt.32) + z.5 = attunwrap(tem(v2.32)) + z.6 = attenc(wt.32) + z.7 = attenc(tem(v2.32)) + z.8 = attdec(wt.32) + z.9 = attdec(tem(v2.32)) + z.10 = attsens(wt.32) + z.11 = attsens(tem(v2.32)) + z.12 = attextr(wt.32) + z.13 = attextr(tem(v2.32)) + z.14 = atttrus(wt.32) + z.15 = atttrus(tem(v2.32)) + z.16 = attwwt(wt.32) + z.17 = attwwt(tem(v2.32)) + z.18 = attwt(wt.32) + z.19 = attwt(tem(v2.32)) + z.20 = attut(wt.32) + z.21 = attut(tem(v2.32)) - 2. v2 = v2.40 - wt = - z = x.30 - z.1 = attwrap(tem(v2.40)) - z.2 = x.31 - z.3 = attunwrap(tem(v2.40)) - z.4 = x.32 - z.5 = attenc(tem(v2.40)) - z.6 = x.33 - z.7 = attdec(tem(v2.40)) - z.8 = x.34 - z.9 = attsens(tem(v2.40)) - z.10 = x.35 - z.11 = attextr(tem(v2.40)) - z.12 = x.36 - z.13 = atttrus(tem(v2.40)) - z.14 = x.37 - z.15 = attwwt(tem(v2.40)) - z.16 = x.38 - z.17 = attwt(tem(v2.40)) - z.18 = x.39 - z.19 = attut(tem(v2.40)) + 2. v1 = v1.34 + v2 = + wt = wt.34 + z = x.32 + z.1 = key(v1.34) + z.2 = attwrap(wt.34) + z.3 = attwrap(x.33) + z.4 = attunwrap(wt.34) + z.5 = attunwrap(x.33) + z.6 = attenc(wt.34) + z.7 = attenc(x.33) + z.8 = attdec(wt.34) + z.9 = attdec(x.33) + z.10 = attsens(wt.34) + z.11 = attsens(x.33) + z.12 = attextr(wt.34) + z.13 = attextr(x.33) + z.14 = atttrus(wt.34) + z.15 = atttrus(x.33) + z.16 = attwwt(wt.34) + z.17 = attwwt(x.33) + z.18 = attwt(wt.34) + z.19 = attwt(x.33) + z.20 = attut(wt.34) + z.21 = attut(x.33) - 3. v2 = - wt = wt.32 - z = attwrap(wt.32) - z.1 = attwrap(x.31) - z.2 = attunwrap(wt.32) - z.3 = attunwrap(x.31) - z.4 = attenc(wt.32) - z.5 = attenc(x.31) - z.6 = attdec(wt.32) - z.7 = attdec(x.31) - z.8 = attsens(wt.32) - z.9 = attsens(x.31) - z.10 = attextr(wt.32) - z.11 = attextr(x.31) - z.12 = atttrus(wt.32) - z.13 = atttrus(x.31) - z.14 = attwwt(wt.32) - z.15 = attwwt(x.31) - z.16 = attwt(wt.32) - z.17 = attwt(x.31) - z.18 = attut(wt.32) - z.19 = attut(x.31) + 3. v1 = v1.42 + v2 = v2.42 + wt = + z = key(v2.42) + z.1 = key(v1.42) + z.2 = x.32 + z.3 = attwrap(tem(v2.42)) + z.4 = x.33 + z.5 = attunwrap(tem(v2.42)) + z.6 = x.34 + z.7 = attenc(tem(v2.42)) + z.8 = x.35 + z.9 = attdec(tem(v2.42)) + z.10 = x.36 + z.11 = attsens(tem(v2.42)) + z.12 = x.37 + z.13 = attextr(tem(v2.42)) + z.14 = x.38 + z.15 = atttrus(tem(v2.42)) + z.16 = x.39 + z.17 = attwwt(tem(v2.42)) + z.18 = x.40 + z.19 = attwt(tem(v2.42)) + z.20 = x.41 + z.21 = attut(tem(v2.42)) - 4. v2 = - wt = - z = x.32 - z.1 = attwrap(x.31) - z.2 = x.33 - z.3 = attunwrap(x.31) - z.4 = x.34 - z.5 = attenc(x.31) - z.6 = x.35 - z.7 = attdec(x.31) - z.8 = x.36 - z.9 = attsens(x.31) - z.10 = x.37 - z.11 = attextr(x.31) - z.12 = x.38 - z.13 = atttrus(x.31) - z.14 = x.39 - z.15 = attwwt(x.31) - z.16 = x.40 - z.17 = attwt(x.31) - z.18 = x.41 - z.19 = attut(x.31) + 4. v1 = v1.43 + v2 = + wt = wt.43 + z = x.32 + z.1 = key(v1.43) + z.2 = attwrap(wt.43) + z.3 = x.33 + z.4 = attunwrap(wt.43) + z.5 = x.34 + z.6 = attenc(wt.43) + z.7 = x.35 + z.8 = attdec(wt.43) + z.9 = x.36 + z.10 = attsens(wt.43) + z.11 = x.37 + z.12 = attextr(wt.43) + z.13 = x.38 + z.14 = atttrus(wt.43) + z.15 = x.39 + z.16 = attwwt(wt.43) + z.17 = x.40 + z.18 = attwt(wt.43) + z.19 = x.41 + z.20 = attut(wt.43) + z.21 = x.42 - 5. v2 = - wt = wt.41 - z = attwrap(wt.41) - z.1 = x.31 - z.2 = attunwrap(wt.41) - z.3 = x.32 - z.4 = attenc(wt.41) - z.5 = x.33 - z.6 = attdec(wt.41) - z.7 = x.34 - z.8 = attsens(wt.41) - z.9 = x.35 - z.10 = attextr(wt.41) - z.11 = x.36 - z.12 = atttrus(wt.41) - z.13 = x.37 - z.14 = attwwt(wt.41) - z.15 = x.38 - z.16 = attwt(wt.41) - z.17 = x.39 - z.18 = attut(wt.41) - z.19 = x.40 + 5. v1 = v1.44 + v2 = + wt = + z = x.32 + z.1 = key(v1.44) + z.2 = x.34 + z.3 = attwrap(x.33) + z.4 = x.35 + z.5 = attunwrap(x.33) + z.6 = x.36 + z.7 = attenc(x.33) + z.8 = x.37 + z.9 = attdec(x.33) + z.10 = x.38 + z.11 = attsens(x.33) + z.12 = x.39 + z.13 = attextr(x.33) + z.14 = x.40 + z.15 = atttrus(x.33) + z.16 = x.41 + z.17 = attwwt(x.33) + z.18 = x.42 + z.19 = attwt(x.33) + z.20 = x.43 + z.21 = attut(x.33) - 6. v2 = - wt = - z = x.41 - z.1 = x.31 - z.2 = x.42 - z.3 = x.32 - z.4 = x.43 - z.5 = x.33 - z.6 = x.44 - z.7 = x.34 - z.8 = x.45 - z.9 = x.35 - z.10 = x.46 - z.11 = x.36 - z.12 = x.47 - z.13 = x.37 - z.14 = x.48 - z.15 = x.38 - z.16 = x.49 - z.17 = x.39 - z.18 = x.50 - z.19 = x.40 - */ - -rule (modulo E) eventWrapkeyvkeyv_0_11111121111111[color=#806040, - process="event Wrap( key(v1), key(v2) );"]: - [ State_11111121111111( h1, h2, v1, v2, wt, lock.3 ) ] - --[ Wrap( key(v1), key(v2) ) ]-> - [ State_111111211111111( h1, h2, v1, v2, wt, lock.3 ) ] - - /* - rule (modulo AC) eventWrapkeyvkeyv_0_11111121111111[color=#806040, - process="event Wrap( key(v1), key(v2) );"]: - [ State_11111121111111( h1, h2, v1, v2, wt, lock ) ] - --[ Wrap( z, z.1 ) ]-> - [ State_111111211111111( h1, h2, v1, v2, wt, lock ) ] - variants (modulo AC) - 1. v1 = v1.12 - v2 = v2.12 - z = key(v1.12) - z.1 = key(v2.12) + 6. v1 = v1.53 + v2 = + wt = + z = x.32 + z.1 = key(v1.53) + z.2 = x.43 + z.3 = x.33 + z.4 = x.44 + z.5 = x.34 + z.6 = x.45 + z.7 = x.35 + z.8 = x.46 + z.9 = x.36 + z.10 = x.47 + z.11 = x.37 + z.12 = x.48 + z.13 = x.38 + z.14 = x.49 + z.15 = x.39 + z.16 = x.50 + z.17 = x.40 + z.18 = x.51 + z.19 = x.41 + z.20 = x.52 + z.21 = x.42 - 2. v1 = v1.14 - v2 = - z = key(v1.14) - z.1 = x.12 + 7. v1 = + v2 = v2.34 + wt = wt.34 + z = key(v2.34) + z.1 = x.32 + z.2 = attwrap(wt.34) + z.3 = attwrap(tem(v2.34)) + z.4 = attunwrap(wt.34) + z.5 = attunwrap(tem(v2.34)) + z.6 = attenc(wt.34) + z.7 = attenc(tem(v2.34)) + z.8 = attdec(wt.34) + z.9 = attdec(tem(v2.34)) + z.10 = attsens(wt.34) + z.11 = attsens(tem(v2.34)) + z.12 = attextr(wt.34) + z.13 = attextr(tem(v2.34)) + z.14 = atttrus(wt.34) + z.15 = atttrus(tem(v2.34)) + z.16 = attwwt(wt.34) + z.17 = attwwt(tem(v2.34)) + z.18 = attwt(wt.34) + z.19 = attwt(tem(v2.34)) + z.20 = attut(wt.34) + z.21 = attut(tem(v2.34)) - 3. v1 = - v2 = v2.14 - z = x.12 - z.1 = key(v2.14) + 8. v1 = + v2 = v2.45 + wt = + z = key(v2.45) + z.1 = x.32 + z.2 = x.35 + z.3 = attwrap(tem(v2.45)) + z.4 = x.36 + z.5 = attunwrap(tem(v2.45)) + z.6 = x.37 + z.7 = attenc(tem(v2.45)) + z.8 = x.38 + z.9 = attdec(tem(v2.45)) + z.10 = x.39 + z.11 = attsens(tem(v2.45)) + z.12 = x.40 + z.13 = attextr(tem(v2.45)) + z.14 = x.41 + z.15 = atttrus(tem(v2.45)) + z.16 = x.42 + z.17 = attwwt(tem(v2.45)) + z.18 = x.43 + z.19 = attwt(tem(v2.45)) + z.20 = x.44 + z.21 = attut(tem(v2.45)) - 4. v1 = - v2 = - z = x.12 - z.1 = x.14 - */ - -rule (modulo E) outsenckeyvkeyv_0_111111211111111[color=#806040, - process="out(senc(key(v2), key(v1)));"]: - [ State_111111211111111( h1, h2, v1, v2, wt, lock.3 ) ] - --> - [ - State_1111112111111111( h1, h2, v1, v2, wt, lock.3 ), - Out( senc(key(v2), key(v1)) ) - ] - - /* - rule (modulo AC) outsenckeyvkeyv_0_111111211111111[color=#806040, - process="out(senc(key(v2), key(v1)));"]: - [ State_111111211111111( h1, h2, v1, v2, wt, lock ) ] - --> - [ State_1111112111111111( h1, h2, v1, v2, wt, lock ), Out( senc(z, z.1) ) - ] - variants (modulo AC) - 1. v1 = v1.12 - v2 = v2.12 - z = key(v2.12) - z.1 = key(v1.12) + 9. v1 = + v2 = + wt = wt.36 + z = x.34 + z.1 = x.32 + z.2 = attwrap(wt.36) + z.3 = attwrap(x.35) + z.4 = attunwrap(wt.36) + z.5 = attunwrap(x.35) + z.6 = attenc(wt.36) + z.7 = attenc(x.35) + z.8 = attdec(wt.36) + z.9 = attdec(x.35) + z.10 = attsens(wt.36) + z.11 = attsens(x.35) + z.12 = attextr(wt.36) + z.13 = attextr(x.35) + z.14 = atttrus(wt.36) + z.15 = atttrus(x.35) + z.16 = attwwt(wt.36) + z.17 = attwwt(x.35) + z.18 = attwt(wt.36) + z.19 = attwt(x.35) + z.20 = attut(wt.36) + z.21 = attut(x.35) - 2. v1 = v1.14 - v2 = - z = x.12 - z.1 = key(v1.14) + 10. v1 = + v2 = + wt = + z = x.34 + z.1 = x.32 + z.2 = x.36 + z.3 = attwrap(x.35) + z.4 = x.37 + z.5 = attunwrap(x.35) + z.6 = x.38 + z.7 = attenc(x.35) + z.8 = x.39 + z.9 = attdec(x.35) + z.10 = x.40 + z.11 = attsens(x.35) + z.12 = x.41 + z.13 = attextr(x.35) + z.14 = x.42 + z.15 = atttrus(x.35) + z.16 = x.43 + z.17 = attwwt(x.35) + z.18 = x.44 + z.19 = attwt(x.35) + z.20 = x.45 + z.21 = attut(x.35) - 3. v1 = - v2 = v2.14 - z = key(v2.14) - z.1 = x.12 + 11. v1 = + v2 = + wt = wt.45 + z = x.34 + z.1 = x.32 + z.2 = attwrap(wt.45) + z.3 = x.35 + z.4 = attunwrap(wt.45) + z.5 = x.36 + z.6 = attenc(wt.45) + z.7 = x.37 + z.8 = attdec(wt.45) + z.9 = x.38 + z.10 = attsens(wt.45) + z.11 = x.39 + z.12 = attextr(wt.45) + z.13 = x.40 + z.14 = atttrus(wt.45) + z.15 = x.41 + z.16 = attwwt(wt.45) + z.17 = x.42 + z.18 = attwt(wt.45) + z.19 = x.43 + z.20 = attut(wt.45) + z.21 = x.44 - 4. v1 = - v2 = - z = x.14 - z.1 = x.12 + 12. v1 = + v2 = + wt = + z = x.34 + z.1 = x.32 + z.2 = x.45 + z.3 = x.35 + z.4 = x.46 + z.5 = x.36 + z.6 = x.47 + z.7 = x.37 + z.8 = x.48 + z.9 = x.38 + z.10 = x.49 + z.11 = x.39 + z.12 = x.50 + z.13 = x.40 + z.14 = x.51 + z.15 = x.41 + z.16 = x.52 + z.17 = x.42 + z.18 = x.53 + z.19 = x.43 + z.20 = x.54 + z.21 = x.44 */ -rule (modulo E) unlockdevice_0_1111112111111111[color=#806040, - process="unlock 'device';"]: - [ State_1111112111111111( h1, h2, v1, v2, wt, lock.3 ) ] +rule (modulo E) unlockdevice_0_11111121111111111[color=#806040, + process="unlock 'device';"]: + [ State_11111121111111111( h1.1, h2.1, v1.1, v2.1, wt.1, lock.3 ) ] --[ Unlock_3( '3', lock.3, 'device' ), Unlock( '3', lock.3, 'device' ) ]-> - [ State_11111121111111111( h1, h2, v1, v2, wt, lock.3 ) ] + [ ] /* - rule (modulo AC) unlockdevice_0_1111112111111111[color=#806040, - process="unlock 'device';"]: - [ State_1111112111111111( h1, h2, v1, v2, wt, lock ) ] - --[ Unlock_3( '3', lock, 'device' ), Unlock( '3', lock, 'device' ) ]-> + rule (modulo AC) unlockdevice_0_11111121111111111[color=#806040, + process="unlock 'device';"]: [ State_11111121111111111( h1, h2, v1, v2, wt, lock ) ] + --[ Unlock_3( '3', lock, 'device' ), Unlock( '3', lock, 'device' ) ]-> + [ ] */ -rule (modulo E) p_0_11111121111111111[color=#806040, process="0"]: - [ State_11111121111111111( h1, h2, v1, v2, wt, lock.3 ) ] --> [ ] - - /* - rule (modulo AC) p_0_11111121111111111[color=#806040, process="0"]: - [ State_11111121111111111( h1, h2, v1, v2, wt, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_11111121111112[color=#806040, process="0"]: - [ State_11111121111112( h1, h2, v1, v2, wt, lock.3 ) ] --> [ ] - - /* - rule (modulo AC) p_0_11111121111112[color=#806040, process="0"]: - [ State_11111121111112( h1, h2, v1, v2, wt, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_1111112111112[color=#806040, process="0"]: - [ State_1111112111112( h1, h2, v1, v2, lock.3 ) ] --> [ ] - - /* - rule (modulo AC) p_0_1111112111112[color=#806040, process="0"]: - [ State_1111112111112( h1, h2, v1, v2, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_111111211112[color=#806040, process="0"]: - [ State_111111211112( h1, h2, v1, v2, lock.3 ) ] --> [ ] +rule (modulo E) lookupFtemplateattwttemvaswt_1_1111112111111[color=#806040, + process="lookup <'F_template', attwt(tem(v1.1))> as wt.1"]: + [ State_1111112111111( h1.1, h2.1, v1.1, v2.1, lock.3 ) ] + --[ IsNotSet( <'F_template', attwt(tem(v1.1))> ) ]-> + [ ] /* - rule (modulo AC) p_0_111111211112[color=#806040, process="0"]: - [ State_111111211112( h1, h2, v1, v2, lock ) ] --> [ ] + rule (modulo AC) lookupFtemplateattwttemvaswt_1_1111112111111[color=#806040, + process="lookup <'F_template', attwt(tem(v1.1))> as wt.1"]: + [ State_1111112111111( h1, h2, v1, v2, lock ) ] + --[ IsNotSet( <'F_template', z> ) ]-> + [ ] + variants (modulo AC) + 1. v1 = v1.12 + z = attwt(tem(v1.12)) + + 2. v1 = + z = attwt(x.14) + + 3. v1 = + z = z.22 */ -rule (modulo E) p_0_11111121112[color=#806040, process="0"]: - [ State_11111121112( h1, h2, v1, lock.3 ) ] --> [ ] +rule (modulo E) lookupobjhasv_1_11111121111[color=#806040, + process="lookup <'obj', h2.1> as v2.1"]: + [ State_11111121111( h1.1, h2.1, v1.1, lock.3 ) ] + --[ IsNotSet( <'obj', h2.1> ) ]-> + [ ] /* - rule (modulo AC) p_0_11111121112[color=#806040, process="0"]: - [ State_11111121112( h1, h2, v1, lock ) ] --> [ ] + rule (modulo AC) lookupobjhasv_1_11111121111[color=#806040, + process="lookup <'obj', h2.1> as v2.1"]: + [ State_11111121111( h1, h2, v1, lock ) ] + --[ IsNotSet( <'obj', h2> ) ]-> + [ ] */ -rule (modulo E) p_0_1111112112[color=#806040, process="0"]: - [ State_1111112112( h1, h2, lock.3 ) ] --> [ ] +rule (modulo E) lookupobjhasv_1_1111112111[color=#806040, + process="lookup <'obj', h1.1> as v1.1"]: + [ State_1111112111( h1.1, h2.1, lock.3 ) ] + --[ IsNotSet( <'obj', h1.1> ) ]-> + [ ] /* - rule (modulo AC) p_0_1111112112[color=#806040, process="0"]: - [ State_1111112112( h1, h2, lock ) ] --> [ ] + rule (modulo AC) lookupobjhasv_1_1111112111[color=#806040, + process="lookup <'obj', h1.1> as v1.1"]: + [ State_1111112111( h1, h2, lock ) ] --[ IsNotSet( <'obj', h1> ) ]-> [ ] */ -rule (modulo E) inLhsencmkatts_0_111112[color=#7e8040, - process="in();"]: - [ State_111112( ), In( ) ] - --> - [ State_1111121( L_h, atts, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockdevice_0_1111121[color=#7e8040, - process="lock 'device';"]: - [ State_1111121( L_h, atts, k, m ), Fr( lock.4 ) ] +rule (modulo E) inLhsencmkatts_0_1111121[color=#7e8040, + process="in();"]: + [ State_1111121( ), In( ), Fr( lock.4 ) ] --[ Lock_4( '4', lock.4, 'device' ), Lock( '4', lock.4, 'device' ) ]-> - [ State_11111211( L_h, atts, k, m, lock.4 ) ] - - /* - rule (modulo AC) lockdevice_0_1111121[color=#7e8040, - process="lock 'device';"]: - [ State_1111121( L_h, atts, k, m ), Fr( lock ) ] - --[ Lock_4( '4', lock, 'device' ), Lock( '4', lock, 'device' ) ]-> - [ State_11111211( L_h, atts, k, m, lock ) ] - */ - -rule (modulo E) lookupobjLhasv_0_11111211[color=#7e8040, - process="lookup <'obj', L_h> as v"]: - [ State_11111211( L_h, atts, k, m, lock.4 ) ] - --[ IsIn( <'obj', L_h>, v ) ]-> - [ State_111112111( L_h, atts, k, m, v, lock.4 ) ] + [ State_111112111( atts.2, k.3, m.3, L_h.4, lock.4 ) ] - /* - rule (modulo AC) lookupobjLhasv_0_11111211[color=#7e8040, - process="lookup <'obj', L_h> as v"]: - [ State_11111211( L_h, atts, k, m, lock ) ] - --[ IsIn( <'obj', L_h>, v ) ]-> - [ State_111112111( L_h, atts, k, m, v, lock ) ] - */ - -rule (modulo E) lookupobjLhasv_1_11111211[color=#7e8040, - process="lookup <'obj', L_h> as v"]: - [ State_11111211( L_h, atts, k, m, lock.4 ) ] - --[ IsNotSet( <'obj', L_h> ) ]-> - [ State_111112112( L_h, atts, k, m, lock.4 ) ] - - /* - rule (modulo AC) lookupobjLhasv_1_11111211[color=#7e8040, - process="lookup <'obj', L_h> as v"]: - [ State_11111211( L_h, atts, k, m, lock ) ] - --[ IsNotSet( <'obj', L_h> ) ]-> - [ State_111112112( L_h, atts, k, m, lock ) ] - */ - -restriction Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111112111_1: - "∀ x #NOW. - (Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111112111_1( x - ) @ #NOW) ⇒ - (x = 'on')" - // safety formula - -rule (modulo E) ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111112111[color=#7e8040, - process="if Can_unwrap( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) -)"]: - [ State_111112111( L_h, atts, k, m, v, lock.4 ) ] - --[ - Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111112111_1( attunwrap(tem(v)) - ) - ]-> - [ State_1111121111( L_h, atts, k, m, v, lock.4 ) ] - - /* - rule (modulo AC) ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111112111[color=#7e8040, - process="if Can_unwrap( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) -)"]: - [ State_111112111( L_h, atts, k, m, v, lock ) ] - --[ - Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111112111_1( z - ) - ]-> - [ State_1111121111( L_h, atts, k, m, v, lock ) ] - variants (modulo AC) - 1. v = v.12 - z = attunwrap(tem(v.12)) - - 2. v = - z = attunwrap(x.13) - - 3. v = - z = x.14 + /* + rule (modulo AC) inLhsencmkatts_0_1111121[color=#7e8040, + process="in();"]: + [ State_1111121( ), In( ), Fr( lock ) ] + --[ Lock_4( '4', lock, 'device' ), Lock( '4', lock, 'device' ) ]-> + [ State_111112111( atts, k, m, L_h, lock ) ] + */ + +rule (modulo E) lookupobjLhasv_0_111112111[color=#7e8040, + process="lookup <'obj', L_h.4> as v.3"]: + [ State_111112111( atts.2, k.3, m.3, L_h.4, lock.4 ) ] + --[ IsIn( <'obj', L_h.4>, v.3 ) ]-> + [ State_1111121111( atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] + + /* + rule (modulo AC) lookupobjLhasv_0_111112111[color=#7e8040, + process="lookup <'obj', L_h.4> as v.3"]: + [ State_111112111( atts, k, m, L_h, lock ) ] + --[ IsIn( <'obj', L_h>, v ) ]-> + [ State_1111121111( atts, k, m, v, L_h, lock ) ] */ -restriction Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111112111_1: +restriction Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111121111_1: "∀ x #NOW. - (Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111112111_1( x + (Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111121111_1( x ) @ #NOW) ⇒ - (¬(x = 'on'))" + (x = 'on')" // safety formula -rule (modulo E) ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111112111[color=#7e8040, - process="if Can_unwrap( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) +rule (modulo E) ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111121111[color=#7e8040, + process="if Can_unwrap( attwrap(tem(v.3)), attunwrap(tem(v.3)), + attenc(tem(v.3)), attdec(tem(v.3)), attsens(tem(v.3)), + attextr(tem(v.3)), atttrus(tem(v.3)), attwwt(tem(v.3)), + attwt(tem(v.3)), attut(tem(v.3)) )"]: - [ State_111112111( L_h, atts, k, m, v, lock.4 ) ] + [ State_1111121111( atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] --[ - Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111112111_1( attunwrap(tem(v)) + Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111121111_1( attunwrap(tem(v.3)) ) ]-> - [ State_1111121112( L_h, atts, k, m, v, lock.4 ) ] + [ State_11111211111( atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] /* - rule (modulo AC) ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111112111[color=#7e8040, - process="if Can_unwrap( attwrap(tem(v)), attunwrap(tem(v)), attenc(tem(v)), - attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), atttrus(tem(v)), - attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) + rule (modulo AC) ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111121111[color=#7e8040, + process="if Can_unwrap( attwrap(tem(v.3)), attunwrap(tem(v.3)), + attenc(tem(v.3)), attdec(tem(v.3)), attsens(tem(v.3)), + attextr(tem(v.3)), atttrus(tem(v.3)), attwwt(tem(v.3)), + attwt(tem(v.3)), attut(tem(v.3)) )"]: - [ State_111112111( L_h, atts, k, m, v, lock ) ] + [ State_1111121111( atts, k, m, v, L_h, lock ) ] --[ - Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_111112111_1( z + Restr_ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_1111121111_1( z ) ]-> - [ State_1111121112( L_h, atts, k, m, v, lock ) ] + [ State_11111211111( atts, k, m, v, L_h, lock ) ] variants (modulo AC) - 1. v = v.12 - z = attunwrap(tem(v.12)) + 1. v = v.13 + z = attunwrap(tem(v.13)) 2. v = z = attunwrap(x.13) @@ -23953,58 +23482,38 @@ rule (modulo E) ifCanunwrapattwraptemvattunwraptemvattenctemvattdectemvattsenste z = x.14 */ -rule (modulo E) ifkeyvk_0_1111121111[color=#7e8040, - process="if key(v)=k"]: - [ State_1111121111( L_h, atts, k, m, v, lock.4 ) ] - --[ Pred_Eq( key(v), k ) ]-> - [ State_11111211111( L_h, atts, k, m, v, lock.4 ) ] +rule (modulo E) ifkeyvk_0_11111211111[color=#7e8040, + process="if key(v.3)=k.3"]: + [ State_11111211111( atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] + --[ Pred_Eq( key(v.3), k.3 ) ]-> + [ State_111112111111( atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] /* - rule (modulo AC) ifkeyvk_0_1111121111[color=#7e8040, - process="if key(v)=k"]: - [ State_1111121111( L_h, atts, k, m, v, lock ) ] + rule (modulo AC) ifkeyvk_0_11111211111[color=#7e8040, + process="if key(v.3)=k.3"]: + [ State_11111211111( atts, k, m, v, L_h, lock ) ] --[ Pred_Eq( z, k ) ]-> - [ State_11111211111( L_h, atts, k, m, v, lock ) ] - variants (modulo AC) - 1. v = v.12 - z = key(v.12) - - 2. v = - z = x.12 - */ - -rule (modulo E) ifkeyvk_1_1111121111[color=#7e8040, - process="if key(v)=k"]: - [ State_1111121111( L_h, atts, k, m, v, lock.4 ) ] - --[ Pred_Not_Eq( key(v), k ) ]-> - [ State_11111211112( L_h, atts, k, m, v, lock.4 ) ] - - /* - rule (modulo AC) ifkeyvk_1_1111121111[color=#7e8040, - process="if key(v)=k"]: - [ State_1111121111( L_h, atts, k, m, v, lock ) ] - --[ Pred_Not_Eq( z, k ) ]-> - [ State_11111211112( L_h, atts, k, m, v, lock ) ] + [ State_111112111111( atts, k, m, v, L_h, lock ) ] variants (modulo AC) - 1. v = v.12 - z = key(v.12) + 1. v = v.13 + z = key(v.13) 2. v = z = x.12 */ -rule (modulo E) lookupFtemplateattuttemvasut_0_11111211111[color=#7e8040, - process="lookup <'F_template', attut(tem(v))> as ut"]: - [ State_11111211111( L_h, atts, k, m, v, lock.4 ) ] - --[ IsIn( <'F_template', attut(tem(v))>, ut ) ]-> - [ State_111112111111( L_h, atts, k, m, ut, v, lock.4 ) ] +rule (modulo E) lookupFtemplateattuttemvasut_0_111112111111[color=#7e8040, + process="lookup <'F_template', attut(tem(v.3))> as ut.1"]: + [ State_111112111111( atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] + --[ IsIn( <'F_template', attut(tem(v.3))>, ut.1 ) ]-> + [ State_1111121111111( ut.1, atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] /* - rule (modulo AC) lookupFtemplateattuttemvasut_0_11111211111[color=#7e8040, - process="lookup <'F_template', attut(tem(v))> as ut"]: - [ State_11111211111( L_h, atts, k, m, v, lock ) ] + rule (modulo AC) lookupFtemplateattuttemvasut_0_111112111111[color=#7e8040, + process="lookup <'F_template', attut(tem(v.3))> as ut.1"]: + [ State_111112111111( atts, k, m, v, L_h, lock ) ] --[ IsIn( <'F_template', z>, ut ) ]-> - [ State_111112111111( L_h, atts, k, m, ut, v, lock ) ] + [ State_1111121111111( ut, atts, k, m, v, L_h, lock ) ] variants (modulo AC) 1. v = v.15 z = attut(tem(v.15)) @@ -24017,53 +23526,29 @@ rule (modulo E) lookupFtemplateattuttemvasut_0_11111211111[color=#7e8040, z = z.25 */ -rule (modulo E) lookupFtemplateattuttemvasut_1_11111211111[color=#7e8040, - process="lookup <'F_template', attut(tem(v))> as ut"]: - [ State_11111211111( L_h, atts, k, m, v, lock.4 ) ] - --[ IsNotSet( <'F_template', attut(tem(v))> ) ]-> - [ State_111112111112( L_h, atts, k, m, v, lock.4 ) ] - - /* - rule (modulo AC) lookupFtemplateattuttemvasut_1_11111211111[color=#7e8040, - process="lookup <'F_template', attut(tem(v))> as ut"]: - [ State_11111211111( L_h, atts, k, m, v, lock ) ] - --[ IsNotSet( <'F_template', z> ) ]-> - [ State_111112111112( L_h, atts, k, m, v, lock ) ] - variants (modulo AC) - 1. v = v.14 - z = attut(tem(v.14)) - - 2. v = - z = attut(x.16) - - 3. v = - z = z.24 - */ - -restriction Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111112111111_1: +restriction Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111_1: "∀ x #NOW x.1 x.2 x.3 x.4 x.5 x.6 x.7 x.8 x.9 x.10 x.11 x.12 x.13 x.14 x.15 x.16 x.17 x.18 x.19. - (Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111112111111_1( x, - x.1, - x.2, - x.3, - x.4, - x.5, - x.6, - x.7, - x.8, - x.9, - x.10, - x.11, - x.12, - x.13, - x.14, - x.15, - x.16, - x.17, - x.18, - x.19 + (Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111_1( x, + x.1, + x.2, + x.3, + x.4, + x.5, + x.6, + x.7, + x.8, + x.9, + x.10, + x.11, + x.12, + x.13, + x.14, + x.15, + x.16, + x.17, + x.18, + x.19 ) @ #NOW) ⇒ ((((((((((x = x.1) ∧ (x.2 = x.3)) ∧ (x.4 = x.5)) ∧ (x.6 = x.7)) ∧ (x.8 = x.9)) ∧ @@ -24074,776 +23559,499 @@ restriction Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextru (x.18 = x.19))" // safety formula -rule (modulo E) ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111112111111[color=#7e8040, - process="if Permits( attwrap(ut), attunwrap(ut), attenc(ut), attdec(ut), - attsens(ut), attextr(ut), atttrus(ut), attwwt(ut), attwt(ut), - attut(ut), attwrap(atts), attunwrap(atts), attenc(atts), - attdec(atts), attsens(atts), attextr(atts), atttrus(atts), - attwwt(atts), attwt(atts), attut(atts) -)"]: - [ State_111112111111( L_h, atts, k, m, ut, v, lock.4 ) ] - --[ - Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111112111111_1( attwrap(ut), - attwrap(atts), - attunwrap(ut), - attunwrap(atts), - attenc(ut), - attenc(atts), - attdec(ut), - attdec(atts), - attsens(ut), - attsens(atts), - attextr(ut), - attextr(atts), - atttrus(ut), - atttrus(atts), - attwwt(ut), - attwwt(atts), - attwt(ut), - attwt(atts), - attut(ut), - attut(atts) - ) - ]-> - [ State_1111121111111( L_h, atts, k, m, ut, v, lock.4 ) ] - - /* - rule (modulo AC) ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111112111111[color=#7e8040, - process="if Permits( attwrap(ut), attunwrap(ut), attenc(ut), attdec(ut), - attsens(ut), attextr(ut), atttrus(ut), attwwt(ut), attwt(ut), - attut(ut), attwrap(atts), attunwrap(atts), attenc(atts), - attdec(atts), attsens(atts), attextr(atts), atttrus(atts), - attwwt(atts), attwt(atts), attut(atts) -)"]: - [ State_111112111111( L_h, atts, k, m, ut, v, lock ) ] - --[ - Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_111112111111_1( z, - z.1, - z.2, - z.3, - z.4, - z.5, - z.6, - z.7, - z.8, - z.9, - z.10, - z.11, - z.12, - z.13, - z.14, - z.15, - z.16, - z.17, - z.18, - z.19 - ) - ]-> - [ State_1111121111111( L_h, atts, k, m, ut, v, lock ) ] - variants (modulo AC) - 1. atts = atts.32 - ut = ut.32 - z = attwrap(ut.32) - z.1 = attwrap(atts.32) - z.2 = attunwrap(ut.32) - z.3 = attunwrap(atts.32) - z.4 = attenc(ut.32) - z.5 = attenc(atts.32) - z.6 = attdec(ut.32) - z.7 = attdec(atts.32) - z.8 = attsens(ut.32) - z.9 = attsens(atts.32) - z.10 = attextr(ut.32) - z.11 = attextr(atts.32) - z.12 = atttrus(ut.32) - z.13 = atttrus(atts.32) - z.14 = attwwt(ut.32) - z.15 = attwwt(atts.32) - z.16 = attwt(ut.32) - z.17 = attwt(atts.32) - z.18 = attut(ut.32) - z.19 = attut(atts.32) - - 2. atts = atts.42 - ut = - z = x.32 - z.1 = attwrap(atts.42) - z.2 = x.33 - z.3 = attunwrap(atts.42) - z.4 = x.34 - z.5 = attenc(atts.42) - z.6 = x.35 - z.7 = attdec(atts.42) - z.8 = x.36 - z.9 = attsens(atts.42) - z.10 = x.37 - z.11 = attextr(atts.42) - z.12 = x.38 - z.13 = atttrus(atts.42) - z.14 = x.39 - z.15 = attwwt(atts.42) - z.16 = x.40 - z.17 = attwt(atts.42) - z.18 = x.41 - z.19 = attut(atts.42) - - 3. atts = - ut = ut.42 - z = attwrap(ut.42) - z.1 = x.32 - z.2 = attunwrap(ut.42) - z.3 = x.33 - z.4 = attenc(ut.42) - z.5 = x.34 - z.6 = attdec(ut.42) - z.7 = x.35 - z.8 = attsens(ut.42) - z.9 = x.36 - z.10 = attextr(ut.42) - z.11 = x.37 - z.12 = atttrus(ut.42) - z.13 = x.38 - z.14 = attwwt(ut.42) - z.15 = x.39 - z.16 = attwt(ut.42) - z.17 = x.40 - z.18 = attut(ut.42) - z.19 = x.41 - - 4. atts = - ut = - z = x.44 - z.1 = x.32 - z.2 = x.45 - z.3 = x.33 - z.4 = x.46 - z.5 = x.34 - z.6 = x.47 - z.7 = x.35 - z.8 = x.48 - z.9 = x.36 - z.10 = x.49 - z.11 = x.37 - z.12 = x.50 - z.13 = x.38 - z.14 = x.51 - z.15 = x.39 - z.16 = x.52 - z.17 = x.40 - z.18 = x.53 - z.19 = x.41 - */ - -restriction Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_111112111111_1: - "∀ x #NOW x.1 x.2 x.3 x.4 x.5 x.6 x.7 x.8 x.9 x.10 x.11 x.12 x.13 x.14 - x.15 x.16 x.17 x.18 x.19. - (Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_111112111111_1( x, - x.1, - x.2, - x.3, - x.4, - x.5, - x.6, - x.7, - x.8, - x.9, - x.10, - x.11, - x.12, - x.13, - x.14, - x.15, - x.16, - x.17, - x.18, - x.19 - ) @ #NOW) ⇒ - (¬((((((((((x = x.1) ∧ (x.2 = x.3)) ∧ (x.4 = x.5)) ∧ (x.6 = x.7)) ∧ - (x.8 = x.9)) ∧ - (x.10 = x.11)) ∧ - (x.12 = x.13)) ∧ - (x.14 = x.15)) ∧ - (x.16 = x.17)) ∧ - (x.18 = x.19)))" - // safety formula - -rule (modulo E) ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_111112111111[color=#7e8040, - process="if Permits( attwrap(ut), attunwrap(ut), attenc(ut), attdec(ut), - attsens(ut), attextr(ut), atttrus(ut), attwwt(ut), attwt(ut), - attut(ut), attwrap(atts), attunwrap(atts), attenc(atts), - attdec(atts), attsens(atts), attextr(atts), atttrus(atts), - attwwt(atts), attwt(atts), attut(atts) +rule (modulo E) ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111[color=#7e8040, + process="if Permits( attwrap(ut.1), attunwrap(ut.1), attenc(ut.1), + attdec(ut.1), attsens(ut.1), attextr(ut.1), atttrus(ut.1), + attwwt(ut.1), attwt(ut.1), attut(ut.1), attwrap(atts.2), + attunwrap(atts.2), attenc(atts.2), attdec(atts.2), attsens(atts.2), + attextr(atts.2), atttrus(atts.2), attwwt(atts.2), attwt(atts.2), + attut(atts.2) )"]: - [ State_111112111111( L_h, atts, k, m, ut, v, lock.4 ) ] + [ + State_1111121111111( ut.1, atts.2, k.3, m.3, v.3, L_h.4, lock.4 ), + Fr( h2.2 ) + ] --[ - Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_111112111111_1( attwrap(ut), - attwrap(atts), - attunwrap(ut), - attunwrap(atts), - attenc(ut), - attenc(atts), - attdec(ut), - attdec(atts), - attsens(ut), - attsens(atts), - attextr(ut), - attextr(atts), - atttrus(ut), - atttrus(atts), - attwwt(ut), - attwwt(atts), - attwt(ut), - attwt(atts), - attut(ut), - attut(atts) + Insert( <'obj', h2.2>, ), + Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111_1( attwrap(ut.1), + attwrap(atts.2), + attunwrap(ut.1), + attunwrap(atts.2), + attenc(ut.1), + attenc(atts.2), + attdec(ut.1), + attdec(atts.2), + attsens(ut.1), + attsens(atts.2), + attextr(ut.1), + attextr(atts.2), + atttrus(ut.1), + atttrus(atts.2), + attwwt(ut.1), + attwwt(atts.2), + attwt(ut.1), + attwt(atts.2), + attut(ut.1), + attut(atts.2) ) ]-> - [ State_1111121111112( L_h, atts, k, m, ut, v, lock.4 ) ] + [ + State_1111121111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, lock.4 + ) + ] /* - rule (modulo AC) ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_111112111111[color=#7e8040, - process="if Permits( attwrap(ut), attunwrap(ut), attenc(ut), attdec(ut), - attsens(ut), attextr(ut), atttrus(ut), attwwt(ut), attwt(ut), - attut(ut), attwrap(atts), attunwrap(atts), attenc(atts), - attdec(atts), attsens(atts), attextr(atts), atttrus(atts), - attwwt(atts), attwt(atts), attut(atts) + rule (modulo AC) ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111[color=#7e8040, + process="if Permits( attwrap(ut.1), attunwrap(ut.1), attenc(ut.1), + attdec(ut.1), attsens(ut.1), attextr(ut.1), atttrus(ut.1), + attwwt(ut.1), attwt(ut.1), attut(ut.1), attwrap(atts.2), + attunwrap(atts.2), attenc(atts.2), attdec(atts.2), attsens(atts.2), + attextr(atts.2), atttrus(atts.2), attwwt(atts.2), attwt(atts.2), + attut(atts.2) )"]: - [ State_111112111111( L_h, atts, k, m, ut, v, lock ) ] + [ State_1111121111111( ut, atts, k, m, v, L_h, lock ), Fr( h2 ) ] --[ - Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_1_111112111111_1( z, - z.1, - z.2, - z.3, - z.4, - z.5, - z.6, - z.7, - z.8, - z.9, - z.10, - z.11, - z.12, - z.13, - z.14, - z.15, - z.16, - z.17, - z.18, - z.19 + Insert( <'obj', h2>, ), + Restr_ifPermitsattwraputattunwraputattencutattdecutattsensutattextrutatttrusutattwwtutattwtutattututattwrapattsattunwrapattsattencattsattdecattsattsensattsattextrattsatttrusattsattwwtattsattwtattsattutatts_0_1111121111111_1( z, + z.1, + z.2, + z.3, + z.4, + z.5, + z.6, + z.7, + z.8, + z.9, + z.10, + z.11, + z.12, + z.13, + z.14, + z.15, + z.16, + z.17, + z.18, + z.19 ) ]-> - [ State_1111121111112( L_h, atts, k, m, ut, v, lock ) ] + [ State_1111121111111111( ut, atts, h2, k, m, v, L_h, lock ) ] variants (modulo AC) - 1. atts = atts.32 - ut = ut.32 - z = attwrap(ut.32) - z.1 = attwrap(atts.32) - z.2 = attunwrap(ut.32) - z.3 = attunwrap(atts.32) - z.4 = attenc(ut.32) - z.5 = attenc(atts.32) - z.6 = attdec(ut.32) - z.7 = attdec(atts.32) - z.8 = attsens(ut.32) - z.9 = attsens(atts.32) - z.10 = attextr(ut.32) - z.11 = attextr(atts.32) - z.12 = atttrus(ut.32) - z.13 = atttrus(atts.32) - z.14 = attwwt(ut.32) - z.15 = attwwt(atts.32) - z.16 = attwt(ut.32) - z.17 = attwt(atts.32) - z.18 = attut(ut.32) - z.19 = attut(atts.32) + 1. atts = atts.37 + ut = ut.36 + z = attwrap(ut.36) + z.1 = attwrap(atts.37) + z.2 = attunwrap(ut.36) + z.3 = attunwrap(atts.37) + z.4 = attenc(ut.36) + z.5 = attenc(atts.37) + z.6 = attdec(ut.36) + z.7 = attdec(atts.37) + z.8 = attsens(ut.36) + z.9 = attsens(atts.37) + z.10 = attextr(ut.36) + z.11 = attextr(atts.37) + z.12 = atttrus(ut.36) + z.13 = atttrus(atts.37) + z.14 = attwwt(ut.36) + z.15 = attwwt(atts.37) + z.16 = attwt(ut.36) + z.17 = attwt(atts.37) + z.18 = attut(ut.36) + z.19 = attut(atts.37) - 2. atts = atts.42 - ut = - z = x.32 - z.1 = attwrap(atts.42) - z.2 = x.33 - z.3 = attunwrap(atts.42) - z.4 = x.34 - z.5 = attenc(atts.42) - z.6 = x.35 - z.7 = attdec(atts.42) - z.8 = x.36 - z.9 = attsens(atts.42) - z.10 = x.37 - z.11 = attextr(atts.42) - z.12 = x.38 - z.13 = atttrus(atts.42) - z.14 = x.39 - z.15 = attwwt(atts.42) - z.16 = x.40 - z.17 = attwt(atts.42) - z.18 = x.41 - z.19 = attut(atts.42) + 2. atts = + ut = ut.45 + z = attwrap(ut.45) + z.1 = z.55 + z.2 = attunwrap(ut.45) + z.3 = z.57 + z.4 = attenc(ut.45) + z.5 = z.59 + z.6 = attdec(ut.45) + z.7 = z.61 + z.8 = attsens(ut.45) + z.9 = z.63 + z.10 = attextr(ut.45) + z.11 = z.65 + z.12 = atttrus(ut.45) + z.13 = z.67 + z.14 = attwwt(ut.45) + z.15 = z.69 + z.16 = attwt(ut.45) + z.17 = z.71 + z.18 = attut(ut.45) + z.19 = z.73 - 3. atts = - ut = ut.42 - z = attwrap(ut.42) - z.1 = x.32 - z.2 = attunwrap(ut.42) - z.3 = x.33 - z.4 = attenc(ut.42) - z.5 = x.34 - z.6 = attdec(ut.42) - z.7 = x.35 - z.8 = attsens(ut.42) - z.9 = x.36 - z.10 = attextr(ut.42) - z.11 = x.37 - z.12 = atttrus(ut.42) - z.13 = x.38 - z.14 = attwwt(ut.42) - z.15 = x.39 - z.16 = attwt(ut.42) - z.17 = x.40 - z.18 = attut(ut.42) - z.19 = x.41 + 3. atts = atts.45 + ut = + z = z.53 + z.1 = attwrap(atts.45) + z.2 = z.55 + z.3 = attunwrap(atts.45) + z.4 = z.57 + z.5 = attenc(atts.45) + z.6 = z.59 + z.7 = attdec(atts.45) + z.8 = z.61 + z.9 = attsens(atts.45) + z.10 = z.63 + z.11 = attextr(atts.45) + z.12 = z.65 + z.13 = atttrus(atts.45) + z.14 = z.67 + z.15 = attwwt(atts.45) + z.16 = z.69 + z.17 = attwt(atts.45) + z.18 = z.71 + z.19 = attut(atts.45) - 4. atts = - ut = - z = x.44 - z.1 = x.32 - z.2 = x.45 - z.3 = x.33 - z.4 = x.46 - z.5 = x.34 - z.6 = x.47 - z.7 = x.35 - z.8 = x.48 - z.9 = x.36 - z.10 = x.49 - z.11 = x.37 - z.12 = x.50 - z.13 = x.38 - z.14 = x.51 - z.15 = x.39 - z.16 = x.52 - z.17 = x.40 - z.18 = x.53 - z.19 = x.41 - */ - -rule (modulo E) newh_0_1111121111111[color=#7e8040, process="new h2;"]: - [ State_1111121111111( L_h, atts, k, m, ut, v, lock.4 ), Fr( h2 ) ] - --> - [ State_11111211111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - - /* - rule (modulo AC) newh_0_1111121111111[color=#7e8040, process="new h2;"]: - [ State_1111121111111( L_h, atts, k, m, ut, v, lock ), Fr( h2 ) ] - --> - [ State_11111211111111( L_h, atts, h2, k, m, ut, v, lock ) ] + 4. atts = + ut = + z = z.54 + z.1 = z.55 + z.2 = z.56 + z.3 = z.57 + z.4 = z.58 + z.5 = z.59 + z.6 = z.60 + z.7 = z.61 + z.8 = z.62 + z.9 = z.63 + z.10 = z.64 + z.11 = z.65 + z.12 = z.66 + z.13 = z.67 + z.14 = z.68 + z.15 = z.69 + z.16 = z.70 + z.17 = z.71 + z.18 = z.72 + z.19 = z.73 */ -rule (modulo E) insertobjhmatts_0_11111211111111[color=#7e8040, - process="insert <'obj', h2>,;"]: - [ State_11111211111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - --[ Insert( <'obj', h2>, ) ]-> - [ State_111112111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - - /* - rule (modulo AC) insertobjhmatts_0_11111211111111[color=#7e8040, - process="insert <'obj', h2>,;"]: - [ State_11111211111111( L_h, atts, h2, k, m, ut, v, lock ) ] - --[ Insert( <'obj', h2>, ) ]-> - [ State_111112111111111( L_h, atts, h2, k, m, ut, v, lock ) ] - */ - -rule (modulo E) eventUnwrappedhmatts_0_111112111111111[color=#7e8040, - process="event Unwrapped( h2, m, atts );"]: - [ State_111112111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - --[ Unwrapped( h2, m, atts ) ]-> - [ State_1111121111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] +rule (modulo E) eventUnwrappedhmatts_0_1111121111111111[color=#7e8040, + process="event Unwrapped( h2.2, m.3, atts.2 );"]: + [ + State_1111121111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, lock.4 + ) + ] + --[ Unwrapped( h2.2, m.3, atts.2 ) ]-> + [ + State_11111211111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, lock.4 + ) + ] /* - rule (modulo AC) eventUnwrappedhmatts_0_111112111111111[color=#7e8040, - process="event Unwrapped( h2, m, atts );"]: - [ State_111112111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + rule (modulo AC) eventUnwrappedhmatts_0_1111121111111111[color=#7e8040, + process="event Unwrapped( h2.2, m.3, atts.2 );"]: + [ State_1111121111111111( ut, atts, h2, k, m, v, L_h, lock ) ] --[ Unwrapped( h2, m, atts ) ]-> - [ State_1111121111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + [ State_11111211111111111( ut, atts, h2, k, m, v, L_h, lock ) ] */ -rule (modulo E) eventWrapKeyhmattwrapatts_0_1111121111111111[color=#7e8040, - process="event WrapKey( h2, m, attwrap(atts) );"]: - [ State_1111121111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - --[ WrapKey( h2, m, attwrap(atts) ) ]-> - [ State_11111211111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] +rule (modulo E) eventWrapKeyhmattwrapatts_0_11111211111111111[color=#7e8040, + process="event WrapKey( h2.2, m.3, attwrap(atts.2) );"]: + [ + State_11111211111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, lock.4 + ) + ] + --[ WrapKey( h2.2, m.3, attwrap(atts.2) ) ]-> + [ + State_111112111111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, + lock.4 + ) + ] /* - rule (modulo AC) eventWrapKeyhmattwrapatts_0_1111121111111111[color=#7e8040, - process="event WrapKey( h2, m, attwrap(atts) );"]: - [ State_1111121111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + rule (modulo AC) eventWrapKeyhmattwrapatts_0_11111211111111111[color=#7e8040, + process="event WrapKey( h2.2, m.3, attwrap(atts.2) );"]: + [ State_11111211111111111( ut, atts, h2, k, m, v, L_h, lock ) ] --[ WrapKey( h2, m, z ) ]-> - [ State_11111211111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + [ State_111112111111111111( ut, atts, h2, k, m, v, L_h, lock ) ] variants (modulo AC) - 1. atts = atts.14 - z = attwrap(atts.14) + 1. atts = atts.15 + z = attwrap(atts.15) 2. atts = z = x.14 */ -rule (modulo E) eventDecKeyhmattdecatts_0_11111211111111111[color=#7e8040, - process="event DecKey( h2, m, attdec(atts) );"]: - [ State_11111211111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - --[ DecKey( h2, m, attdec(atts) ) ]-> - [ State_111112111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] +rule (modulo E) eventDecKeyhmattdecatts_0_111112111111111111[color=#7e8040, + process="event DecKey( h2.2, m.3, attdec(atts.2) );"]: + [ + State_111112111111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, + lock.4 + ) + ] + --[ DecKey( h2.2, m.3, attdec(atts.2) ) ]-> + [ + State_1111121111111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, + lock.4 + ) + ] /* - rule (modulo AC) eventDecKeyhmattdecatts_0_11111211111111111[color=#7e8040, - process="event DecKey( h2, m, attdec(atts) );"]: - [ State_11111211111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + rule (modulo AC) eventDecKeyhmattdecatts_0_111112111111111111[color=#7e8040, + process="event DecKey( h2.2, m.3, attdec(atts.2) );"]: + [ State_111112111111111111( ut, atts, h2, k, m, v, L_h, lock ) ] --[ DecKey( h2, m, z ) ]-> - [ State_111112111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + [ State_1111121111111111111( ut, atts, h2, k, m, v, L_h, lock ) ] variants (modulo AC) - 1. atts = atts.14 - z = attdec(atts.14) + 1. atts = atts.15 + z = attdec(atts.15) 2. atts = z = x.17 */ -rule (modulo E) eventEncKeyhmattencatts_0_111112111111111111[color=#7e8040, - process="event EncKey( h2, m, attenc(atts) );"]: - [ State_111112111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - --[ EncKey( h2, m, attenc(atts) ) ]-> - [ State_1111121111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] +rule (modulo E) eventEncKeyhmattencatts_0_1111121111111111111[color=#7e8040, + process="event EncKey( h2.2, m.3, attenc(atts.2) );"]: + [ + State_1111121111111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, + lock.4 + ) + ] + --[ EncKey( h2.2, m.3, attenc(atts.2) ) ]-> + [ + State_11111211111111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, + lock.4 + ) + ] /* - rule (modulo AC) eventEncKeyhmattencatts_0_111112111111111111[color=#7e8040, - process="event EncKey( h2, m, attenc(atts) );"]: - [ State_111112111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + rule (modulo AC) eventEncKeyhmattencatts_0_1111121111111111111[color=#7e8040, + process="event EncKey( h2.2, m.3, attenc(atts.2) );"]: + [ State_1111121111111111111( ut, atts, h2, k, m, v, L_h, lock ) ] --[ EncKey( h2, m, z ) ]-> - [ State_1111121111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + [ State_11111211111111111111( ut, atts, h2, k, m, v, L_h, lock ) ] variants (modulo AC) - 1. atts = atts.14 - z = attenc(atts.14) + 1. atts = atts.15 + z = attenc(atts.15) 2. atts = z = x.16 */ -rule (modulo E) eventUnwrapKeyhmattunwrapatts_0_1111121111111111111[color=#7e8040, - process="event UnwrapKey( h2, m, attunwrap(atts) );"]: - [ State_1111121111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - --[ UnwrapKey( h2, m, attunwrap(atts) ) ]-> - [ State_11111211111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] +rule (modulo E) eventUnwrapKeyhmattunwrapatts_0_11111211111111111111[color=#7e8040, + process="event UnwrapKey( h2.2, m.3, attunwrap(atts.2) );"]: + [ + State_11111211111111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, + lock.4 + ) + ] + --[ UnwrapKey( h2.2, m.3, attunwrap(atts.2) ) ]-> + [ + State_1111121111111111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, + lock.4 + ), + Out( h2.2 ) + ] /* - rule (modulo AC) eventUnwrapKeyhmattunwrapatts_0_1111121111111111111[color=#7e8040, - process="event UnwrapKey( h2, m, attunwrap(atts) );"]: - [ State_1111121111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + rule (modulo AC) eventUnwrapKeyhmattunwrapatts_0_11111211111111111111[color=#7e8040, + process="event UnwrapKey( h2.2, m.3, attunwrap(atts.2) );"]: + [ State_11111211111111111111( ut, atts, h2, k, m, v, L_h, lock ) ] --[ UnwrapKey( h2, m, z ) ]-> - [ State_11111211111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + [ + State_1111121111111111111111( ut, atts, h2, k, m, v, L_h, lock ), + Out( h2 ) + ] variants (modulo AC) - 1. atts = atts.14 - z = attunwrap(atts.14) + 1. atts = atts.15 + z = attunwrap(atts.15) 2. atts = z = x.15 */ -rule (modulo E) outh_0_11111211111111111111[color=#7e8040, - process="out(h2);"]: - [ State_11111211111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - --> +rule (modulo E) unlockdevice_0_1111121111111111111111[color=#7e8040, + process="unlock 'device';"]: [ - State_111112111111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ), - Out( h2 ) + State_1111121111111111111111( ut.1, atts.2, h2.2, k.3, m.3, v.3, L_h.4, + lock.4 + ) ] - - /* - rule (modulo AC) outh_0_11111211111111111111[color=#7e8040, - process="out(h2);"]: - [ State_11111211111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] - --> - [ - State_111112111111111111111( L_h, atts, h2, k, m, ut, v, lock ), - Out( h2 ) - ] - */ - -rule (modulo E) unlockdevice_0_111112111111111111111[color=#7e8040, - process="unlock 'device';"]: - [ State_111112111111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] --[ Unlock_4( '4', lock.4, 'device' ), Unlock( '4', lock.4, 'device' ) ]-> - [ State_1111121111111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] + [ ] /* - rule (modulo AC) unlockdevice_0_111112111111111111111[color=#7e8040, - process="unlock 'device';"]: - [ State_111112111111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + rule (modulo AC) unlockdevice_0_1111121111111111111111[color=#7e8040, + process="unlock 'device';"]: + [ State_1111121111111111111111( ut, atts, h2, k, m, v, L_h, lock ) ] --[ Unlock_4( '4', lock, 'device' ), Unlock( '4', lock, 'device' ) ]-> - [ State_1111121111111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] + [ ] */ -rule (modulo E) p_0_1111121111111111111111[color=#7e8040, process="0"]: - [ State_1111121111111111111111( L_h, atts, h2, k, m, ut, v, lock.4 ) ] - --> +rule (modulo E) lookupFtemplateattuttemvasut_1_111112111111[color=#7e8040, + process="lookup <'F_template', attut(tem(v.3))> as ut.1"]: + [ State_111112111111( atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] + --[ IsNotSet( <'F_template', attut(tem(v.3))> ) ]-> [ ] /* - rule (modulo AC) p_0_1111121111111111111111[color=#7e8040, process="0"]: - [ State_1111121111111111111111( L_h, atts, h2, k, m, ut, v, lock ) ] - --> + rule (modulo AC) lookupFtemplateattuttemvasut_1_111112111111[color=#7e8040, + process="lookup <'F_template', attut(tem(v.3))> as ut.1"]: + [ State_111112111111( atts, k, m, v, L_h, lock ) ] + --[ IsNotSet( <'F_template', z> ) ]-> [ ] + variants (modulo AC) + 1. v = v.14 + z = attut(tem(v.14)) + + 2. v = + z = attut(x.16) + + 3. v = + z = z.24 */ -rule (modulo E) p_0_1111121111112[color=#7e8040, process="0"]: - [ State_1111121111112( L_h, atts, k, m, ut, v, lock.4 ) ] --> [ ] - - /* - rule (modulo AC) p_0_1111121111112[color=#7e8040, process="0"]: - [ State_1111121111112( L_h, atts, k, m, ut, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_111112111112[color=#7e8040, process="0"]: - [ State_111112111112( L_h, atts, k, m, v, lock.4 ) ] --> [ ] - - /* - rule (modulo AC) p_0_111112111112[color=#7e8040, process="0"]: - [ State_111112111112( L_h, atts, k, m, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_11111211112[color=#7e8040, process="0"]: - [ State_11111211112( L_h, atts, k, m, v, lock.4 ) ] --> [ ] - - /* - rule (modulo AC) p_0_11111211112[color=#7e8040, process="0"]: - [ State_11111211112( L_h, atts, k, m, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_1111121112[color=#7e8040, process="0"]: - [ State_1111121112( L_h, atts, k, m, v, lock.4 ) ] --> [ ] +rule (modulo E) ifkeyvk_1_11111211111[color=#7e8040, + process="if key(v.3)=k.3"]: + [ State_11111211111( atts.2, k.3, m.3, v.3, L_h.4, lock.4 ) ] + --[ Pred_Not_Eq( key(v.3), k.3 ) ]-> + [ ] /* - rule (modulo AC) p_0_1111121112[color=#7e8040, process="0"]: - [ State_1111121112( L_h, atts, k, m, v, lock ) ] --> [ ] + rule (modulo AC) ifkeyvk_1_11111211111[color=#7e8040, + process="if key(v.3)=k.3"]: + [ State_11111211111( atts, k, m, v, L_h, lock ) ] + --[ Pred_Not_Eq( z, k ) ]-> + [ ] + variants (modulo AC) + 1. v = v.13 + z = key(v.13) + + 2. v = + z = x.12 */ -rule (modulo E) p_0_111112112[color=#7e8040, process="0"]: - [ State_111112112( L_h, atts, k, m, lock.4 ) ] --> [ ] +rule (modulo E) lookupobjLhasv_1_111112111[color=#7e8040, + process="lookup <'obj', L_h.4> as v.3"]: + [ State_111112111( atts.2, k.3, m.3, L_h.4, lock.4 ) ] + --[ IsNotSet( <'obj', L_h.4> ) ]-> + [ ] /* - rule (modulo AC) p_0_111112112[color=#7e8040, process="0"]: - [ State_111112112( L_h, atts, k, m, lock ) ] --> [ ] + rule (modulo AC) lookupobjLhasv_1_111112111[color=#7e8040, + process="lookup <'obj', L_h.4> as v.3"]: + [ State_111112111( atts, k, m, L_h, lock ) ] + --[ IsNotSet( <'obj', L_h> ) ]-> + [ ] */ -rule (modulo E) inLh_0_11112[color=#805640, process="in(L_h);"]: - [ State_11112( ), In( L_h ) ] --> [ State_111121( L_h ) ] +rule (modulo E) p_1_111[color=#ffffff, process="!"]: + [ !Semistate_1111( ) ] + --> + [ + State_111121( ), State_1111121( ), State_11111121( ), State_111111121( ), + State_1111111121( ), State_1111111111( ) + ] /* has exactly the trivial AC variant */ -rule (modulo E) lockdevice_0_111121[color=#805640, - process="lock 'device';"]: - [ State_111121( L_h ), Fr( lock.5 ) ] +rule (modulo E) inLh_0_111121[color=#805640, process="in(L_h.5);"]: + [ State_111121( ), In( L_h.5 ), Fr( lock.5 ) ] --[ Lock_5( '5', lock.5, 'device' ), Lock( '5', lock.5, 'device' ) ]-> - [ State_1111211( L_h, lock.5 ) ] + [ State_11112111( L_h.5, lock.5 ) ] /* - rule (modulo AC) lockdevice_0_111121[color=#805640, - process="lock 'device';"]: - [ State_111121( L_h ), Fr( lock ) ] + rule (modulo AC) inLh_0_111121[color=#805640, process="in(L_h.5);"]: + [ State_111121( ), In( L_h ), Fr( lock ) ] --[ Lock_5( '5', lock, 'device' ), Lock( '5', lock, 'device' ) ]-> - [ State_1111211( L_h, lock ) ] + [ State_11112111( L_h, lock ) ] */ -rule (modulo E) lookupobjLhasv_0_1111211[color=#805640, - process="lookup <'obj', L_h> as v"]: - [ State_1111211( L_h, lock.5 ) ] - --[ IsIn( <'obj', L_h>, v ) ]-> - [ State_11112111( L_h, v, lock.5 ) ] +rule (modulo E) lookupobjLhasv_0_11112111[color=#805640, + process="lookup <'obj', L_h.5> as v.4"]: + [ State_11112111( L_h.5, lock.5 ) ] + --[ IsIn( <'obj', L_h.5>, v.4 ) ]-> + [ State_111121111( v.4, L_h.5, lock.5 ) ] /* - rule (modulo AC) lookupobjLhasv_0_1111211[color=#805640, - process="lookup <'obj', L_h> as v"]: - [ State_1111211( L_h, lock ) ] + rule (modulo AC) lookupobjLhasv_0_11112111[color=#805640, + process="lookup <'obj', L_h.5> as v.4"]: + [ State_11112111( L_h, lock ) ] --[ IsIn( <'obj', L_h>, v ) ]-> - [ State_11112111( L_h, v, lock ) ] - */ - -rule (modulo E) lookupobjLhasv_1_1111211[color=#805640, - process="lookup <'obj', L_h> as v"]: - [ State_1111211( L_h, lock.5 ) ] - --[ IsNotSet( <'obj', L_h> ) ]-> - [ State_11112112( L_h, lock.5 ) ] - - /* - rule (modulo AC) lookupobjLhasv_1_1111211[color=#805640, - process="lookup <'obj', L_h> as v"]: - [ State_1111211( L_h, lock ) ] - --[ IsNotSet( <'obj', L_h> ) ]-> - [ State_11112112( L_h, lock ) ] + [ State_111121111( v, L_h, lock ) ] */ -restriction Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11112111_1: +restriction Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111_1: "∀ x #NOW. - (Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11112111_1( x + (Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111_1( x ) @ #NOW) ⇒ (x = 'off')" // safety formula -rule (modulo E) ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11112111[color=#805640, - process="if Can_get_keyvalue( attwrap(tem(v)), attunwrap(tem(v)), - attenc(tem(v)), attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), - atttrus(tem(v)), attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) -)"]: - [ State_11112111( L_h, v, lock.5 ) ] - --[ - Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11112111_1( attsens(tem(v)) - ) - ]-> - [ State_111121111( L_h, v, lock.5 ) ] - - /* - rule (modulo AC) ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11112111[color=#805640, - process="if Can_get_keyvalue( attwrap(tem(v)), attunwrap(tem(v)), - attenc(tem(v)), attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), - atttrus(tem(v)), attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) -)"]: - [ State_11112111( L_h, v, lock ) ] - --[ - Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_11112111_1( z - ) - ]-> - [ State_111121111( L_h, v, lock ) ] - variants (modulo AC) - 1. v = v.10 - z = attsens(tem(v.10)) - - 2. v = - z = attsens(x.11) - - 3. v = - z = x.15 - */ - -restriction Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11112111_1: - "∀ x #NOW. - (Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11112111_1( x - ) @ #NOW) ⇒ - (¬(x = 'off'))" - // safety formula - -rule (modulo E) ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11112111[color=#805640, - process="if Can_get_keyvalue( attwrap(tem(v)), attunwrap(tem(v)), - attenc(tem(v)), attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), - atttrus(tem(v)), attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) +rule (modulo E) ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111[color=#805640, + process="if Can_get_keyvalue( attwrap(tem(v.4)), attunwrap(tem(v.4)), + attenc(tem(v.4)), attdec(tem(v.4)), attsens(tem(v.4)), + attextr(tem(v.4)), atttrus(tem(v.4)), attwwt(tem(v.4)), + attwt(tem(v.4)), attut(tem(v.4)) )"]: - [ State_11112111( L_h, v, lock.5 ) ] + [ State_111121111( v.4, L_h.5, lock.5 ) ] --[ - Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11112111_1( attsens(tem(v)) + GetKeyValue( key(v.4) ), + Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111_1( attsens(tem(v.4)) ) ]-> - [ State_111121112( L_h, v, lock.5 ) ] + [ State_111121111111( v.4, L_h.5, lock.5 ), Out( key(v.4) ) ] /* - rule (modulo AC) ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11112111[color=#805640, - process="if Can_get_keyvalue( attwrap(tem(v)), attunwrap(tem(v)), - attenc(tem(v)), attdec(tem(v)), attsens(tem(v)), attextr(tem(v)), - atttrus(tem(v)), attwwt(tem(v)), attwt(tem(v)), attut(tem(v)) + rule (modulo AC) ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111[color=#805640, + process="if Can_get_keyvalue( attwrap(tem(v.4)), attunwrap(tem(v.4)), + attenc(tem(v.4)), attdec(tem(v.4)), attsens(tem(v.4)), + attextr(tem(v.4)), atttrus(tem(v.4)), attwwt(tem(v.4)), + attwt(tem(v.4)), attut(tem(v.4)) )"]: - [ State_11112111( L_h, v, lock ) ] + [ State_111121111( v, L_h, lock ) ] --[ - Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_1_11112111_1( z + GetKeyValue( z ), + Restr_ifCangetkeyvalueattwraptemvattunwraptemvattenctemvattdectemvattsenstemvattextrtemvatttrustemvattwwttemvattwttemvattuttemv_0_111121111_1( z.1 ) ]-> - [ State_111121112( L_h, v, lock ) ] - variants (modulo AC) - 1. v = v.10 - z = attsens(tem(v.10)) - - 2. v = - z = attsens(x.11) - - 3. v = - z = x.15 - */ - -rule (modulo E) eventGetKeyValuekeyv_0_111121111[color=#805640, - process="event GetKeyValue( key(v) );"]: - [ State_111121111( L_h, v, lock.5 ) ] - --[ GetKeyValue( key(v) ) ]-> - [ State_1111211111( L_h, v, lock.5 ) ] - - /* - rule (modulo AC) eventGetKeyValuekeyv_0_111121111[color=#805640, - process="event GetKeyValue( key(v) );"]: - [ State_111121111( L_h, v, lock ) ] - --[ GetKeyValue( z ) ]-> - [ State_1111211111( L_h, v, lock ) ] + [ State_111121111111( v, L_h, lock ), Out( z ) ] variants (modulo AC) - 1. v = v.10 - z = key(v.10) + 1. v = v.11 + z = key(v.11) + z.1 = attsens(tem(v.11)) - 2. v = - z = x.10 - */ - -rule (modulo E) outkeyv_0_1111211111[color=#805640, - process="out(key(v));"]: - [ State_1111211111( L_h, v, lock.5 ) ] - --> - [ State_11112111111( L_h, v, lock.5 ), Out( key(v) ) ] - - /* - rule (modulo AC) outkeyv_0_1111211111[color=#805640, - process="out(key(v));"]: - [ State_1111211111( L_h, v, lock ) ] - --> - [ State_11112111111( L_h, v, lock ), Out( z ) ] - variants (modulo AC) - 1. v = v.10 - z = key(v.10) + 2. v = + z = x.11 + z.1 = attsens(x.12) - 2. v = - z = x.10 + 3. v = + z = x.11 + z.1 = x.16 */ -rule (modulo E) unlockdevice_0_11112111111[color=#805640, - process="unlock 'device';"]: - [ State_11112111111( L_h, v, lock.5 ) ] +rule (modulo E) unlockdevice_0_111121111111[color=#805640, + process="unlock 'device';"]: + [ State_111121111111( v.4, L_h.5, lock.5 ) ] --[ Unlock_5( '5', lock.5, 'device' ), Unlock( '5', lock.5, 'device' ) ]-> - [ State_111121111111( L_h, v, lock.5 ) ] + [ ] /* - rule (modulo AC) unlockdevice_0_11112111111[color=#805640, - process="unlock 'device';"]: - [ State_11112111111( L_h, v, lock ) ] + rule (modulo AC) unlockdevice_0_111121111111[color=#805640, + process="unlock 'device';"]: + [ State_111121111111( v, L_h, lock ) ] --[ Unlock_5( '5', lock, 'device' ), Unlock( '5', lock, 'device' ) ]-> - [ State_111121111111( L_h, v, lock ) ] - */ - -rule (modulo E) p_0_111121111111[color=#805640, process="0"]: - [ State_111121111111( L_h, v, lock.5 ) ] --> [ ] - - /* - rule (modulo AC) p_0_111121111111[color=#805640, process="0"]: - [ State_111121111111( L_h, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_111121112[color=#805640, process="0"]: - [ State_111121112( L_h, v, lock.5 ) ] --> [ ] - - /* - rule (modulo AC) p_0_111121112[color=#805640, process="0"]: - [ State_111121112( L_h, v, lock ) ] --> [ ] + [ ] */ -rule (modulo E) p_0_11112112[color=#805640, process="0"]: - [ State_11112112( L_h, lock.5 ) ] --> [ ] +rule (modulo E) lookupobjLhasv_1_11112111[color=#805640, + process="lookup <'obj', L_h.5> as v.4"]: + [ State_11112111( L_h.5, lock.5 ) ] + --[ IsNotSet( <'obj', L_h.5> ) ]-> + [ ] /* - rule (modulo AC) p_0_11112112[color=#805640, process="0"]: - [ State_11112112( L_h, lock ) ] --> [ ] + rule (modulo AC) lookupobjLhasv_1_11112111[color=#805640, + process="lookup <'obj', L_h.5> as v.4"]: + [ State_11112111( L_h, lock ) ] --[ IsNotSet( <'obj', L_h> ) ]-> [ ] */ restriction set_in: @@ -24972,7 +24180,7 @@ restriction locking_5: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -24982,11 +24190,11 @@ analyzing: examples/sapic/slow/PKCS11/pkcs11-templates.spthy analyzed: examples/sapic/slow/PKCS11/pkcs11-templates.spthy output: examples/sapic/slow/PKCS11/pkcs11-templates.spthy.tmp - processing time: 197.404530788s - dec_limits (all-traces): verified (1417 steps) - bad_keys (all-traces): verified (319 steps) - no_key_is_wrap_and_dec__or_unwrap_and_dec_ind (all-traces): verified (910 steps) - no_key_is_enc_and_unwrap (all-traces): verified (322 steps) + processing time: 376.837331923s + dec_limits (all-traces): verified (1411 steps) + bad_keys (all-traces): verified (311 steps) + no_key_is_wrap_and_dec__or_unwrap_and_dec_ind (all-traces): verified (906 steps) + no_key_is_enc_and_unwrap (all-traces): verified (320 steps) cannot_obtain_key_ind (all-traces): verified (723 steps) cannot_obtain_key (all-traces): verified (2 steps) @@ -24998,11 +24206,11 @@ summary of summaries: analyzed: examples/sapic/slow/PKCS11/pkcs11-templates.spthy output: examples/sapic/slow/PKCS11/pkcs11-templates.spthy.tmp - processing time: 197.404530788s - dec_limits (all-traces): verified (1417 steps) - bad_keys (all-traces): verified (319 steps) - no_key_is_wrap_and_dec__or_unwrap_and_dec_ind (all-traces): verified (910 steps) - no_key_is_enc_and_unwrap (all-traces): verified (322 steps) + processing time: 376.837331923s + dec_limits (all-traces): verified (1411 steps) + bad_keys (all-traces): verified (311 steps) + no_key_is_wrap_and_dec__or_unwrap_and_dec_ind (all-traces): verified (906 steps) + no_key_is_enc_and_unwrap (all-traces): verified (320 steps) cannot_obtain_key_ind (all-traces): verified (723 steps) cannot_obtain_key (all-traces): verified (2 steps) diff --git a/case-studies-regression/sapic/slow/Yubikey/Yubikey_analyzed.spthy b/case-studies-regression/sapic/slow/Yubikey/Yubikey_analyzed.spthy deleted file mode 100644 index 176fc9f56..000000000 --- a/case-studies-regression/sapic/slow/Yubikey/Yubikey_analyzed.spthy +++ /dev/null @@ -1,5311 +0,0 @@ -theory Yubikey begin - -// Function signature and definition of the equational theory E - -builtins: multiset -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 -equations: - fst() = x.1, - sdec(senc(x.1, x.2), x.2) = x.1, - snd() = x.2 - -heuristic: p - -section{* The Yubikey-Protocol *} - -predicate: Smaller( a, b )<=>∃ z. (a+z) = b - -lemma init_server [sources]: - all-traces - "∀ pid sid k tuple otc tc #i. - (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) ⇒ - ((tuple = ) ∧ - (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (#j < #i)))" -/* -guarded formula characterizing all counter-examples: -"∃ pid sid k tuple otc tc #i. - (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) - ∧ - ((¬(tuple = )) ∨ - (∀ #j. (YubiInit( pid, sid, k ) @ #j) ⇒ ¬(#j < #i)))" -*/ -induction - case empty_trace - by contradiction /* from formulas */ -next - case non_empty_trace - simplify - solve( (¬(tuple = )) ∥ - (∀ #j. (YubiInit( pid, sid, k ) @ #j) ⇒ ¬(#j < #i)) ) - case case_1 - solve( (∀ pid sid k tuple otc tc #i. - (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) - ⇒ - ((last(#i)) ∨ - ((tuple = ) ∧ - (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i))))) ∥ - (∃ pid k tc1 tc2 #t1 #t2. - (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) - ∧ - (¬(last(#t2))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ - (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ - (¬(#t1 = #t2))) ∥ - (∃ x #NOW x.1. - (Restr_ifSmallerotctc_0_111111111_1( x, x.1 ) @ #NOW) - ∧ - (¬(last(#NOW))) ∧ (∀ z. ((x+z) = x.1) ⇒ ⊥)) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_0( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_1( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_2( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_2( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ) - case case_1 - solve( (last(#i)) ∥ - ((tuple = ) ∧ - (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i))) ) - case case_1 - solve( State_1111111111( pid, k, lock, nonce, npr, otc, sid, tc, tuple - ) ▶₀ #i ) - case ifSmallerotctc_0_111111111 - solve( splitEqs(1) ) - case split_case_1 - solve( splitEqs(2) ) - case split_case_1 - by contradiction /* from formulas */ - next - case split_case_2 - solve( Insert( <'Server', pid>, ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* non-normal terms */ - next - case insertServerLpidsecretidkzero_0_21111 - by contradiction /* non-normal terms */ - qed - qed - next - case split_case_2 - solve( Insert( <'Server', pid>, tuple ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* non-normal terms */ - next - case insertServerLpidsecretidkzero_0_21111 - by contradiction /* non-normal terms */ - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t2 = #t1) ∥ (#t1 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_5 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_0( '0', ~n, <'Server', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_6 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_1( '1', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_7 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_2( '2', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( (∀ pid sid k tuple otc tc #i. - (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) - ⇒ - ((last(#i)) ∨ - ((tuple = ) ∧ - (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i))))) ∥ - (∃ pid k tc1 tc2 #t1 #t2. - (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) - ∧ - (¬(last(#t2))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ - (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ - (¬(#t1 = #t2))) ∥ - (∃ x #NOW x.1. - (Restr_ifSmallerotctc_0_111111111_1( x, x.1 ) @ #NOW) - ∧ - (¬(last(#NOW))) ∧ (∀ z. ((x+z) = x.1) ⇒ ⊥)) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_0( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_1( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_2( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_2( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ) - case case_1 - solve( (last(#i)) ∥ - ((tuple = ) ∧ - (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i))) ) - case case_1 - solve( State_1111111111( pid, k, lock, nonce, npr, otc, sid, tc, tuple - ) ▶₀ #i ) - case ifSmallerotctc_0_111111111 - solve( splitEqs(1) ) - case split_case_1 - solve( splitEqs(2) ) - case split_case_1 - solve( Insert( <'Server', pid>, ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( State_111111111111( pid, k, lock, nonce.1, npr.1, otc.1, sid, otc, - tuple - ) ▶₀ #t2 ) - case eventLoginLpidktc_0_11111111111 - by contradiction /* from formulas */ - qed - next - case insertServerLpidsecretidkzero_0_21111 - solve( State_21111( pid, k, sid ) ▶₀ #t2 ) - case newsecretid_0_2111 - solve( !KU( senc(<~n.3, ('zero'+z), npr>, ~n.1) ) @ #vk.5 ) - case c_senc - solve( !KU( ~n ) @ #vk.4 ) - case outLpid_0_21111111 - by contradiction /* from formulas */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* from formulas */ - qed - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* from formulas */ - qed - qed - qed - next - case split_case_2 - solve( Insert( <'Server', pid>, ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* non-normal terms */ - next - case insertServerLpidsecretidkzero_0_21111 - by contradiction /* non-normal terms */ - qed - qed - next - case split_case_2 - solve( Insert( <'Server', pid>, tuple ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* non-normal terms */ - next - case insertServerLpidsecretidkzero_0_21111 - by contradiction /* non-normal terms */ - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t2 = #t1) ∥ (#t1 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_5 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_0( '0', ~n, <'Server', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_6 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_1( '1', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_7 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_2( '2', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed -qed - -lemma init_server_secrecy [use_induction, reuse]: - all-traces - "∀ pid sid k tuple otc tc #i. - (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) ⇒ - (¬(∃ #j. !KU( k ) @ #j))" -/* -guarded formula characterizing all counter-examples: -"∃ pid sid k tuple otc tc #i. - (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) ∧ ∃ #j. (!KU( k ) @ #j)" -*/ -induction - case empty_trace - by contradiction /* from formulas */ -next - case non_empty_trace - simplify - solve( (∀ pid sid k tuple otc tc #i. - (InitStuff( pid, sid, k, tuple, otc, tc ) @ #i) - ⇒ - ((last(#i)) ∨ (∀ #j. (!KU( k ) @ #j) ⇒ last(#j)))) ∥ - (∃ pid k tc1 tc2 #t1 #t2. - (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) - ∧ - (¬(last(#t2))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ - (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ - (¬(#t1 = #t2))) ∥ - (∃ x #NOW x.1. - (Restr_ifSmallerotctc_0_111111111_1( x, x.1 ) @ #NOW) - ∧ - (¬(last(#NOW))) ∧ (∀ z. ((x+z) = x.1) ⇒ ⊥)) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_0( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_1( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_2( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_2( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ) - case case_1 - solve( (last(#i)) ∥ (∀ #j. (!KU( k ) @ #j) ⇒ last(#j)) ) - case case_1 - solve( State_1111111111( pid, k, lock, nonce, npr, otc, sid, tc, tuple - ) ▶₀ #i ) - case ifSmallerotctc_0_111111111 - solve( splitEqs(1) ) - case split_case_1 - solve( splitEqs(2) ) - case split_case_1 - solve( !KU( senc(, k) ) @ #vk.5 ) - case c_senc - solve( Insert( <'Server', pid>, ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( State_111111111111( pid, k, lock, nonce.1, npr.1, otc.1, sid, otc, - tuple - ) ▶₀ #t2 ) - case eventLoginLpidktc_0_11111111111 - by contradiction /* cyclic */ - qed - next - case insertServerLpidsecretidkzero_0_21111 - solve( State_21111( pid, k, sid ) ▶₀ #t2 ) - case newsecretid_0_2111 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.27 < #t2.1) ∥ (#vr.27 = #t2.1) ) - case case_1 - solve( Insert( <'Server', pid>, <~n.3, ~n, otc> ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( State_111111111111( pid, ~n, lock, nonce.1, npr, otc.1, ~n.3, otc, - tuple - ) ▶₀ #t2 ) - case eventLoginLpidktc_0_11111111111 - solve( ((#vr.6 < #vr.42) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, <'Server', ~n> ) @ #t2) - ∧ - (#vr.6 < #t2) ∧ - (#t2 < #vr.42) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, <'Server', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Server', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.6) ∨ (#t0 = #vr.6) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Server', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.6) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.42 < #vr.6) ) - case case_1 - solve( (#vr.28 < #t2.3) ∥ (#vr.28 = #t2.3) ) - case case_1 - solve( State_1111111111111( ~n, k, ~n.2, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_1111111111111( ~n, k, ~n.2, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( (#vr.28 < #t2.3) ∥ (#vr.28 = #t2.3) ∥ (#vr.41 < #vr.28) ) - case case_1 - solve( State_1111111111111( ~n, k, ~n.5, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #i ) - qed - qed - next - case case_2 - solve( State_1111111111111( ~n, k, ~n.5, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.2 < #t2.4) ∥ (#t2.2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #i ) - qed - qed - next - case case_3 - solve( State_1111111111111( ~n, k, ~n.5, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #i ) - qed - qed - qed - qed - qed - next - case insertServerLpidsecretidkzero_0_21111 - solve( State_21111( pid, ~n, ~n.3 ) ▶₀ #t2 ) - case newsecretid_0_2111 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - next - case case_2 - solve( Insert( <'Server', pid>, <~n.3, ~n, otc> ) @ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( State_111111111111( pid, ~n, lock, nonce.1, npr, otc.1, ~n.3, otc, - tuple - ) ▶₀ #t2.1 ) - case eventLoginLpidktc_0_11111111111 - solve( ((#vr.6 < #vr.41) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, <'Server', ~n> ) @ #t2) - ∧ - (#vr.6 < #t2) ∧ - (#t2 < #vr.41) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, <'Server', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Server', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.6) ∨ (#t0 = #vr.6) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Server', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.6) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.41 < #vr.6) ) - case case_1 - solve( (#vr.27 < #t2.3) ∥ (#vr.27 = #t2.3) ) - case case_1 - solve( State_1111111111111( ~n, k, ~n.2, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_1111111111111( ~n, k, ~n.2, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( (#vr.27 < #t2.3) ∥ (#vr.27 = #t2.3) ∥ (#vr.40 < #vr.27) ) - case case_1 - solve( State_1111111111111( ~n, k, ~n.6, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #i ) - qed - qed - next - case case_2 - solve( State_1111111111111( ~n, k, ~n.6, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #i ) - qed - qed - next - case case_3 - solve( State_1111111111111( ~n, k, ~n.6, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #i ) - qed - qed - qed - qed - qed - next - case insertServerLpidsecretidkzero_0_21111 - solve( State_21111( pid, ~n, ~n.3 ) ▶₀ #t2.1 ) - case newsecretid_0_2111 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - qed - qed - next - case split_case_2 - solve( !KU( fst(x) ) @ #j ) - case c_fst - solve( !KU( snd(x) ) @ #vk ) - case c_snd - solve( !KU( senc(, fst(x)) ) @ #vk.5 ) - case c_senc - solve( Insert( <'Server', pid>, ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* non-normal terms */ - next - case insertServerLpidsecretidkzero_0_21111 - by contradiction /* non-normal terms */ - qed - qed - qed - qed - qed - next - case split_case_2 - solve( !KU( fst(snd(tuple)) ) @ #j ) - case c_fst - solve( !KU( snd(snd(tuple)) ) @ #vk ) - case c_snd - solve( !KU( snd(tuple) ) @ #vk.6 ) - case c_snd - solve( !KU( senc(, fst(snd(tuple))) - ) @ #vk.6 ) - case c_senc - solve( !KU( fst(tuple) ) @ #vk.10 ) - case c_fst - solve( Insert( <'Server', pid>, tuple ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* non-normal terms */ - next - case insertServerLpidsecretidkzero_0_21111 - by contradiction /* non-normal terms */ - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( State_1111111111( pid, k, lock, nonce, npr, otc, sid, tc, tuple - ) ▶₀ #i ) - case ifSmallerotctc_0_111111111 - solve( splitEqs(1) ) - case split_case_1 - solve( splitEqs(2) ) - case split_case_1 - solve( !KU( senc(, k) ) @ #vk.5 ) - case c_senc - by contradiction /* node #i after last node #j */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.27 < #t2.1) ∥ (#vr.27 = #t2.1) ) - case case_1 - solve( Insert( <'Server', pid>, <~n.3, ~n, otc> ) @ #t2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( State_111111111111( pid, ~n, lock, nonce.1, npr, otc.1, ~n.3, otc, - tuple - ) ▶₀ #t2 ) - case eventLoginLpidktc_0_11111111111 - solve( ((#vr.6 < #vr.42) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, <'Server', ~n> ) @ #t2) - ∧ - (#vr.6 < #t2) ∧ - (#t2 < #vr.42) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, <'Server', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Server', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.6) ∨ (#t0 = #vr.6) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Server', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.6) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.42 < #vr.6) ) - case case_1 - solve( (#vr.28 < #t2.3) ∥ (#vr.28 = #t2.3) ) - case case_1 - solve( State_1111111111111( ~n, k, ~n.2, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_1111111111111( ~n, k, ~n.2, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( (#vr.28 < #t2.3) ∥ (#vr.28 = #t2.3) ∥ (#vr.41 < #vr.28) ) - case case_1 - solve( State_1111111111111( ~n, k, ~n.5, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - next - case case_2 - solve( State_1111111111111( ~n, k, ~n.5, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.2 < #t2.4) ∥ (#t2.2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - next - case case_3 - solve( State_1111111111111( ~n, k, ~n.5, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - qed - qed - qed - next - case insertServerLpidsecretidkzero_0_21111 - solve( State_21111( pid, ~n, ~n.3 ) ▶₀ #t2 ) - case newsecretid_0_2111 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - next - case case_2 - solve( Insert( <'Server', pid>, <~n.3, ~n, otc> ) @ #t2.1 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( State_111111111111( pid, ~n, lock, nonce.1, npr, otc.1, ~n.3, otc, - tuple - ) ▶₀ #t2.1 ) - case eventLoginLpidktc_0_11111111111 - solve( ((#vr.6 < #vr.41) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.2, <'Server', ~n> ) @ #t2) - ∧ - (#vr.6 < #t2) ∧ - (#t2 < #vr.41) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, <'Server', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Server', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.6) ∨ (#t0 = #vr.6) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Server', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.6) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.41 < #vr.6) ) - case case_1 - solve( (#vr.27 < #t2.3) ∥ (#vr.27 = #t2.3) ) - case case_1 - solve( State_1111111111111( ~n, k, ~n.2, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_1111111111111( ~n, k, ~n.2, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( (#vr.27 < #t2.3) ∥ (#vr.27 = #t2.3) ∥ (#vr.40 < #vr.27) ) - case case_1 - solve( State_1111111111111( ~n, k, ~n.6, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - next - case case_2 - solve( State_1111111111111( ~n, k, ~n.6, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - next - case case_3 - solve( State_1111111111111( ~n, k, ~n.6, nonce.2, npr.1, otc.1, secretid, - tc, tuple - ) ▶₀ #t2.2 ) - case insertServerLpidsecretidktc_0_111111111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - qed - qed - qed - next - case insertServerLpidsecretidkzero_0_21111 - solve( State_21111( pid, ~n, ~n.3 ) ▶₀ #t2.1 ) - case newsecretid_0_2111 - by solve( !KU( ~n.1 ) @ #j ) - qed - qed - qed - qed - next - case split_case_2 - solve( !KU( fst(x) ) @ #j ) - case c_fst - solve( !KU( snd(x) ) @ #vk ) - case c_snd - solve( !KU( senc(, fst(x)) ) @ #vk.5 ) - case c_senc - by contradiction /* node #i after last node #j */ - qed - qed - qed - qed - next - case split_case_2 - solve( !KU( fst(snd(tuple)) ) @ #j ) - case c_fst - solve( !KU( snd(snd(tuple)) ) @ #vk ) - case c_snd - solve( !KU( snd(tuple) ) @ #vk.6 ) - case c_snd - solve( !KU( senc(, fst(snd(tuple))) - ) @ #vk.6 ) - case c_senc - by contradiction /* node #i after last node #j */ - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t2 = #t1) ∥ (#t1 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_5 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_0( '0', ~n, <'Server', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_6 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_1( '1', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_7 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_2( '2', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed -qed - -lemma init_yubikey [sources]: - all-traces - "∀ pid sid k tc #i. - (YubiPress( pid, sid, k, tc ) @ #i) ⇒ - (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (#j < #i))" -/* -guarded formula characterizing all counter-examples: -"∃ pid sid k tc #i. - (YubiPress( pid, sid, k, tc ) @ #i) - ∧ - ∀ #j. (YubiInit( pid, sid, k ) @ #j) ⇒ ¬(#j < #i)" -*/ -induction - case empty_trace - by contradiction /* from formulas */ -next - case non_empty_trace - simplify - solve( (∀ pid sid k tc #i. - (YubiPress( pid, sid, k, tc ) @ #i) - ⇒ - ((last(#i)) ∨ - (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i)))) ∥ - (∃ pid k tc1 tc2 #t1 #t2. - (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) - ∧ - (¬(last(#t2))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ - (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ - (¬(#t1 = #t2))) ∥ - (∃ x #NOW x.1. - (Restr_ifSmallerotctc_0_111111111_1( x, x.1 ) @ #NOW) - ∧ - (¬(last(#NOW))) ∧ (∀ z. ((x+z) = x.1) ⇒ ⊥)) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_0( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_1( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_2( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_2( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ) - case case_1 - solve( (last(#i)) ∥ - (∃ #j. (YubiInit( pid, sid, k ) @ #j) ∧ (¬(last(#j))) ∧ (#j < #i)) ) - case case_1 - solve( State_21111111112111111( pid, k, nonce, npr, sid, tc, lock - ) ▶₀ #i ) - case newnpr_0_2111111111211111 - by contradiction /* from formulas */ - qed - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t2 = #t1) ∥ (#t1 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - solve( (#t1 = #t2) ∥ (#t2 < #t1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_5 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_0( '0', ~n, <'Server', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_6 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_1( '1', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_7 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_2( '2', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2 = #t0) ∥ (#t0 < #t2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed -qed - -restriction slightly_weaker_invariant: - "∀ pid k tc1 tc2 #t1 #t2. - ((Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2)) ⇒ - ((((#t1 < #t2) ∧ (∃ z. (tc1+z) = tc2)) ∨ (#t2 < #t1)) ∨ (#t1 = #t2))" - -lemma one_count_foreach_login [reuse, use_induction]: - all-traces - "∀ pid k x #t2. - (Login( pid, k, x ) @ #t2) ⇒ - (∃ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ∧ (#t1 < #t2))" -/* -guarded formula characterizing all counter-examples: -"∃ pid k x #t2. - (Login( pid, k, x ) @ #t2) - ∧ - ∀ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ⇒ ¬(#t1 < #t2)" -*/ -induction - case empty_trace - by contradiction /* from formulas */ -next - case non_empty_trace - simplify - solve( (∀ pid k x #t2. - (Login( pid, k, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (∃ #t1 sid. - (YubiPress( pid, sid, k, x ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2)))) ∥ - (∃ pid k tc1 tc2 #t1 #t2. - (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) - ∧ - (¬(last(#t2))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ - (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ - (¬(#t1 = #t2))) ∥ - (∃ x #NOW x.1. - (Restr_ifSmallerotctc_0_111111111_1( x, x.1 ) @ #NOW) - ∧ - (¬(last(#NOW))) ∧ (∀ z. ((x+z) = x.1) ⇒ ⊥)) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_0( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_1( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_2( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_2( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ) - case case_1 - solve( (last(#t2)) ∥ - (∃ #t1 sid. - (YubiPress( pid, sid, k, x ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2)) ) - case case_1 - solve( State_11111111111( pid, k, lock, nonce, npr, otc, secretid, x, - tuple - ) ▶₀ #t2 ) - case eventInitStuffLpidsecretidktupleotctc_0_1111111111 - solve( (#vr.14 < #t2.1) ∥ (#vr.14 = #t2.1) ∥ (#vr.6 < #vr.14) ) - case case_1 - solve( !KU( ~n ) @ #vk.2 ) - case outLpid_0_21111111 - solve( !KU( senc(<~n.2, (otc+z), npr>, ~n.1) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* from formulas */ - qed - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.2) ∥ (#vr.13 = #t2.2) ) - case case_1 - solve( !KU( senc(<~n.2, (otc+z), npr>, ~n.1) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( !KU( senc(<~n.2, (otc+z), npr>, ~n.1) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( !KU( ~n ) @ #vk.2 ) - case outLpid_0_21111111 - solve( !KU( senc(<~n.2, (otc+z), npr>, ~n.1) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* from formulas */ - qed - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.2) ∥ (#vr.13 = #t2.2) ) - case case_1 - solve( !KU( senc(<~n.2, (otc+z), npr>, ~n.1) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( !KU( senc(<~n.2, (otc+z), npr>, ~n.1) ) @ #vk.5 ) - case c_senc - by contradiction /* from formulas */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_3 - solve( !KU( ~n ) @ #vk.2 ) - case outLpid_0_21111111 - by contradiction /* cyclic */ - next - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( (#t1 = #t2.1) ∥ (#t2.1 < #t1) ∥ (∀ z. ((tc1+z) = tc2) ⇒ ⊥) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t2.1 = #t1) ∥ (#t1 < #t2.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - solve( (#t1 = #t2.1) ∥ (#t2.1 < #t1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_5 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_0( '0', ~n, <'Server', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Server', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2.1 = #t0) ∨ (#t0 < #t2.1))) ∧ - (¬(#t2.1 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 = #t0) ∥ (#t0 < #t2.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_6 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_1( '1', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2.1 = #t0) ∨ (#t0 < #t2.1))) ∧ - (¬(#t2.1 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 = #t0) ∥ (#t0 < #t2.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_7 - solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ - (∀ #t2. - (Unlock_2( '2', ~n, <'Yubikey', L_pid> ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - solve( (#t3 = #t1) ∥ (#t1 < #t3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∃ #t0 pp. - (Unlock( pp, ~n, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ - (∃ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ - (∃ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', L_pid> ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2.1 = #t0) ∨ (#t0 < #t2.1))) ∧ - (¬(#t2.1 = #t0))) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - next - case case_3 - solve( (#t0 = #t1) ∥ (#t1 < #t0) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (#t2.1 = #t0) ∥ (#t0 < #t2.1) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed -qed - -lemma no_replay: - all-traces - "¬(∃ #i #j pid k x. - ((Login( pid, k, x ) @ #i) ∧ (Login( pid, k, x ) @ #j)) ∧ (¬(#i = #j)))" -/* -guarded formula characterizing all counter-examples: -"∃ #i #j pid k x. - (Login( pid, k, x ) @ #i) ∧ (Login( pid, k, x ) @ #j) ∧ ¬(#i = #j)" -*/ -simplify -by solve( (#i < #j) ∥ (#j < #i) ) - -lemma injective_correspondance [use_induction]: - all-traces - "∀ pid k x #t2. - (Login( pid, k, x ) @ #t2) ⇒ - ((∃ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ∧ (#t1 < #t2)) ∧ - (∀ #t3. (Login( pid, k, x ) @ #t3) ⇒ (#t3 = #t2)))" -/* -guarded formula characterizing all counter-examples: -"∃ pid k x #t2. - (Login( pid, k, x ) @ #t2) - ∧ - ((∀ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ⇒ ¬(#t1 < #t2)) ∨ - (∃ #t3. (Login( pid, k, x ) @ #t3) ∧ ¬(#t3 = #t2)))" -*/ -induction - case empty_trace - by contradiction /* from formulas */ -next - case non_empty_trace - simplify - solve( (∀ #t1 sid. (YubiPress( pid, sid, k, x ) @ #t1) ⇒ ¬(#t1 < #t2)) ∥ - (∃ #t3. (Login( pid, k, x ) @ #t3) ∧ ¬(#t3 = #t2)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( (∀ pid k x #t2. - (Login( pid, k, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - ((∃ #t1 sid. - (YubiPress( pid, sid, k, x ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2)) ∧ - (∀ #t3. (Login( pid, k, x ) @ #t3) ⇒ ((last(#t3)) ∨ (#t3 = #t2)))))) ∥ - (∃ pid k tc1 tc2 #t1 #t2. - (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) - ∧ - (¬(last(#t2))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1) ∨ (∀ z. ((tc1+z) = tc2) ⇒ ⊥))) ∧ - (((#t2 = #t1) ∨ (#t1 < #t2))) ∧ - (¬(#t1 = #t2))) ∥ - (∃ x #NOW x.1. - (Restr_ifSmallerotctc_0_111111111_1( x, x.1 ) @ #NOW) - ∧ - (¬(last(#NOW))) ∧ (∀ z. ((x+z) = x.1) ⇒ ⊥)) ∥ - (∃ x y #t3. - (IsIn( x, y ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (∀ #t2. - (Insert( x, y ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t1 yp. - (Insert( x, yp ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t2) ∨ (#t2 < #t1))) ∧ - (¬(#t1 = #t2)) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))))))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_0( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_1( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ∥ - (∃ p pp l x lp #t1 #t3. - (Lock_2( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3) - ∧ - (¬(last(#t3))) ∧ - (¬(last(#t1))) ∧ - (((#t1 = #t3) ∨ - (#t3 < #t1) ∨ - (∀ #t2. - (Unlock_2( p, l, x ) @ #t2) - ⇒ - ((last(#t2)) ∨ - (#t1 = #t2) ∨ - (#t2 < #t1) ∨ - (#t2 = #t3) ∨ - (#t3 < #t2) ∨ - (∃ #t0 pp.1. - (Unlock( pp.1, l, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ - (∃ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (¬(#t0 = #t1)) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ - (∃ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ - (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ - (¬(#t2 = #t0))))))) ∧ - (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ) - case case_1 - by solve( (#t3 < #t2) ∥ (#t2 < #t3) ) - next - case case_2 - by solve( (#t3 < #t2) ∥ (#t2 < #t3) ) - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by solve( (#t3 < #t2) ∥ (#t2 < #t3) ) - next - case case_5 - by solve( (#t3 < #t2) ∥ (#t2 < #t3) ) - next - case case_6 - by solve( (#t3 < #t2) ∥ (#t2 < #t3) ) - next - case case_7 - by solve( (#t3 < #t2) ∥ (#t2 < #t3) ) - qed - qed -qed - -lemma Login_invalidates_smaller_counters: - all-traces - "∀ pid k tc1 tc2 #t1 #t2. - (((Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2)) ∧ - (∃ z. (tc1+z) = tc2)) ⇒ - (#t1 < #t2)" -/* -guarded formula characterizing all counter-examples: -"∃ pid k tc1 tc2 #t1 #t2. - (Login( pid, k, tc1 ) @ #t1) ∧ (Login( pid, k, tc2 ) @ #t2) - ∧ - (∃ z. ((tc1+z) = tc2)) ∧ (¬(#t1 < #t2))" -*/ -simplify -solve( (#t1 = #t2) ∥ (#t2 < #t1) ) - case case_1 - solve( State_11111111111( pid, k, lock, nonce, npr, otc, secretid, tc1, - tuple - ) ▶₀ #t1 ) - case eventInitStuffLpidsecretidktupleotctc_0_1111111111 - solve( (#vr.14 < #t2) ∥ (#vr.14 = #t2) ∥ (#vr.6 < #vr.14) ) - case case_1 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.1 ) - case newnpr_0_2111111111211111 - solve( (#vr.13 < #t2.1) ∥ (#vr.13 = #t2.1) ) - case case_1 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.2 ) - case newnpr_0_2111111111211111 - solve( ((#vr.25 < #vr.35) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.6, <'Yubikey', ~n> ) @ #t2) - ∧ - (#vr.25 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.6, <'Yubikey', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.25) ∨ (#t0 = #vr.25) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.25) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.35 < #vr.25) ∥ (#vr.25 = #vr.35) ) - case case_1 - solve( (#vr.32 < #t2.2) ∥ (#vr.32 = #t2.2) ∥ (#vr.24 < #vr.32) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_3 - solve( (#t2.3 < #t2.2) ∥ (#t2.3 = #t2.2) ∥ (#vr.24 < #t2.3) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.22 < #t2.3) ∥ (#vr.22 = #t2.3) ∥ (#vr.34 < #vr.22) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.2 < #t2.4) ∥ (#t2.2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case case_2 - solve( (#vr.32 < #t2.2) ∥ (#vr.32 = #t2.2) ∥ (#vr.24 < #vr.32) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - next - case case_2 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2.2 < #t2.4) ∥ (#t2.2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - next - case case_3 - solve( (#t2.3 < #t2.2) ∥ (#t2.3 = #t2.2) ∥ (#vr.24 < #t2.3) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.22 < #t2.3) ∥ (#vr.22 = #t2.3) ∥ (#vr.34 < #vr.22) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case case_3 - solve( (#vr.13 < #t2.2) ∥ (#vr.13 = #t2.2) ) - case case_1 - solve( (#t2.1 < #t2.2) ∥ (#t2.1 = #t2.2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.2 ) - case newnpr_0_2111111111211111 - solve( ((#vr.24 < #vr.34) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.6, <'Yubikey', ~n> ) @ #t2) - ∧ - (#vr.24 < #t2) ∧ - (#t2 < #vr.34) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.6, <'Yubikey', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.24) ∨ (#t0 = #vr.24) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.24) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.34 < #vr.24) ∥ (#vr.24 = #vr.34) ) - case case_1 - solve( (#t2.3 < #t2) ∥ (#t2.3 = #t2) ∥ (#vr.23 < #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.21 < #t2.3) ∥ (#vr.21 = #t2.3) ∥ (#vr.33 < #vr.21) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2 < #t2.4) ∥ (#t2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2 < #t2.4) ∥ (#t2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_2 - solve( (#t2.3 < #t2) ∥ (#t2.3 = #t2) ∥ (#vr.23 < #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.21 < #t2.3) ∥ (#vr.21 = #t2.3) ∥ (#vr.33 < #vr.21) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_3 - solve( (#t2 < #t2.2) ∥ (#t2 = #t2.2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - qed - qed - next - case case_2 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.1 ) - case newnpr_0_2111111111211111 - solve( (#vr.13 < #t2.1) ∥ (#vr.13 = #t2.1) ) - case case_1 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.2 ) - case newnpr_0_2111111111211111 - solve( ((#vr.24 < #vr.34) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.6, <'Yubikey', ~n> ) @ #t2) - ∧ - (#vr.24 < #t2) ∧ - (#t2 < #vr.34) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.6, <'Yubikey', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.24) ∨ (#t0 = #vr.24) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.24) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.34 < #vr.24) ∥ (#vr.24 = #vr.34) ) - case case_1 - solve( (#vr.31 < #t2.2) ∥ (#vr.31 = #t2.2) ∥ (#vr.23 < #vr.31) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_3 - solve( (#t2.3 < #t2.2) ∥ (#t2.3 = #t2.2) ∥ (#vr.23 < #t2.3) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.21 < #t2.3) ∥ (#vr.21 = #t2.3) ∥ (#vr.33 < #vr.21) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.2 < #t2.4) ∥ (#t2.2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case case_2 - solve( (#vr.31 < #t2.2) ∥ (#vr.31 = #t2.2) ∥ (#vr.23 < #vr.31) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2.2 < #t2.4) ∥ (#t2.2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - next - case case_2 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - next - case case_3 - solve( (#t2.3 < #t2.2) ∥ (#t2.3 = #t2.2) ∥ (#vr.23 < #t2.3) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.21 < #t2.3) ∥ (#vr.21 = #t2.3) ∥ (#vr.33 < #vr.21) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case case_3 - solve( (#vr.13 < #t2.2) ∥ (#vr.13 = #t2.2) ) - case case_1 - solve( (#t2.1 < #t2.2) ∥ (#t2.1 = #t2.2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.2 ) - case newnpr_0_2111111111211111 - solve( ((#vr.23 < #vr.33) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.6, <'Yubikey', ~n> ) @ #t2) - ∧ - (#vr.23 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.6, <'Yubikey', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.23) ∨ (#t0 = #vr.23) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.23) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.33 < #vr.23) ∥ (#vr.23 = #vr.33) ) - case case_1 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.22 < #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.20 < #t2.3) ∥ (#vr.20 = #t2.3) ∥ (#vr.32 < #vr.20) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_2 - solve( (#t2.3 < #t2.1) ∥ (#t2.3 = #t2.1) ∥ (#vr.22 < #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.9 - ) ▶₀ #t2.2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.20 < #t2.3) ∥ (#vr.20 = #t2.3) ∥ (#vr.32 < #vr.20) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.9 - ) ▶₀ #t2.2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.9 - ) ▶₀ #t2.2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.9 - ) ▶₀ #t2.2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_3 - solve( (#t2.1 < #t2.2) ∥ (#t2.1 = #t2.2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - qed - qed - next - case case_3 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.1 ) - case newnpr_0_2111111111211111 - solve( (#vr.13 < #t2.1) ∥ (#vr.13 = #t2.1) ) - case case_1 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.2 ) - case newnpr_0_2111111111211111 - solve( ((#vr.25 < #vr.35) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.6, <'Yubikey', ~n> ) @ #t2) - ∧ - (#vr.25 < #t2) ∧ - (#t2 < #vr.35) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.6, <'Yubikey', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.25) ∨ (#t0 = #vr.25) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.25) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.35 < #vr.25) ∥ (#vr.25 = #vr.35) ) - case case_1 - solve( (#vr.32 < #t2.2) ∥ (#vr.32 = #t2.2) ∥ (#vr.24 < #vr.32) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_3 - solve( (#t2.3 < #t2.2) ∥ (#t2.3 = #t2.2) ∥ (#vr.24 < #t2.3) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.22 < #t2.3) ∥ (#vr.22 = #t2.3) ∥ (#vr.34 < #vr.22) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.2 < #t2.4) ∥ (#t2.2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case case_2 - solve( (#vr.32 < #t2.2) ∥ (#vr.32 = #t2.2) ∥ (#vr.24 < #vr.32) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - next - case case_2 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#vr.13 < #t2.4) ∥ (#vr.13 = #t2.4) ) - case case_1 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2.2 < #t2.4) ∥ (#t2.2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - next - case case_3 - solve( (#t2.3 < #t2.2) ∥ (#t2.3 = #t2.2) ∥ (#vr.24 < #t2.3) ) - case case_1 - solve( (#vr.13 < #t2.3) ∥ (#vr.13 = #t2.3) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.22 < #t2.3) ∥ (#vr.22 = #t2.3) ∥ (#vr.34 < #vr.22) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.4 - ) ▶₀ #t2 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - qed - next - case case_3 - solve( (#vr.13 < #t2.2) ∥ (#vr.13 = #t2.2) ) - case case_1 - solve( (#t2.1 < #t2.2) ∥ (#t2.1 = #t2.2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - next - case case_2 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - solve( State_21111111112111111( ~n, ~n.1, nonce.1, npr.1, sid, (otc+z), - lock - ) ▶₀ #t1.2 ) - case newnpr_0_2111111111211111 - solve( ((#vr.24 < #vr.34) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.6, <'Yubikey', ~n> ) @ #t2) - ∧ - (#vr.24 < #t2) ∧ - (#t2 < #vr.34) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.6, <'Yubikey', ~n> ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.24) ∨ (#t0 = #vr.24) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, <'Yubikey', ~n> ) @ #t0) - ⇒ - ((#t0 < #vr.24) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.34 < #vr.24) ∥ (#vr.24 = #vr.34) ) - case case_1 - solve( (#t2.3 < #t2) ∥ (#t2.3 = #t2) ∥ (#vr.23 < #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.21 < #t2.3) ∥ (#vr.21 = #t2.3) ∥ (#vr.33 < #vr.21) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2 < #t2.4) ∥ (#t2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - solve( (#t2 < #t2.4) ∥ (#t2 = #t2.4) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.6 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_2 - solve( (#t2.3 < #t2) ∥ (#t2.3 = #t2) ∥ (#vr.23 < #t2.3) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( (#vr.21 < #t2.3) ∥ (#vr.21 = #t2.3) ∥ (#vr.33 < #vr.21) ) - case case_1 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - next - case case_3 - solve( State_2111111111211111111( ~n, k, nonce.1, npr.1, secretid, tc, - ~n.7 - ) ▶₀ #t2.1 ) - case outLpidnoncesencsecretidtcnprk_0_211111111121111111 - by contradiction /* cyclic */ - qed - qed - qed - next - case case_3 - solve( (#t2 < #t2.2) ∥ (#t2 = #t2.2) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by solve( Login( ~n, ~n.1, (otc+z+z.1) ) @ #t1 ) - qed - qed - qed - qed - qed - qed - qed -qed - -rule (modulo E) Init[color=#ffffff, process="|"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="|"]: - [ State_( ) ] --> [ State_1( ), State_2( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#806040, process="!"]: - [ State_1( ) ] --> [ !Semistate_11( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_1[color=#806040, process="!"]: - [ !Semistate_11( ) ] --> [ State_11( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inLpidnoncesencsecretidtcnprk_0_11[color=#806040, - process="in(, k)>);"]: - [ State_11( ), In( , k)> ) ] - --> - [ State_111( L_pid, k, nonce, npr, secretid, tc ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockServerLpid_0_111[color=#806040, - process="lock <'Server', L_pid>;"]: - [ State_111( L_pid, k, nonce, npr, secretid, tc ), Fr( lock ) ] - --[ - Lock_0( '0', lock, <'Server', L_pid> ), - Lock( '0', lock, <'Server', L_pid> ) - ]-> - [ State_1111( L_pid, k, lock, nonce, npr, secretid, tc ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupServerLpidastuple_0_1111[color=#806040, - process="lookup <'Server', L_pid> as tuple"]: - [ State_1111( L_pid, k, lock, nonce, npr, secretid, tc ) ] - --[ IsIn( <'Server', L_pid>, tuple ) ]-> - [ State_11111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupServerLpidastuple_1_1111[color=#806040, - process="lookup <'Server', L_pid> as tuple"]: - [ State_1111( L_pid, k, lock, nonce, npr, secretid, tc ) ] - --[ IsNotSet( <'Server', L_pid> ) ]-> - [ State_11112( L_pid, k, lock, nonce, npr, secretid, tc ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) iffsttuplesecretid_0_11111[color=#806040, - process="if fst(tuple)=secretid"]: - [ State_11111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --[ Pred_Eq( fst(tuple), secretid ) ]-> - [ State_111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - - /* - rule (modulo AC) iffsttuplesecretid_0_11111[color=#806040, - process="if fst(tuple)=secretid"]: - [ State_11111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --[ Pred_Eq( z, secretid ) ]-> - [ State_111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - variants (modulo AC) - 1. tuple = tuple.10 - z = fst(tuple.10) - - 2. tuple = - z = x.10 - */ - -rule (modulo E) iffsttuplesecretid_1_11111[color=#806040, - process="if fst(tuple)=secretid"]: - [ State_11111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --[ Pred_Not_Eq( fst(tuple), secretid ) ]-> - [ State_111112( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - - /* - rule (modulo AC) iffsttuplesecretid_1_11111[color=#806040, - process="if fst(tuple)=secretid"]: - [ State_11111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --[ Pred_Not_Eq( z, secretid ) ]-> - [ State_111112( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - variants (modulo AC) - 1. tuple = tuple.10 - z = fst(tuple.10) - - 2. tuple = - z = x.10 - */ - -rule (modulo E) iffstsndtuplek_0_111111[color=#806040, - process="if fst(snd(tuple))=k"]: - [ State_111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --[ Pred_Eq( fst(snd(tuple)), k ) ]-> - [ State_1111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - - /* - rule (modulo AC) iffstsndtuplek_0_111111[color=#806040, - process="if fst(snd(tuple))=k"]: - [ State_111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --[ Pred_Eq( z, k ) ]-> - [ State_1111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - variants (modulo AC) - 1. tuple = tuple.10 - z = fst(snd(tuple.10)) - - 2. tuple = - z = fst(x.11) - - 3. tuple = - z = x.11 - */ - -rule (modulo E) iffstsndtuplek_1_111111[color=#806040, - process="if fst(snd(tuple))=k"]: - [ State_111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --[ Pred_Not_Eq( fst(snd(tuple)), k ) ]-> - [ State_1111112( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - - /* - rule (modulo AC) iffstsndtuplek_1_111111[color=#806040, - process="if fst(snd(tuple))=k"]: - [ State_111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --[ Pred_Not_Eq( z, k ) ]-> - [ State_1111112( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - variants (modulo AC) - 1. tuple = tuple.10 - z = fst(snd(tuple.10)) - - 2. tuple = - z = fst(x.11) - - 3. tuple = - z = x.11 - */ - -rule (modulo E) inotc_0_1111111[color=#806040, process="in(otc);"]: - [ - State_1111111( L_pid, k, lock, nonce, npr, secretid, tc, tuple ), - In( otc ) - ] - --> - [ State_11111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifsndsndtupleotc_0_11111111[color=#806040, - process="if snd(snd(tuple))=otc"]: - [ State_11111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --[ Pred_Eq( snd(snd(tuple)), otc ) ]-> - [ State_111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - - /* - rule (modulo AC) ifsndsndtupleotc_0_11111111[color=#806040, - process="if snd(snd(tuple))=otc"]: - [ State_11111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --[ Pred_Eq( z, otc ) ]-> - [ State_111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - variants (modulo AC) - 1. tuple = tuple.11 - z = snd(snd(tuple.11)) - - 2. tuple = - z = snd(x.12) - - 3. tuple = - z = x.13 - */ - -rule (modulo E) ifsndsndtupleotc_1_11111111[color=#806040, - process="if snd(snd(tuple))=otc"]: - [ State_11111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --[ Pred_Not_Eq( snd(snd(tuple)), otc ) ]-> - [ State_111111112( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - - /* - rule (modulo AC) ifsndsndtupleotc_1_11111111[color=#806040, - process="if snd(snd(tuple))=otc"]: - [ State_11111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --[ Pred_Not_Eq( z, otc ) ]-> - [ State_111111112( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - variants (modulo AC) - 1. tuple = tuple.11 - z = snd(snd(tuple.11)) - - 2. tuple = - z = snd(x.12) - - 3. tuple = - z = x.13 - */ - -restriction Restr_ifSmallerotctc_0_111111111_1: - "∀ x #NOW x.1. - (Restr_ifSmallerotctc_0_111111111_1( x, x.1 ) @ #NOW) ⇒ - (∃ z. (x+z) = x.1)" - -rule (modulo E) ifSmallerotctc_0_111111111[color=#806040, - process="if Smaller( otc, tc )"]: - [ State_111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --[ Restr_ifSmallerotctc_0_111111111_1( otc, tc ) ]-> - [ - State_1111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - - /* has exactly the trivial AC variant */ - -restriction Restr_ifSmallerotctc_1_111111111_1: - "∀ x #NOW x.1. - (Restr_ifSmallerotctc_1_111111111_1( x, x.1 ) @ #NOW) ⇒ - (¬(∃ z. (x+z) = x.1))" - // safety formula - -rule (modulo E) ifSmallerotctc_1_111111111[color=#806040, - process="if Smaller( otc, tc )"]: - [ State_111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --[ Restr_ifSmallerotctc_1_111111111_1( otc, tc ) ]-> - [ - State_1111111112( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventInitStuffLpidsecretidktupleotctc_0_1111111111[color=#806040, - process="event InitStuff( L_pid, secretid, k, tuple, otc, tc );"]: - [ - State_1111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --[ InitStuff( L_pid, secretid, k, tuple, otc, tc ) ]-> - [ - State_11111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventLoginLpidktc_0_11111111111[color=#806040, - process="event Login( L_pid, k, tc );"]: - [ - State_11111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --[ Login( L_pid, k, tc ) ]-> - [ - State_111111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertServerLpidsecretidktc_0_111111111111[color=#806040, - process="insert <'Server', L_pid>,;"]: - [ - State_111111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple - ) - ] - --[ Insert( <'Server', L_pid>, ) ]-> - [ - State_1111111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockServerLpid_0_1111111111111[color=#806040, - process="unlock <'Server', L_pid>;"]: - [ - State_1111111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple - ) - ] - --[ - Unlock_0( '0', lock, <'Server', L_pid> ), - Unlock( '0', lock, <'Server', L_pid> ) - ]-> - [ - State_11111111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, - tuple - ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111111[color=#806040, process="0"]: - [ - State_11111111111111( L_pid, k, lock, nonce, npr, otc, secretid, tc, - tuple - ) - ] - --> - [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111112[color=#806040, process="0"]: - [ - State_1111111112( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --> - [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111112[color=#806040, process="0"]: - [ State_111111112( L_pid, k, lock, nonce, npr, otc, secretid, tc, tuple ) - ] - --> - [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111112[color=#806040, process="0"]: - [ State_1111112( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --> - [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111112[color=#806040, process="0"]: - [ State_111112( L_pid, k, lock, nonce, npr, secretid, tc, tuple ) ] - --> - [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11112[color=#806040, process="0"]: - [ State_11112( L_pid, k, lock, nonce, npr, secretid, tc ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_2[color=#ffffff, process="!"]: - [ State_2( ) ] --> [ !Semistate_21( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_2[color=#ffffff, process="!"]: - [ !Semistate_21( ) ] --> [ State_21( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_21[color=#805140, process="new k;"]: - [ State_21( ), Fr( k ) ] --> [ State_211( k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newLpid_0_211[color=#805140, process="new L_pid;"]: - [ State_211( k ), Fr( L_pid ) ] --> [ State_2111( L_pid, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newsecretid_0_2111[color=#805140, - process="new secretid;"]: - [ State_2111( L_pid, k ), Fr( secretid ) ] - --> - [ State_21111( L_pid, k, secretid ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertServerLpidsecretidkzero_0_21111[color=#805140, - process="insert <'Server', L_pid>,;"]: - [ State_21111( L_pid, k, secretid ) ] - --[ Insert( <'Server', L_pid>, ) ]-> - [ State_211111( L_pid, k, secretid ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertLYubikeyLpidonezero_0_211111[color=#805140, - process="insert <'L_Yubikey', L_pid>,('one'+'zero');"]: - [ State_211111( L_pid, k, secretid ) ] - --[ Insert( <'L_Yubikey', L_pid>, ('one'+'zero') ) ]-> - [ State_2111111( L_pid, k, secretid ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventYubiInitLpidsecretidk_0_2111111[color=#805140, - process="event YubiInit( L_pid, secretid, k );"]: - [ State_2111111( L_pid, k, secretid ) ] - --[ YubiInit( L_pid, secretid, k ) ]-> - [ State_21111111( L_pid, k, secretid ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outLpid_0_21111111[color=#805140, process="out(L_pid);"]: - [ State_21111111( L_pid, k, secretid ) ] - --> - [ State_211111111( L_pid, k, secretid ), Out( L_pid ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_211111111[color=#805140, process="!"]: - [ State_211111111( L_pid, k, secretid ) ] - --> - [ !Semistate_2111111111( L_pid, k, secretid ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_211111111[color=#805140, process="!"]: - [ !Semistate_2111111111( L_pid, k, secretid ) ] - --> - [ State_2111111111( L_pid, k, secretid ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_2111111111[color=#805140, process="|"]: - [ State_2111111111( L_pid, k, secretid ) ] - --> - [ - State_21111111111( L_pid, k, secretid ), - State_21111111112( L_pid, k, secretid ) - ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockYubikeyLpid_0_21111111111[color=#805140, - process="lock <'Yubikey', L_pid>;"]: - [ State_21111111111( L_pid, k, secretid ), Fr( lock.1 ) ] - --[ - Lock_1( '1', lock.1, <'Yubikey', L_pid> ), - Lock( '1', lock.1, <'Yubikey', L_pid> ) - ]-> - [ State_211111111111( L_pid, k, secretid, lock.1 ) ] - - /* - rule (modulo AC) lockYubikeyLpid_0_21111111111[color=#805140, - process="lock <'Yubikey', L_pid>;"]: - [ State_21111111111( L_pid, k, secretid ), Fr( lock ) ] - --[ - Lock_1( '1', lock, <'Yubikey', L_pid> ), - Lock( '1', lock, <'Yubikey', L_pid> ) - ]-> - [ State_211111111111( L_pid, k, secretid, lock ) ] - */ - -rule (modulo E) lookupLYubikeyLpidassc_0_211111111111[color=#805140, - process="lookup <'L_Yubikey', L_pid> as sc"]: - [ State_211111111111( L_pid, k, secretid, lock.1 ) ] - --[ IsIn( <'L_Yubikey', L_pid>, sc ) ]-> - [ State_2111111111111( L_pid, k, sc, secretid, lock.1 ) ] - - /* - rule (modulo AC) lookupLYubikeyLpidassc_0_211111111111[color=#805140, - process="lookup <'L_Yubikey', L_pid> as sc"]: - [ State_211111111111( L_pid, k, secretid, lock ) ] - --[ IsIn( <'L_Yubikey', L_pid>, sc ) ]-> - [ State_2111111111111( L_pid, k, sc, secretid, lock ) ] - */ - -rule (modulo E) lookupLYubikeyLpidassc_1_211111111111[color=#805140, - process="lookup <'L_Yubikey', L_pid> as sc"]: - [ State_211111111111( L_pid, k, secretid, lock.1 ) ] - --[ IsNotSet( <'L_Yubikey', L_pid> ) ]-> - [ State_2111111111112( L_pid, k, secretid, lock.1 ) ] - - /* - rule (modulo AC) lookupLYubikeyLpidassc_1_211111111111[color=#805140, - process="lookup <'L_Yubikey', L_pid> as sc"]: - [ State_211111111111( L_pid, k, secretid, lock ) ] - --[ IsNotSet( <'L_Yubikey', L_pid> ) ]-> - [ State_2111111111112( L_pid, k, secretid, lock ) ] - */ - -rule (modulo E) insc_0_2111111111111[color=#805140, process="in(sc);"]: - [ State_2111111111111( L_pid, k, sc, secretid, lock.1 ), In( sc ) ] - --> - [ State_21111111111111( L_pid, k, sc, secretid, lock.1 ) ] - - /* - rule (modulo AC) insc_0_2111111111111[color=#805140, process="in(sc);"]: - [ State_2111111111111( L_pid, k, sc, secretid, lock ), In( sc ) ] - --> - [ State_21111111111111( L_pid, k, sc, secretid, lock ) ] - */ - -rule (modulo E) insertLYubikeyLpidonesc_0_21111111111111[color=#805140, - process="insert <'L_Yubikey', L_pid>,('one'+sc);"]: - [ State_21111111111111( L_pid, k, sc, secretid, lock.1 ) ] - --[ Insert( <'L_Yubikey', L_pid>, ('one'+sc) ) ]-> - [ State_211111111111111( L_pid, k, sc, secretid, lock.1 ) ] - - /* - rule (modulo AC) insertLYubikeyLpidonesc_0_21111111111111[color=#805140, - process="insert <'L_Yubikey', L_pid>,('one'+sc);"]: - [ State_21111111111111( L_pid, k, sc, secretid, lock ) ] - --[ Insert( <'L_Yubikey', L_pid>, ('one'+sc) ) ]-> - [ State_211111111111111( L_pid, k, sc, secretid, lock ) ] - */ - -rule (modulo E) unlockYubikeyLpid_0_211111111111111[color=#805140, - process="unlock <'Yubikey', L_pid>;"]: - [ State_211111111111111( L_pid, k, sc, secretid, lock.1 ) ] - --[ - Unlock_1( '1', lock.1, <'Yubikey', L_pid> ), - Unlock( '1', lock.1, <'Yubikey', L_pid> ) - ]-> - [ State_2111111111111111( L_pid, k, sc, secretid, lock.1 ) ] - - /* - rule (modulo AC) unlockYubikeyLpid_0_211111111111111[color=#805140, - process="unlock <'Yubikey', L_pid>;"]: - [ State_211111111111111( L_pid, k, sc, secretid, lock ) ] - --[ - Unlock_1( '1', lock, <'Yubikey', L_pid> ), - Unlock( '1', lock, <'Yubikey', L_pid> ) - ]-> - [ State_2111111111111111( L_pid, k, sc, secretid, lock ) ] - */ - -rule (modulo E) p_0_2111111111111111[color=#805140, process="0"]: - [ State_2111111111111111( L_pid, k, sc, secretid, lock.1 ) ] --> [ ] - - /* - rule (modulo AC) p_0_2111111111111111[color=#805140, process="0"]: - [ State_2111111111111111( L_pid, k, sc, secretid, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_2111111111112[color=#805140, process="0"]: - [ State_2111111111112( L_pid, k, secretid, lock.1 ) ] --> [ ] - - /* - rule (modulo AC) p_0_2111111111112[color=#805140, process="0"]: - [ State_2111111111112( L_pid, k, secretid, lock ) ] --> [ ] - */ - -rule (modulo E) lockYubikeyLpid_0_21111111112[color=#805140, - process="lock <'Yubikey', L_pid>;"]: - [ State_21111111112( L_pid, k, secretid ), Fr( lock.2 ) ] - --[ - Lock_2( '2', lock.2, <'Yubikey', L_pid> ), - Lock( '2', lock.2, <'Yubikey', L_pid> ) - ]-> - [ State_211111111121( L_pid, k, secretid, lock.2 ) ] - - /* - rule (modulo AC) lockYubikeyLpid_0_21111111112[color=#805140, - process="lock <'Yubikey', L_pid>;"]: - [ State_21111111112( L_pid, k, secretid ), Fr( lock ) ] - --[ - Lock_2( '2', lock, <'Yubikey', L_pid> ), - Lock( '2', lock, <'Yubikey', L_pid> ) - ]-> - [ State_211111111121( L_pid, k, secretid, lock ) ] - */ - -rule (modulo E) lookupLYubikeyLpidastc_0_211111111121[color=#805140, - process="lookup <'L_Yubikey', L_pid> as tc"]: - [ State_211111111121( L_pid, k, secretid, lock.2 ) ] - --[ IsIn( <'L_Yubikey', L_pid>, tc ) ]-> - [ State_2111111111211( L_pid, k, secretid, tc, lock.2 ) ] - - /* - rule (modulo AC) lookupLYubikeyLpidastc_0_211111111121[color=#805140, - process="lookup <'L_Yubikey', L_pid> as tc"]: - [ State_211111111121( L_pid, k, secretid, lock ) ] - --[ IsIn( <'L_Yubikey', L_pid>, tc ) ]-> - [ State_2111111111211( L_pid, k, secretid, tc, lock ) ] - */ - -rule (modulo E) lookupLYubikeyLpidastc_1_211111111121[color=#805140, - process="lookup <'L_Yubikey', L_pid> as tc"]: - [ State_211111111121( L_pid, k, secretid, lock.2 ) ] - --[ IsNotSet( <'L_Yubikey', L_pid> ) ]-> - [ State_2111111111212( L_pid, k, secretid, lock.2 ) ] - - /* - rule (modulo AC) lookupLYubikeyLpidastc_1_211111111121[color=#805140, - process="lookup <'L_Yubikey', L_pid> as tc"]: - [ State_211111111121( L_pid, k, secretid, lock ) ] - --[ IsNotSet( <'L_Yubikey', L_pid> ) ]-> - [ State_2111111111212( L_pid, k, secretid, lock ) ] - */ - -rule (modulo E) intc_0_2111111111211[color=#805140, process="in(tc);"]: - [ State_2111111111211( L_pid, k, secretid, tc, lock.2 ), In( tc ) ] - --> - [ State_21111111112111( L_pid, k, secretid, tc, lock.2 ) ] - - /* - rule (modulo AC) intc_0_2111111111211[color=#805140, process="in(tc);"]: - [ State_2111111111211( L_pid, k, secretid, tc, lock ), In( tc ) ] - --> - [ State_21111111112111( L_pid, k, secretid, tc, lock ) ] - */ - -rule (modulo E) insertLYubikeyLpidonetc_0_21111111112111[color=#805140, - process="insert <'L_Yubikey', L_pid>,('one'+tc);"]: - [ State_21111111112111( L_pid, k, secretid, tc, lock.2 ) ] - --[ Insert( <'L_Yubikey', L_pid>, ('one'+tc) ) ]-> - [ State_211111111121111( L_pid, k, secretid, tc, lock.2 ) ] - - /* - rule (modulo AC) insertLYubikeyLpidonetc_0_21111111112111[color=#805140, - process="insert <'L_Yubikey', L_pid>,('one'+tc);"]: - [ State_21111111112111( L_pid, k, secretid, tc, lock ) ] - --[ Insert( <'L_Yubikey', L_pid>, ('one'+tc) ) ]-> - [ State_211111111121111( L_pid, k, secretid, tc, lock ) ] - */ - -rule (modulo E) newnonce_0_211111111121111[color=#805140, - process="new nonce;"]: - [ State_211111111121111( L_pid, k, secretid, tc, lock.2 ), Fr( nonce ) ] - --> - [ State_2111111111211111( L_pid, k, nonce, secretid, tc, lock.2 ) ] - - /* - rule (modulo AC) newnonce_0_211111111121111[color=#805140, - process="new nonce;"]: - [ State_211111111121111( L_pid, k, secretid, tc, lock ), Fr( nonce ) ] - --> - [ State_2111111111211111( L_pid, k, nonce, secretid, tc, lock ) ] - */ - -rule (modulo E) newnpr_0_2111111111211111[color=#805140, - process="new npr;"]: - [ - State_2111111111211111( L_pid, k, nonce, secretid, tc, lock.2 ), - Fr( npr ) - ] - --> - [ State_21111111112111111( L_pid, k, nonce, npr, secretid, tc, lock.2 ) ] - - /* - rule (modulo AC) newnpr_0_2111111111211111[color=#805140, - process="new npr;"]: - [ - State_2111111111211111( L_pid, k, nonce, secretid, tc, lock ), Fr( npr ) - ] - --> - [ State_21111111112111111( L_pid, k, nonce, npr, secretid, tc, lock ) ] - */ - -rule (modulo E) eventYubiPressLpidsecretidktc_0_21111111112111111[color=#805140, - process="event YubiPress( L_pid, secretid, k, tc );"]: - [ State_21111111112111111( L_pid, k, nonce, npr, secretid, tc, lock.2 ) ] - --[ YubiPress( L_pid, secretid, k, tc ) ]-> - [ State_211111111121111111( L_pid, k, nonce, npr, secretid, tc, lock.2 ) - ] - - /* - rule (modulo AC) eventYubiPressLpidsecretidktc_0_21111111112111111[color=#805140, - process="event YubiPress( L_pid, secretid, k, tc );"]: - [ State_21111111112111111( L_pid, k, nonce, npr, secretid, tc, lock ) ] - --[ YubiPress( L_pid, secretid, k, tc ) ]-> - [ State_211111111121111111( L_pid, k, nonce, npr, secretid, tc, lock ) ] - */ - -rule (modulo E) outLpidnoncesencsecretidtcnprk_0_211111111121111111[color=#805140, - process="out(, k)>);"]: - [ State_211111111121111111( L_pid, k, nonce, npr, secretid, tc, lock.2 ) - ] - --> - [ - State_2111111111211111111( L_pid, k, nonce, npr, secretid, tc, lock.2 ), - Out( , k)> ) - ] - - /* - rule (modulo AC) outLpidnoncesencsecretidtcnprk_0_211111111121111111[color=#805140, - process="out(, k)>);"]: - [ State_211111111121111111( L_pid, k, nonce, npr, secretid, tc, lock ) ] - --> - [ - State_2111111111211111111( L_pid, k, nonce, npr, secretid, tc, lock ), - Out( , k)> ) - ] - */ - -rule (modulo E) unlockYubikeyLpid_0_2111111111211111111[color=#805140, - process="unlock <'Yubikey', L_pid>;"]: - [ State_2111111111211111111( L_pid, k, nonce, npr, secretid, tc, lock.2 ) - ] - --[ - Unlock_2( '2', lock.2, <'Yubikey', L_pid> ), - Unlock( '2', lock.2, <'Yubikey', L_pid> ) - ]-> - [ - State_21111111112111111111( L_pid, k, nonce, npr, secretid, tc, lock.2 ) - ] - - /* - rule (modulo AC) unlockYubikeyLpid_0_2111111111211111111[color=#805140, - process="unlock <'Yubikey', L_pid>;"]: - [ State_2111111111211111111( L_pid, k, nonce, npr, secretid, tc, lock ) ] - --[ - Unlock_2( '2', lock, <'Yubikey', L_pid> ), - Unlock( '2', lock, <'Yubikey', L_pid> ) - ]-> - [ State_21111111112111111111( L_pid, k, nonce, npr, secretid, tc, lock ) - ] - */ - -rule (modulo E) p_0_21111111112111111111[color=#805140, process="0"]: - [ - State_21111111112111111111( L_pid, k, nonce, npr, secretid, tc, lock.2 ) - ] - --> - [ ] - - /* - rule (modulo AC) p_0_21111111112111111111[color=#805140, process="0"]: - [ State_21111111112111111111( L_pid, k, nonce, npr, secretid, tc, lock ) - ] - --> - [ ] - */ - -rule (modulo E) p_0_2111111111212[color=#805140, process="0"]: - [ State_2111111111212( L_pid, k, secretid, lock.2 ) ] --> [ ] - - /* - rule (modulo AC) p_0_2111111111212[color=#805140, process="0"]: - [ State_2111111111212( L_pid, k, secretid, lock ) ] --> [ ] - */ - -restriction set_in: - "∀ x y #t3. - (IsIn( x, y ) @ #t3) ⇒ - (∃ #t2. - ((Insert( x, y ) @ #t2) ∧ (#t2 < #t3)) ∧ - (∀ #t1 yp. - (Insert( x, yp ) @ #t1) ⇒ (((#t1 < #t2) ∨ (#t1 = #t2)) ∨ (#t3 < #t1))))" - -restriction set_notin: - "∀ x #t3. - (IsNotSet( x ) @ #t3) ⇒ (∀ #t1 y. (Insert( x, y ) @ #t1) ⇒ (#t3 < #t1))" - // safety formula - -restriction predicate_eq: - "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" - // safety formula - -restriction predicate_not_eq: - "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" - // safety formula - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -restriction locking_0: - "∀ p pp l x lp #t1 #t3. - ((Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_0( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - -restriction locking_1: - "∀ p pp l x lp #t1 #t3. - ((Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_1( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - -restriction locking_2: - "∀ p pp l x lp #t1 #t3. - ((Lock_2( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_2( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/slow/Yubikey/Yubikey.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/slow/Yubikey/Yubikey.spthy - - output: examples/sapic/slow/Yubikey/Yubikey.spthy.tmp - processing time: 29.963075732s - init_server (all-traces): verified (148 steps) - init_server_secrecy (all-traces): verified (191 steps) - init_yubikey (all-traces): verified (63 steps) - one_count_foreach_login (all-traces): verified (88 steps) - no_replay (all-traces): verified (2 steps) - injective_correspondance (all-traces): verified (13 steps) - Login_invalidates_smaller_counters (all-traces): verified (340 steps) - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/slow/Yubikey/Yubikey.spthy - - output: examples/sapic/slow/Yubikey/Yubikey.spthy.tmp - processing time: 29.963075732s - init_server (all-traces): verified (148 steps) - init_server_secrecy (all-traces): verified (191 steps) - init_yubikey (all-traces): verified (63 steps) - one_count_foreach_login (all-traces): verified (88 steps) - no_replay (all-traces): verified (2 steps) - injective_correspondance (all-traces): verified (13 steps) - Login_invalidates_smaller_counters (all-traces): verified (340 steps) - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks_analyzed.spthy b/case-studies-regression/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks_analyzed.spthy index b2ffcf166..783e578f3 100644 --- a/case-studies-regression/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks_analyzed.spthy +++ b/case-studies-regression/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks_analyzed.spthy @@ -2,7 +2,8 @@ theory EncWrapDecUnwrap begin // Function signature and definition of the equational theory E -functions: fst/1, pair/2, sdec/2, senc/2, snd/1 +functions: fst/1[destructor], pair/2, sdec/2[destructor], senc/2, + snd/1[destructor] equations: fst() = x.1, sdec(senc(x.1, x.2), x.2) = x.1, @@ -10,6 +11,10 @@ equations: heuristic: p + + + + lemma can_obtain_key: exists-trace "∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (K( k ) @ #j)" /* @@ -17,50 +22,50 @@ guarded formula characterizing all satisfying traces: "∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (K( k ) @ #j)" */ simplify -solve( State_1111111111( h, k ) ▶₀ #i ) - case newk_0_111111111 - solve( !KU( ~n.1 ) @ #vk ) - case outm_0_11112111111 +solve( State_1111111( ) ▶₀ #i ) + case p_1_ + solve( !KU( ~n.1 ) @ #vk.1 ) + case eventDecUsingkm_0_1111211111 solve( Insert( <'key', h>, k ) @ #t2 ) case insertkeyhk_0_11111111111 solve( State_11111111111( h, k ) ▶₀ #t2 ) - case eventNewKeyhk_0_1111111111 + case increate_0_1111111 solve( !KU( senc(t, ~n.3) ) @ #vk.4 ) - case outsenckk_0_112111111_case_1 + case eventWrapkk_0_11211111_case_1 solve( Insert( <'att', ~n.2>, 'dec' ) @ #t2.1 ) case insertatthdec_0_1111121111 solve( State_1111121111( a, ~n.2 ) ▶₀ #t2.1 ) case deleteatth_0_111112111 solve( !KU( ~n.2 ) @ #vk.4 ) - case outh_0_1111111111111 - solve( (#vr.56 < #t2.5) ∥ (#vr.56 = #t2.5) ) + case insertatthinit_0_111111111111 + solve( (#vr.23 < #t2.5) ∥ (#vr.23 = #t2.5) ) case case_2 solve( Insert( <'key', h2>, t ) @ #t2.3 ) case insertkeyhk_0_11111111111 solve( State_11111111111( h2, t ) ▶₀ #t2.3 ) - case eventNewKeyhk_0_1111111111 + case increate_0_1111111 solve( (#vl, 0) ~~> (#vk, 0) ) case Var_fresh_4_n solve( Insert( <'key', h1>, ~n.3 ) @ #t2.4 ) case insertkeyhk_0_11111111111 solve( State_11111111111( h1, ~n.3 ) ▶₀ #t2.4 ) - case eventNewKeyhk_0_1111111111 - solve( (#vr.45 < #t2.4) ∥ (#vr.40 < #vr.45) ) + case increate_0_1111111 + solve( (#vr.18 < #t2.4) ∥ (#vr.15 < #vr.18) ) case case_1 - solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ∥ (#vr.40 < #t2.1) ) + solve( (#t2.1 < #t2.4) ∥ (#t2.1 = #t2.4) ∥ (#vr.15 < #t2.1) ) case case_3 solve( Insert( <'att', ~n.2>, 'wrap' ) @ #t2.4 ) case insertatthwrap_0_11111121111 solve( State_11111121111( a, ~n.2 ) ▶₀ #t2.4 ) case deleteatth_0_1111112111 - solve( (#vr.45 < #t2.5) ∥ (#vr.58 < #vr.45) ) + solve( (#vr.18 < #t2.5) ∥ (#vr.25 < #vr.18) ) case case_2 - solve( (#t2.5 < #t2.2) ∥ (#t2.5 = #t2.2) ∥ (#vr.47 < #t2.5) ) + solve( (#t2.5 < #t2.2) ∥ (#t2.5 = #t2.2) ∥ (#vr.20 < #t2.5) ) case case_2 solve( Insert( <'att', ~n.2>, 'init' ) @ #t2.2 ) case insertatthinit_0_111111111111 solve( !KU( ~n ) @ #vk.8 ) - case outh_0_1111111111111 + case insertatthinit_0_111111111111 SOLVED // trace found qed qed @@ -85,669 +90,726 @@ solve( State_1111111111( h, k ) ▶₀ #i ) qed qed -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( ) ] --> [ State_111( ), State_112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( ) ] --> [ State_1111( ), State_1112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#ffffff, process="|"]: - [ State_1111( ) ] --> [ State_11111( ), State_11112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111[color=#ffffff, process="|"]: - [ State_11111( ) ] --> [ State_111111( ), State_111112( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111[color=#ffffff, process="|"]: - [ State_111111( ) ] --> [ State_1111111( ), State_1111112( ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ rule (modulo E) increate_0_1111111[color=#ffffff, process="in('create');"]: - [ State_1111111( ), In( 'create' ) ] --> [ State_11111111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newh_0_11111111[color=#ffffff, process="new h;"]: - [ State_11111111( ), Fr( h ) ] --> [ State_111111111( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_111111111[color=#ffffff, process="new k;"]: - [ State_111111111( h ), Fr( k ) ] --> [ State_1111111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventNewKeyhk_0_1111111111[color=#ffffff, - process="event NewKey( h, k );"]: - [ State_1111111111( h, k ) ] - --[ NewKey( h, k ) ]-> - [ State_11111111111( h, k ) ] - - /* has exactly the trivial AC variant */ + [ State_1111111( ), In( 'create' ), Fr( h.1 ), Fr( k.1 ) ] + --[ NewKey( h.1, k.1 ) ]-> + [ State_11111111111( h.1, k.1 ) ] + + /* + rule (modulo AC) increate_0_1111111[color=#ffffff, + process="in('create');"]: + [ State_1111111( ), In( 'create' ), Fr( h ), Fr( k ) ] + --[ NewKey( h, k ) ]-> + [ State_11111111111( h, k ) ] + */ rule (modulo E) insertkeyhk_0_11111111111[color=#ffffff, - process="insert <'key', h>,k;"]: - [ State_11111111111( h, k ) ] - --[ Insert( <'key', h>, k ) ]-> - [ State_111111111111( h, k ) ] - - /* has exactly the trivial AC variant */ + process="insert <'key', h.1>,k.1;"]: + [ State_11111111111( h.1, k.1 ) ] + --[ Insert( <'key', h.1>, k.1 ) ]-> + [ State_111111111111( h.1, k.1 ) ] + + /* + rule (modulo AC) insertkeyhk_0_11111111111[color=#ffffff, + process="insert <'key', h.1>,k.1;"]: + [ State_11111111111( h, k ) ] + --[ Insert( <'key', h>, k ) ]-> + [ State_111111111111( h, k ) ] + */ rule (modulo E) insertatthinit_0_111111111111[color=#ffffff, - process="insert <'att', h>,'init';"]: - [ State_111111111111( h, k ) ] - --[ Insert( <'att', h>, 'init' ) ]-> - [ State_1111111111111( h, k ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outh_0_1111111111111[color=#ffffff, process="out(h);"]: - [ State_1111111111111( h, k ) ] - --> - [ State_11111111111111( h, k ), Out( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111111[color=#ffffff, process="0"]: - [ State_11111111111111( h, k ) ] --> [ ] - - /* has exactly the trivial AC variant */ + process="insert <'att', h.1>,'init';"]: + [ State_111111111111( h.1, k.1 ) ] + --[ Insert( <'att', h.1>, 'init' ) ]-> + [ Out( h.1 ) ] + + /* + rule (modulo AC) insertatthinit_0_111111111111[color=#ffffff, + process="insert <'att', h.1>,'init';"]: + [ State_111111111111( h, k ) ] + --[ Insert( <'att', h>, 'init' ) ]-> + [ Out( h ) ] + */ rule (modulo E) insetwraph_0_1111112[color=#ffffff, - process="in(<'set_wrap', h>);"]: - [ State_1111112( ), In( <'set_wrap', h> ) ] --> [ State_11111121( h ) ] + process="in(<'set_wrap', h.2>);"]: + [ State_1111112( ), In( <'set_wrap', h.2> ) ] + --> + [ State_11111121( h.2 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insetwraph_0_1111112[color=#ffffff, + process="in(<'set_wrap', h.2>);"]: + [ State_1111112( ), In( <'set_wrap', h> ) ] --> [ State_11111121( h ) ] + */ rule (modulo E) lookupatthasa_0_11111121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_11111121( h ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_111111211( a, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_11111121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_11111121( h ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_111111212( h ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h.2> as a.1"]: + [ State_11111121( h.2 ) ] + --[ IsIn( <'att', h.2>, a.1 ) ]-> + [ State_111111211( a.1, h.2 ) ] + + /* + rule (modulo AC) lookupatthasa_0_11111121[color=#ffffff, + process="lookup <'att', h.2> as a.1"]: + [ State_11111121( h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_111111211( a, h ) ] + */ rule (modulo E) ifainit_0_111111211[color=#ffffff, - process="if a='init'"]: - [ State_111111211( a, h ) ] - --[ Pred_Eq( a, 'init' ) ]-> - [ State_1111112111( a, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifainit_1_111111211[color=#ffffff, - process="if a='init'"]: - [ State_111111211( a, h ) ] - --[ Pred_Not_Eq( a, 'init' ) ]-> - [ State_1111112112( a, h ) ] - - /* has exactly the trivial AC variant */ + process="if a.1='init'"]: + [ State_111111211( a.1, h.2 ) ] + --[ Pred_Eq( a.1, 'init' ) ]-> + [ State_1111112111( a.1, h.2 ) ] + + /* + rule (modulo AC) ifainit_0_111111211[color=#ffffff, + process="if a.1='init'"]: + [ State_111111211( a, h ) ] + --[ Pred_Eq( a, 'init' ) ]-> + [ State_1111112111( a, h ) ] + */ rule (modulo E) deleteatth_0_1111112111[color=#ffffff, - process="delete <'att', h>;"]: - [ State_1111112111( a, h ) ] - --[ Delete( <'att', h> ) ]-> - [ State_11111121111( a, h ) ] - - /* has exactly the trivial AC variant */ + process="delete <'att', h.2>;"]: + [ State_1111112111( a.1, h.2 ) ] + --[ Delete( <'att', h.2> ) ]-> + [ State_11111121111( a.1, h.2 ) ] + + /* + rule (modulo AC) deleteatth_0_1111112111[color=#ffffff, + process="delete <'att', h.2>;"]: + [ State_1111112111( a, h ) ] + --[ Delete( <'att', h> ) ]-> + [ State_11111121111( a, h ) ] + */ rule (modulo E) insertatthwrap_0_11111121111[color=#ffffff, - process="insert <'att', h>,'wrap';"]: - [ State_11111121111( a, h ) ] - --[ Insert( <'att', h>, 'wrap' ) ]-> - [ State_111111211111( a, h ) ] - - /* has exactly the trivial AC variant */ + process="insert <'att', h.2>,'wrap';"]: + [ State_11111121111( a.1, h.2 ) ] + --[ Insert( <'att', h.2>, 'wrap' ) ]-> + [ State_111111211111( a.1, h.2 ) ] + + /* + rule (modulo AC) insertatthwrap_0_11111121111[color=#ffffff, + process="insert <'att', h.2>,'wrap';"]: + [ State_11111121111( a, h ) ] + --[ Insert( <'att', h>, 'wrap' ) ]-> + [ State_111111211111( a, h ) ] + */ rule (modulo E) eventWrapHandleh_0_111111211111[color=#ffffff, - process="event WrapHandle( h );"]: - [ State_111111211111( a, h ) ] - --[ WrapHandle( h ) ]-> - [ State_1111112111111( a, h ) ] + process="event WrapHandle( h.2 );"]: + [ State_111111211111( a.1, h.2 ) ] --[ WrapHandle( h.2 ) ]-> [ ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111112111111[color=#ffffff, process="0"]: - [ State_1111112111111( a, h ) ] --> [ ] + /* + rule (modulo AC) eventWrapHandleh_0_111111211111[color=#ffffff, + process="event WrapHandle( h.2 );"]: + [ State_111111211111( a, h ) ] --[ WrapHandle( h ) ]-> [ ] + */ - /* has exactly the trivial AC variant */ +rule (modulo E) ifainit_1_111111211[color=#ffffff, + process="if a.1='init'"]: + [ State_111111211( a.1, h.2 ) ] --[ Pred_Not_Eq( a.1, 'init' ) ]-> [ ] -rule (modulo E) p_0_1111112112[color=#ffffff, process="0"]: - [ State_1111112112( a, h ) ] --> [ ] + /* + rule (modulo AC) ifainit_1_111111211[color=#ffffff, + process="if a.1='init'"]: + [ State_111111211( a, h ) ] --[ Pred_Not_Eq( a, 'init' ) ]-> [ ] + */ - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111212[color=#ffffff, process="0"]: - [ State_111111212( h ) ] --> [ ] +rule (modulo E) lookupatthasa_1_11111121[color=#ffffff, + process="lookup <'att', h.2> as a.1"]: + [ State_11111121( h.2 ) ] --[ IsNotSet( <'att', h.2> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_11111121[color=#ffffff, + process="lookup <'att', h.2> as a.1"]: + [ State_11111121( h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] + */ rule (modulo E) insetdech_0_111112[color=#ffffff, - process="in(<'set_dec', h>);"]: - [ State_111112( ), In( <'set_dec', h> ) ] --> [ State_1111121( h ) ] + process="in(<'set_dec', h.3>);"]: + [ State_111112( ), In( <'set_dec', h.3> ) ] --> [ State_1111121( h.3 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insetdech_0_111112[color=#ffffff, + process="in(<'set_dec', h.3>);"]: + [ State_111112( ), In( <'set_dec', h> ) ] --> [ State_1111121( h ) ] + */ rule (modulo E) lookupatthasa_0_1111121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1111121( h ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_11111211( a, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_1111121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_1111121( h ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_11111212( h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifainit_0_11111211[color=#ffffff, process="if a='init'"]: - [ State_11111211( a, h ) ] - --[ Pred_Eq( a, 'init' ) ]-> - [ State_111112111( a, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifainit_1_11111211[color=#ffffff, process="if a='init'"]: - [ State_11111211( a, h ) ] - --[ Pred_Not_Eq( a, 'init' ) ]-> - [ State_111112112( a, h ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h.3> as a.2"]: + [ State_1111121( h.3 ) ] + --[ IsIn( <'att', h.3>, a.2 ) ]-> + [ State_11111211( a.2, h.3 ) ] + + /* + rule (modulo AC) lookupatthasa_0_1111121[color=#ffffff, + process="lookup <'att', h.3> as a.2"]: + [ State_1111121( h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_11111211( a, h ) ] + */ + +rule (modulo E) ifainit_0_11111211[color=#ffffff, + process="if a.2='init'"]: + [ State_11111211( a.2, h.3 ) ] + --[ Pred_Eq( a.2, 'init' ) ]-> + [ State_111112111( a.2, h.3 ) ] + + /* + rule (modulo AC) ifainit_0_11111211[color=#ffffff, + process="if a.2='init'"]: + [ State_11111211( a, h ) ] + --[ Pred_Eq( a, 'init' ) ]-> + [ State_111112111( a, h ) ] + */ rule (modulo E) deleteatth_0_111112111[color=#ffffff, - process="delete <'att', h>;"]: - [ State_111112111( a, h ) ] - --[ Delete( <'att', h> ) ]-> - [ State_1111121111( a, h ) ] - - /* has exactly the trivial AC variant */ + process="delete <'att', h.3>;"]: + [ State_111112111( a.2, h.3 ) ] + --[ Delete( <'att', h.3> ) ]-> + [ State_1111121111( a.2, h.3 ) ] + + /* + rule (modulo AC) deleteatth_0_111112111[color=#ffffff, + process="delete <'att', h.3>;"]: + [ State_111112111( a, h ) ] + --[ Delete( <'att', h> ) ]-> + [ State_1111121111( a, h ) ] + */ rule (modulo E) insertatthdec_0_1111121111[color=#ffffff, - process="insert <'att', h>,'dec';"]: - [ State_1111121111( a, h ) ] - --[ Insert( <'att', h>, 'dec' ) ]-> - [ State_11111211111( a, h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111211111[color=#ffffff, process="0"]: - [ State_11111211111( a, h ) ] --> [ ] + process="insert <'att', h.3>,'dec';"]: + [ State_1111121111( a.2, h.3 ) ] + --[ Insert( <'att', h.3>, 'dec' ) ]-> + [ ] + + /* + rule (modulo AC) insertatthdec_0_1111121111[color=#ffffff, + process="insert <'att', h.3>,'dec';"]: + [ State_1111121111( a, h ) ] --[ Insert( <'att', h>, 'dec' ) ]-> [ ] + */ + +rule (modulo E) ifainit_1_11111211[color=#ffffff, + process="if a.2='init'"]: + [ State_11111211( a.2, h.3 ) ] --[ Pred_Not_Eq( a.2, 'init' ) ]-> [ ] + + /* + rule (modulo AC) ifainit_1_11111211[color=#ffffff, + process="if a.2='init'"]: + [ State_11111211( a, h ) ] --[ Pred_Not_Eq( a, 'init' ) ]-> [ ] + */ - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111112112[color=#ffffff, process="0"]: - [ State_111112112( a, h ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111212[color=#ffffff, process="0"]: - [ State_11111212( h ) ] --> [ ] +rule (modulo E) lookupatthasa_1_1111121[color=#ffffff, + process="lookup <'att', h.3> as a.2"]: + [ State_1111121( h.3 ) ] --[ IsNotSet( <'att', h.3> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_1111121[color=#ffffff, + process="lookup <'att', h.3> as a.2"]: + [ State_1111121( h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] + */ rule (modulo E) inhsencmk_0_11112[color=#ffffff, - process="in();"]: - [ State_11112( ), In( ) ] --> [ State_111121( h, k, m ) ] + process="in();"]: + [ State_11112( ), In( ) ] + --> + [ State_111121( m.1, k.2, h.4 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhsencmk_0_11112[color=#ffffff, + process="in();"]: + [ State_11112( ), In( ) ] --> [ State_111121( m, k, h ) ] + */ rule (modulo E) lookupatthasa_0_111121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_111121( h, k, m ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_1111211( a, h, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_111121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_111121( h, k, m ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_1111212( h, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_0_1111211[color=#ffffff, process="if a='dec'"]: - [ State_1111211( a, h, k, m ) ] - --[ Pred_Eq( a, 'dec' ) ]-> - [ State_11112111( a, h, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_1_1111211[color=#ffffff, process="if a='dec'"]: - [ State_1111211( a, h, k, m ) ] - --[ Pred_Not_Eq( a, 'dec' ) ]-> - [ State_11112112( a, h, k, m ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h.4> as a.3"]: + [ State_111121( m.1, k.2, h.4 ) ] + --[ IsIn( <'att', h.4>, a.3 ) ]-> + [ State_1111211( m.1, k.2, a.3, h.4 ) ] + + /* + rule (modulo AC) lookupatthasa_0_111121[color=#ffffff, + process="lookup <'att', h.4> as a.3"]: + [ State_111121( m, k, h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_1111211( m, k, a, h ) ] + */ + +rule (modulo E) ifadec_0_1111211[color=#ffffff, process="if a.3='dec'"]: + [ State_1111211( m.1, k.2, a.3, h.4 ) ] + --[ Pred_Eq( a.3, 'dec' ) ]-> + [ State_11112111( m.1, k.2, a.3, h.4 ) ] + + /* + rule (modulo AC) ifadec_0_1111211[color=#ffffff, process="if a.3='dec'"]: + [ State_1111211( m, k, a, h ) ] + --[ Pred_Eq( a, 'dec' ) ]-> + [ State_11112111( m, k, a, h ) ] + */ rule (modulo E) lookupkeyhaskp_0_11112111[color=#ffffff, - process="lookup <'key', h> as kp"]: - [ State_11112111( a, h, k, m ) ] - --[ IsIn( <'key', h>, kp ) ]-> - [ State_111121111( a, h, k, kp, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhaskp_1_11112111[color=#ffffff, - process="lookup <'key', h> as kp"]: - [ State_11112111( a, h, k, m ) ] - --[ IsNotSet( <'key', h> ) ]-> - [ State_111121112( a, h, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifkpk_0_111121111[color=#ffffff, process="if kp=k"]: - [ State_111121111( a, h, k, kp, m ) ] - --[ Pred_Eq( kp, k ) ]-> - [ State_1111211111( a, h, k, kp, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifkpk_1_111121111[color=#ffffff, process="if kp=k"]: - [ State_111121111( a, h, k, kp, m ) ] - --[ Pred_Not_Eq( kp, k ) ]-> - [ State_1111211112( a, h, k, kp, m ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h.4> as kp.1"]: + [ State_11112111( m.1, k.2, a.3, h.4 ) ] + --[ IsIn( <'key', h.4>, kp.1 ) ]-> + [ State_111121111( kp.1, m.1, k.2, a.3, h.4 ) ] + + /* + rule (modulo AC) lookupkeyhaskp_0_11112111[color=#ffffff, + process="lookup <'key', h.4> as kp.1"]: + [ State_11112111( m, k, a, h ) ] + --[ IsIn( <'key', h>, kp ) ]-> + [ State_111121111( kp, m, k, a, h ) ] + */ + +rule (modulo E) ifkpk_0_111121111[color=#ffffff, process="if kp.1=k.2"]: + [ State_111121111( kp.1, m.1, k.2, a.3, h.4 ) ] + --[ Pred_Eq( kp.1, k.2 ) ]-> + [ State_1111211111( kp.1, m.1, k.2, a.3, h.4 ) ] + + /* + rule (modulo AC) ifkpk_0_111121111[color=#ffffff, process="if kp.1=k.2"]: + [ State_111121111( kp, m, k, a, h ) ] + --[ Pred_Eq( kp, k ) ]-> + [ State_1111211111( kp, m, k, a, h ) ] + */ rule (modulo E) eventDecUsingkm_0_1111211111[color=#ffffff, - process="event DecUsing( k, m );"]: - [ State_1111211111( a, h, k, kp, m ) ] - --[ DecUsing( k, m ) ]-> - [ State_11112111111( a, h, k, kp, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outm_0_11112111111[color=#ffffff, process="out(m);"]: - [ State_11112111111( a, h, k, kp, m ) ] - --> - [ State_111121111111( a, h, k, kp, m ), Out( m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111121111111[color=#ffffff, process="0"]: - [ State_111121111111( a, h, k, kp, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ + process="event DecUsing( k.2, m.1 );"]: + [ State_1111211111( kp.1, m.1, k.2, a.3, h.4 ) ] + --[ DecUsing( k.2, m.1 ) ]-> + [ Out( m.1 ) ] + + /* + rule (modulo AC) eventDecUsingkm_0_1111211111[color=#ffffff, + process="event DecUsing( k.2, m.1 );"]: + [ State_1111211111( kp, m, k, a, h ) ] + --[ DecUsing( k, m ) ]-> + [ Out( m ) ] + */ + +rule (modulo E) ifkpk_1_111121111[color=#ffffff, process="if kp.1=k.2"]: + [ State_111121111( kp.1, m.1, k.2, a.3, h.4 ) ] + --[ Pred_Not_Eq( kp.1, k.2 ) ]-> + [ ] + + /* + rule (modulo AC) ifkpk_1_111121111[color=#ffffff, process="if kp.1=k.2"]: + [ State_111121111( kp, m, k, a, h ) ] --[ Pred_Not_Eq( kp, k ) ]-> [ ] + */ -rule (modulo E) p_0_1111211112[color=#ffffff, process="0"]: - [ State_1111211112( a, h, k, kp, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111121112[color=#ffffff, process="0"]: - [ State_111121112( a, h, k, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11112112[color=#ffffff, process="0"]: - [ State_11112112( a, h, k, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ +rule (modulo E) lookupkeyhaskp_1_11112111[color=#ffffff, + process="lookup <'key', h.4> as kp.1"]: + [ State_11112111( m.1, k.2, a.3, h.4 ) ] + --[ IsNotSet( <'key', h.4> ) ]-> + [ ] + + /* + rule (modulo AC) lookupkeyhaskp_1_11112111[color=#ffffff, + process="lookup <'key', h.4> as kp.1"]: + [ State_11112111( m, k, a, h ) ] --[ IsNotSet( <'key', h> ) ]-> [ ] + */ + +rule (modulo E) ifadec_1_1111211[color=#ffffff, process="if a.3='dec'"]: + [ State_1111211( m.1, k.2, a.3, h.4 ) ] + --[ Pred_Not_Eq( a.3, 'dec' ) ]-> + [ ] + + /* + rule (modulo AC) ifadec_1_1111211[color=#ffffff, process="if a.3='dec'"]: + [ State_1111211( m, k, a, h ) ] --[ Pred_Not_Eq( a, 'dec' ) ]-> [ ] + */ -rule (modulo E) p_0_1111212[color=#ffffff, process="0"]: - [ State_1111212( h, k, m ) ] --> [ ] +rule (modulo E) lookupatthasa_1_111121[color=#ffffff, + process="lookup <'att', h.4> as a.3"]: + [ State_111121( m.1, k.2, h.4 ) ] --[ IsNotSet( <'att', h.4> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_111121[color=#ffffff, + process="lookup <'att', h.4> as a.3"]: + [ State_111121( m, k, h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] + */ -rule (modulo E) inhm_0_1112[color=#ffffff, process="in();"]: - [ State_1112( ), In( ) ] --> [ State_11121( h, m ) ] +rule (modulo E) inhm_0_1112[color=#ffffff, process="in();"]: + [ State_1112( ), In( ) ] --> [ State_11121( m.2, h.5 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhm_0_1112[color=#ffffff, process="in();"]: + [ State_1112( ), In( ) ] --> [ State_11121( m, h ) ] + */ rule (modulo E) lookupatthasa_0_11121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_11121( h, m ) ] - --[ IsIn( <'att', h>, a ) ]-> - [ State_111211( a, h, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_11121[color=#ffffff, - process="lookup <'att', h> as a"]: - [ State_11121( h, m ) ] - --[ IsNotSet( <'att', h> ) ]-> - [ State_111212( h, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_0_111211[color=#ffffff, process="if a='dec'"]: - [ State_111211( a, h, m ) ] - --[ Pred_Eq( a, 'dec' ) ]-> - [ State_1112111( a, h, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifadec_1_111211[color=#ffffff, process="if a='dec'"]: - [ State_111211( a, h, m ) ] - --[ Pred_Not_Eq( a, 'dec' ) ]-> - [ State_1112112( a, h, m ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h.5> as a.4"]: + [ State_11121( m.2, h.5 ) ] + --[ IsIn( <'att', h.5>, a.4 ) ]-> + [ State_111211( m.2, a.4, h.5 ) ] + + /* + rule (modulo AC) lookupatthasa_0_11121[color=#ffffff, + process="lookup <'att', h.5> as a.4"]: + [ State_11121( m, h ) ] + --[ IsIn( <'att', h>, a ) ]-> + [ State_111211( m, a, h ) ] + */ + +rule (modulo E) ifadec_0_111211[color=#ffffff, process="if a.4='dec'"]: + [ State_111211( m.2, a.4, h.5 ) ] + --[ Pred_Eq( a.4, 'dec' ) ]-> + [ State_1112111( m.2, a.4, h.5 ) ] + + /* + rule (modulo AC) ifadec_0_111211[color=#ffffff, process="if a.4='dec'"]: + [ State_111211( m, a, h ) ] + --[ Pred_Eq( a, 'dec' ) ]-> + [ State_1112111( m, a, h ) ] + */ rule (modulo E) lookupkeyhask_0_1112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_1112111( a, h, m ) ] - --[ IsIn( <'key', h>, k ) ]-> - [ State_11121111( a, h, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_1112111[color=#ffffff, - process="lookup <'key', h> as k"]: - [ State_1112111( a, h, m ) ] - --[ IsNotSet( <'key', h> ) ]-> - [ State_11121112( a, h, m ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h.5> as k.3"]: + [ State_1112111( m.2, a.4, h.5 ) ] + --[ IsIn( <'key', h.5>, k.3 ) ]-> + [ State_11121111( m.2, k.3, a.4, h.5 ) ] + + /* + rule (modulo AC) lookupkeyhask_0_1112111[color=#ffffff, + process="lookup <'key', h.5> as k.3"]: + [ State_1112111( m, a, h ) ] + --[ IsIn( <'key', h>, k ) ]-> + [ State_11121111( m, k, a, h ) ] + */ rule (modulo E) eventEncUsingkm_0_11121111[color=#ffffff, - process="event EncUsing( k, m );"]: - [ State_11121111( a, h, k, m ) ] - --[ EncUsing( k, m ) ]-> - [ State_111211111( a, h, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsencmk_0_111211111[color=#ffffff, - process="out(senc(m, k));"]: - [ State_111211111( a, h, k, m ) ] - --> - [ State_1112111111( a, h, k, m ), Out( senc(m, k) ) ] + process="event EncUsing( k.3, m.2 );"]: + [ State_11121111( m.2, k.3, a.4, h.5 ) ] + --[ EncUsing( k.3, m.2 ) ]-> + [ Out( senc(m.2, k.3) ) ] + + /* + rule (modulo AC) eventEncUsingkm_0_11121111[color=#ffffff, + process="event EncUsing( k.3, m.2 );"]: + [ State_11121111( m, k, a, h ) ] + --[ EncUsing( k, m ) ]-> + [ Out( senc(m, k) ) ] + */ - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1112111111[color=#ffffff, process="0"]: - [ State_1112111111( a, h, k, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ +rule (modulo E) lookupkeyhask_1_1112111[color=#ffffff, + process="lookup <'key', h.5> as k.3"]: + [ State_1112111( m.2, a.4, h.5 ) ] --[ IsNotSet( <'key', h.5> ) ]-> [ ] -rule (modulo E) p_0_11121112[color=#ffffff, process="0"]: - [ State_11121112( a, h, m ) ] --> [ ] + /* + rule (modulo AC) lookupkeyhask_1_1112111[color=#ffffff, + process="lookup <'key', h.5> as k.3"]: + [ State_1112111( m, a, h ) ] --[ IsNotSet( <'key', h> ) ]-> [ ] + */ - /* has exactly the trivial AC variant */ +rule (modulo E) ifadec_1_111211[color=#ffffff, process="if a.4='dec'"]: + [ State_111211( m.2, a.4, h.5 ) ] --[ Pred_Not_Eq( a.4, 'dec' ) ]-> [ ] -rule (modulo E) p_0_1112112[color=#ffffff, process="0"]: - [ State_1112112( a, h, m ) ] --> [ ] + /* + rule (modulo AC) ifadec_1_111211[color=#ffffff, process="if a.4='dec'"]: + [ State_111211( m, a, h ) ] --[ Pred_Not_Eq( a, 'dec' ) ]-> [ ] + */ - /* has exactly the trivial AC variant */ +rule (modulo E) lookupatthasa_1_11121[color=#ffffff, + process="lookup <'att', h.5> as a.4"]: + [ State_11121( m.2, h.5 ) ] --[ IsNotSet( <'att', h.5> ) ]-> [ ] -rule (modulo E) p_0_111212[color=#ffffff, process="0"]: - [ State_111212( h, m ) ] --> [ ] + /* + rule (modulo AC) lookupatthasa_1_11121[color=#ffffff, + process="lookup <'att', h.5> as a.4"]: + [ State_11121( m, h ) ] --[ IsNotSet( <'att', h> ) ]-> [ ] + */ - /* has exactly the trivial AC variant */ +rule (modulo E) inhh_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( h1.1, h2.1 ) ] -rule (modulo E) inhh_0_112[color=#ffffff, process="in();"]: - [ State_112( ), In( ) ] --> [ State_1121( h1, h2 ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhh_0_112[color=#ffffff, process="in();"]: + [ State_112( ), In( ) ] --> [ State_1121( h1, h2 ) ] + */ rule (modulo E) lookupatthasa_0_1121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_1121( h1, h2 ) ] - --[ IsIn( <'att', h1>, a1 ) ]-> - [ State_11211( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_1121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_1121( h1, h2 ) ] - --[ IsNotSet( <'att', h1> ) ]-> - [ State_11212( h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_0_11211[color=#ffffff, process="if a1='wrap'"]: - [ State_11211( a1, h1, h2 ) ] - --[ Pred_Eq( a1, 'wrap' ) ]-> - [ State_112111( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_1_11211[color=#ffffff, process="if a1='wrap'"]: - [ State_11211( a1, h1, h2 ) ] - --[ Pred_Not_Eq( a1, 'wrap' ) ]-> - [ State_112112( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h1.1> as a1.1"]: + [ State_1121( h1.1, h2.1 ) ] + --[ IsIn( <'att', h1.1>, a1.1 ) ]-> + [ State_11211( a1.1, h1.1, h2.1 ) ] + + /* + rule (modulo AC) lookupatthasa_0_1121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_1121( h1, h2 ) ] + --[ IsIn( <'att', h1>, a1 ) ]-> + [ State_11211( a1, h1, h2 ) ] + */ + +rule (modulo E) ifawrap_0_11211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_11211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Eq( a1.1, 'wrap' ) ]-> + [ State_112111( a1.1, h1.1, h2.1 ) ] + + /* + rule (modulo AC) ifawrap_0_11211[color=#ffffff, + process="if a1.1='wrap'"]: + [ State_11211( a1, h1, h2 ) ] + --[ Pred_Eq( a1, 'wrap' ) ]-> + [ State_112111( a1, h1, h2 ) ] + */ rule (modulo E) lookupkeyhask_0_112111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_112111( a1, h1, h2 ) ] - --[ IsIn( <'key', h1>, k1 ) ]-> - [ State_1121111( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_112111( a1, h1, h2 ) ] - --[ IsNotSet( <'key', h1> ) ]-> - [ State_1121112( a1, h1, h2 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h1.1> as k1.1"]: + [ State_112111( a1.1, h1.1, h2.1 ) ] + --[ IsIn( <'key', h1.1>, k1.1 ) ]-> + [ State_1121111( a1.1, h1.1, h2.1, k1.1 ) ] + + /* + rule (modulo AC) lookupkeyhask_0_112111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_112111( a1, h1, h2 ) ] + --[ IsIn( <'key', h1>, k1 ) ]-> + [ State_1121111( a1, h1, h2, k1 ) ] + */ rule (modulo E) lookupkeyhask_0_1121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_1121111( a1, h1, h2, k1 ) ] - --[ IsIn( <'key', h2>, k2 ) ]-> - [ State_11211111( a1, h1, h2, k1, k2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_1121111[color=#ffffff, - process="lookup <'key', h2> as k2"]: - [ State_1121111( a1, h1, h2, k1 ) ] - --[ IsNotSet( <'key', h2> ) ]-> - [ State_11211112( a1, h1, h2, k1 ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h2.1> as k2.1"]: + [ State_1121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsIn( <'key', h2.1>, k2.1 ) ]-> + [ State_11211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] + + /* + rule (modulo AC) lookupkeyhask_0_1121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_1121111( a1, h1, h2, k1 ) ] + --[ IsIn( <'key', h2>, k2 ) ]-> + [ State_11211111( a1, h1, h2, k1, k2 ) ] + */ rule (modulo E) eventWrapkk_0_11211111[color=#ffffff, - process="event Wrap( k1, k2 );"]: - [ State_11211111( a1, h1, h2, k1, k2 ) ] - --[ Wrap( k1, k2 ) ]-> - [ State_112111111( a1, h1, h2, k1, k2 ) ] + process="event Wrap( k1.1, k2.1 );"]: + [ State_11211111( a1.1, h1.1, h2.1, k1.1, k2.1 ) ] + --[ Wrap( k1.1, k2.1 ) ]-> + [ Out( senc(k2.1, k1.1) ) ] + + /* + rule (modulo AC) eventWrapkk_0_11211111[color=#ffffff, + process="event Wrap( k1.1, k2.1 );"]: + [ State_11211111( a1, h1, h2, k1, k2 ) ] + --[ Wrap( k1, k2 ) ]-> + [ Out( senc(k2, k1) ) ] + */ - /* has exactly the trivial AC variant */ - -rule (modulo E) outsenckk_0_112111111[color=#ffffff, - process="out(senc(k2, k1));"]: - [ State_112111111( a1, h1, h2, k1, k2 ) ] - --> - [ State_1121111111( a1, h1, h2, k1, k2 ), Out( senc(k2, k1) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1121111111[color=#ffffff, process="0"]: - [ State_1121111111( a1, h1, h2, k1, k2 ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11211112[color=#ffffff, process="0"]: - [ State_11211112( a1, h1, h2, k1 ) ] --> [ ] - - /* has exactly the trivial AC variant */ +rule (modulo E) lookupkeyhask_1_1121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_1121111( a1.1, h1.1, h2.1, k1.1 ) ] + --[ IsNotSet( <'key', h2.1> ) ]-> + [ ] -rule (modulo E) p_0_1121112[color=#ffffff, process="0"]: - [ State_1121112( a1, h1, h2 ) ] --> [ ] + /* + rule (modulo AC) lookupkeyhask_1_1121111[color=#ffffff, + process="lookup <'key', h2.1> as k2.1"]: + [ State_1121111( a1, h1, h2, k1 ) ] --[ IsNotSet( <'key', h2> ) ]-> [ ] + */ - /* has exactly the trivial AC variant */ +rule (modulo E) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_112111( a1.1, h1.1, h2.1 ) ] + --[ IsNotSet( <'key', h1.1> ) ]-> + [ ] + + /* + rule (modulo AC) lookupkeyhask_1_112111[color=#ffffff, + process="lookup <'key', h1.1> as k1.1"]: + [ State_112111( a1, h1, h2 ) ] --[ IsNotSet( <'key', h1> ) ]-> [ ] + */ + +rule (modulo E) ifawrap_1_11211[color=#ffffff, process="if a1.1='wrap'"]: + [ State_11211( a1.1, h1.1, h2.1 ) ] + --[ Pred_Not_Eq( a1.1, 'wrap' ) ]-> + [ ] + + /* + rule (modulo AC) ifawrap_1_11211[color=#ffffff, + process="if a1.1='wrap'"]: + [ State_11211( a1, h1, h2 ) ] --[ Pred_Not_Eq( a1, 'wrap' ) ]-> [ ] + */ -rule (modulo E) p_0_112112[color=#ffffff, process="0"]: - [ State_112112( a1, h1, h2 ) ] --> [ ] +rule (modulo E) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_1121( h1.1, h2.1 ) ] --[ IsNotSet( <'att', h1.1> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_1121[color=#ffffff, + process="lookup <'att', h1.1> as a1.1"]: + [ State_1121( h1, h2 ) ] --[ IsNotSet( <'att', h1> ) ]-> [ ] + */ -rule (modulo E) p_0_11212[color=#ffffff, process="0"]: - [ State_11212( h1, h2 ) ] --> [ ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] + --> + [ + State_1111111( ), State_1111112( ), State_111112( ), State_11112( ), + State_1112( ), State_112( ), State_12( ) + ] /* has exactly the trivial AC variant */ rule (modulo E) inhsencmk_0_12[color=#ffffff, - process="in();"]: - [ State_12( ), In( ) ] --> [ State_121( h1, k, m ) ] + process="in();"]: + [ State_12( ), In( ) ] + --> + [ State_121( h1.2, m.3, k.4 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) inhsencmk_0_12[color=#ffffff, + process="in();"]: + [ State_12( ), In( ) ] --> [ State_121( h1, m, k ) ] + */ rule (modulo E) lookupatthasa_0_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, k, m ) ] - --[ IsIn( <'att', h1>, a1 ) ]-> - [ State_1211( a1, h1, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupatthasa_1_121[color=#ffffff, - process="lookup <'att', h1> as a1"]: - [ State_121( h1, k, m ) ] - --[ IsNotSet( <'att', h1> ) ]-> - [ State_1212( h1, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, k, m ) ] - --[ Pred_Eq( a1, 'wrap' ) ]-> - [ State_12111( a1, h1, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1='wrap'"]: - [ State_1211( a1, h1, k, m ) ] - --[ Pred_Not_Eq( a1, 'wrap' ) ]-> - [ State_12112( a1, h1, k, m ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'att', h1.2> as a1.2"]: + [ State_121( h1.2, m.3, k.4 ) ] + --[ IsIn( <'att', h1.2>, a1.2 ) ]-> + [ State_1211( a1.2, h1.2, m.3, k.4 ) ] + + /* + rule (modulo AC) lookupatthasa_0_121[color=#ffffff, + process="lookup <'att', h1.2> as a1.2"]: + [ State_121( h1, m, k ) ] + --[ IsIn( <'att', h1>, a1 ) ]-> + [ State_1211( a1, h1, m, k ) ] + */ + +rule (modulo E) ifawrap_0_1211[color=#ffffff, process="if a1.2='wrap'"]: + [ State_1211( a1.2, h1.2, m.3, k.4 ) ] + --[ Pred_Eq( a1.2, 'wrap' ) ]-> + [ State_12111( a1.2, h1.2, m.3, k.4 ) ] + + /* + rule (modulo AC) ifawrap_0_1211[color=#ffffff, process="if a1.2='wrap'"]: + [ State_1211( a1, h1, m, k ) ] + --[ Pred_Eq( a1, 'wrap' ) ]-> + [ State_12111( a1, h1, m, k ) ] + */ rule (modulo E) lookupkeyhask_0_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, k, m ) ] - --[ IsIn( <'key', h1>, k1 ) ]-> - [ State_121111( a1, h1, k, k1, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, - process="lookup <'key', h1> as k1"]: - [ State_12111( a1, h1, k, m ) ] - --[ IsNotSet( <'key', h1> ) ]-> - [ State_121112( a1, h1, k, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifkk_0_121111[color=#ffffff, process="if k1=k"]: - [ State_121111( a1, h1, k, k1, m ) ] - --[ Pred_Eq( k1, k ) ]-> - [ State_1211111( a1, h1, k, k1, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) ifkk_1_121111[color=#ffffff, process="if k1=k"]: - [ State_121111( a1, h1, k, k1, m ) ] - --[ Pred_Not_Eq( k1, k ) ]-> - [ State_1211112( a1, h1, k, k1, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newh_0_1211111[color=#ffffff, process="new h2;"]: - [ State_1211111( a1, h1, k, k1, m ), Fr( h2 ) ] - --> - [ State_12111111( a1, h1, h2, k, k1, m ) ] - - /* has exactly the trivial AC variant */ + process="lookup <'key', h1.2> as k1.2"]: + [ State_12111( a1.2, h1.2, m.3, k.4 ) ] + --[ IsIn( <'key', h1.2>, k1.2 ) ]-> + [ State_121111( a1.2, h1.2, k1.2, m.3, k.4 ) ] + + /* + rule (modulo AC) lookupkeyhask_0_12111[color=#ffffff, + process="lookup <'key', h1.2> as k1.2"]: + [ State_12111( a1, h1, m, k ) ] + --[ IsIn( <'key', h1>, k1 ) ]-> + [ State_121111( a1, h1, k1, m, k ) ] + */ + +rule (modulo E) ifkk_0_121111[color=#ffffff, process="if k1.2=k.4"]: + [ State_121111( a1.2, h1.2, k1.2, m.3, k.4 ), Fr( h2.2 ) ] + --[ Pred_Eq( k1.2, k.4 ) ]-> + [ State_12111111( a1.2, h1.2, h2.2, k1.2, m.3, k.4 ) ] + + /* + rule (modulo AC) ifkk_0_121111[color=#ffffff, process="if k1.2=k.4"]: + [ State_121111( a1, h1, k1, m, k ), Fr( h2 ) ] + --[ Pred_Eq( k1, k ) ]-> + [ State_12111111( a1, h1, h2, k1, m, k ) ] + */ rule (modulo E) eventUnwrappedhm_0_12111111[color=#ffffff, - process="event Unwrapped( h2, m );"]: - [ State_12111111( a1, h1, h2, k, k1, m ) ] - --[ Unwrapped( h2, m ) ]-> - [ State_121111111( a1, h1, h2, k, k1, m ) ] - - /* has exactly the trivial AC variant */ + process="event Unwrapped( h2.2, m.3 );"]: + [ State_12111111( a1.2, h1.2, h2.2, k1.2, m.3, k.4 ) ] + --[ Unwrapped( h2.2, m.3 ) ]-> + [ State_121111111( a1.2, h1.2, h2.2, k1.2, m.3, k.4 ) ] + + /* + rule (modulo AC) eventUnwrappedhm_0_12111111[color=#ffffff, + process="event Unwrapped( h2.2, m.3 );"]: + [ State_12111111( a1, h1, h2, k1, m, k ) ] + --[ Unwrapped( h2, m ) ]-> + [ State_121111111( a1, h1, h2, k1, m, k ) ] + */ rule (modulo E) insertkeyhm_0_121111111[color=#ffffff, - process="insert <'key', h2>,m;"]: - [ State_121111111( a1, h1, h2, k, k1, m ) ] - --[ Insert( <'key', h2>, m ) ]-> - [ State_1211111111( a1, h1, h2, k, k1, m ) ] - - /* has exactly the trivial AC variant */ + process="insert <'key', h2.2>,m.3;"]: + [ State_121111111( a1.2, h1.2, h2.2, k1.2, m.3, k.4 ) ] + --[ Insert( <'key', h2.2>, m.3 ) ]-> + [ State_1211111111( a1.2, h1.2, h2.2, k1.2, m.3, k.4 ) ] + + /* + rule (modulo AC) insertkeyhm_0_121111111[color=#ffffff, + process="insert <'key', h2.2>,m.3;"]: + [ State_121111111( a1, h1, h2, k1, m, k ) ] + --[ Insert( <'key', h2>, m ) ]-> + [ State_1211111111( a1, h1, h2, k1, m, k ) ] + */ rule (modulo E) insertattrhwrap_0_1211111111[color=#ffffff, - process="insert <'attr', h2>,'wrap';"]: - [ State_1211111111( a1, h1, h2, k, k1, m ) ] - --[ Insert( <'attr', h2>, 'wrap' ) ]-> - [ State_12111111111( a1, h1, h2, k, k1, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12111111111[color=#ffffff, process="0"]: - [ State_12111111111( a1, h1, h2, k, k1, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1211112[color=#ffffff, process="0"]: - [ State_1211112( a1, h1, k, k1, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ + process="insert <'attr', h2.2>,'wrap';"]: + [ State_1211111111( a1.2, h1.2, h2.2, k1.2, m.3, k.4 ) ] + --[ Insert( <'attr', h2.2>, 'wrap' ) ]-> + [ ] + + /* + rule (modulo AC) insertattrhwrap_0_1211111111[color=#ffffff, + process="insert <'attr', h2.2>,'wrap';"]: + [ State_1211111111( a1, h1, h2, k1, m, k ) ] + --[ Insert( <'attr', h2>, 'wrap' ) ]-> + [ ] + */ + +rule (modulo E) ifkk_1_121111[color=#ffffff, process="if k1.2=k.4"]: + [ State_121111( a1.2, h1.2, k1.2, m.3, k.4 ) ] + --[ Pred_Not_Eq( k1.2, k.4 ) ]-> + [ ] + + /* + rule (modulo AC) ifkk_1_121111[color=#ffffff, process="if k1.2=k.4"]: + [ State_121111( a1, h1, k1, m, k ) ] --[ Pred_Not_Eq( k1, k ) ]-> [ ] + */ -rule (modulo E) p_0_121112[color=#ffffff, process="0"]: - [ State_121112( a1, h1, k, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12112[color=#ffffff, process="0"]: - [ State_12112( a1, h1, k, m ) ] --> [ ] - - /* has exactly the trivial AC variant */ +rule (modulo E) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.2> as k1.2"]: + [ State_12111( a1.2, h1.2, m.3, k.4 ) ] + --[ IsNotSet( <'key', h1.2> ) ]-> + [ ] + + /* + rule (modulo AC) lookupkeyhask_1_12111[color=#ffffff, + process="lookup <'key', h1.2> as k1.2"]: + [ State_12111( a1, h1, m, k ) ] --[ IsNotSet( <'key', h1> ) ]-> [ ] + */ + +rule (modulo E) ifawrap_1_1211[color=#ffffff, process="if a1.2='wrap'"]: + [ State_1211( a1.2, h1.2, m.3, k.4 ) ] + --[ Pred_Not_Eq( a1.2, 'wrap' ) ]-> + [ ] + + /* + rule (modulo AC) ifawrap_1_1211[color=#ffffff, process="if a1.2='wrap'"]: + [ State_1211( a1, h1, m, k ) ] --[ Pred_Not_Eq( a1, 'wrap' ) ]-> [ ] + */ -rule (modulo E) p_0_1212[color=#ffffff, process="0"]: - [ State_1212( h1, k, m ) ] --> [ ] +rule (modulo E) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.2> as a1.2"]: + [ State_121( h1.2, m.3, k.4 ) ] --[ IsNotSet( <'att', h1.2> ) ]-> [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupatthasa_1_121[color=#ffffff, + process="lookup <'att', h1.2> as a1.2"]: + [ State_121( h1, m, k ) ] --[ IsNotSet( <'att', h1> ) ]-> [ ] + */ restriction set_in: "∀ x y #t3. @@ -783,7 +845,7 @@ restriction single_session: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -793,7 +855,7 @@ analyzing: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy analyzed: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy output: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy.tmp - processing time: 291.638676862s + processing time: 1002.717088171s can_obtain_key (exists-trace): verified (24 steps) ------------------------------------------------------------------------------ @@ -804,7 +866,7 @@ summary of summaries: analyzed: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy output: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy.tmp - processing time: 291.638676862s + processing time: 1002.717088171s can_obtain_key (exists-trace): verified (24 steps) ============================================================================== diff --git a/case-studies-regression/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap_analyzed.spthy b/case-studies-regression/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap_analyzed.spthy index ec08d7bcd..01fffe8fb 100644 --- a/case-studies-regression/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap_analyzed.spthy +++ b/case-studies-regression/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap_analyzed.spthy @@ -2,10 +2,10 @@ theory EncWrapDecUnwrap begin // Function signature and definition of the equational theory E -functions: att/1, fst/1, key/1, pair/2, sdec/2, senc/2, sencSucc/2, - snd/1, true/0 +functions: attC/1, fst/1[destructor], key/1, pair/2, sdec/2[destructor], + senc/2, sencSucc/2, snd/1[destructor], true/0 equations: - att() = a, + attC() = a, fst() = x.1, key() = k, sdec(senc(x.1, x.2), x.2) = x.1, @@ -14,6 +14,10 @@ equations: heuristic: p + + + + lemma dec_limits [sources]: all-traces "∀ k m #t1. @@ -350,38 +354,38 @@ next ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #t1) ∧ (#t3 < #t1)) ) case case_1 - solve( State_1111211111( L_h, c, v, lock ) ▶₀ #t1 ) - case ifsencSuccckeyvtrue_0_111121111 + solve( State_11112111111( c, m, lock, v, L_h ) ▶₀ #t1 ) + case letmsdecckeyv_1_1111211111 solve( !KU( senc(m, k) ) @ #vk.2 ) case c_senc solve( Insert( L_h, ) @ #t2 ) case insertLhkeyvdec_0_11111211111 - solve( State_11111211111( L_h, v, lock ) ▶₀ #t2 ) + solve( State_11111211111( lock, v, L_h ) ▶₀ #t2 ) case eventDecKeyLhkeyv_0_1111121111 - solve( ((#vr.3 < #vr.15) ∧ + solve( ((#vr.4 < #vr.10) ∧ (∃ #t2. (Unlock_3( '3', ~n, L_h ) @ #t2) ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.15) ∧ + (#vr.4 < #t2) ∧ + (#t2 < #vr.10) ∧ (∀ #t0 pp. (Unlock( pp, ~n, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.15 < #vr.3) ) + ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.10 < #vr.4) ) case case_1 - solve( State_111121111111( L_h, c, v, ~n ) ▶₀ #t2.1 ) - case outsdecckeyv_0_11112111111 + solve( State_1111211111111( c, m.1, ~n, v, L_h ) ▶₀ #t2.1 ) + case eventDecUsingkeyvm_0_11112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_111112111111( L_h, v, ~n.1 ) ▶₀ #t2.1 ) + solve( State_111112111111( ~n.1, v, L_h ) ▶₀ #t2.1 ) case insertLhkeyvdec_0_11111211111 solve( (#t2.2 < #t2.3) ∥ (#t2.2 = #t2.3) ) case case_1 @@ -390,7 +394,7 @@ next case case_2 solve( Insert( L_h, ) @ #t2.2 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, k, lock ) ▶₀ #t2.2 ) + solve( State_111111111111( lock, L_h, k ) ▶₀ #t2.2 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed @@ -401,30 +405,30 @@ next qed qed next - case outsdecckeyv_0_11112111111 + case eventDecUsingkeyvm_0_11112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.13) ∧ (#t3 < #vr.13)) ∥ - (∃ #t2. (EncUsing( z, t ) @ #t2) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.13)) ∥ + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.7) ∧ (#t3 < #vr.7)) ∥ + (∃ #t2. (EncUsing( z, t ) @ #t2) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.7)) ∥ (∃ h2 k2 #t2 #t3. (Unwrapped( h2, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.13) ∧ (#t3 < #vr.13)) ∥ + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.7) ∧ (#t3 < #vr.7)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2 ) @ #t2) ∧ (DecKey( h1, k2 ) @ #t3) ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.13) ∧ (#t3 < #vr.13)) ∥ + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.7) ∧ (#t3 < #vr.7)) ∥ (∃ #t2 #t3 h1 h2 k2. (Unwrapped( h2, k2 ) @ #t2) ∧ (DecKey( h1, k2 ) @ #t3) ∧ - (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.13) ∧ (#t3 < #vr.13)) ) + (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ (#t2 < #vr.7) ∧ (#t3 < #vr.7)) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_11121111( L_h.2, t, v, lock ) ▶₀ #t2 ) - case ifattvdec_0_1112111 + solve( State_11121111( t, lock, v, L_h.2 ) ▶₀ #t2 ) + case ifattCvdec_0_1112111 by contradiction /* cyclic */ qed next @@ -438,35 +442,38 @@ next by contradiction /* from formulas */ qed next - case outsenckeyvkeyv_0_1121111111_case_1 + case eventEncUsingkeyvm_0_11121111 + by contradiction /* from formulas */ + next + case eventWrapkeyvkeyv_0_112111111_case_1 solve( Insert( L_h, ) @ #t2 ) case insertLhkeyvdec_0_11111211111 - solve( State_11111211111( L_h, v, lock ) ▶₀ #t2 ) + solve( State_11111211111( lock, v, L_h ) ▶₀ #t2 ) case eventDecKeyLhkeyv_0_1111121111 - solve( ((#vr.3 < #vr.26) ∧ + solve( ((#vr.4 < #vr.17) ∧ (∃ #t2. (Unlock_3( '3', ~n, L_h ) @ #t2) ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.26) ∧ + (#vr.4 < #t2) ∧ + (#t2 < #vr.17) ∧ (∀ #t0 pp. (Unlock( pp, ~n, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.26 < #vr.3) ) + ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.17 < #vr.4) ) case case_1 - solve( State_111121111111( L_h, c, v, ~n ) ▶₀ #t2.1 ) - case outsdecckeyv_0_11112111111 + solve( State_1111211111111( c, m.1, ~n, v, L_h ) ▶₀ #t2.1 ) + case eventDecUsingkeyvm_0_11112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_111112111111( L_h, v, ~n.1 ) ▶₀ #t2.1 ) + solve( State_111112111111( ~n.1, v, L_h ) ▶₀ #t2.1 ) case insertLhkeyvdec_0_11111211111 solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) case case_1 @@ -475,17 +482,17 @@ next case case_2 solve( Insert( L_h2, ) @ #t2.2 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.2 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.2 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 by contradiction /* from formulas */ qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.1, k, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h1, k.1, k, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 by contradiction /* from formulas */ qed @@ -493,17 +500,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.1, m, v, lock ) ▶₀ #t2.2 ) + solve( State_121111111( L_h2, k.1, m, v, L_h.1, lock ) ▶₀ #t2.2 ) case eventUnwrappedLhm_0_12111111 solve( Insert( L_h1, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 by contradiction /* from formulas */ qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.2, L_h1, k.2, k, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h1, k.2, k, v, L_h.2, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 by contradiction /* from formulas */ qed @@ -516,35 +523,35 @@ next qed qed next - case outsenckeyvkeyv_0_1121111111_case_2 + case eventWrapkeyvkeyv_0_112111111_case_2 solve( Insert( L_h, ) @ #t2 ) case insertLhkeyvdec_0_11111211111 - solve( State_11111211111( L_h, v, lock ) ▶₀ #t2 ) + solve( State_11111211111( lock, v, L_h ) ▶₀ #t2 ) case eventDecKeyLhkeyv_0_1111121111 - solve( ((#vr.3 < #vr.27) ∧ + solve( ((#vr.4 < #vr.18) ∧ (∃ #t2. (Unlock_3( '3', ~n, L_h ) @ #t2) ∧ - (#vr.3 < #t2) ∧ - (#t2 < #vr.27) ∧ + (#vr.4 < #t2) ∧ + (#t2 < #vr.18) ∧ (∀ #t0 pp. (Unlock( pp, ~n, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.27 < #vr.3) ) + ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.18 < #vr.4) ) case case_1 - solve( State_111121111111( L_h, c, v, ~n ) ▶₀ #t2.1 ) - case outsdecckeyv_0_11112111111 + solve( State_1111211111111( c, m.1, ~n, v, L_h ) ▶₀ #t2.1 ) + case eventDecUsingkeyvm_0_11112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_111112111111( L_h, v, ~n.1 ) ▶₀ #t2.1 ) + solve( State_111112111111( ~n.1, v, L_h ) ▶₀ #t2.1 ) case insertLhkeyvdec_0_11111211111 solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) case case_1 @@ -553,36 +560,36 @@ next case case_2 solve( Insert( L_h2, ) @ #t2.2 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.2 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.2 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.19 < #vr.50) ∧ + solve( ((#vr.13 < #vr.28) ∧ (∃ #t2. - (Unlock_5( '5', ~n.3, L_h1 ) @ #t2) + (Unlock_5( '5', ~n.4, L_h1 ) @ #t2) ∧ - (#vr.19 < #t2) ∧ - (#t2 < #vr.50) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.3, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.13 < #t2) ∧ + (#t2 < #vr.28) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.4, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.19) ∨ (#t0 = #vr.19) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.13) ∨ (#t0 = #vr.13) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.19) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.50 < #vr.19) ) + ((#t0 < #vr.13) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.28 < #vr.13) ) case case_1 - solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.3 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_1121111111 + solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.4 ) ▶₀ #t2.4 ) + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.4 ) ▶₀ #t2.4 ) + solve( State_11111121111111( ~n.3, v, L_h1 ) ▶₀ #t2.4 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.7 < #t2.8) ∥ (#t2.7 = #t2.8) ) case case_1 @@ -591,13 +598,13 @@ next case case_2 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, k, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, L_h, k ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( State_11111111111111( ~n, k, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 + solve( State_11111111111111( ~n.7, ~n.2, k ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 solve( Insert( L_h2, ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, L_h2, z ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 by contradiction /* impossible chain */ qed @@ -611,7 +618,7 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.1, z.1, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h1, k.1, z.1, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 by contradiction /* from formulas */ qed @@ -619,36 +626,36 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.1, z, v, lock ) ▶₀ #t2.2 ) + solve( State_121111111( L_h2, k.1, z, v, L_h.1, lock ) ▶₀ #t2.2 ) case eventUnwrappedLhm_0_12111111 solve( Insert( L_h1, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.19 < #vr.47) ∧ + solve( ((#vr.13 < #vr.29) ∧ (∃ #t2. - (Unlock_5( '5', ~n.4, L_h1 ) @ #t2) + (Unlock_5( '5', ~n.5, L_h1 ) @ #t2) ∧ - (#vr.19 < #t2) ∧ - (#t2 < #vr.47) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.13 < #t2) ∧ + (#t2 < #vr.29) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.5, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.19) ∨ (#t0 = #vr.19) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.13) ∨ (#t0 = #vr.13) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.19) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.47 < #vr.19) ) + ((#t0 < #vr.13) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.29 < #vr.13) ) case case_1 - solve( State_11211111111( L_h1, L_h2, v1, v2, ~n.4 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_1121111111 + solve( State_11211111111( L_h1, L_h2, v1, v2, ~n.5 ) ▶₀ #t2.4 ) + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.5 ) ▶₀ #t2.4 ) + solve( State_11111121111111( ~n.4, v, L_h1 ) ▶₀ #t2.4 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.7 < #t2.8) ∥ (#t2.7 = #t2.8) ) case case_1 @@ -657,53 +664,53 @@ next case case_2 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, k, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, L_h, k ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( State_11111111111111( ~n, k.1, ~n.8 ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 + solve( State_11111111111111( ~n.8, ~n.2, k.1 ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 solve( !KU( senc(z, k) ) @ #vk.12 ) case c_senc by contradiction /* cyclic */ next - case outsdecckeyv_0_11112111111 + case eventDecUsingkeyvm_0_11112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.71) ∧ - (#t3 < #vr.71)) ∥ + (#t2 < #vr.35) ∧ + (#t3 < #vr.35)) ∥ (∃ #t2. (EncUsing( z.2, t ) @ #t2) ∧ - (¬(last(#t2))) ∧ (#t2 < #vr.71)) ∥ + (¬(last(#t2))) ∧ (#t2 < #vr.35)) ∥ (∃ h2 k2 #t2 #t3. (Unwrapped( h2, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.71) ∧ - (#t3 < #vr.71)) ∥ + (#t2 < #vr.35) ∧ + (#t3 < #vr.35)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2 ) @ #t2) ∧ (DecKey( h1, k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.71) ∧ - (#t3 < #vr.71)) ∥ + (#t2 < #vr.35) ∧ + (#t3 < #vr.35)) ∥ (∃ #t2 #t3 h1 h2 k2. (Unwrapped( h2, k2 ) @ #t2) ∧ (DecKey( h1, k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.71) ∧ - (#t3 < #vr.71)) ) + (#t2 < #vr.35) ∧ + (#t3 < #vr.35)) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_11121111( L_h.2, t, v, lock ) ▶₀ #t2.7 ) - case ifattvdec_0_1112111 + solve( State_11121111( t, lock, v, L_h.2 ) ▶₀ #t2.7 ) + case ifattCvdec_0_1112111 by contradiction /* cyclic */ qed next @@ -717,121 +724,50 @@ next by contradiction /* from formulas */ qed next - case outsenckeyvkeyv_0_1121111111_case_1 + case eventEncUsingkeyvm_0_11121111 + by contradiction /* cyclic */ + next + case eventWrapkeyvkeyv_0_112111111_case_1 solve( !KU( ~n.4 ) @ #vk.9 ) - case outLh_0_1211111111 - solve( (#t2.7 < #t2.11) ∥ (#t2.7 = #t2.11) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( L_h, ) @ #t2.7 ) - case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.7 ) - case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.40 < #vr.85) ∧ - (∃ #t2. - (Unlock_6( '6', ~n.5, L_h ) @ #t2) - ∧ - (#vr.40 < #t2) ∧ - (#t2 < #vr.85) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.40) ∨ - (#t0 = #vr.40) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.40) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.85 < #vr.40) ) - case case_1 - solve( State_12111111111( L_h, L_h2.1, k.1, m.1, v, ~n.5 - ) ▶₀ #t2.8 ) - case outLh_0_1211111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111121111111( L_h, v, ~n.9 ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( L_h1, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z.1, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.1, k, v, lock - ) ▶₀ #t2.7 ) - case eventUnwrappedLhm_0_12111111 - solve( Insert( L_h1, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z.1, lock ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case outsdecckeyv_0_11112111111 + case eventDecUsingkeyvm_0_11112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.82) ∧ - (#t3 < #vr.82)) ∥ + (#t2 < #vr.42) ∧ + (#t3 < #vr.42)) ∥ (∃ #t2. (EncUsing( z.2, t ) @ #t2) ∧ - (¬(last(#t2))) ∧ (#t2 < #vr.82)) ∥ + (¬(last(#t2))) ∧ (#t2 < #vr.42)) ∥ (∃ h2 k2 #t2 #t3. (Unwrapped( h2, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.82) ∧ - (#t3 < #vr.82)) ∥ + (#t2 < #vr.42) ∧ + (#t3 < #vr.42)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2 ) @ #t2) ∧ (DecKey( h1, k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.82) ∧ - (#t3 < #vr.82)) ∥ + (#t2 < #vr.42) ∧ + (#t3 < #vr.42)) ∥ (∃ #t2 #t3 h1 h2 k2. (Unwrapped( h2, k2 ) @ #t2) ∧ (DecKey( h1, k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.82) ∧ - (#t3 < #vr.82)) ) + (#t2 < #vr.42) ∧ + (#t3 < #vr.42)) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_11121111( L_h.2, t, v, lock ) ▶₀ #t2.7 ) - case ifattvdec_0_1112111 + solve( State_11121111( t, lock, v, L_h.2 ) ▶₀ #t2.7 ) + case ifattCvdec_0_1112111 by contradiction /* cyclic */ qed next @@ -845,37 +781,37 @@ next by contradiction /* from formulas */ qed next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.7 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.7 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.7 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.40 < #vr.96) ∧ + solve( ((#vr.24 < #vr.53) ∧ (∃ #t2. (Unlock_6( '6', ~n.5, L_h ) @ #t2) ∧ - (#vr.40 < #t2) ∧ - (#t2 < #vr.96) ∧ + (#vr.24 < #t2) ∧ + (#t2 < #vr.53) ∧ (∀ #t0 pp. (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.40) ∨ (#t0 = #vr.40) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.24) ∨ (#t0 = #vr.24) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.40) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.96 < #vr.40) ) + ((#t0 < #vr.24) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.53 < #vr.24) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.1, m.1, v, ~n.5 + solve( State_12111111111( L_h2.2, k.1, m.1, v, L_h, ~n.5 ) ▶₀ #t2.8 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.9 ) ▶₀ #t2.8 ) + solve( State_11111121111111( ~n.9, v, L_h ) ▶₀ #t2.8 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 @@ -884,7 +820,7 @@ next case case_2 solve( Insert( L_h1, ) @ #t2.9 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z.1, lock + solve( State_111111111111( lock, L_h1, z.1 ) ▶₀ #t2.9 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ @@ -896,22 +832,19 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.1, k, v, lock ) ▶₀ #t2.7 ) + solve( State_121111111( L_h, k.1, k, v, L_h.1, lock ) ▶₀ #t2.7 ) case eventUnwrappedLhm_0_12111111 solve( Insert( L_h1, ) @ #t2.8 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z.1, lock ) ▶₀ #t2.8 ) + solve( State_111111111111( lock, L_h1, z.1 ) ▶₀ #t2.8 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed qed qed qed - qed - next - case outsenckeyvkeyv_0_1121111111_case_2 - solve( !KU( ~n.4 ) @ #vk.9 ) - case outLh_0_1211111111 + next + case insertLhmwrap_0_121111111 solve( (#t2.7 < #t2.11) ∥ (#t2.7 = #t2.11) ) case case_1 by contradiction /* from formulas */ @@ -919,38 +852,38 @@ next case case_2 solve( Insert( L_h, ) @ #t2.7 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.7 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.7 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.40 < #vr.86) ∧ + solve( ((#vr.24 < #vr.45) ∧ (∃ #t2. (Unlock_6( '6', ~n.5, L_h ) @ #t2) ∧ - (#vr.40 < #t2) ∧ - (#t2 < #vr.86) ∧ + (#vr.24 < #t2) ∧ + (#t2 < #vr.45) ∧ (∀ #t0 pp. (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.40) ∨ - (#t0 = #vr.40) ∨ + ((#t0 < #vr.24) ∨ + (#t0 = #vr.24) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.40) ∨ + ((#t0 < #vr.24) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.86 < #vr.40) ) + (#vr.45 < #vr.24) ) case case_1 - solve( State_12111111111( L_h, L_h2.1, k.1, m.1, v, ~n.5 + solve( State_12111111111( L_h2.1, k.1, m.1, v, L_h, ~n.5 ) ▶₀ #t2.8 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.9 ) ▶₀ #t2.8 ) + solve( State_11111121111111( ~n.9, v, L_h ) ▶₀ #t2.8 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) case case_1 @@ -959,7 +892,7 @@ next case case_2 solve( Insert( L_h1, ) @ #t2.9 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z.1, lock + solve( State_111111111111( lock, L_h1, z.1 ) ▶₀ #t2.9 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ @@ -971,12 +904,12 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.1, k, v, lock + solve( State_121111111( L_h, k.1, k, v, L_h.1, lock ) ▶₀ #t2.7 ) case eventUnwrappedLhm_0_12111111 solve( Insert( L_h1, ) @ #t2.8 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z.1, lock ) ▶₀ #t2.8 ) + solve( State_111111111111( lock, L_h1, z.1 ) ▶₀ #t2.8 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed @@ -984,46 +917,49 @@ next qed qed qed - next - case outsdecckeyv_0_11112111111 + qed + next + case eventWrapkeyvkeyv_0_112111111_case_2 + solve( !KU( ~n.4 ) @ #vk.9 ) + case eventDecUsingkeyvm_0_11112111111 solve( (∃ h2 k2 #t2 #t3. (NewKey( h2, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.83) ∧ - (#t3 < #vr.83)) ∥ + (#t2 < #vr.43) ∧ + (#t3 < #vr.43)) ∥ (∃ #t2. (EncUsing( z.4, t ) @ #t2) ∧ - (¬(last(#t2))) ∧ (#t2 < #vr.83)) ∥ + (¬(last(#t2))) ∧ (#t2 < #vr.43)) ∥ (∃ h2 k2 #t2 #t3. (Unwrapped( h2, k2 ) @ #t2) ∧ (!KU( k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.83) ∧ - (#t3 < #vr.83)) ∥ + (#t2 < #vr.43) ∧ + (#t3 < #vr.43)) ∥ (∃ #t2 #t3 h1 h2 k2. (WrapKey( h2, k2 ) @ #t2) ∧ (DecKey( h1, k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.83) ∧ - (#t3 < #vr.83)) ∥ + (#t2 < #vr.43) ∧ + (#t3 < #vr.43)) ∥ (∃ #t2 #t3 h1 h2 k2. (Unwrapped( h2, k2 ) @ #t2) ∧ (DecKey( h1, k2 ) @ #t3) ∧ (¬(last(#t3))) ∧ (¬(last(#t2))) ∧ - (#t2 < #vr.83) ∧ - (#t3 < #vr.83)) ) + (#t2 < #vr.43) ∧ + (#t3 < #vr.43)) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( State_11121111( L_h.2, t, v, lock ) ▶₀ #t2.7 ) - case ifattvdec_0_1112111 + solve( State_11121111( t, lock, v, L_h.2 ) ▶₀ #t2.7 ) + case ifattCvdec_0_1112111 by contradiction /* cyclic */ qed next @@ -1037,37 +973,37 @@ next by contradiction /* from formulas */ qed next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.7 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.7 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.7 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.40 < #vr.97) ∧ + solve( ((#vr.24 < #vr.54) ∧ (∃ #t2. (Unlock_6( '6', ~n.5, L_h ) @ #t2) ∧ - (#vr.40 < #t2) ∧ - (#t2 < #vr.97) ∧ + (#vr.24 < #t2) ∧ + (#t2 < #vr.54) ∧ (∀ #t0 pp. (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.40) ∨ (#t0 = #vr.40) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.24) ∨ (#t0 = #vr.24) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.40) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.97 < #vr.40) ) + ((#t0 < #vr.24) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.54 < #vr.24) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.1, m.1, v, ~n.5 + solve( State_12111111111( L_h2.2, k.1, m.1, v, L_h, ~n.5 ) ▶₀ #t2.8 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.9 ) ▶₀ #t2.8 ) + solve( State_11111121111111( ~n.9, v, L_h ) ▶₀ #t2.8 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 @@ -1076,7 +1012,7 @@ next case case_2 solve( Insert( L_h1, ) @ #t2.9 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z.1, lock + solve( State_111111111111( lock, L_h1, z.1 ) ▶₀ #t2.9 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ @@ -1088,21 +1024,92 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.1, k, v, lock ) ▶₀ #t2.7 ) + solve( State_121111111( L_h, k.1, k, v, L_h.1, lock ) ▶₀ #t2.7 ) case eventUnwrappedLhm_0_12111111 solve( Insert( L_h1, ) @ #t2.8 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z.1, lock ) ▶₀ #t2.8 ) + solve( State_111111111111( lock, L_h1, z.1 ) ▶₀ #t2.8 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed qed qed qed + next + case insertLhmwrap_0_121111111 + solve( (#t2.7 < #t2.11) ∥ (#t2.7 = #t2.11) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( L_h, ) @ #t2.7 ) + case insertLhkeyvwrap_0_111111211111 + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.7 ) + case eventWrapKeyLhkeyv_0_11111121111 + solve( ((#vr.24 < #vr.46) ∧ + (∃ #t2. + (Unlock_6( '6', ~n.5, L_h ) @ #t2) + ∧ + (#vr.24 < #t2) ∧ + (#t2 < #vr.46) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.24) ∨ + (#t0 = #vr.24) ∨ + (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.24) ∨ + (#t2 < #t0) ∨ + (#t2 = #t0))))) ∥ + (#vr.46 < #vr.24) ) + case case_1 + solve( State_12111111111( L_h2.1, k.1, m.1, v, L_h, ~n.5 + ) ▶₀ #t2.8 ) + case insertLhmwrap_0_121111111 + by contradiction /* cyclic */ + qed + next + case case_2 + solve( State_11111121111111( ~n.9, v, L_h ) ▶₀ #t2.8 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( L_h1, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z.1 + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h, k.1, k, v, L_h.1, lock + ) ▶₀ #t2.7 ) + case eventUnwrappedLhm_0_12111111 + solve( Insert( L_h1, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z.1 ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed qed - next - case outsencmkeyv_0_111211111 - by contradiction /* cyclic */ qed qed qed @@ -1113,7 +1120,7 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.2, L_h1, k.2, z.1, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h1, k.2, z.1, v, L_h.2, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 by contradiction /* from formulas */ qed @@ -1125,9 +1132,6 @@ next qed qed qed - next - case outsencmkeyv_0_111211111 - by contradiction /* from formulas */ qed qed next @@ -1159,7 +1163,7 @@ next case case_3 solve( (#t1.1 = #t3) ∥ (#t3 < #t1.1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.1, ~n ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1.1 = #t2) ∨ @@ -1167,16 +1171,16 @@ next (#t2 = #t3) ∨ (#t3 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ (¬(#t0 = #t1.1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ @@ -1195,16 +1199,16 @@ next next case case_2 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ (¬(#t0 = #t1.1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1.1) ∨ (#t1.1 < #t0))) ∧ @@ -2097,38 +2101,38 @@ next ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2) ∧ (#t1 < #t2)) ) case case_1 - solve( State_12111111( L_h, h2, k, k.1, v, lock ) ▶₀ #t2 ) - case newLh_0_1211111 + solve( State_12111111( h2, k, k.1, v, L_h, lock ) ▶₀ #t2 ) + case ifkeyvk_0_121111 solve( !KU( senc(k.1, k) ) @ #vk.2 ) case c_senc solve( Insert( L_h, ) @ #t2.1 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.1 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.1 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.4 < #vr.13) ∧ + solve( ((#vr.3 < #vr.9) ∧ (∃ #t2. (Unlock_6( '6', ~n.1, L_h ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.13) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.9) ∧ (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.13 < #vr.4) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.9 < #vr.3) ) case case_1 - solve( State_12111111111( L_h, L_h2, k.2, m, v, ~n.1 ) ▶₀ #t2.2 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2, k.2, m, v, L_h, ~n.1 ) ▶₀ #t2.2 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.2 ) ▶₀ #t2.2 ) + solve( State_11111121111111( ~n.2, v, L_h ) ▶₀ #t2.2 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) case case_1 @@ -2137,7 +2141,7 @@ next case case_2 solve( Insert( L_h, ) @ #t2.3 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, k, lock ) ▶₀ #t2.3 ) + solve( State_111111111111( lock, L_h, k ) ▶₀ #t2.3 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed @@ -2148,29 +2152,29 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h, k.2, k, v, L_h.1, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.10)) ∧ + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.6)) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.10) ∨ (#t0 < #vr.10))) ∧ + (((#t0 = #vr.6) ∨ (#t0 < #vr.6))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.10) ∧ (#t0 < #vr.10)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.6) ∧ (#t0 < #vr.6)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.10) ∧ (#t1 < #vr.10)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.6) ∧ (#t1 < #vr.6)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.10) ∧ (#t1 < #vr.10)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.6) ∧ (#t1 < #vr.6)) ) case case_1 by contradiction /* from formulas */ next @@ -2186,10 +2190,10 @@ next qed qed next - case outsdecckeyv_0_11112111111_case_1 + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.1)) ∧ (∃ hp #t0. @@ -2224,41 +2228,139 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111_case_1 + case eventEncUsingkeyvm_0_11121111 + solve( Insert( L_h, ) @ #t2.1 ) + case insertLhkeyvwrap_0_111111211111 + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.1 ) + case eventWrapKeyLhkeyv_0_11111121111 + solve( ((#vr.3 < #vr.14) ∧ + (∃ #t2. + (Unlock_6( '6', ~n.1, L_h ) @ #t2) + ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.14) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.14 < #vr.3) ) + case case_1 + solve( State_12111111111( L_h2, k.2, m, v, L_h, ~n.1 ) ▶₀ #t2.2 ) + case insertLhmwrap_0_121111111 + by contradiction /* cyclic */ + qed + next + case case_2 + solve( State_11111121111111( ~n.2, v, L_h ) ▶₀ #t2.2 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( L_h.1, ) @ #t2.3 ) + case insertLhkeyvdec_0_11111211111 + solve( State_11111211111( lock, v, L_h.1 ) ▶₀ #t2.3 ) + case eventDecKeyLhkeyv_0_1111121111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h, k.2, k, v, L_h.1, lock ) ▶₀ #t2.1 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.11)) ∧ + (∃ hp #t0. + (WrapKey( hp, k ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #vr.11) ∨ (#t0 < #vr.11))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.11) ∧ (#t0 < #vr.11)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.11) ∧ (#t1 < #vr.11)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.11) ∧ (#t1 < #vr.11)) ) + case case_1 + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n, x>, hp ) ▶₀ #t0 ) + case ifattCvinit_0_1111112111 + solve( Insert( L_h.1, <~n.1, 'dec'> ) @ #t2.2 ) + case insertLhkeyvdec_0_11111211111 + solve( State_11111211111( lock, <~n.1, x>, L_h.1 ) ▶₀ #t2.2 ) + case eventDecKeyLhkeyv_0_1111121111 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + next + case eventWrapkeyvkeyv_0_112111111_case_1 solve( Insert( L_h, ) @ #t2.1 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.1 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.1 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.4 < #vr.24) ∧ + solve( ((#vr.3 < #vr.16) ∧ (∃ #t2. (Unlock_6( '6', ~n.1, L_h ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.16) ∧ (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.16 < #vr.3) ) case case_1 - solve( State_12111111111( L_h, L_h2.1, k.2, m, v, ~n.1 ) ▶₀ #t2.2 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2.1, k.2, m, v, L_h, ~n.1 ) ▶₀ #t2.2 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.2 ) ▶₀ #t2.2 ) + solve( State_11111121111111( ~n.2, v, L_h ) ▶₀ #t2.2 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.5 < #t2.6) ∥ (#t2.5 = #t2.6) ) case case_1 @@ -2267,36 +2369,36 @@ next case case_2 solve( Insert( L_h2, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.4 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.4 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.4 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.16 < #vr.49) ∧ + solve( ((#vr.11 < #vr.27) ∧ (∃ #t2. - (Unlock_5( '5', ~n.4, L_h1 ) @ #t2) + (Unlock_5( '5', ~n.5, L_h1 ) @ #t2) ∧ - (#vr.16 < #t2) ∧ - (#t2 < #vr.49) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.11 < #t2) ∧ + (#t2 < #vr.27) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.5, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.16) ∨ (#t0 = #vr.16) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.11) ∨ (#t0 = #vr.11) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.16) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.49 < #vr.16) ) + ((#t0 < #vr.11) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.27 < #vr.11) ) case case_1 - solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.4 ) ▶₀ #t2.5 ) - case outsenckeyvkeyv_0_1121111111 + solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.5 ) ▶₀ #t2.5 ) + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.5 ) ▶₀ #t2.5 ) + solve( State_11111121111111( ~n.4, v, L_h1 ) ▶₀ #t2.5 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.8 < #t2.9) ∥ (#t2.8 = #t2.9) ) case case_1 @@ -2305,13 +2407,13 @@ next case case_2 solve( Insert( L_h, ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, k, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, L_h, k ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( State_11111111111111( ~n, k.1, ~n.8 ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 + solve( State_11111111111111( ~n.8, ~n.2, k.1 ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 solve( Insert( L_h2, ) @ #t2.8 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock ) ▶₀ #t2.8 ) + solve( State_111111111111( lock, L_h2, k ) ▶₀ #t2.8 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed @@ -2325,43 +2427,43 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.2, k, v, lock ) ▶₀ #t2.4 ) + solve( State_121111111( L_h1, k.2, k, v, L_h.1, lock ) ▶₀ #t2.4 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.46)) ∧ + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.24)) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.46) ∨ (#t0 < #vr.46))) ∧ + (((#t0 = #vr.24) ∨ (#t0 < #vr.24))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.46) ∧ (#t0 < #vr.46)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.24) ∧ (#t0 < #vr.24)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.46) ∧ (#t1 < #vr.46)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.24) ∧ (#t1 < #vr.24)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.46) ∧ (#t1 < #vr.46)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.24) ∧ (#t1 < #vr.24)) ) case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp, <~n, x>, lock ) ▶₀ #t0 ) - case ifattvinit_0_1111112111 - solve( Insert( L_h, <~n, 'init'> ) @ #t2.5 ) + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n, x>, hp ) ▶₀ #t0 ) + case ifattCvinit_0_1111112111 + solve( Insert( L_h, <~n.1, 'init'> ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, ~n, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, L_h, ~n.1 ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( State_11111111111111( ~n.2, k.2, ~n.3 ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 + solve( State_11111111111111( ~n.2, ~n.3, k.2 ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 solve( Insert( L_h2, ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, L_h2, k ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed @@ -2386,29 +2488,29 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.2, k.1, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h2, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.34)) ∧ + (NewKey( h1, k.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.19)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.34) ∨ (#t0 < #vr.34))) ∧ + (((#t0 = #vr.19) ∨ (#t0 < #vr.19))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.34) ∧ (#t0 < #vr.34)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.34) ∧ (#t1 < #vr.34)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.34) ∧ (#t1 < #vr.34)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ) case case_1 by contradiction /* from formulas */ next @@ -2429,80 +2531,80 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h, k.2, k, v, L_h.1, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.21)) ∧ + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.13)) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.21) ∨ (#t0 < #vr.21))) ∧ + (((#t0 = #vr.13) ∨ (#t0 < #vr.13))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.21) ∧ (#t0 < #vr.21)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.13) ∧ (#t0 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.21) ∧ (#t1 < #vr.21)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.21) ∧ (#t1 < #vr.21)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ) case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp, <~n, x>, lock ) ▶₀ #t0 ) - case ifattvinit_0_1111112111 + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n, x>, hp ) ▶₀ #t0 ) + case ifattCvinit_0_1111112111 solve( Insert( L_h2, ) @ #t2.2 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.2 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.2 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( Insert( L_h1, <~n, 'wrap'> ) @ #t2.3 ) + solve( Insert( L_h1, <~n.1, 'wrap'> ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, <~n, x>, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, <~n.1, x>, L_h1 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.16 < #vr.67) ∧ + solve( ((#vr.11 < #vr.33) ∧ (∃ #t2. (Unlock_5( '5', ~n.10, L_h1 ) @ #t2) ∧ - (#vr.16 < #t2) ∧ - (#t2 < #vr.67) ∧ + (#vr.11 < #t2) ∧ + (#t2 < #vr.33) ∧ (∀ #t0 pp. (Unlock( pp, ~n.10, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.16) ∨ (#t0 = #vr.16) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.11) ∨ (#t0 = #vr.11) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.16) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.67 < #vr.16) ) + ((#t0 < #vr.11) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.33 < #vr.11) ) case case_1 solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.10 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.9 ) ▶₀ #t2.4 ) + solve( State_11111121111111( ~n.9, v, L_h1 ) ▶₀ #t2.4 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.8 < #t2.9) ∥ (#t2.8 = #t2.9) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( senc(~n, k.1) ) @ #vk.10 ) + solve( !KU( senc(~n.1, k.1) ) @ #vk.10 ) case c_senc by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_1 + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -2548,223 +2650,21 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111_case_1 - solve( !KU( ~n.4 ) @ #vk.3 ) - case outLh_0_1211111111 - solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( L_h, ) @ #t2.5 ) - case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) - case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.26 < #vr.92) ∧ - (∃ #t2. - (Unlock_6( '6', ~n.7, L_h ) @ #t2) - ∧ - (#vr.26 < #t2) ∧ - (#t2 < #vr.92) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.26) ∨ (#t0 = #vr.26) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.26) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.92 < #vr.26) ) - case case_1 - solve( State_12111111111( L_h, L_h2.2, k.2, m, v, ~n.7 - ) ▶₀ #t2.6 ) - case outLh_0_1211111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. - (NewKey( h1, k.1 ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.89)) ∧ - (∃ hp #t0. - (WrapKey( hp, k.1 ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #vr.89) ∨ (#t0 < #vr.89))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, k.1 ) @ #t1) - ⇒ - ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ - (¬(last(#t1))) ∧ - (#t1 < #vr.89) ∧ - (#t0 < #vr.89)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - (#t0 < #vr.89) ∧ - (#t1 < #vr.89)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - (#t0 < #vr.89) ∧ - (#t1 < #vr.89)) ) - case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case outsdecckeyv_0_11112111111_case_1 + case eventEncUsingkeyvm_0_11121111 + by contradiction /* from formulas */ + next + case eventWrapkeyvkeyv_0_112111111_case_1 + solve( !KU( ~n.5 ) @ #vk.3 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -2810,93 +2710,62 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.26 < #vr.103) ∧ + solve( ((#vr.17 < #vr.54) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.26 < #t2) ∧ - (#t2 < #vr.103) ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.54) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t0 = #vr.26) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.103 < #vr.26) ) + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.54 < #vr.17) ) case case_1 - solve( State_12111111111( L_h, L_h2.3, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.3, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -2908,17 +2777,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.100)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.51)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.100) ∨ (#t0 < #vr.100))) ∧ + (((#t0 = #vr.51) ∨ (#t0 < #vr.51))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -2928,71 +2797,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.100) ∧ - (#t0 < #vr.100)) ∥ + (#t1 < #vr.51) ∧ + (#t0 < #vr.51)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.100) ∧ - (#t1 < #vr.100)) ∥ + (#t0 < #vr.51) ∧ + (#t1 < #vr.51)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.100) ∧ - (#t1 < #vr.100)) ) + (#t0 < #vr.51) ∧ + (#t1 < #vr.51)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -3012,11 +2850,8 @@ next qed qed qed - qed - next - case outsenckeyvkeyv_0_1121111111_case_2 - solve( !KU( ~n.4 ) @ #vk.3 ) - case outLh_0_1211111111 + next + case insertLhmwrap_0_121111111 solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) case case_1 by contradiction /* from formulas */ @@ -3024,85 +2859,53 @@ next case case_2 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.26 < #vr.93) ∧ + solve( ((#vr.17 < #vr.46) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.26 < #t2) ∧ - (#t2 < #vr.93) ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.46) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t0 = #vr.26) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.93 < #vr.26) ) + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.46 < #vr.17) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.2, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -3114,17 +2917,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.90)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.43)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.90) ∨ (#t0 < #vr.90))) ∧ + (((#t0 = #vr.43) ∨ (#t0 < #vr.43))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -3134,72 +2937,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.90) ∧ - (#t0 < #vr.90)) ∥ + (#t1 < #vr.43) ∧ + (#t0 < #vr.43)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.90) ∧ - (#t1 < #vr.90)) ∥ + (#t0 < #vr.43) ∧ + (#t1 < #vr.43)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.90) ∧ - (#t1 < #vr.90)) ) + (#t0 < #vr.43) ∧ + (#t1 < #vr.43)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -3220,11 +2991,14 @@ next qed qed qed - next - case outsdecckeyv_0_11112111111_case_1 + qed + next + case eventWrapkeyvkeyv_0_112111111_case_2 + solve( !KU( ~n.5 ) @ #vk.3 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -3270,93 +3044,62 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.26 < #vr.104) ∧ + solve( ((#vr.17 < #vr.55) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.26 < #t2) ∧ - (#t2 < #vr.104) ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.55) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t0 = #vr.26) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.104 < #vr.26) ) + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.55 < #vr.17) ) case case_1 - solve( State_12111111111( L_h, L_h2.3, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.3, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -3368,17 +3111,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.101)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.52)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.101) ∨ (#t0 < #vr.101))) ∧ + (((#t0 = #vr.52) ∨ (#t0 < #vr.52))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -3388,71 +3131,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.101) ∧ - (#t0 < #vr.101)) ∥ + (#t1 < #vr.52) ∧ + (#t0 < #vr.52)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.101) ∧ - (#t1 < #vr.101)) ∥ + (#t0 < #vr.52) ∧ + (#t1 < #vr.52)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.101) ∧ - (#t1 < #vr.101)) ) + (#t0 < #vr.52) ∧ + (#t1 < #vr.52)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -3472,193 +3184,62 @@ next qed qed qed - qed - next - case outsencmkeyv_0_111211111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.2, ~n, v, lock ) ▶₀ #t2.3 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. - (NewKey( h1, ~n ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.64)) ∧ - (∃ hp #t0. - (WrapKey( hp, ~n ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #vr.64) ∨ (#t0 < #vr.64))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, ~n ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.64) ∧ (#t0 < #vr.64)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.64) ∧ (#t1 < #vr.64)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.64) ∧ (#t1 < #vr.64)) ) - case case_1 - solve( State_11111111111( h1, ~n, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( !KU( senc(~n, k.1) ) @ #vk.9 ) - case c_senc - by contradiction /* from formulas */ - next - case outsdecckeyv_0_11112111111_case_1 - by contradiction /* from formulas */ - next - case outsdecckeyv_0_11112111111_case_2 - solve( ((∃ h1 #t1. - (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.4)) ∧ - (∃ hp #t0. - (WrapKey( hp, k2 ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t2.4) ∨ (#t0 < #t2.4))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, k2 ) @ #t1) - ⇒ - ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ - (¬(last(#t1))) ∧ - (#t1 < #t2.4) ∧ - (#t0 < #t2.4)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - (#t0 < #t2.4) ∧ - (#t1 < #t2.4)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - (#t0 < #t2.4) ∧ - (#t1 < #t2.4)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ next - case case_4 - by contradiction /* from formulas */ - qed - next - case outsdecckeyv_0_11112111111_case_3 - by contradiction /* from formulas */ - next - case outsdecckeyv_0_11112111111_case_4 - by contradiction /* from formulas */ - next - case outsenckeyvkeyv_0_1121111111_case_1 - solve( !KU( ~n.4 ) @ #vk.3 ) - case outLh_0_1211111111 - solve( (#t2.4 < #t2.11) ∥ (#t2.4 = #t2.11) ) + case insertLhmwrap_0_121111111 + solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( L_h, ) @ #t2.4 ) + solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.4 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.26 < #vr.99) ∧ + solve( ((#vr.17 < #vr.47) ∧ (∃ #t2. - (Unlock_6( '6', ~n.8, L_h ) @ #t2) + (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.26 < #t2) ∧ - (#t2 < #vr.99) ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.47) ∧ (∀ #t0 pp. - (Unlock( pp, ~n.8, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ + (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t0 = #vr.26) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.99 < #vr.26) ) + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.47 < #vr.17) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.3, m, v, ~n.8 - ) ▶₀ #t2.5 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2.2, k.2, m, v, L_h, ~n.7 + ) ▶₀ #t2.6 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.13 ) ▶₀ #t2.5 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.3, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -3670,17 +3251,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.2, L_h, k.3, k.1, v, lock ) ▶₀ #t2.4 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.96)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.44)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.96) ∨ (#t0 < #vr.96))) ∧ + (((#t0 = #vr.44) ∨ (#t0 < #vr.44))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -3690,72 +3271,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.96) ∧ - (#t0 < #vr.96)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.96) ∧ - (#t1 < #vr.96)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.96) ∧ - (#t1 < #vr.96)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.2, <~n.9, x>, lock ) ▶₀ #t0.2 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.5 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.3, ~n.3 - ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -3776,11 +3325,110 @@ next qed qed qed + qed + qed + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h1, k.2, ~n.1, v, L_h.1, lock ) ▶₀ #t2.3 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. + (NewKey( h1, ~n.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.30)) ∧ + (∃ hp #t0. + (WrapKey( hp, ~n.1 ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #vr.30) ∨ (#t0 < #vr.30))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, ~n.1 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.30) ∧ (#t0 < #vr.30)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.30) ∧ (#t1 < #vr.30)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.30) ∧ (#t1 < #vr.30)) ) + case case_1 + solve( State_11111111111( lock, h1, ~n.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.1, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( !KU( senc(~n.1, k.1) ) @ #vk.9 ) + case c_senc + by contradiction /* from formulas */ + next + case eventDecUsingkeyvm_0_11112111111_case_1 + by contradiction /* from formulas */ + next + case eventDecUsingkeyvm_0_11112111111_case_2 + solve( ((∃ h1 #t1. + (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.4)) ∧ + (∃ hp #t0. + (WrapKey( hp, k2 ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t2.4) ∨ (#t0 < #t2.4))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, k2 ) @ #t1) + ⇒ + ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ + (¬(last(#t1))) ∧ + (#t1 < #t2.4) ∧ + (#t0 < #t2.4)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + (#t0 < #t2.4) ∧ + (#t1 < #t2.4)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + (#t0 < #t2.4) ∧ + (#t1 < #t2.4)) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_1 + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + next + case eventDecUsingkeyvm_0_11112111111_case_3 + by contradiction /* from formulas */ + next + case eventDecUsingkeyvm_0_11112111111_case_4 + by contradiction /* from formulas */ + next + case eventEncUsingkeyvm_0_11121111 + by contradiction /* from formulas */ + next + case eventWrapkeyvkeyv_0_112111111_case_1 + solve( !KU( ~n.5 ) @ #vk.3 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.4)) ∧ (∃ hp #t0. @@ -3826,93 +3474,62 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.4 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.4 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.4 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.26 < #vr.110) ∧ + solve( ((#vr.17 < #vr.58) ∧ (∃ #t2. (Unlock_6( '6', ~n.8, L_h ) @ #t2) ∧ - (#vr.26 < #t2) ∧ - (#t2 < #vr.110) ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.58) ∧ (∀ #t0 pp. (Unlock( pp, ~n.8, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t0 = #vr.26) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.110 < #vr.26) ) + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.58 < #vr.17) ) case case_1 - solve( State_12111111111( L_h, L_h2.3, k.3, m, v, ~n.8 + solve( State_12111111111( L_h2.3, k.3, m, v, L_h, ~n.8 ) ▶₀ #t2.5 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.13 ) ▶₀ #t2.5 ) + solve( State_11111121111111( ~n.12, v, L_h ) ▶₀ #t2.5 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.3, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.3 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -3924,17 +3541,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.2, L_h, k.3, k.1, v, lock ) ▶₀ #t2.4 ) + solve( State_121111111( L_h, k.3, k.1, v, L_h.2, lock ) ▶₀ #t2.4 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.107)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.55)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.107) ∨ (#t0 < #vr.107))) ∧ + (((#t0 = #vr.55) ∨ (#t0 < #vr.55))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -3944,71 +3561,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.107) ∧ - (#t0 < #vr.107)) ∥ + (#t1 < #vr.55) ∧ + (#t0 < #vr.55)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.107) ∧ - (#t1 < #vr.107)) ∥ + (#t0 < #vr.55) ∧ + (#t1 < #vr.55)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.107) ∧ - (#t1 < #vr.107)) ) + (#t0 < #vr.55) ∧ + (#t1 < #vr.55)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.2, <~n.9, x>, lock ) ▶₀ #t0.2 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.5 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.10, x>, hp.2 ) ▶₀ #t0.2 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.3, ~n.3 - ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.3 + ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -4028,11 +3614,8 @@ next qed qed qed - qed - next - case outsenckeyvkeyv_0_1121111111_case_2 - solve( !KU( ~n.4 ) @ #vk.3 ) - case outLh_0_1211111111 + next + case insertLhmwrap_0_121111111 solve( (#t2.4 < #t2.11) ∥ (#t2.4 = #t2.11) ) case case_1 by contradiction /* from formulas */ @@ -4040,85 +3623,53 @@ next case case_2 solve( Insert( L_h, ) @ #t2.4 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.4 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.4 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.26 < #vr.100) ∧ + solve( ((#vr.17 < #vr.50) ∧ (∃ #t2. (Unlock_6( '6', ~n.8, L_h ) @ #t2) ∧ - (#vr.26 < #t2) ∧ - (#t2 < #vr.100) ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.50) ∧ (∀ #t0 pp. (Unlock( pp, ~n.8, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t0 = #vr.26) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.100 < #vr.26) ) + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.50 < #vr.17) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.3, m, v, ~n.8 + solve( State_12111111111( L_h2.2, k.3, m, v, L_h, ~n.8 ) ▶₀ #t2.5 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.13 ) ▶₀ #t2.5 ) + solve( State_11111121111111( ~n.12, v, L_h ) ▶₀ #t2.5 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.3, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.3 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -4130,17 +3681,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.2, L_h, k.3, k.1, v, lock ) ▶₀ #t2.4 ) + solve( State_121111111( L_h, k.3, k.1, v, L_h.2, lock ) ▶₀ #t2.4 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.97)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.47)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.97) ∨ (#t0 < #vr.97))) ∧ + (((#t0 = #vr.47) ∨ (#t0 < #vr.47))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -4150,72 +3701,41 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.97) ∧ - (#t0 < #vr.97)) ∥ + (#t1 < #vr.47) ∧ + (#t0 < #vr.47)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.97) ∧ - (#t1 < #vr.97)) ∥ + (#t0 < #vr.47) ∧ + (#t1 < #vr.47)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.97) ∧ - (#t1 < #vr.97)) ) + (#t0 < #vr.47) ∧ + (#t1 < #vr.47)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.2, <~n.9, x>, lock ) ▶₀ #t0.2 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.5 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.10, x>, hp.2 + ) ▶₀ #t0.2 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.3, ~n.3 - ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.3 + ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -4236,11 +3756,14 @@ next qed qed qed - next - case outsdecckeyv_0_11112111111_case_1 + qed + next + case eventWrapkeyvkeyv_0_112111111_case_2 + solve( !KU( ~n.5 ) @ #vk.3 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.4)) ∧ (∃ hp #t0. @@ -4286,93 +3809,62 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.4 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.4 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.4 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.26 < #vr.111) ∧ + solve( ((#vr.17 < #vr.59) ∧ (∃ #t2. (Unlock_6( '6', ~n.8, L_h ) @ #t2) ∧ - (#vr.26 < #t2) ∧ - (#t2 < #vr.111) ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.59) ∧ (∀ #t0 pp. (Unlock( pp, ~n.8, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t0 = #vr.26) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.26) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.111 < #vr.26) ) + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.59 < #vr.17) ) case case_1 - solve( State_12111111111( L_h, L_h2.3, k.3, m, v, ~n.8 + solve( State_12111111111( L_h2.3, k.3, m, v, L_h, ~n.8 ) ▶₀ #t2.5 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.13 ) ▶₀ #t2.5 ) + solve( State_11111121111111( ~n.12, v, L_h ) ▶₀ #t2.5 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.3, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.3 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -4384,17 +3876,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.2, L_h, k.3, k.1, v, lock ) ▶₀ #t2.4 ) + solve( State_121111111( L_h, k.3, k.1, v, L_h.2, lock ) ▶₀ #t2.4 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.108)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.56)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.108) ∨ (#t0 < #vr.108))) ∧ + (((#t0 = #vr.56) ∨ (#t0 < #vr.56))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -4404,71 +3896,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.108) ∧ - (#t0 < #vr.108)) ∥ + (#t1 < #vr.56) ∧ + (#t0 < #vr.56)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.108) ∧ - (#t1 < #vr.108)) ∥ + (#t0 < #vr.56) ∧ + (#t1 < #vr.56)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.108) ∧ - (#t1 < #vr.108)) ) + (#t0 < #vr.56) ∧ + (#t1 < #vr.56)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.2, <~n.9, x>, lock ) ▶₀ #t0.2 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.5 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.10, x>, hp.2 ) ▶₀ #t0.2 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.43 < #vr.31) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.43 < #t2) ∧ - (#t2 < #vr.31) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t0 = #vr.43) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.43) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.31 < #vr.43) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.3, ~n.3 - ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, k, lock - ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.3 + ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -4488,109 +3949,248 @@ next qed qed qed - qed - next - case outsencmkeyv_0_111211111 - by contradiction /* from formulas */ - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.2, k, v, lock ) ▶₀ #t2.2 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.52)) ∧ - (∃ hp #t0. - (WrapKey( hp, k ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #vr.52) ∨ (#t0 < #vr.52))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.52) ∧ (#t0 < #vr.52)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.52) ∧ (#t1 < #vr.52)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.52) ∧ (#t1 < #vr.52)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed - next - case outsenckeyvkeyv_0_1121111111_case_2 - solve( Insert( L_h, ) @ #t2.1 ) + next + case insertLhmwrap_0_121111111 + solve( (#t2.4 < #t2.11) ∥ (#t2.4 = #t2.11) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( L_h, ) @ #t2.4 ) + case insertLhkeyvwrap_0_111111211111 + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.4 ) + case eventWrapKeyLhkeyv_0_11111121111 + solve( ((#vr.17 < #vr.51) ∧ + (∃ #t2. + (Unlock_6( '6', ~n.8, L_h ) @ #t2) + ∧ + (#vr.17 < #t2) ∧ + (#t2 < #vr.51) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.8, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.51 < #vr.17) ) + case case_1 + solve( State_12111111111( L_h2.2, k.3, m, v, L_h, ~n.8 + ) ▶₀ #t2.5 ) + case insertLhmwrap_0_121111111 + by contradiction /* cyclic */ + qed + next + case case_2 + solve( State_11111121111111( ~n.12, v, L_h ) ▶₀ #t2.5 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n.3, ~n.2, k.3 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h, k.3, k.1, v, L_h.2, lock ) ▶₀ #t2.4 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. + (NewKey( h1, k.1 ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.48)) ∧ + (∃ hp #t0. + (WrapKey( hp, k.1 ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #vr.48) ∨ (#t0 < #vr.48))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, k.1 ) @ #t1) + ⇒ + ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ + (¬(last(#t1))) ∧ + (#t1 < #vr.48) ∧ + (#t0 < #vr.48)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + (#t0 < #vr.48) ∧ + (#t1 < #vr.48)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + (#t0 < #vr.48) ∧ + (#t1 < #vr.48)) ) + case case_1 + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.10, x>, hp.2 + ) ▶₀ #t0.2 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.5 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.5 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n.3, ~n.2, k.3 + ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, k + ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h2, k.2, k, v, L_h.1, lock ) ▶₀ #t2.2 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.25)) ∧ + (∃ hp #t0. + (WrapKey( hp, k ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #vr.25) ∨ (#t0 < #vr.25))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.25) ∧ (#t0 < #vr.25)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + next + case eventWrapkeyvkeyv_0_112111111_case_2 + solve( Insert( L_h, ) @ #t2.1 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.1 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.1 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.4 < #vr.25) ∧ + solve( ((#vr.3 < #vr.17) ∧ (∃ #t2. (Unlock_6( '6', ~n.1, L_h ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.25) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.17) ∧ (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.25 < #vr.4) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.17 < #vr.3) ) case case_1 - solve( State_12111111111( L_h, L_h2.1, k.2, m, v, ~n.1 ) ▶₀ #t2.2 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2.1, k.2, m, v, L_h, ~n.1 ) ▶₀ #t2.2 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.2 ) ▶₀ #t2.2 ) + solve( State_11111121111111( ~n.2, v, L_h ) ▶₀ #t2.2 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.5 < #t2.6) ∥ (#t2.5 = #t2.6) ) case case_1 @@ -4599,36 +4199,36 @@ next case case_2 solve( Insert( L_h2, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.4 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.4 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.4 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.17 < #vr.50) ∧ + solve( ((#vr.12 < #vr.28) ∧ (∃ #t2. - (Unlock_5( '5', ~n.4, L_h1 ) @ #t2) + (Unlock_5( '5', ~n.5, L_h1 ) @ #t2) ∧ - (#vr.17 < #t2) ∧ - (#t2 < #vr.50) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.12 < #t2) ∧ + (#t2 < #vr.28) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.5, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.12) ∨ (#t0 = #vr.12) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.50 < #vr.17) ) + ((#t0 < #vr.12) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.28 < #vr.12) ) case case_1 - solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.4 ) ▶₀ #t2.5 ) - case outsenckeyvkeyv_0_1121111111 + solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.5 ) ▶₀ #t2.5 ) + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.5 ) ▶₀ #t2.5 ) + solve( State_11111121111111( ~n.4, v, L_h1 ) ▶₀ #t2.5 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.8 < #t2.9) ∥ (#t2.8 = #t2.9) ) case case_1 @@ -4637,13 +4237,13 @@ next case case_2 solve( Insert( L_h, ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, k, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, L_h, k ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( State_11111111111111( ~n, k.1, ~n.8 ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 + solve( State_11111111111111( ~n.8, ~n.2, k.1 ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 solve( Insert( L_h2, ) @ #t2.8 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock ) ▶₀ #t2.8 ) + solve( State_111111111111( lock, L_h2, z ) ▶₀ #t2.8 ) case eventNewKeyLhk_0_11111111111 by contradiction /* impossible chain */ qed @@ -4657,29 +4257,29 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.2, z.1, v, lock ) ▶₀ #t2.4 ) + solve( State_121111111( L_h1, k.2, z.1, v, L_h.1, lock ) ▶₀ #t2.4 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, z.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.47)) ∧ + (NewKey( h1, z.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.25)) ∧ (∃ hp #t0. (WrapKey( hp, z.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.47) ∨ (#t0 < #vr.47))) ∧ + (((#t0 = #vr.25) ∨ (#t0 < #vr.25))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z.1 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.47) ∧ (#t0 < #vr.47)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.25) ∧ (#t0 < #vr.25)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.47) ∧ (#t1 < #vr.47)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.47) ∧ (#t1 < #vr.47)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ) case case_1 by contradiction /* from formulas */ next @@ -4697,32 +4297,32 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.2, z, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h2, k.2, z, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, z ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.35)) ∧ + (NewKey( h1, z ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.20)) ∧ (∃ hp #t0. (WrapKey( hp, z ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.35) ∨ (#t0 < #vr.35))) ∧ + (((#t0 = #vr.20) ∨ (#t0 < #vr.20))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.35) ∧ (#t0 < #vr.35)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.20) ∧ (#t0 < #vr.20)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ) case case_1 - solve( State_11111111111( h1, z, lock ) ▶₀ #t1 ) - case newk_0_1111111111 + solve( State_11111111111( lock, h1, z ) ▶₀ #t1 ) + case increate_0_1111111 by contradiction /* impossible chain */ qed next @@ -4743,80 +4343,80 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h, k.2, k, v, L_h.1, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.22)) ∧ + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.14)) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.22) ∨ (#t0 < #vr.22))) ∧ + (((#t0 = #vr.14) ∨ (#t0 < #vr.14))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.22) ∧ (#t0 < #vr.22)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.14) ∧ (#t0 < #vr.14)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.22) ∧ (#t1 < #vr.22)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.14) ∧ (#t1 < #vr.14)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.22) ∧ (#t1 < #vr.22)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.14) ∧ (#t1 < #vr.14)) ) case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp, <~n, x>, lock ) ▶₀ #t0 ) - case ifattvinit_0_1111112111 + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n, x>, hp ) ▶₀ #t0 ) + case ifattCvinit_0_1111112111 solve( Insert( L_h2, ) @ #t2.2 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.2 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.2 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.17 < #vr.68) ∧ + solve( ((#vr.12 < #vr.34) ∧ (∃ #t2. (Unlock_5( '5', ~n.10, L_h1 ) @ #t2) ∧ - (#vr.17 < #t2) ∧ - (#t2 < #vr.68) ∧ + (#vr.12 < #t2) ∧ + (#t2 < #vr.34) ∧ (∀ #t0 pp. (Unlock( pp, ~n.10, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.12) ∨ (#t0 = #vr.12) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.68 < #vr.17) ) + ((#t0 < #vr.12) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.34 < #vr.12) ) case case_1 solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.10 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.9 ) ▶₀ #t2.4 ) + solve( State_11111121111111( ~n.9, v, L_h1 ) ▶₀ #t2.4 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.8 < #t2.9) ∥ (#t2.8 = #t2.9) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( senc(~n, k.1) ) @ #vk.11 ) + solve( !KU( senc(~n.1, k.1) ) @ #vk.11 ) case c_senc by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_1 + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -4862,223 +4462,21 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111_case_1 - solve( !KU( ~n.4 ) @ #vk.3 ) - case outLh_0_1211111111 - solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( L_h, ) @ #t2.5 ) - case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) - case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.27 < #vr.93) ∧ - (∃ #t2. - (Unlock_6( '6', ~n.7, L_h ) @ #t2) - ∧ - (#vr.27 < #t2) ∧ - (#t2 < #vr.93) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.27) ∨ (#t0 = #vr.27) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.27) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.93 < #vr.27) ) - case case_1 - solve( State_12111111111( L_h, L_h2.2, k.2, m, v, ~n.7 - ) ▶₀ #t2.6 ) - case outLh_0_1211111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. - (NewKey( h1, k.1 ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.90)) ∧ - (∃ hp #t0. - (WrapKey( hp, k.1 ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #vr.90) ∨ (#t0 < #vr.90))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, k.1 ) @ #t1) - ⇒ - ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ - (¬(last(#t1))) ∧ - (#t1 < #vr.90) ∧ - (#t0 < #vr.90)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - (#t0 < #vr.90) ∧ - (#t1 < #vr.90)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - (#t0 < #vr.90) ∧ - (#t1 < #vr.90)) ) - case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case outsdecckeyv_0_11112111111_case_1 + case eventEncUsingkeyvm_0_11121111 + by contradiction /* from formulas */ + next + case eventWrapkeyvkeyv_0_112111111_case_1 + solve( !KU( ~n.5 ) @ #vk.3 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -5124,93 +4522,62 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.27 < #vr.104) ∧ + solve( ((#vr.18 < #vr.55) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.27 < #t2) ∧ - (#t2 < #vr.104) ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.55) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t0 = #vr.27) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.104 < #vr.27) ) + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.55 < #vr.18) ) case case_1 - solve( State_12111111111( L_h, L_h2.3, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.3, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -5222,17 +4589,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.101)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.52)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.101) ∨ (#t0 < #vr.101))) ∧ + (((#t0 = #vr.52) ∨ (#t0 < #vr.52))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -5242,71 +4609,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.101) ∧ - (#t0 < #vr.101)) ∥ + (#t1 < #vr.52) ∧ + (#t0 < #vr.52)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.101) ∧ - (#t1 < #vr.101)) ∥ + (#t0 < #vr.52) ∧ + (#t1 < #vr.52)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.101) ∧ - (#t1 < #vr.101)) ) + (#t0 < #vr.52) ∧ + (#t1 < #vr.52)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -5326,11 +4662,8 @@ next qed qed qed - qed - next - case outsenckeyvkeyv_0_1121111111_case_2 - solve( !KU( ~n.4 ) @ #vk.3 ) - case outLh_0_1211111111 + next + case insertLhmwrap_0_121111111 solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) case case_1 by contradiction /* from formulas */ @@ -5338,85 +4671,53 @@ next case case_2 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.27 < #vr.94) ∧ + solve( ((#vr.18 < #vr.47) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.27 < #t2) ∧ - (#t2 < #vr.94) ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.47) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t0 = #vr.27) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.94 < #vr.27) ) + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.47 < #vr.18) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.2, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -5428,17 +4729,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.91)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.44)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.91) ∨ (#t0 < #vr.91))) ∧ + (((#t0 = #vr.44) ∨ (#t0 < #vr.44))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -5448,72 +4749,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.91) ∧ - (#t0 < #vr.91)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.91) ∧ - (#t1 < #vr.91)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.91) ∧ - (#t1 < #vr.91)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -5534,11 +4803,14 @@ next qed qed qed - next - case outsdecckeyv_0_11112111111_case_1 + qed + next + case eventWrapkeyvkeyv_0_112111111_case_2 + solve( !KU( ~n.5 ) @ #vk.3 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -5584,93 +4856,62 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.27 < #vr.105) ∧ + solve( ((#vr.18 < #vr.56) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.27 < #t2) ∧ - (#t2 < #vr.105) ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.56) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t0 = #vr.27) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.105 < #vr.27) ) + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.56 < #vr.18) ) case case_1 - solve( State_12111111111( L_h, L_h2.3, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.3, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -5682,17 +4923,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.102)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.53)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.102) ∨ (#t0 < #vr.102))) ∧ + (((#t0 = #vr.53) ∨ (#t0 < #vr.53))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -5702,67 +4943,177 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.102) ∧ - (#t0 < #vr.102)) ∥ + (#t1 < #vr.53) ∧ + (#t0 < #vr.53)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.102) ∧ - (#t1 < #vr.102)) ∥ + (#t0 < #vr.53) ∧ + (#t1 < #vr.53)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.102) ∧ - (#t1 < #vr.102)) ) + (#t0 < #vr.53) ∧ + (#t1 < #vr.53)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( L_h, ) @ #t2.5 ) + case insertLhkeyvwrap_0_111111211111 + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) + case eventWrapKeyLhkeyv_0_11111121111 + solve( ((#vr.18 < #vr.48) ∧ + (∃ #t2. + (Unlock_6( '6', ~n.7, L_h ) @ #t2) + ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.48) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.48 < #vr.18) ) + case case_1 + solve( State_12111111111( L_h2.2, k.2, m, v, L_h, ~n.7 + ) ▶₀ #t2.6 ) + case insertLhmwrap_0_121111111 + by contradiction /* cyclic */ + qed + next + case case_2 + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ + qed + qed qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 + qed + qed + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. + (NewKey( h1, k.1 ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.45)) ∧ + (∃ hp #t0. + (WrapKey( hp, k.1 ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #vr.45) ∨ (#t0 < #vr.45))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, k.1 ) @ #t1) + ⇒ + ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ + (¬(last(#t1))) ∧ + (#t1 < #vr.45) ∧ + (#t0 < #vr.45)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + (#t0 < #vr.45) ∧ + (#t1 < #vr.45)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + (#t0 < #vr.45) ∧ + (#t1 < #vr.45)) ) + case case_1 + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n.3, ~n.2, k.2 ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 + case insertLhkinit_0_111111111111 solve( Insert( L_h2, ) @ #t2.8 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock + solve( State_111111111111( lock, L_h2, z ) ▶₀ #t2.8 ) case eventNewKeyLhk_0_11111111111 by contradiction /* impossible chain */ @@ -5773,23 +5124,20 @@ next qed qed qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ qed qed qed qed - next - case outsencmkeyv_0_111211111 - by contradiction /* from formulas */ qed qed qed @@ -5797,29 +5145,29 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.2, z.1, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h1, k.2, z.1, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, z.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.65)) ∧ + (NewKey( h1, z.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.31)) ∧ (∃ hp #t0. (WrapKey( hp, z.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.65) ∨ (#t0 < #vr.65))) ∧ + (((#t0 = #vr.31) ∨ (#t0 < #vr.31))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z.1 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.65) ∧ (#t0 < #vr.65)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.31) ∧ (#t0 < #vr.31)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.65) ∧ (#t1 < #vr.65)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.31) ∧ (#t1 < #vr.31)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.65) ∧ (#t1 < #vr.65)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.31) ∧ (#t1 < #vr.31)) ) case case_1 by contradiction /* from formulas */ next @@ -5837,32 +5185,32 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.2, z, v, lock ) ▶₀ #t2.2 ) + solve( State_121111111( L_h2, k.2, z, v, L_h.1, lock ) ▶₀ #t2.2 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, z ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.53)) ∧ + (NewKey( h1, z ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.26)) ∧ (∃ hp #t0. (WrapKey( hp, z ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.53) ∨ (#t0 < #vr.53))) ∧ + (((#t0 = #vr.26) ∨ (#t0 < #vr.26))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.53) ∧ (#t0 < #vr.53)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.26) ∧ (#t0 < #vr.26)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.53) ∧ (#t1 < #vr.53)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.26) ∧ (#t1 < #vr.26)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.53) ∧ (#t1 < #vr.53)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.26) ∧ (#t1 < #vr.26)) ) case case_1 - solve( State_11111111111( h1, z, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 + solve( State_11111111111( lock, h1, z ) ▶₀ #t1.1 ) + case increate_0_1111111 by contradiction /* impossible chain */ qed next @@ -5891,104 +5239,6 @@ next qed qed qed - next - case outsencmkeyv_0_111211111 - solve( Insert( L_h, ) @ #t2.1 ) - case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.1 ) - case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.4 < #vr.23) ∧ - (∃ #t2. - (Unlock_6( '6', ~n.1, L_h ) @ #t2) - ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.23) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.23 < #vr.4) ) - case case_1 - solve( State_12111111111( L_h, L_h2, k.2, m, v, ~n.1 ) ▶₀ #t2.2 ) - case outLh_0_1211111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111121111111( L_h, v, ~n.2 ) ▶₀ #t2.2 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( L_h.1, ) @ #t2.3 ) - case insertLhkeyvdec_0_11111211111 - solve( State_11111211111( L_h.1, v, lock ) ▶₀ #t2.3 ) - case eventDecKeyLhkeyv_0_1111121111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k, v, lock ) ▶₀ #t2.1 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.20)) ∧ - (∃ hp #t0. - (WrapKey( hp, k ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #vr.20) ∨ (#t0 < #vr.20))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.20) ∧ (#t0 < #vr.20)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ) - case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp, <~n, x>, lock ) ▶₀ #t0 ) - case ifattvinit_0_1111112111 - solve( Insert( L_h.1, <~n, 'dec'> ) @ #t2.2 ) - case insertLhkeyvdec_0_11111211111 - solve( State_11111211111( L_h.1, <~n, x>, lock ) ▶₀ #t2.2 ) - case eventDecKeyLhkeyv_0_1111121111 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed qed qed next @@ -6017,7 +5267,7 @@ next case case_3 solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.1, ~n ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -6025,16 +5275,16 @@ next (#t2 = #t3) ∨ (#t3 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -6053,16 +5303,16 @@ next next case case_2 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -6899,48 +6149,178 @@ next ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2) ∧ (#t1 < #t2)) ) case case_1 - solve( State_12111111( L_h, h2, k, k.1, v, lock ) ▶₀ #t2 ) - case newLh_0_1211111 + solve( State_12111111( h2, k, k.1, v, L_h, lock ) ▶₀ #t2 ) + case ifkeyvk_0_121111 solve( !KU( senc(k.1, k) ) @ #vk.2 ) case c_senc solve( Insert( L_h, ) @ #t2.1 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.1 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.1 ) + case eventWrapKeyLhkeyv_0_11111121111 + solve( ((#vr.3 < #vr.9) ∧ + (∃ #t2. + (Unlock_6( '6', ~n.1, L_h ) @ #t2) + ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.9) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.9 < #vr.3) ) + case case_1 + solve( State_12111111111( L_h2, k.2, m, v, L_h, ~n.1 ) ▶₀ #t2.2 ) + case insertLhmwrap_0_121111111 + by contradiction /* cyclic */ + qed + next + case case_2 + solve( State_11111121111111( ~n.2, v, L_h ) ▶₀ #t2.2 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( L_h, ) @ #t2.3 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h, k ) ▶₀ #t2.3 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h, k.2, k, v, L_h.1, lock ) ▶₀ #t2.1 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.6)) ∧ + (∃ hp #t0. + (WrapKey( hp, k ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #vr.6) ∨ (#t0 < #vr.6))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.6) ∧ (#t0 < #vr.6)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.6) ∧ (#t1 < #vr.6)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.6) ∧ (#t1 < #vr.6)) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + next + case eventDecUsingkeyvm_0_11112111111_case_1 + by contradiction /* from formulas */ + next + case eventDecUsingkeyvm_0_11112111111_case_2 + solve( ((∃ h1 #t1. + (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.1)) ∧ + (∃ hp #t0. + (WrapKey( hp, k2 ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #t2.1) ∨ (#t0 < #t2.1))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, k2 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.1) ∧ (#t0 < #t2.1)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2.1) ∧ (#t1 < #t2.1)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2.1) ∧ (#t1 < #t2.1)) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + next + case eventDecUsingkeyvm_0_11112111111_case_3 + by contradiction /* from formulas */ + next + case eventDecUsingkeyvm_0_11112111111_case_4 + by contradiction /* from formulas */ + next + case eventEncUsingkeyvm_0_11121111 + solve( Insert( L_h, ) @ #t2.1 ) + case insertLhkeyvwrap_0_111111211111 + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.1 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.4 < #vr.13) ∧ + solve( ((#vr.3 < #vr.14) ∧ (∃ #t2. (Unlock_6( '6', ~n.1, L_h ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.13) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.14) ∧ (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.13 < #vr.4) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.14 < #vr.3) ) case case_1 - solve( State_12111111111( L_h, L_h2, k.2, m, v, ~n.1 ) ▶₀ #t2.2 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2, k.2, m, v, L_h, ~n.1 ) ▶₀ #t2.2 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.2 ) ▶₀ #t2.2 ) + solve( State_11111121111111( ~n.2, v, L_h ) ▶₀ #t2.2 ) case eventWrapHandleLh_0_1111112111111 - solve( (#t2.3 < #t2.4) ∥ (#t2.3 = #t2.4) ) + solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( L_h, ) @ #t2.3 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, k, lock ) ▶₀ #t2.3 ) - case eventNewKeyLhk_0_11111111111 + solve( Insert( L_h.1, ) @ #t2.3 ) + case insertLhkeyvdec_0_11111211111 + solve( State_11111211111( lock, v, L_h.1 ) ▶₀ #t2.3 ) + case eventDecKeyLhkeyv_0_1111121111 by contradiction /* from formulas */ qed qed @@ -6950,31 +6330,43 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h, k.2, k, v, L_h.1, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.10)) ∧ + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.11)) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.10) ∨ (#t0 < #vr.10))) ∧ + (((#t0 = #vr.11) ∨ (#t0 < #vr.11))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.10) ∧ (#t0 < #vr.10)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.11) ∧ (#t0 < #vr.11)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.10) ∧ (#t1 < #vr.10)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.11) ∧ (#t1 < #vr.11)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.10) ∧ (#t1 < #vr.10)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.11) ∧ (#t1 < #vr.11)) ) case case_1 - by contradiction /* from formulas */ + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n, x>, hp ) ▶₀ #t0 ) + case ifattCvinit_0_1111112111 + solve( Insert( L_h.1, <~n.1, 'dec'> ) @ #t2.2 ) + case insertLhkeyvdec_0_11111211111 + solve( State_11111211111( lock, <~n.1, x>, L_h.1 ) ▶₀ #t2.2 ) + case eventDecKeyLhkeyv_0_1111121111 + by contradiction /* from formulas */ + qed + qed + qed + qed next case case_2 by contradiction /* from formulas */ @@ -6988,79 +6380,35 @@ next qed qed next - case outsdecckeyv_0_11112111111_case_1 - by contradiction /* from formulas */ - next - case outsdecckeyv_0_11112111111_case_2 - solve( ((∃ h1 #t1. - (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.1)) ∧ - (∃ hp #t0. - (WrapKey( hp, k2 ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #t2.1) ∨ (#t0 < #t2.1))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, k2 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.1) ∧ (#t0 < #t2.1)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2.1) ∧ (#t1 < #t2.1)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #t2.1) ∧ (#t1 < #t2.1)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - next - case outsdecckeyv_0_11112111111_case_3 - by contradiction /* from formulas */ - next - case outsdecckeyv_0_11112111111_case_4 - by contradiction /* from formulas */ - next - case outsenckeyvkeyv_0_1121111111_case_1 + case eventWrapkeyvkeyv_0_112111111_case_1 solve( Insert( L_h, ) @ #t2.1 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.1 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.1 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.4 < #vr.24) ∧ + solve( ((#vr.3 < #vr.16) ∧ (∃ #t2. (Unlock_6( '6', ~n.1, L_h ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.24) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.16) ∧ (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.24 < #vr.4) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.16 < #vr.3) ) case case_1 - solve( State_12111111111( L_h, L_h2.1, k.2, m, v, ~n.1 ) ▶₀ #t2.2 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2.1, k.2, m, v, L_h, ~n.1 ) ▶₀ #t2.2 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.2 ) ▶₀ #t2.2 ) + solve( State_11111121111111( ~n.2, v, L_h ) ▶₀ #t2.2 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.5 < #t2.6) ∥ (#t2.5 = #t2.6) ) case case_1 @@ -7069,7 +6417,7 @@ next case case_2 solve( Insert( L_h2, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 solve( ((∃ h1 #t1.1. (NewKey( h1, k.1 ) @ #t1.1) ∧ (¬(last(#t1.1))) ∧ (#t1.1 < #t1)) ∧ @@ -7107,29 +6455,29 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.2, k.1, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h2, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.34)) ∧ + (NewKey( h1, k.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.19)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.34) ∨ (#t0 < #vr.34))) ∧ + (((#t0 = #vr.19) ∨ (#t0 < #vr.19))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.34) ∧ (#t0 < #vr.34)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.19) ∧ (#t0 < #vr.19)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.34) ∧ (#t1 < #vr.34)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.34) ∧ (#t1 < #vr.34)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.19) ∧ (#t1 < #vr.19)) ) case case_1 by contradiction /* from formulas */ next @@ -7150,37 +6498,37 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h, k.2, k, v, L_h.1, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.21)) ∧ + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.13)) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.21) ∨ (#t0 < #vr.21))) ∧ + (((#t0 = #vr.13) ∨ (#t0 < #vr.13))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.21) ∧ (#t0 < #vr.21)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.13) ∧ (#t0 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.21) ∧ (#t1 < #vr.21)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.21) ∧ (#t1 < #vr.21)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.13) ∧ (#t1 < #vr.13)) ) case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp, <~n, x>, lock ) ▶₀ #t0 ) - case ifattvinit_0_1111112111 + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n, x>, hp ) ▶₀ #t0 ) + case ifattCvinit_0_1111112111 solve( Insert( L_h2, ) @ #t2.2 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.2 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.2 ) case eventWrapKeyLhkeyv_0_11111121111 solve( ((∃ h1 #t1.2. (NewKey( h1, k ) @ #t1.2) ∧ (¬(last(#t1.2))) ∧ (#t1.2 < #t1.1)) ∧ @@ -7218,29 +6566,29 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.2, k, v, lock ) ▶₀ #t2.2 ) + solve( State_121111111( L_h2, k.2, k, v, L_h.1, lock ) ▶₀ #t2.2 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.52)) ∧ + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.25)) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.52) ∨ (#t0 < #vr.52))) ∧ + (((#t0 = #vr.25) ∨ (#t0 < #vr.25))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.52) ∧ (#t0 < #vr.52)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.25) ∧ (#t0 < #vr.25)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.52) ∧ (#t1 < #vr.52)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.52) ∧ (#t1 < #vr.52)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ) case case_1 by contradiction /* from formulas */ next @@ -7270,35 +6618,35 @@ next qed qed next - case outsenckeyvkeyv_0_1121111111_case_2 + case eventWrapkeyvkeyv_0_112111111_case_2 solve( Insert( L_h, ) @ #t2.1 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.1 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.1 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.4 < #vr.25) ∧ + solve( ((#vr.3 < #vr.17) ∧ (∃ #t2. (Unlock_6( '6', ~n.1, L_h ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.25) ∧ + (#vr.3 < #t2) ∧ + (#t2 < #vr.17) ∧ (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.3) ∨ (#t0 = #vr.3) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.25 < #vr.4) ) + ((#t0 < #vr.3) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.17 < #vr.3) ) case case_1 - solve( State_12111111111( L_h, L_h2.1, k.2, m, v, ~n.1 ) ▶₀ #t2.2 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2.1, k.2, m, v, L_h, ~n.1 ) ▶₀ #t2.2 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.2 ) ▶₀ #t2.2 ) + solve( State_11111121111111( ~n.2, v, L_h ) ▶₀ #t2.2 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.5 < #t2.6) ∥ (#t2.5 = #t2.6) ) case case_1 @@ -7307,36 +6655,36 @@ next case case_2 solve( Insert( L_h2, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.4 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.4 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.4 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.17 < #vr.50) ∧ + solve( ((#vr.12 < #vr.28) ∧ (∃ #t2. - (Unlock_5( '5', ~n.4, L_h1 ) @ #t2) + (Unlock_5( '5', ~n.5, L_h1 ) @ #t2) ∧ - (#vr.17 < #t2) ∧ - (#t2 < #vr.50) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.4, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.12 < #t2) ∧ + (#t2 < #vr.28) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.5, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.12) ∨ (#t0 = #vr.12) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.50 < #vr.17) ) + ((#t0 < #vr.12) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.28 < #vr.12) ) case case_1 - solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.4 ) ▶₀ #t2.5 ) - case outsenckeyvkeyv_0_1121111111 + solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.5 ) ▶₀ #t2.5 ) + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.5 ) ▶₀ #t2.5 ) + solve( State_11111121111111( ~n.4, v, L_h1 ) ▶₀ #t2.5 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.8 < #t2.9) ∥ (#t2.8 = #t2.9) ) case case_1 @@ -7345,13 +6693,13 @@ next case case_2 solve( Insert( L_h, ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h, k, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, L_h, k ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( State_11111111111111( ~n, k.1, ~n.8 ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 + solve( State_11111111111111( ~n.8, ~n.2, k.1 ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 solve( Insert( L_h2, ) @ #t2.8 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock ) ▶₀ #t2.8 ) + solve( State_111111111111( lock, L_h2, z ) ▶₀ #t2.8 ) case eventNewKeyLhk_0_11111111111 by contradiction /* impossible chain */ qed @@ -7365,29 +6713,29 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.2, z.1, v, lock ) ▶₀ #t2.4 ) + solve( State_121111111( L_h1, k.2, z.1, v, L_h.1, lock ) ▶₀ #t2.4 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, z.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.47)) ∧ + (NewKey( h1, z.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.25)) ∧ (∃ hp #t0. (WrapKey( hp, z.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.47) ∨ (#t0 < #vr.47))) ∧ + (((#t0 = #vr.25) ∨ (#t0 < #vr.25))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z.1 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.47) ∧ (#t0 < #vr.47)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.25) ∧ (#t0 < #vr.25)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.47) ∧ (#t1 < #vr.47)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.47) ∧ (#t1 < #vr.47)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ) case case_1 by contradiction /* from formulas */ next @@ -7405,32 +6753,32 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.2, z, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h2, k.2, z, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, z ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.35)) ∧ + (NewKey( h1, z ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.20)) ∧ (∃ hp #t0. (WrapKey( hp, z ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.35) ∨ (#t0 < #vr.35))) ∧ + (((#t0 = #vr.20) ∨ (#t0 < #vr.20))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.35) ∧ (#t0 < #vr.35)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.20) ∧ (#t0 < #vr.20)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ) case case_1 - solve( State_11111111111( h1, z, lock ) ▶₀ #t1 ) - case newk_0_1111111111 + solve( State_11111111111( lock, h1, z ) ▶₀ #t1 ) + case increate_0_1111111 by contradiction /* impossible chain */ qed next @@ -7451,80 +6799,80 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h, k.2, k, v, L_h.1, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.22)) ∧ + (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.14)) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.22) ∨ (#t0 < #vr.22))) ∧ + (((#t0 = #vr.14) ∨ (#t0 < #vr.14))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.22) ∧ (#t0 < #vr.22)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.14) ∧ (#t0 < #vr.14)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.22) ∧ (#t1 < #vr.22)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.14) ∧ (#t1 < #vr.14)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.22) ∧ (#t1 < #vr.22)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.14) ∧ (#t1 < #vr.14)) ) case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp, <~n, x>, lock ) ▶₀ #t0 ) - case ifattvinit_0_1111112111 + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n, x>, hp ) ▶₀ #t0 ) + case ifattCvinit_0_1111112111 solve( Insert( L_h2, ) @ #t2.2 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2.2 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2.2 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.17 < #vr.68) ∧ + solve( ((#vr.12 < #vr.34) ∧ (∃ #t2. (Unlock_5( '5', ~n.10, L_h1 ) @ #t2) ∧ - (#vr.17 < #t2) ∧ - (#t2 < #vr.68) ∧ + (#vr.12 < #t2) ∧ + (#t2 < #vr.34) ∧ (∀ #t0 pp. (Unlock( pp, ~n.10, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t0 = #vr.17) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.12) ∨ (#t0 = #vr.12) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.17) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.68 < #vr.17) ) + ((#t0 < #vr.12) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.34 < #vr.12) ) case case_1 solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.10 ) ▶₀ #t2.4 ) - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.9 ) ▶₀ #t2.4 ) + solve( State_11111121111111( ~n.9, v, L_h1 ) ▶₀ #t2.4 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.8 < #t2.9) ∥ (#t2.8 = #t2.9) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( !KU( senc(~n, k.1) ) @ #vk.11 ) + solve( !KU( senc(~n.1, k.1) ) @ #vk.11 ) case c_senc by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_1 + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -7570,223 +6918,21 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111_case_1 - solve( !KU( ~n.4 ) @ #vk.3 ) - case outLh_0_1211111111 - solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( L_h, ) @ #t2.5 ) - case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) - case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.27 < #vr.93) ∧ - (∃ #t2. - (Unlock_6( '6', ~n.7, L_h ) @ #t2) - ∧ - (#vr.27 < #t2) ∧ - (#t2 < #vr.93) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.27) ∨ (#t0 = #vr.27) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.27) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.93 < #vr.27) ) - case case_1 - solve( State_12111111111( L_h, L_h2.2, k.2, m, v, ~n.7 - ) ▶₀ #t2.6 ) - case outLh_0_1211111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. - (NewKey( h1, k.1 ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.90)) ∧ - (∃ hp #t0. - (WrapKey( hp, k.1 ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #vr.90) ∨ (#t0 < #vr.90))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, k.1 ) @ #t1) - ⇒ - ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ - (¬(last(#t1))) ∧ - (#t1 < #vr.90) ∧ - (#t0 < #vr.90)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - (#t0 < #vr.90) ∧ - (#t1 < #vr.90)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ - (¬(last(#t0))) ∧ - (#t0 < #vr.90) ∧ - (#t1 < #vr.90)) ) - case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case outsdecckeyv_0_11112111111_case_1 + case eventEncUsingkeyvm_0_11121111 + by contradiction /* from formulas */ + next + case eventWrapkeyvkeyv_0_112111111_case_1 + solve( !KU( ~n.5 ) @ #vk.3 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -7832,93 +6978,62 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.27 < #vr.104) ∧ + solve( ((#vr.18 < #vr.55) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.27 < #t2) ∧ - (#t2 < #vr.104) ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.55) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t0 = #vr.27) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.104 < #vr.27) ) + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.55 < #vr.18) ) case case_1 - solve( State_12111111111( L_h, L_h2.3, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.3, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -7930,17 +7045,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.101)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.52)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.101) ∨ (#t0 < #vr.101))) ∧ + (((#t0 = #vr.52) ∨ (#t0 < #vr.52))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -7950,71 +7065,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.101) ∧ - (#t0 < #vr.101)) ∥ + (#t1 < #vr.52) ∧ + (#t0 < #vr.52)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.101) ∧ - (#t1 < #vr.101)) ∥ + (#t0 < #vr.52) ∧ + (#t1 < #vr.52)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.101) ∧ - (#t1 < #vr.101)) ) + (#t0 < #vr.52) ∧ + (#t1 < #vr.52)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -8034,11 +7118,8 @@ next qed qed qed - qed - next - case outsenckeyvkeyv_0_1121111111_case_2 - solve( !KU( ~n.4 ) @ #vk.3 ) - case outLh_0_1211111111 + next + case insertLhmwrap_0_121111111 solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) case case_1 by contradiction /* from formulas */ @@ -8046,85 +7127,53 @@ next case case_2 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.27 < #vr.94) ∧ + solve( ((#vr.18 < #vr.47) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.27 < #t2) ∧ - (#t2 < #vr.94) ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.47) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t0 = #vr.27) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.94 < #vr.27) ) + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.47 < #vr.18) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.2, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -8136,17 +7185,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.91)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.44)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.91) ∨ (#t0 < #vr.91))) ∧ + (((#t0 = #vr.44) ∨ (#t0 < #vr.44))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -8156,72 +7205,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.91) ∧ - (#t0 < #vr.91)) ∥ + (#t1 < #vr.44) ∧ + (#t0 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.91) ∧ - (#t1 < #vr.91)) ∥ + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.91) ∧ - (#t1 < #vr.91)) ) + (#t0 < #vr.44) ∧ + (#t1 < #vr.44)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 - ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -8242,11 +7259,14 @@ next qed qed qed - next - case outsdecckeyv_0_11112111111_case_1 + qed + next + case eventWrapkeyvkeyv_0_112111111_case_2 + solve( !KU( ~n.5 ) @ #vk.3 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #t2.5)) ∧ (∃ hp #t0. @@ -8292,93 +7312,62 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.5 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.5 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.27 < #vr.105) ∧ + solve( ((#vr.18 < #vr.56) ∧ (∃ #t2. (Unlock_6( '6', ~n.7, L_h ) @ #t2) ∧ - (#vr.27 < #t2) ∧ - (#t2 < #vr.105) ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.56) ∧ (∀ #t0 pp. (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t0 = #vr.27) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.27) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.105 < #vr.27) ) + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.56 < #vr.18) ) case case_1 - solve( State_12111111111( L_h, L_h2.3, k.2, m, v, ~n.7 + solve( State_12111111111( L_h2.3, k.2, m, v, L_h, ~n.7 ) ▶₀ #t2.6 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed - next - case case_2 - solve( State_11111121111111( L_h, v, ~n.11 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( hp, <~n, 'init'> ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.8 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.8 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.9 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.9 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + next + case case_2 + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.14 < #t2.15) ∥ (#t2.14 = #t2.15) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -8390,17 +7379,17 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k.1, v, lock ) ▶₀ #t2.5 ) + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. (NewKey( h1, k.1 ) @ #t1) ∧ - (¬(last(#t1))) ∧ (#t1 < #vr.102)) ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.53)) ∧ (∃ hp #t0. (WrapKey( hp, k.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.102) ∨ (#t0 < #vr.102))) ∧ + (((#t0 = #vr.53) ∨ (#t0 < #vr.53))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k.1 ) @ #t1) ⇒ @@ -8410,71 +7399,40 @@ next ∧ (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ - (#t1 < #vr.102) ∧ - (#t0 < #vr.102)) ∥ + (#t1 < #vr.53) ∧ + (#t0 < #vr.53)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.102) ∧ - (#t1 < #vr.102)) ∥ + (#t0 < #vr.53) ∧ + (#t1 < #vr.53)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ - (#t0 < #vr.102) ∧ - (#t1 < #vr.102)) ) + (#t0 < #vr.53) ∧ + (#t1 < #vr.53)) ) case case_1 - solve( State_11111111111( h1, k.1, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.7, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n, 'init'> ) @ #t2.6 ) + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.44 < #vr.32) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.2, ~n ) @ #t2) - ∧ - (#vr.44 < #t2) ∧ - (#t2 < #vr.32) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.2, ~n ) @ #t0) - ⇒ - #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t0 = #vr.44) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.44) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.32 < #vr.44) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.2 ) ▶₀ #t2.7 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.2, ~n.3 - ) ▶₀ #t2.7 ) - case outLh_0_1111111111111 - solve( Insert( L_h2, ) @ #t2.8 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock - ) ▶₀ #t2.8 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* impossible chain */ - qed + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ qed qed qed @@ -8494,10 +7452,148 @@ next qed qed qed + next + case insertLhmwrap_0_121111111 + solve( (#t2.5 < #t2.11) ∥ (#t2.5 = #t2.11) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( L_h, ) @ #t2.5 ) + case insertLhkeyvwrap_0_111111211111 + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.5 ) + case eventWrapKeyLhkeyv_0_11111121111 + solve( ((#vr.18 < #vr.48) ∧ + (∃ #t2. + (Unlock_6( '6', ~n.7, L_h ) @ #t2) + ∧ + (#vr.18 < #t2) ∧ + (#t2 < #vr.48) ∧ + (∀ #t0 pp. + (Unlock( pp, ~n.7, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.18) ∨ (#t0 = #vr.18) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.18) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.48 < #vr.18) ) + case case_1 + solve( State_12111111111( L_h2.2, k.2, m, v, L_h, ~n.7 + ) ▶₀ #t2.6 ) + case insertLhmwrap_0_121111111 + by contradiction /* cyclic */ + qed + next + case case_2 + solve( State_11111121111111( ~n.11, v, L_h ) ▶₀ #t2.6 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.12 < #t2.13) ∥ (#t2.12 = #t2.13) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.9 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.9 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ + qed + qed + qed + qed + qed + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h, k.2, k.1, v, L_h.1, lock ) ▶₀ #t2.5 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. + (NewKey( h1, k.1 ) @ #t1) + ∧ + (¬(last(#t1))) ∧ (#t1 < #vr.45)) ∧ + (∃ hp #t0. + (WrapKey( hp, k.1 ) @ #t0) + ∧ + (¬(last(#t0))) ∧ + (((#t0 = #vr.45) ∨ (#t0 < #vr.45))) ∧ + (∀ hpp #t1. + (Unwrapped( hpp, k.1 ) @ #t1) + ⇒ + ((last(#t1)) ∨ (#t0 < #t1))))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ + (¬(last(#t1))) ∧ + (#t1 < #vr.45) ∧ + (#t0 < #vr.45)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + (#t0 < #vr.45) ∧ + (#t1 < #vr.45)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (¬(last(#t1))) ∧ + (¬(last(#t0))) ∧ + (#t0 < #vr.45) ∧ + (#t1 < #vr.45)) ) + case case_1 + solve( State_11111111111( lock, h1, k.1 ) ▶₀ #t1.1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.7, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.1, 'init'> ) @ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.1 ) ▶₀ #t2.6 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n.3, ~n.2, k.2 + ) ▶₀ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h2, ) @ #t2.8 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h2, z + ) ▶₀ #t2.8 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* impossible chain */ + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + qed qed - next - case outsencmkeyv_0_111211111 - by contradiction /* from formulas */ qed qed qed @@ -8505,29 +7601,29 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.2, z.1, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h1, k.2, z.1, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, z.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.65)) ∧ + (NewKey( h1, z.1 ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.31)) ∧ (∃ hp #t0. (WrapKey( hp, z.1 ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.65) ∨ (#t0 < #vr.65))) ∧ + (((#t0 = #vr.31) ∨ (#t0 < #vr.31))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z.1 ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.65) ∧ (#t0 < #vr.65)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.31) ∧ (#t0 < #vr.31)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.65) ∧ (#t1 < #vr.65)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.31) ∧ (#t1 < #vr.31)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.65) ∧ (#t1 < #vr.65)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.31) ∧ (#t1 < #vr.31)) ) case case_1 by contradiction /* from formulas */ next @@ -8545,32 +7641,32 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h2, k.2, z, v, lock ) ▶₀ #t2.2 ) + solve( State_121111111( L_h2, k.2, z, v, L_h.1, lock ) ▶₀ #t2.2 ) case eventUnwrappedLhm_0_12111111 solve( ((∃ h1 #t1. - (NewKey( h1, z ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.53)) ∧ + (NewKey( h1, z ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.26)) ∧ (∃ hp #t0. (WrapKey( hp, z ) @ #t0) ∧ (¬(last(#t0))) ∧ - (((#t0 = #vr.53) ∨ (#t0 < #vr.53))) ∧ + (((#t0 = #vr.26) ∨ (#t0 < #vr.26))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.53) ∧ (#t0 < #vr.53)) ∥ + (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.26) ∧ (#t0 < #vr.26)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.53) ∧ (#t1 < #vr.53)) ∥ + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.26) ∧ (#t1 < #vr.26)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.53) ∧ (#t1 < #vr.53)) ) + (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.26) ∧ (#t1 < #vr.26)) ) case case_1 - solve( State_11111111111( h1, z, lock ) ▶₀ #t1.1 ) - case newk_0_1111111111 + solve( State_11111111111( lock, h1, z ) ▶₀ #t1.1 ) + case increate_0_1111111 by contradiction /* impossible chain */ qed next @@ -8599,104 +7695,6 @@ next qed qed qed - next - case outsencmkeyv_0_111211111 - solve( Insert( L_h, ) @ #t2.1 ) - case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.1 ) - case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.4 < #vr.23) ∧ - (∃ #t2. - (Unlock_6( '6', ~n.1, L_h ) @ #t2) - ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.23) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.1, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.23 < #vr.4) ) - case case_1 - solve( State_12111111111( L_h, L_h2, k.2, m, v, ~n.1 ) ▶₀ #t2.2 ) - case outLh_0_1211111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111121111111( L_h, v, ~n.2 ) ▶₀ #t2.2 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( L_h.1, ) @ #t2.3 ) - case insertLhkeyvdec_0_11111211111 - solve( State_11111211111( L_h.1, v, lock ) ▶₀ #t2.3 ) - case eventDecKeyLhkeyv_0_1111121111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.2, k, v, lock ) ▶₀ #t2.1 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. - (NewKey( h1, k ) @ #t1) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.20)) ∧ - (∃ hp #t0. - (WrapKey( hp, k ) @ #t0) - ∧ - (¬(last(#t0))) ∧ - (((#t0 = #vr.20) ∨ (#t0 < #vr.20))) ∧ - (∀ hpp #t1. - (Unwrapped( hpp, k ) @ #t1) ⇒ ((last(#t1)) ∨ (#t0 < #t1))))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ (¬(last(#t1))) ∧ (#t1 < #vr.20) ∧ (#t0 < #vr.20)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (¬(last(#t1))) ∧ (¬(last(#t0))) ∧ (#t0 < #vr.20) ∧ (#t1 < #vr.20)) ) - case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp, <~n, x>, lock ) ▶₀ #t0 ) - case ifattvinit_0_1111112111 - solve( Insert( L_h.1, <~n, 'dec'> ) @ #t2.2 ) - case insertLhkeyvdec_0_11111211111 - solve( State_11111211111( L_h.1, <~n, x>, lock ) ▶₀ #t2.2 ) - case eventDecKeyLhkeyv_0_1111121111 - by contradiction /* from formulas */ - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed qed qed next @@ -8725,7 +7723,7 @@ next case case_3 solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.1, ~n ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -8733,16 +7731,16 @@ next (#t2 = #t3) ∨ (#t3 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -8761,16 +7759,16 @@ next next case case_2 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -9595,104 +8593,56 @@ next (((#t2 = #t0) ∨ (#t0 < #t2))) ∧ (¬(#t2 = #t0))))))) ∧ (((#t3 = #t1) ∨ (#t1 < #t3))) ∧ - (¬(#t1 = #t3))) ) - case case_1 - solve( (last(#t3)) ∥ (last(#t2)) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (¬(last(#t0))) ∧ - (¬(last(#t1))) ∧ - ((((#t1 < #t3) ∧ (#t0 < #t3)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) - case case_1 - solve( State_1111121111( h1, v, lock ) ▶₀ #t2 ) - case ifattvinit_0_111112111 - solve( State_11111121111( h2, v, lock ) ▶₀ #t3 ) - case ifattvinit_0_1111112111 - solve( Insert( h1, ) @ #t2.1 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( h1, k, lock ) ▶₀ #t2.1 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.2 < #vr.25) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.2, ~n ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.25) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.25 < #vr.2) ) - case case_1 - solve( State_111112111111( ~n, v, ~n.2 ) ▶₀ #t2.2 ) - case insertLhkeyvdec_0_11111211111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k, ~n.4 ) ▶₀ #t2.2 ) - case outLh_0_1111111111111 - solve( Insert( h2, <~n.1, 'init'> ) @ #t2.3 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( h2, ~n.1, lock ) ▶₀ #t2.3 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.14 < #vr.25) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.14 < #t2) ∧ - (#t2 < #vr.25) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.14) ∨ (#t0 = #vr.14) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.14) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.25 < #vr.14) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.3 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( ((#vr.2 < #vr.14) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.2, ~n ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.14) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.14 < #vr.2) ) - case case_1 - solve( State_111112111111( ~n, v, ~n.2 ) ▶₀ #t2.3 ) - case insertLhkeyvdec_0_11111211111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.3 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* from formulas */ - qed - qed + (¬(#t1 = #t3))) ) + case case_1 + solve( (last(#t3)) ∥ (last(#t2)) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (¬(last(#t0))) ∧ + (¬(last(#t1))) ∧ + ((((#t1 < #t3) ∧ (#t0 < #t3)) ∨ ((#t1 < #t2) ∧ (#t0 < #t2))))) ) + case case_1 + solve( State_1111121111( lock, v, h1 ) ▶₀ #t2 ) + case ifattCvinit_0_111112111 + solve( State_11111121111( lock, v, h2 ) ▶₀ #t3 ) + case ifattCvinit_0_1111112111 + solve( Insert( h1, ) @ #t2.1 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, h1, k ) ▶₀ #t2.1 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n.4, ~n.2, k ) ▶₀ #t2.2 ) + case insertLhkinit_0_111111111111 + solve( Insert( h2, <~n.1, 'init'> ) @ #t2.3 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, h2, ~n.1 ) ▶₀ #t2.3 ) + case eventNewKeyLhk_0_11111111111 + solve( ((#vr.2 < #vr.7) ∧ + (∃ #t2. + (Unlock_2( '2', ~n, ~n.2 ) @ #t2) + ∧ + (#vr.2 < #t2) ∧ + (#t2 < #vr.7) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, ~n.2 ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, ~n.2 ) @ #t0) + ⇒ + ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, ~n.2 ) @ #t0) + ⇒ + ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.7 < #vr.2) ) + case case_1 + solve( State_111112111111( ~n, v, ~n.2 ) ▶₀ #t2.3 ) + case insertLhkeyvdec_0_11111211111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_11111121111111( ~n.3, v, ~n.2 ) ▶₀ #t2.3 ) + case eventWrapHandleLh_0_1111112111111 + by contradiction /* from formulas */ qed qed qed @@ -9704,94 +8654,46 @@ next qed next case case_2 - solve( State_1111121111( h1, v, lock ) ▶₀ #t2 ) - case ifattvinit_0_111112111 - solve( State_11111121111( h2, v, lock ) ▶₀ #t3 ) - case ifattvinit_0_1111112111 + solve( State_1111121111( lock, v, h1 ) ▶₀ #t2 ) + case ifattCvinit_0_111112111 + solve( State_11111121111( lock, v, h2 ) ▶₀ #t3 ) + case ifattCvinit_0_1111112111 solve( Insert( h1, ) @ #t2.1 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( h1, k, lock ) ▶₀ #t2.1 ) + solve( State_111111111111( lock, h1, k ) ▶₀ #t2.1 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.2 < #vr.25) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.2, ~n ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.25) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.25 < #vr.2) ) - case case_1 - solve( State_111112111111( ~n, v, ~n.2 ) ▶₀ #t2.2 ) - case insertLhkeyvdec_0_11111211111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k, ~n.4 ) ▶₀ #t2.2 ) - case outLh_0_1111111111111 - solve( Insert( h2, <~n.1, 'init'> ) @ #t2.3 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( h2, ~n.1, lock ) ▶₀ #t2.3 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.14 < #vr.25) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.14 < #t2) ∧ - (#t2 < #vr.25) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.14) ∨ (#t0 = #vr.14) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.14) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.25 < #vr.14) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.3 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( ((#vr.2 < #vr.14) ∧ - (∃ #t2. - (Unlock_2( '2', ~n.2, ~n ) @ #t2) - ∧ - (#vr.2 < #t2) ∧ - (#t2 < #vr.14) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.2, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.14 < #vr.2) ) - case case_1 - solve( State_111112111111( ~n, v, ~n.2 ) ▶₀ #t2.3 ) - case insertLhkeyvdec_0_11111211111 - by contradiction /* from formulas */ - qed - next - case case_2 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.3 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* from formulas */ - qed - qed + solve( State_11111111111111( ~n.4, ~n.2, k ) ▶₀ #t2.2 ) + case insertLhkinit_0_111111111111 + solve( Insert( h2, <~n.1, 'init'> ) @ #t2.3 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, h2, ~n.1 ) ▶₀ #t2.3 ) + case eventNewKeyLhk_0_11111111111 + solve( ((#vr.2 < #vr.7) ∧ + (∃ #t2. + (Unlock_2( '2', ~n, ~n.2 ) @ #t2) + ∧ + (#vr.2 < #t2) ∧ + (#t2 < #vr.7) ∧ + (∀ #t0 pp. (Unlock( pp, ~n, ~n.2 ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, ~n.2 ) @ #t0) + ⇒ + ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, ~n.2 ) @ #t0) + ⇒ + ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.7 < #vr.2) ) + case case_1 + solve( State_111112111111( ~n, v, ~n.2 ) ▶₀ #t2.3 ) + case insertLhkeyvdec_0_11111211111 + by contradiction /* from formulas */ + qed + next + case case_2 + solve( State_11111121111111( ~n.3, v, ~n.2 ) ▶₀ #t2.3 ) + case eventWrapHandleLh_0_1111112111111 + by contradiction /* from formulas */ qed qed qed @@ -9824,7 +8726,7 @@ next case case_3 solve( (#t1 = #t3.1) ∥ (#t3.1 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.1, ~n ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -9832,16 +8734,16 @@ next (#t2 = #t3.1) ∨ (#t3.1 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -9860,16 +8762,16 @@ next next case case_2 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -10907,7 +9809,7 @@ next case case_1 solve( (#t1 = #t3.1) ∥ (#t3.1 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.1, ~n ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -10915,16 +9817,16 @@ next (#t2 = #t3.1) ∨ (#t3.1 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -10959,7 +9861,7 @@ next case case_3 solve( (#t1 = #t3.1) ∥ (#t3.1 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.1, ~n ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -10967,16 +9869,16 @@ next (#t2 = #t3.1) ∨ (#t3.1 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -11008,7 +9910,7 @@ next case case_4 solve( (#t1 = #t3.1) ∥ (#t3.1 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.1, ~n ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -11016,16 +9918,16 @@ next (#t2 = #t3.1) ∨ (#t3.1 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -11063,16 +9965,16 @@ next (#t0.1 < #t0) ∧ (#t1 < #t0)) ) case case_1 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -11107,16 +10009,16 @@ next next case case_3 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -11148,16 +10050,16 @@ next next case case_4 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2.1))) ∥ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2.1 = #t0) ∨ (#t0 < #t2.1)))) ∥ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -13980,13 +12882,13 @@ next case case_1 solve( (last(#j)) ∥ (last(#i)) ) case case_1 - solve( State_11111111111( h, k, lock ) ▶₀ #i ) - case newk_0_1111111111 - solve( !KU( ~n.1 ) @ #j ) - case outsdecckeyv_0_11112111111_case_1 + solve( State_11111111111( lock, h, k ) ▶₀ #i ) + case increate_0_1111111 + solve( !KU( ~n.2 ) @ #j ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ #t1 < #t2) ∧ (∃ hp #t0. (WrapKey( hp, k2 ) @ #t0) @@ -14018,45 +12920,45 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h2, ) @ #t2 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.1 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.1 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.1 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.20 < #vr.40) ∧ + solve( ((#vr.9 < #vr.19) ∧ (∃ #t2. (Unlock_5( '5', ~n.5, L_h1 ) @ #t2) ∧ - (#vr.20 < #t2) ∧ - (#t2 < #vr.40) ∧ + (#vr.9 < #t2) ∧ + (#t2 < #vr.19) ∧ (∀ #t0 pp. (Unlock( pp, ~n.5, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.20) ∨ (#t0 = #vr.20) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.9) ∨ (#t0 = #vr.9) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.20) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.40 < #vr.20) ) + ((#t0 < #vr.9) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.19 < #vr.9) ) case case_1 solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.5 ) ▶₀ #t2.2 ) - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.4 ) ▶₀ #t2.2 ) + solve( State_11111121111111( ~n.4, v, L_h1 ) ▶₀ #t2.2 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) case case_1 @@ -14065,41 +12967,17 @@ next case case_2 solve( Insert( L_h2, ) @ #t2.3 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock ) ▶₀ #t2.3 ) + solve( State_111111111111( lock, L_h2, z ) ▶₀ #t2.3 ) case eventNewKeyLhk_0_11111111111 - solve( (#vr.14, 0) ~~> (#j, 0) ) + solve( (#vr.4, 0) ~~> (#j, 0) ) case Var_fresh_4_n - solve( ((#vr.28 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.28 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.28) ∨ (#t0 = #vr.28) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.28) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.1 < #vr.28) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.4 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k, ~n.2 ) ▶₀ #t2.4 ) - case outLh_0_1111111111111 - solve( Insert( L_h1, ) @ #t2.5 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock ) ▶₀ #t2.5 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n, ~n.1, k ) ▶₀ #t2.4 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h1, ) @ #t2.5 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.5 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -14112,26 +12990,26 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h, L_h1, k, z.1, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h1, k, z.1, v, L_h, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, z.1 ) @ #t1) ∧ #t1 < #vr.37) ∧ + solve( ((∃ h1 #t1. (NewKey( h1, z.1 ) @ #t1) ∧ #t1 < #vr.16) ∧ (∃ hp #t0. (WrapKey( hp, z.1 ) @ #t0) ∧ - (((#t0 = #vr.37) ∨ (#t0 < #vr.37))) ∧ + (((#t0 = #vr.16) ∨ (#t0 < #vr.16))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z.1 ) @ #t1) ⇒ #t0 < #t1))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.37) ∧ (#t0 < #vr.37)) ∥ + (#t1 < #vr.16) ∧ (#t0 < #vr.16)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.37) ∧ (#t1 < #vr.37)) ∥ + (#t0 < #vr.16) ∧ (#t1 < #vr.16)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.37) ∧ (#t1 < #vr.37)) ) + (#t0 < #vr.16) ∧ (#t1 < #vr.16)) ) case case_1 by contradiction /* from formulas */ next @@ -14149,298 +13027,121 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h, L_h2, k, z, v, lock ) ▶₀ #t2 ) + solve( State_121111111( L_h2, k, z, v, L_h, lock ) ▶₀ #t2 ) case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, z ) @ #t1) ∧ #t1 < #vr.25) ∧ + solve( ((∃ h1 #t1. (NewKey( h1, z ) @ #t1) ∧ #t1 < #vr.11) ∧ (∃ hp #t0. (WrapKey( hp, z ) @ #t0) ∧ - (((#t0 = #vr.25) ∨ (#t0 < #vr.25))) ∧ + (((#t0 = #vr.11) ∨ (#t0 < #vr.11))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z ) @ #t1) ⇒ #t0 < #t1))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.25) ∧ (#t0 < #vr.25)) ∥ + (#t1 < #vr.11) ∧ (#t0 < #vr.11)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ∥ + (#t0 < #vr.11) ∧ (#t1 < #vr.11)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ) + (#t0 < #vr.11) ∧ (#t1 < #vr.11)) ) case case_1 - solve( State_11111111111( h1, z, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( (#vr.14, 0) ~~> (#j, 0) ) - case Var_fresh_3_n - solve( State_11111121111( hp, <~n.1, x>, lock ) ▶₀ #t0 ) - case ifattvinit_0_1111112111 - solve( Insert( L_h1, ) @ #t2.1 ) - case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.1 ) - case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.20 < #vr.48) ∧ - (∃ #t2. - (Unlock_5( '5', ~n.7, L_h1 ) @ #t2) - ∧ - (#vr.20 < #t2) ∧ - (#t2 < #vr.48) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.7, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, L_h1 ) @ #t0) - ⇒ - ((#t0 < #vr.20) ∨ (#t0 = #vr.20) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, L_h1 ) @ #t0) - ⇒ - ((#t0 < #vr.20) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.48 < #vr.20) ) - case case_1 - solve( State_11211111111( L_h1, L_h2, v1, v2, ~n.7 ) ▶₀ #t2.2 ) - case outsenckeyvkeyv_0_1121111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111121111111( L_h1, v, ~n.6 ) ▶₀ #t2.2 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.5 < #t2.6) ∥ (#t2.5 = #t2.6) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( !KU( senc(~n.1, k) ) @ #vk.8 ) - case c_senc - by contradiction /* cyclic */ - next - case outsdecckeyv_0_11112111111_case_1 - by contradiction /* from formulas */ - next - case outsdecckeyv_0_11112111111_case_2 - solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ #t1 < #t2.3) ∧ - (∃ hp #t0. - (WrapKey( hp, k2 ) @ #t0) - ∧ - (((#t0 = #t2.3) ∨ (#t0 < #t2.3))) ∧ - (∀ hpp #t1. (Unwrapped( hpp, k2 ) @ #t1) ⇒ #t0 < #t1))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (#t1 < #t2.3) ∧ (#t0 < #t2.3)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (#t0 < #t2.3) ∧ (#t1 < #t2.3)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (#t0 < #t2.3) ∧ (#t1 < #t2.3)) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - next - case outsdecckeyv_0_11112111111_case_3 - by contradiction /* from formulas */ - next - case outsdecckeyv_0_11112111111_case_4 - by contradiction /* from formulas */ - next - case outsenckeyvkeyv_0_1121111111_case_1 - solve( !KU( ~n.4 ) @ #vk.6 ) - case outLh_0_1211111111 - solve( (#t2.3 < #t2.8) ∥ (#t2.3 = #t2.8) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( L_h, ) @ #t2.3 ) - case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.3 ) - case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.30 < #vr.73) ∧ - (∃ #t2. - (Unlock_6( '6', ~n.5, L_h ) @ #t2) - ∧ - (#vr.30 < #t2) ∧ - (#t2 < #vr.73) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.30) ∨ (#t0 = #vr.30) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, L_h ) @ #t0) - ⇒ - ((#t0 < #vr.30) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.73 < #vr.30) ) - case case_1 - solve( State_12111111111( L_h, L_h2.1, k.1, m, v, ~n.5 - ) ▶₀ #t2.4 ) - case outLh_0_1211111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111121111111( L_h, v, ~n.7 ) ▶₀ #t2.4 ) - case eventWrapHandleLh_0_1111112111111 - solve( (#t2.9 < #t2.10) ∥ (#t2.9 = #t2.10) ) - case case_1 - by contradiction /* from formulas */ - next - case case_2 - solve( Insert( hp, <~n.1, 'init'> ) @ #t2.5 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n.1, lock ) ▶₀ #t2.5 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.36 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.36 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t0 = #vr.36) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.1 < #vr.36) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.1, ~n.2 ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 - solve( Insert( L_h1, ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock - ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.1, k, v, lock ) ▶₀ #t2.3 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, k ) @ #t1) ∧ #t1 < #vr.70) ∧ - (∃ hp #t0. - (WrapKey( hp, k ) @ #t0) - ∧ - (((#t0 = #vr.70) ∨ (#t0 < #vr.70))) ∧ - (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ #t0 < #t1))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (#t1 < #vr.70) ∧ (#t0 < #vr.70)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (#t0 < #vr.70) ∧ (#t1 < #vr.70)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (#t0 < #vr.70) ∧ (#t1 < #vr.70)) ) - case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.5, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n.1, 'init'> ) @ #t2.4 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n.1, lock ) ▶₀ #t2.4 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.36 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.36 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t0 = #vr.36) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.1 < #vr.36) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.5 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.1, ~n.2 ) ▶₀ #t2.5 ) - case outLh_0_1111111111111 - solve( Insert( L_h1, ) @ #t2.6 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock - ) ▶₀ #t2.6 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed - qed - qed - qed - qed - qed - qed - qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ - qed - qed - qed - qed + solve( State_11111111111( lock, h1, z ) ▶₀ #t1 ) + case increate_0_1111111 + solve( (#vr.4, 0) ~~> (#j, 0) ) + case Var_fresh_3_n + solve( State_11111121111( lock, <~n.2, x>, hp ) ▶₀ #t0 ) + case ifattCvinit_0_1111112111 + solve( Insert( L_h1, ) @ #t2.1 ) + case insertLhkeyvwrap_0_111111211111 + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.1 ) + case eventWrapKeyLhkeyv_0_11111121111 + solve( ((#vr.9 < #vr.24) ∧ + (∃ #t2. + (Unlock_5( '5', ~n.7, L_h1 ) @ #t2) + ∧ + (#vr.9 < #t2) ∧ + (#t2 < #vr.24) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.7, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, L_h1 ) @ #t0) + ⇒ + ((#t0 < #vr.9) ∨ (#t0 = #vr.9) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, L_h1 ) @ #t0) + ⇒ + ((#t0 < #vr.9) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.24 < #vr.9) ) + case case_1 + solve( State_11211111111( L_h1, L_h2, v1, v2, ~n.7 ) ▶₀ #t2.2 ) + case eventWrapkeyvkeyv_0_112111111 + by contradiction /* cyclic */ + qed + next + case case_2 + solve( State_11111121111111( ~n.6, v, L_h1 ) ▶₀ #t2.2 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.5 < #t2.6) ∥ (#t2.5 = #t2.6) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( !KU( senc(~n.2, k) ) @ #vk.8 ) + case c_senc + by contradiction /* cyclic */ + next + case eventDecUsingkeyvm_0_11112111111_case_1 + by contradiction /* from formulas */ + next + case eventDecUsingkeyvm_0_11112111111_case_2 + solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ #t1 < #t2.3) ∧ + (∃ hp #t0. + (WrapKey( hp, k2 ) @ #t0) + ∧ + (((#t0 = #t2.3) ∨ (#t0 < #t2.3))) ∧ + (∀ hpp #t1. (Unwrapped( hpp, k2 ) @ #t1) ⇒ #t0 < #t1))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (#t1 < #t2.3) ∧ (#t0 < #t2.3)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (#t0 < #t2.3) ∧ (#t1 < #t2.3)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (#t0 < #t2.3) ∧ (#t1 < #t2.3)) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_1 + case case_4 + by contradiction /* from formulas */ + qed + next + case eventDecUsingkeyvm_0_11112111111_case_3 + by contradiction /* from formulas */ + next + case eventDecUsingkeyvm_0_11112111111_case_4 + by contradiction /* from formulas */ + next + case eventEncUsingkeyvm_0_11121111 + by contradiction /* cyclic */ + next + case eventWrapkeyvkeyv_0_112111111_case_1 + solve( !KU( ~n.4 ) @ #vk.6 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ #t1 < #t2.3) ∧ (∃ hp #t0. (WrapKey( hp, k2 ) @ #t0) @@ -14472,87 +13173,58 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.30 < #vr.84) ∧ + solve( ((#vr.15 < #vr.45) ∧ (∃ #t2. (Unlock_6( '6', ~n.5, L_h ) @ #t2) ∧ - (#vr.30 < #t2) ∧ - (#t2 < #vr.84) ∧ + (#vr.15 < #t2) ∧ + (#t2 < #vr.45) ∧ (∀ #t0 pp. (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.30) ∨ (#t0 = #vr.30) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.15) ∨ (#t0 = #vr.15) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.30) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.84 < #vr.30) ) + ((#t0 < #vr.15) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.45 < #vr.15) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.1, m, v, ~n.5 ) ▶₀ #t2.4 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2.2, k.1, m, v, L_h, ~n.5 ) ▶₀ #t2.4 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.7 ) ▶₀ #t2.4 ) + solve( State_11111121111111( ~n.7, v, L_h ) ▶₀ #t2.4 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.11 < #t2.12) ∥ (#t2.11 = #t2.12) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n.1, 'init'> ) @ #t2.5 ) + solve( Insert( hp, <~n.2, 'init'> ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n.1, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, hp, ~n.2 ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.36 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.36 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t0 = #vr.36) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.1 < #vr.36) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.1, ~n.2 ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 - solve( Insert( L_h1, ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n, ~n.1, k.1 ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h1, ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -14564,71 +13236,42 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.1, k, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h, k.1, k, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, k ) @ #t1) ∧ #t1 < #vr.81) ∧ + solve( ((∃ h1 #t1. (NewKey( h1, k ) @ #t1) ∧ #t1 < #vr.42) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ - (((#t0 = #vr.81) ∨ (#t0 < #vr.81))) ∧ + (((#t0 = #vr.42) ∨ (#t0 < #vr.42))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ #t0 < #t1))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.81) ∧ (#t0 < #vr.81)) ∥ + (#t1 < #vr.42) ∧ (#t0 < #vr.42)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.81) ∧ (#t1 < #vr.81)) ∥ + (#t0 < #vr.42) ∧ (#t1 < #vr.42)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.81) ∧ (#t1 < #vr.81)) ) + (#t0 < #vr.42) ∧ (#t1 < #vr.42)) ) case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.5, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n.1, 'init'> ) @ #t2.4 ) + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.6, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.2, 'init'> ) @ #t2.4 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n.1, lock ) ▶₀ #t2.4 ) + solve( State_111111111111( lock, hp, ~n.2 ) ▶₀ #t2.4 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.36 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.36 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t0 = #vr.36) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.1 < #vr.36) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.5 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.1, ~n.2 ) ▶₀ #t2.5 ) - case outLh_0_1111111111111 - solve( Insert( L_h1, ) @ #t2.6 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock ) ▶₀ #t2.6 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n, ~n.1, k.1 ) ▶₀ #t2.5 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h1, ) @ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.6 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -14648,11 +13291,8 @@ next qed qed qed - qed - next - case outsenckeyvkeyv_0_1121111111_case_2 - solve( !KU( ~n.4 ) @ #vk.6 ) - case outLh_0_1211111111 + next + case insertLhmwrap_0_121111111 solve( (#t2.3 < #t2.8) ∥ (#t2.3 = #t2.8) ) case case_1 by contradiction /* from formulas */ @@ -14660,80 +13300,50 @@ next case case_2 solve( Insert( L_h, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.30 < #vr.74) ∧ + solve( ((#vr.15 < #vr.37) ∧ (∃ #t2. (Unlock_6( '6', ~n.5, L_h ) @ #t2) ∧ - (#vr.30 < #t2) ∧ - (#t2 < #vr.74) ∧ + (#vr.15 < #t2) ∧ + (#t2 < #vr.37) ∧ (∀ #t0 pp. (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.30) ∨ (#t0 = #vr.30) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.15) ∨ (#t0 = #vr.15) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.30) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.74 < #vr.30) ) + ((#t0 < #vr.15) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.37 < #vr.15) ) case case_1 - solve( State_12111111111( L_h, L_h2.1, k.1, m, v, ~n.5 + solve( State_12111111111( L_h2.1, k.1, m, v, L_h, ~n.5 ) ▶₀ #t2.4 ) - case outLh_0_1211111111 + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.7 ) ▶₀ #t2.4 ) + solve( State_11111121111111( ~n.7, v, L_h ) ▶₀ #t2.4 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.9 < #t2.10) ∥ (#t2.9 = #t2.10) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n.1, 'init'> ) @ #t2.5 ) + solve( Insert( hp, <~n.2, 'init'> ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n.1, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, hp, ~n.2 ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.36 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.36 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t0 = #vr.36) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.1 < #vr.36) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.1, ~n.2 ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 - solve( Insert( L_h1, ) @ #t2.7 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock - ) ▶₀ #t2.7 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n, ~n.1, k.1 ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h1, ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -14745,72 +13355,42 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.1, k, v, lock ) ▶₀ #t2.3 ) + solve( State_121111111( L_h, k.1, k, v, L_h.1, lock ) ▶₀ #t2.3 ) case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, k ) @ #t1) ∧ #t1 < #vr.71) ∧ + solve( ((∃ h1 #t1. (NewKey( h1, k ) @ #t1) ∧ #t1 < #vr.34) ∧ (∃ hp #t0. (WrapKey( hp, k ) @ #t0) ∧ - (((#t0 = #vr.71) ∨ (#t0 < #vr.71))) ∧ + (((#t0 = #vr.34) ∨ (#t0 < #vr.34))) ∧ (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ #t0 < #t1))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.71) ∧ (#t0 < #vr.71)) ∥ + (#t1 < #vr.34) ∧ (#t0 < #vr.34)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.71) ∧ (#t1 < #vr.71)) ∥ + (#t0 < #vr.34) ∧ (#t1 < #vr.34)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.71) ∧ (#t1 < #vr.71)) ) + (#t0 < #vr.34) ∧ (#t1 < #vr.34)) ) case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.5, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n.1, 'init'> ) @ #t2.4 ) + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.6, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.2, 'init'> ) @ #t2.4 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n.1, lock ) ▶₀ #t2.4 ) + solve( State_111111111111( lock, hp, ~n.2 ) ▶₀ #t2.4 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.36 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.36 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t0 = #vr.36) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.1 < #vr.36) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.5 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.1, ~n.2 ) ▶₀ #t2.5 ) - case outLh_0_1111111111111 - solve( Insert( L_h1, ) @ #t2.6 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock - ) ▶₀ #t2.6 ) - case eventNewKeyLhk_0_11111111111 - by contradiction /* from formulas */ - qed + solve( State_11111111111111( ~n, ~n.1, k.1 ) ▶₀ #t2.5 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h1, ) @ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.6 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ qed qed qed @@ -14831,11 +13411,14 @@ next qed qed qed - next - case outsdecckeyv_0_11112111111_case_1 + qed + next + case eventWrapkeyvkeyv_0_112111111_case_2 + solve( !KU( ~n.4 ) @ #vk.6 ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ #t1 < #t2.3) ∧ (∃ hp #t0. (WrapKey( hp, k2 ) @ #t0) @@ -14867,84 +13450,175 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 by contradiction /* from formulas */ next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h, ) @ #t2.3 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h, v, lock ) ▶₀ #t2.3 ) + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.3 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.30 < #vr.85) ∧ + solve( ((#vr.15 < #vr.46) ∧ (∃ #t2. (Unlock_6( '6', ~n.5, L_h ) @ #t2) ∧ - (#vr.30 < #t2) ∧ - (#t2 < #vr.85) ∧ + (#vr.15 < #t2) ∧ + (#t2 < #vr.46) ∧ (∀ #t0 pp. (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.30) ∨ (#t0 = #vr.30) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.15) ∨ (#t0 = #vr.15) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h ) @ #t0) ⇒ - ((#t0 < #vr.30) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.85 < #vr.30) ) + ((#t0 < #vr.15) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.46 < #vr.15) ) case case_1 - solve( State_12111111111( L_h, L_h2.2, k.1, m, v, ~n.5 ) ▶₀ #t2.4 ) - case outLh_0_1211111111 + solve( State_12111111111( L_h2.2, k.1, m, v, L_h, ~n.5 ) ▶₀ #t2.4 ) + case insertLhmwrap_0_121111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h, v, ~n.7 ) ▶₀ #t2.4 ) + solve( State_11111121111111( ~n.7, v, L_h ) ▶₀ #t2.4 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.11 < #t2.12) ∥ (#t2.11 = #t2.12) ) case case_1 by contradiction /* from formulas */ next case case_2 - solve( Insert( hp, <~n.1, 'init'> ) @ #t2.5 ) + solve( Insert( hp, <~n.2, 'init'> ) @ #t2.5 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n.1, lock ) ▶₀ #t2.5 ) + solve( State_111111111111( lock, hp, ~n.2 ) ▶₀ #t2.5 ) case eventNewKeyLhk_0_11111111111 - solve( ((#vr.36 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.36 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t0 = #vr.36) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.1 < #vr.36) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.6 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ + solve( State_11111111111111( ~n, ~n.1, k.1 ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h1, ) @ #t2.7 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.7 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ + qed qed - next - case case_2 - solve( State_11111111111111( ~n, k.1, ~n.2 ) ▶₀ #t2.6 ) - case outLh_0_1111111111111 + qed + qed + qed + qed + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h, k.1, k, v, L_h.1, lock ) ▶₀ #t2.3 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. (NewKey( h1, k ) @ #t1) ∧ #t1 < #vr.43) ∧ + (∃ hp #t0. + (WrapKey( hp, k ) @ #t0) + ∧ + (((#t0 = #vr.43) ∨ (#t0 < #vr.43))) ∧ + (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ #t0 < #t1))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (#t1 < #vr.43) ∧ (#t0 < #vr.43)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (#t0 < #vr.43) ∧ (#t1 < #vr.43)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (#t0 < #vr.43) ∧ (#t1 < #vr.43)) ) + case case_1 + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.6, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.2, 'init'> ) @ #t2.4 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.2 ) ▶₀ #t2.4 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n, ~n.1, k.1 ) ▶₀ #t2.5 ) + case insertLhkinit_0_111111111111 + solve( Insert( L_h1, ) @ #t2.6 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.6 ) + case eventNewKeyLhk_0_11111111111 + by contradiction /* from formulas */ + qed + qed + qed + qed + qed + qed + qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ + qed + qed + qed + next + case insertLhmwrap_0_121111111 + solve( (#t2.3 < #t2.8) ∥ (#t2.3 = #t2.8) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( L_h, ) @ #t2.3 ) + case insertLhkeyvwrap_0_111111211111 + solve( State_111111211111( lock, v, L_h ) ▶₀ #t2.3 ) + case eventWrapKeyLhkeyv_0_11111121111 + solve( ((#vr.15 < #vr.38) ∧ + (∃ #t2. + (Unlock_6( '6', ~n.5, L_h ) @ #t2) + ∧ + (#vr.15 < #t2) ∧ + (#t2 < #vr.38) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.5, L_h ) @ #t0) ⇒ #t0 = #t2) ∧ + (∀ pp lpp #t0. + (Lock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.15) ∨ (#t0 = #vr.15) ∨ (#t2 < #t0))) ∧ + (∀ pp lpp #t0. + (Unlock( pp, lpp, L_h ) @ #t0) + ⇒ + ((#t0 < #vr.15) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.38 < #vr.15) ) + case case_1 + solve( State_12111111111( L_h2.1, k.1, m, v, L_h, ~n.5 + ) ▶₀ #t2.4 ) + case insertLhmwrap_0_121111111 + by contradiction /* cyclic */ + qed + next + case case_2 + solve( State_11111121111111( ~n.7, v, L_h ) ▶₀ #t2.4 ) + case eventWrapHandleLh_0_1111112111111 + solve( (#t2.9 < #t2.10) ∥ (#t2.9 = #t2.10) ) + case case_1 + by contradiction /* from formulas */ + next + case case_2 + solve( Insert( hp, <~n.2, 'init'> ) @ #t2.5 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.2 ) ▶₀ #t2.5 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n, ~n.1, k.1 ) ▶₀ #t2.6 ) + case insertLhkinit_0_111111111111 solve( Insert( L_h1, ) @ #t2.7 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock ) ▶₀ #t2.7 ) + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.7 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed @@ -14956,71 +13630,42 @@ next qed qed qed - qed - next - case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h, k.1, k, v, lock ) ▶₀ #t2.3 ) - case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, k ) @ #t1) ∧ #t1 < #vr.82) ∧ - (∃ hp #t0. - (WrapKey( hp, k ) @ #t0) - ∧ - (((#t0 = #vr.82) ∨ (#t0 < #vr.82))) ∧ - (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ #t0 < #t1))) ∥ - (∃ h k2 #t1 #t0. - (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) - ∧ - (#t1 < #vr.82) ∧ (#t0 < #vr.82)) ∥ - (∃ #t0 #t1 h1 h2 k. - (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (#t0 < #vr.82) ∧ (#t1 < #vr.82)) ∥ - (∃ #t0 #t1 h1 h2 k. - (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) - ∧ - (#t0 < #vr.82) ∧ (#t1 < #vr.82)) ) - case case_1 - solve( State_11111111111( h1, k, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( State_11111121111( hp.1, <~n.5, x>, lock ) ▶₀ #t0.1 ) - case ifattvinit_0_1111112111 - solve( Insert( hp, <~n.1, 'init'> ) @ #t2.4 ) - case insertLhkinit_0_111111111111 - solve( State_111111111111( hp, ~n.1, lock ) ▶₀ #t2.4 ) - case eventNewKeyLhk_0_11111111111 - solve( ((#vr.36 < #vr.1) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n ) @ #t2) - ∧ - (#vr.36 < #t2) ∧ - (#t2 < #vr.1) ∧ - (∀ #t0 pp. - (Unlock( pp, ~n.3, ~n ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t0 = #vr.36) ∨ - (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n ) @ #t0) - ⇒ - ((#t0 < #vr.36) ∨ - (#t2 < #t0) ∨ - (#t2 = #t0))))) ∥ - (#vr.1 < #vr.36) ) - case case_1 - solve( State_11111121111111( ~n, v, ~n.3 ) ▶₀ #t2.5 ) - case eventWrapHandleLh_0_1111112111111 - by contradiction /* cyclic */ - qed - next - case case_2 - solve( State_11111111111111( ~n, k.1, ~n.2 ) ▶₀ #t2.5 ) - case outLh_0_1111111111111 + next + case insertLhmwrap_0_121111111 + solve( State_121111111( L_h, k.1, k, v, L_h.1, lock ) ▶₀ #t2.3 ) + case eventUnwrappedLhm_0_12111111 + solve( ((∃ h1 #t1. (NewKey( h1, k ) @ #t1) ∧ #t1 < #vr.35) ∧ + (∃ hp #t0. + (WrapKey( hp, k ) @ #t0) + ∧ + (((#t0 = #vr.35) ∨ (#t0 < #vr.35))) ∧ + (∀ hpp #t1. (Unwrapped( hpp, k ) @ #t1) ⇒ #t0 < #t1))) ∥ + (∃ h k2 #t1 #t0. + (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) + ∧ + (#t1 < #vr.35) ∧ (#t0 < #vr.35)) ∥ + (∃ #t0 #t1 h1 h2 k. + (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ∥ + (∃ #t0 #t1 h1 h2 k. + (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) + ∧ + (#t0 < #vr.35) ∧ (#t1 < #vr.35)) ) + case case_1 + solve( State_11111111111( lock, h1, k ) ▶₀ #t1 ) + case increate_0_1111111 + solve( State_11111121111( lock, <~n.6, x>, hp.1 ) ▶₀ #t0.1 ) + case ifattCvinit_0_1111112111 + solve( Insert( hp, <~n.2, 'init'> ) @ #t2.4 ) + case insertLhkinit_0_111111111111 + solve( State_111111111111( lock, hp, ~n.2 ) ▶₀ #t2.4 ) + case eventNewKeyLhk_0_11111111111 + solve( State_11111111111111( ~n, ~n.1, k.1 ) ▶₀ #t2.5 ) + case insertLhkinit_0_111111111111 solve( Insert( L_h1, ) @ #t2.6 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h1, z, lock ) ▶₀ #t2.6 ) + solve( State_111111111111( lock, L_h1, z ) ▶₀ #t2.6 ) case eventNewKeyLhk_0_11111111111 by contradiction /* from formulas */ qed @@ -15030,23 +13675,20 @@ next qed qed qed + next + case case_2 + by contradiction /* from formulas */ + next + case case_3 + by contradiction /* from formulas */ + next + case case_4 + by contradiction /* from formulas */ qed - next - case case_2 - by contradiction /* from formulas */ - next - case case_3 - by contradiction /* from formulas */ - next - case case_4 - by contradiction /* from formulas */ qed qed qed qed - next - case outsencmkeyv_0_111211111 - by contradiction /* cyclic */ qed qed qed @@ -15054,26 +13696,26 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h.1, L_h1, k.1, z, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h1, k.1, z, v, L_h.1, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, z ) @ #t1) ∧ #t1 < #vr.45) ∧ + solve( ((∃ h1 #t1. (NewKey( h1, z ) @ #t1) ∧ #t1 < #vr.21) ∧ (∃ hp #t0. (WrapKey( hp, z ) @ #t0) ∧ - (((#t0 = #vr.45) ∨ (#t0 < #vr.45))) ∧ + (((#t0 = #vr.21) ∨ (#t0 < #vr.21))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z ) @ #t1) ⇒ #t0 < #t1))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.45) ∧ (#t0 < #vr.45)) ∥ + (#t1 < #vr.21) ∧ (#t0 < #vr.21)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.45) ∧ (#t1 < #vr.45)) ∥ + (#t0 < #vr.21) ∧ (#t1 < #vr.21)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.45) ∧ (#t1 < #vr.45)) ) + (#t0 < #vr.21) ∧ (#t1 < #vr.21)) ) case case_1 by contradiction /* from formulas */ next @@ -15107,13 +13749,13 @@ next qed next case case_2 - solve( State_11111111111( h, k, lock ) ▶₀ #i ) - case newk_0_1111111111 - solve( !KU( ~n.1 ) @ #j ) - case outsdecckeyv_0_11112111111_case_1 + solve( State_11111111111( lock, h, k ) ▶₀ #i ) + case increate_0_1111111 + solve( !KU( ~n.2 ) @ #j ) + case eventDecUsingkeyvm_0_11112111111_case_1 by contradiction /* from formulas */ next - case outsdecckeyv_0_11112111111_case_2 + case eventDecUsingkeyvm_0_11112111111_case_2 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ #t1 < #t2) ∧ (∃ hp #t0. (WrapKey( hp, k2 ) @ #t0) @@ -15202,7 +13844,7 @@ next qed qed next - case outsdecckeyv_0_11112111111_case_3 + case eventDecUsingkeyvm_0_11112111111_case_3 solve( ((#t1 < #t2) ∧ (#t0 < #t2)) ∥ ((#t1 < #t3) ∧ (#t0 < #t3)) ) case case_1 by contradiction /* from formulas */ @@ -15211,7 +13853,7 @@ next by contradiction /* from formulas */ qed next - case outsdecckeyv_0_11112111111_case_4 + case eventDecUsingkeyvm_0_11112111111_case_4 solve( ((∃ h1 #t1. (NewKey( h1, k2 ) @ #t1) ∧ #t1 < #t2) ∧ (∃ hp #t0. (WrapKey( hp, k2 ) @ #t0) @@ -15261,39 +13903,39 @@ next qed qed next - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 solve( Insert( L_h2, ) @ #t2 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h2, v, lock ) ▶₀ #t2 ) + solve( State_111111211111( lock, v, L_h2 ) ▶₀ #t2 ) case eventWrapKeyLhkeyv_0_11111121111 solve( Insert( L_h1, ) @ #t2.1 ) case insertLhkeyvwrap_0_111111211111 - solve( State_111111211111( L_h1, v, lock ) ▶₀ #t2.1 ) + solve( State_111111211111( lock, v, L_h1 ) ▶₀ #t2.1 ) case eventWrapKeyLhkeyv_0_11111121111 - solve( ((#vr.20 < #vr.40) ∧ + solve( ((#vr.9 < #vr.19) ∧ (∃ #t2. (Unlock_5( '5', ~n.5, L_h1 ) @ #t2) ∧ - (#vr.20 < #t2) ∧ - (#t2 < #vr.40) ∧ + (#vr.9 < #t2) ∧ + (#t2 < #vr.19) ∧ (∀ #t0 pp. (Unlock( pp, ~n.5, L_h1 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.20) ∨ (#t0 = #vr.20) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.9) ∨ (#t0 = #vr.9) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, L_h1 ) @ #t0) ⇒ - ((#t0 < #vr.20) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.40 < #vr.20) ) + ((#t0 < #vr.9) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.19 < #vr.9) ) case case_1 solve( State_11211111111( L_h1, L_h2.1, v1, v2, ~n.5 ) ▶₀ #t2.2 ) - case outsenckeyvkeyv_0_1121111111 + case eventWrapkeyvkeyv_0_112111111 by contradiction /* cyclic */ qed next case case_2 - solve( State_11111121111111( L_h1, v, ~n.4 ) ▶₀ #t2.2 ) + solve( State_11111121111111( ~n.4, v, L_h1 ) ▶₀ #t2.2 ) case eventWrapHandleLh_0_1111112111111 solve( (#t2.4 < #t2.5) ∥ (#t2.4 = #t2.5) ) case case_1 @@ -15302,9 +13944,9 @@ next case case_2 solve( Insert( L_h2, ) @ #t2.3 ) case insertLhkinit_0_111111111111 - solve( State_111111111111( L_h2, z, lock ) ▶₀ #t2.3 ) + solve( State_111111111111( lock, L_h2, z ) ▶₀ #t2.3 ) case eventNewKeyLhk_0_11111111111 - solve( (#vr.14, 0) ~~> (#j, 0) ) + solve( (#vr.4, 0) ~~> (#j, 0) ) case Var_fresh_4_n by contradiction /* from formulas */ qed @@ -15316,26 +13958,26 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h, L_h1, k, z.1, v, lock ) ▶₀ #t2.1 ) + solve( State_121111111( L_h1, k, z.1, v, L_h, lock ) ▶₀ #t2.1 ) case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, z.1 ) @ #t1) ∧ #t1 < #vr.37) ∧ + solve( ((∃ h1 #t1. (NewKey( h1, z.1 ) @ #t1) ∧ #t1 < #vr.16) ∧ (∃ hp #t0. (WrapKey( hp, z.1 ) @ #t0) ∧ - (((#t0 = #vr.37) ∨ (#t0 < #vr.37))) ∧ + (((#t0 = #vr.16) ∨ (#t0 < #vr.16))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z.1 ) @ #t1) ⇒ #t0 < #t1))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.37) ∧ (#t0 < #vr.37)) ∥ + (#t1 < #vr.16) ∧ (#t0 < #vr.16)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.37) ∧ (#t1 < #vr.37)) ∥ + (#t0 < #vr.16) ∧ (#t1 < #vr.16)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.37) ∧ (#t1 < #vr.37)) ) + (#t0 < #vr.16) ∧ (#t1 < #vr.16)) ) case case_1 by contradiction /* from formulas */ next @@ -15410,30 +14052,30 @@ next qed next case insertLhmwrap_0_121111111 - solve( State_121111111( L_h, L_h2, k, z, v, lock ) ▶₀ #t2 ) + solve( State_121111111( L_h2, k, z, v, L_h, lock ) ▶₀ #t2 ) case eventUnwrappedLhm_0_12111111 - solve( ((∃ h1 #t1. (NewKey( h1, z ) @ #t1) ∧ #t1 < #vr.25) ∧ + solve( ((∃ h1 #t1. (NewKey( h1, z ) @ #t1) ∧ #t1 < #vr.11) ∧ (∃ hp #t0. (WrapKey( hp, z ) @ #t0) ∧ - (((#t0 = #vr.25) ∨ (#t0 < #vr.25))) ∧ + (((#t0 = #vr.11) ∨ (#t0 < #vr.11))) ∧ (∀ hpp #t1. (Unwrapped( hpp, z ) @ #t1) ⇒ #t0 < #t1))) ∥ (∃ h k2 #t1 #t0. (NewKey( h, k2 ) @ #t0) ∧ (!KU( k2 ) @ #t1) ∧ - (#t1 < #vr.25) ∧ (#t0 < #vr.25)) ∥ + (#t1 < #vr.11) ∧ (#t0 < #vr.11)) ∥ (∃ #t0 #t1 h1 h2 k. (WrapKey( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ∥ + (#t0 < #vr.11) ∧ (#t1 < #vr.11)) ∥ (∃ #t0 #t1 h1 h2 k. (Unwrapped( h2, k ) @ #t0) ∧ (DecKey( h1, k ) @ #t1) ∧ - (#t0 < #vr.25) ∧ (#t1 < #vr.25)) ) + (#t0 < #vr.11) ∧ (#t1 < #vr.11)) ) case case_1 - solve( State_11111111111( h1, z, lock ) ▶₀ #t1 ) - case newk_0_1111111111 - solve( (#vr.14, 0) ~~> (#j, 0) ) + solve( State_11111111111( lock, h1, z ) ▶₀ #t1 ) + case increate_0_1111111 + solve( (#vr.4, 0) ~~> (#j, 0) ) case Var_fresh_3_n by contradiction /* from formulas */ qed @@ -15523,7 +14165,7 @@ next case case_3 solve( (#t1 = #t3) ∥ (#t3 < #t1) ∥ (∀ #t2. - (Unlock_0( '0', ~n, x ) @ #t2) + (Unlock_0( '0', ~n.1, ~n ) @ #t2) ⇒ ((last(#t2)) ∨ (#t1 = #t2) ∨ @@ -15531,16 +14173,16 @@ next (#t2 = #t3) ∨ (#t3 < #t2) ∨ (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∨ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∨ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -15559,16 +14201,16 @@ next next case case_2 solve( (∃ #t0 pp. - (Unlock( pp, ~n, x ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ + (Unlock( pp, ~n.1, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (¬(#t0 = #t2))) ∥ (∃ pp lpp #t0. - (Lock( pp, lpp, x ) @ #t0) + (Lock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ (¬(#t0 = #t1)) ∧ (((#t2 = #t0) ∨ (#t0 < #t2)))) ∥ (∃ pp lpp #t0. - (Unlock( pp, lpp, x ) @ #t0) + (Unlock( pp, lpp, ~n ) @ #t0) ∧ (¬(last(#t0))) ∧ (((#t0 = #t1) ∨ (#t1 < #t0))) ∧ @@ -16110,1085 +14752,745 @@ next qed qed -lemma cannot_obtain_key: - all-traces "¬(∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (K( k ) @ #j))" -/* -guarded formula characterizing all counter-examples: -"∃ #i #j h k. (NewKey( h, k ) @ #i) ∧ (K( k ) @ #j)" -*/ -simplify -by contradiction /* from formulas */ - -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( ) ] --> [ State_111( ), State_112( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111[color=#ffffff, process="|"]: - [ State_111( ) ] --> [ State_1111( ), State_1112( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1111[color=#ffffff, process="|"]: - [ State_1111( ) ] --> [ State_11111( ), State_11112( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11111[color=#ffffff, process="|"]: - [ State_11111( ) ] --> [ State_111111( ), State_111112( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_111111[color=#ffffff, process="|"]: - [ State_111111( ) ] --> [ State_1111111( ), State_1111112( ) ] +rule (modulo E) Init[color=#ffffff, process="!"]: + [ ] --[ Init( ) ]-> [ !Semistate_1( ) ] /* has exactly the trivial AC variant */ rule (modulo E) increate_0_1111111[color=#ffffff, process="in('create');"]: - [ State_1111111( ), In( 'create' ) ] --> [ State_11111111( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newLh_0_11111111[color=#ffffff, process="new L_h;"]: - [ State_11111111( ), Fr( L_h ) ] --> [ State_111111111( L_h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockLh_0_111111111[color=#ffffff, process="lock L_h;"]: - [ State_111111111( L_h ), Fr( lock ) ] - --[ Lock_0( '0', lock, L_h ), Lock( '0', lock, L_h ) ]-> - [ State_1111111111( L_h, lock ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newk_0_1111111111[color=#ffffff, process="new k;"]: - [ State_1111111111( L_h, lock ), Fr( k ) ] - --> - [ State_11111111111( L_h, k, lock ) ] + [ State_1111111( ), In( 'create' ), Fr( L_h.1 ), Fr( lock ), Fr( k.1 ) ] + --[ Lock_0( '0', lock, L_h.1 ), Lock( '0', lock, L_h.1 ) ]-> + [ State_11111111111( lock, L_h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) increate_0_1111111[color=#ffffff, + process="in('create');"]: + [ State_1111111( ), In( 'create' ), Fr( L_h ), Fr( lock ), Fr( k ) ] + --[ Lock_0( '0', lock, L_h ), Lock( '0', lock, L_h ) ]-> + [ State_11111111111( lock, L_h, k ) ] + */ rule (modulo E) eventNewKeyLhk_0_11111111111[color=#ffffff, - process="event NewKey( L_h, k );"]: - [ State_11111111111( L_h, k, lock ) ] - --[ NewKey( L_h, k ) ]-> - [ State_111111111111( L_h, k, lock ) ] + process="event NewKey( L_h.1, k.1 );"]: + [ State_11111111111( lock, L_h.1, k.1 ) ] + --[ NewKey( L_h.1, k.1 ) ]-> + [ State_111111111111( lock, L_h.1, k.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventNewKeyLhk_0_11111111111[color=#ffffff, + process="event NewKey( L_h.1, k.1 );"]: + [ State_11111111111( lock, L_h, k ) ] + --[ NewKey( L_h, k ) ]-> + [ State_111111111111( lock, L_h, k ) ] + */ rule (modulo E) insertLhkinit_0_111111111111[color=#ffffff, - process="insert L_h,;"]: - [ State_111111111111( L_h, k, lock ) ] - --[ Insert( L_h, ) ]-> - [ State_1111111111111( L_h, k, lock ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outLh_0_1111111111111[color=#ffffff, - process="out(L_h);"]: - [ State_1111111111111( L_h, k, lock ) ] - --> - [ State_11111111111111( L_h, k, lock ), Out( L_h ) ] + process="insert L_h.1,;"]: + [ State_111111111111( lock, L_h.1, k.1 ) ] + --[ Insert( L_h.1, ) ]-> + [ State_11111111111111( lock, L_h.1, k.1 ), Out( L_h.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) insertLhkinit_0_111111111111[color=#ffffff, + process="insert L_h.1,;"]: + [ State_111111111111( lock, L_h, k ) ] + --[ Insert( L_h, ) ]-> + [ State_11111111111111( lock, L_h, k ), Out( L_h ) ] + */ rule (modulo E) unlockLh_0_11111111111111[color=#ffffff, - process="unlock L_h;"]: - [ State_11111111111111( L_h, k, lock ) ] - --[ Unlock_0( '0', lock, L_h ), Unlock( '0', lock, L_h ) ]-> - [ State_111111111111111( L_h, k, lock ) ] + process="unlock L_h.1;"]: + [ State_11111111111111( lock, L_h.1, k.1 ) ] + --[ Unlock_0( '0', lock, L_h.1 ), Unlock( '0', lock, L_h.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_111111111111111[color=#ffffff, process="0"]: - [ State_111111111111111( L_h, k, lock ) ] --> [ ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) unlockLh_0_11111111111111[color=#ffffff, + process="unlock L_h.1;"]: + [ State_11111111111111( lock, L_h, k ) ] + --[ Unlock_0( '0', lock, L_h ), Unlock( '0', lock, L_h ) ]-> + [ ] + */ rule (modulo E) insetwrapLh_0_1111112[color=#ffffff, - process="in(<'set_wrap', L_h>);"]: - [ State_1111112( ), In( <'set_wrap', L_h> ) ] - --> - [ State_11111121( L_h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockLh_0_11111121[color=#ffffff, process="lock L_h;"]: - [ State_11111121( L_h ), Fr( lock.1 ) ] - --[ Lock_1( '1', lock.1, L_h ), Lock( '1', lock.1, L_h ) ]-> - [ State_111111211( L_h, lock.1 ) ] + process="in(<'set_wrap', L_h.2>);"]: + [ State_1111112( ), In( <'set_wrap', L_h.2> ), Fr( lock.1 ) ] + --[ Lock_1( '1', lock.1, L_h.2 ), Lock( '1', lock.1, L_h.2 ) ]-> + [ State_111111211( lock.1, L_h.2 ) ] /* - rule (modulo AC) lockLh_0_11111121[color=#ffffff, process="lock L_h;"]: - [ State_11111121( L_h ), Fr( lock ) ] + rule (modulo AC) insetwrapLh_0_1111112[color=#ffffff, + process="in(<'set_wrap', L_h.2>);"]: + [ State_1111112( ), In( <'set_wrap', L_h> ), Fr( lock ) ] --[ Lock_1( '1', lock, L_h ), Lock( '1', lock, L_h ) ]-> - [ State_111111211( L_h, lock ) ] + [ State_111111211( lock, L_h ) ] */ rule (modulo E) lookupLhasv_0_111111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_111111211( L_h, lock.1 ) ] - --[ IsIn( L_h, v ) ]-> - [ State_1111112111( L_h, v, lock.1 ) ] + process="lookup L_h.2 as v.1"]: + [ State_111111211( lock.1, L_h.2 ) ] + --[ IsIn( L_h.2, v.1 ) ]-> + [ State_1111112111( lock.1, v.1, L_h.2 ) ] /* rule (modulo AC) lookupLhasv_0_111111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_111111211( L_h, lock ) ] + process="lookup L_h.2 as v.1"]: + [ State_111111211( lock, L_h ) ] --[ IsIn( L_h, v ) ]-> - [ State_1111112111( L_h, v, lock ) ] - */ - -rule (modulo E) lookupLhasv_1_111111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_111111211( L_h, lock.1 ) ] - --[ IsNotSet( L_h ) ]-> - [ State_1111112112( L_h, lock.1 ) ] - - /* - rule (modulo AC) lookupLhasv_1_111111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_111111211( L_h, lock ) ] - --[ IsNotSet( L_h ) ]-> - [ State_1111112112( L_h, lock ) ] + [ State_1111112111( lock, v, L_h ) ] */ -rule (modulo E) ifattvinit_0_1111112111[color=#ffffff, - process="if att(v)='init'"]: - [ State_1111112111( L_h, v, lock.1 ) ] - --[ Pred_Eq( att(v), 'init' ) ]-> - [ State_11111121111( L_h, v, lock.1 ) ] +rule (modulo E) ifattCvinit_0_1111112111[color=#ffffff, + process="if attC(v.1)='init'"]: + [ State_1111112111( lock.1, v.1, L_h.2 ) ] + --[ Pred_Eq( attC(v.1), 'init' ) ]-> + [ State_11111121111( lock.1, v.1, L_h.2 ) ] /* - rule (modulo AC) ifattvinit_0_1111112111[color=#ffffff, - process="if att(v)='init'"]: - [ State_1111112111( L_h, v, lock ) ] + rule (modulo AC) ifattCvinit_0_1111112111[color=#ffffff, + process="if attC(v.1)='init'"]: + [ State_1111112111( lock, v, L_h ) ] --[ Pred_Eq( z, 'init' ) ]-> - [ State_11111121111( L_h, v, lock ) ] + [ State_11111121111( lock, v, L_h ) ] variants (modulo AC) - 1. v = v.7 - z = att(v.7) - - 2. v = - z = z.8 - */ - -rule (modulo E) ifattvinit_1_1111112111[color=#ffffff, - process="if att(v)='init'"]: - [ State_1111112111( L_h, v, lock.1 ) ] - --[ Pred_Not_Eq( att(v), 'init' ) ]-> - [ State_11111121112( L_h, v, lock.1 ) ] - - /* - rule (modulo AC) ifattvinit_1_1111112111[color=#ffffff, - process="if att(v)='init'"]: - [ State_1111112111( L_h, v, lock ) ] - --[ Pred_Not_Eq( z, 'init' ) ]-> - [ State_11111121112( L_h, v, lock ) ] - variants (modulo AC) - 1. v = v.7 - z = att(v.7) + 1. v = v.8 + z = attC(v.8) - 2. v = - z = z.8 + 2. v = + z = z.9 */ rule (modulo E) eventWrapKeyLhkeyv_0_11111121111[color=#ffffff, - process="event WrapKey( L_h, key(v) );"]: - [ State_11111121111( L_h, v, lock.1 ) ] - --[ WrapKey( L_h, key(v) ) ]-> - [ State_111111211111( L_h, v, lock.1 ) ] + process="event WrapKey( L_h.2, key(v.1) );"]: + [ State_11111121111( lock.1, v.1, L_h.2 ) ] + --[ WrapKey( L_h.2, key(v.1) ) ]-> + [ State_111111211111( lock.1, v.1, L_h.2 ) ] /* rule (modulo AC) eventWrapKeyLhkeyv_0_11111121111[color=#ffffff, - process="event WrapKey( L_h, key(v) );"]: - [ State_11111121111( L_h, v, lock ) ] + process="event WrapKey( L_h.2, key(v.1) );"]: + [ State_11111121111( lock, v, L_h ) ] --[ WrapKey( L_h, z ) ]-> - [ State_111111211111( L_h, v, lock ) ] + [ State_111111211111( lock, v, L_h ) ] variants (modulo AC) - 1. v = v.6 - z = key(v.6) + 1. v = v.7 + z = key(v.7) - 2. v = - z = x.6 + 2. v = + z = x.7 */ rule (modulo E) insertLhkeyvwrap_0_111111211111[color=#ffffff, - process="insert L_h,;"]: - [ State_111111211111( L_h, v, lock.1 ) ] - --[ Insert( L_h, ) ]-> - [ State_1111112111111( L_h, v, lock.1 ) ] + process="insert L_h.2,;"]: + [ State_111111211111( lock.1, v.1, L_h.2 ) ] + --[ Insert( L_h.2, ) ]-> + [ State_1111112111111( lock.1, v.1, L_h.2 ) ] /* rule (modulo AC) insertLhkeyvwrap_0_111111211111[color=#ffffff, - process="insert L_h,;"]: - [ State_111111211111( L_h, v, lock ) ] + process="insert L_h.2,;"]: + [ State_111111211111( lock, v, L_h ) ] --[ Insert( L_h, ) ]-> - [ State_1111112111111( L_h, v, lock ) ] + [ State_1111112111111( lock, v, L_h ) ] variants (modulo AC) - 1. v = v.7 - z = key(v.7) + 1. v = v.8 + z = key(v.8) - 2. v = - z = z.8 + 2. v = + z = z.9 */ rule (modulo E) eventWrapHandleLh_0_1111112111111[color=#ffffff, - process="event WrapHandle( L_h );"]: - [ State_1111112111111( L_h, v, lock.1 ) ] - --[ WrapHandle( L_h ) ]-> - [ State_11111121111111( L_h, v, lock.1 ) ] + process="event WrapHandle( L_h.2 );"]: + [ State_1111112111111( lock.1, v.1, L_h.2 ) ] + --[ WrapHandle( L_h.2 ) ]-> + [ State_11111121111111( lock.1, v.1, L_h.2 ) ] /* rule (modulo AC) eventWrapHandleLh_0_1111112111111[color=#ffffff, - process="event WrapHandle( L_h );"]: - [ State_1111112111111( L_h, v, lock ) ] + process="event WrapHandle( L_h.2 );"]: + [ State_1111112111111( lock, v, L_h ) ] --[ WrapHandle( L_h ) ]-> - [ State_11111121111111( L_h, v, lock ) ] + [ State_11111121111111( lock, v, L_h ) ] */ rule (modulo E) unlockLh_0_11111121111111[color=#ffffff, - process="unlock L_h;"]: - [ State_11111121111111( L_h, v, lock.1 ) ] - --[ Unlock_1( '1', lock.1, L_h ), Unlock( '1', lock.1, L_h ) ]-> - [ State_111111211111111( L_h, v, lock.1 ) ] + process="unlock L_h.2;"]: + [ State_11111121111111( lock.1, v.1, L_h.2 ) ] + --[ Unlock_1( '1', lock.1, L_h.2 ), Unlock( '1', lock.1, L_h.2 ) ]-> + [ ] /* rule (modulo AC) unlockLh_0_11111121111111[color=#ffffff, - process="unlock L_h;"]: - [ State_11111121111111( L_h, v, lock ) ] + process="unlock L_h.2;"]: + [ State_11111121111111( lock, v, L_h ) ] --[ Unlock_1( '1', lock, L_h ), Unlock( '1', lock, L_h ) ]-> - [ State_111111211111111( L_h, v, lock ) ] - */ - -rule (modulo E) p_0_111111211111111[color=#ffffff, process="0"]: - [ State_111111211111111( L_h, v, lock.1 ) ] --> [ ] - - /* - rule (modulo AC) p_0_111111211111111[color=#ffffff, process="0"]: - [ State_111111211111111( L_h, v, lock ) ] --> [ ] + [ ] */ -rule (modulo E) p_0_11111121112[color=#ffffff, process="0"]: - [ State_11111121112( L_h, v, lock.1 ) ] --> [ ] +rule (modulo E) ifattCvinit_1_1111112111[color=#ffffff, + process="if attC(v.1)='init'"]: + [ State_1111112111( lock.1, v.1, L_h.2 ) ] + --[ Pred_Not_Eq( attC(v.1), 'init' ) ]-> + [ ] /* - rule (modulo AC) p_0_11111121112[color=#ffffff, process="0"]: - [ State_11111121112( L_h, v, lock ) ] --> [ ] + rule (modulo AC) ifattCvinit_1_1111112111[color=#ffffff, + process="if attC(v.1)='init'"]: + [ State_1111112111( lock, v, L_h ) ] --[ Pred_Not_Eq( z, 'init' ) ]-> [ ] + variants (modulo AC) + 1. v = v.8 + z = attC(v.8) + + 2. v = + z = z.9 */ -rule (modulo E) p_0_1111112112[color=#ffffff, process="0"]: - [ State_1111112112( L_h, lock.1 ) ] --> [ ] +rule (modulo E) lookupLhasv_1_111111211[color=#ffffff, + process="lookup L_h.2 as v.1"]: + [ State_111111211( lock.1, L_h.2 ) ] --[ IsNotSet( L_h.2 ) ]-> [ ] /* - rule (modulo AC) p_0_1111112112[color=#ffffff, process="0"]: - [ State_1111112112( L_h, lock ) ] --> [ ] + rule (modulo AC) lookupLhasv_1_111111211[color=#ffffff, + process="lookup L_h.2 as v.1"]: + [ State_111111211( lock, L_h ) ] --[ IsNotSet( L_h ) ]-> [ ] */ rule (modulo E) insetdecLh_0_111112[color=#ffffff, - process="in(<'set_dec', L_h>);"]: - [ State_111112( ), In( <'set_dec', L_h> ) ] --> [ State_1111121( L_h ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockLh_0_1111121[color=#ffffff, process="lock L_h;"]: - [ State_1111121( L_h ), Fr( lock.2 ) ] - --[ Lock_2( '2', lock.2, L_h ), Lock( '2', lock.2, L_h ) ]-> - [ State_11111211( L_h, lock.2 ) ] + process="in(<'set_dec', L_h.3>);"]: + [ State_111112( ), In( <'set_dec', L_h.3> ), Fr( lock.2 ) ] + --[ Lock_2( '2', lock.2, L_h.3 ), Lock( '2', lock.2, L_h.3 ) ]-> + [ State_11111211( lock.2, L_h.3 ) ] /* - rule (modulo AC) lockLh_0_1111121[color=#ffffff, process="lock L_h;"]: - [ State_1111121( L_h ), Fr( lock ) ] + rule (modulo AC) insetdecLh_0_111112[color=#ffffff, + process="in(<'set_dec', L_h.3>);"]: + [ State_111112( ), In( <'set_dec', L_h> ), Fr( lock ) ] --[ Lock_2( '2', lock, L_h ), Lock( '2', lock, L_h ) ]-> - [ State_11111211( L_h, lock ) ] + [ State_11111211( lock, L_h ) ] */ rule (modulo E) lookupLhasv_0_11111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_11111211( L_h, lock.2 ) ] - --[ IsIn( L_h, v ) ]-> - [ State_111112111( L_h, v, lock.2 ) ] + process="lookup L_h.3 as v.2"]: + [ State_11111211( lock.2, L_h.3 ) ] + --[ IsIn( L_h.3, v.2 ) ]-> + [ State_111112111( lock.2, v.2, L_h.3 ) ] /* rule (modulo AC) lookupLhasv_0_11111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_11111211( L_h, lock ) ] + process="lookup L_h.3 as v.2"]: + [ State_11111211( lock, L_h ) ] --[ IsIn( L_h, v ) ]-> - [ State_111112111( L_h, v, lock ) ] - */ - -rule (modulo E) lookupLhasv_1_11111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_11111211( L_h, lock.2 ) ] - --[ IsNotSet( L_h ) ]-> - [ State_111112112( L_h, lock.2 ) ] - - /* - rule (modulo AC) lookupLhasv_1_11111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_11111211( L_h, lock ) ] - --[ IsNotSet( L_h ) ]-> - [ State_111112112( L_h, lock ) ] + [ State_111112111( lock, v, L_h ) ] */ -rule (modulo E) ifattvinit_0_111112111[color=#ffffff, - process="if att(v)='init'"]: - [ State_111112111( L_h, v, lock.2 ) ] - --[ Pred_Eq( att(v), 'init' ) ]-> - [ State_1111121111( L_h, v, lock.2 ) ] +rule (modulo E) ifattCvinit_0_111112111[color=#ffffff, + process="if attC(v.2)='init'"]: + [ State_111112111( lock.2, v.2, L_h.3 ) ] + --[ Pred_Eq( attC(v.2), 'init' ) ]-> + [ State_1111121111( lock.2, v.2, L_h.3 ) ] /* - rule (modulo AC) ifattvinit_0_111112111[color=#ffffff, - process="if att(v)='init'"]: - [ State_111112111( L_h, v, lock ) ] + rule (modulo AC) ifattCvinit_0_111112111[color=#ffffff, + process="if attC(v.2)='init'"]: + [ State_111112111( lock, v, L_h ) ] --[ Pred_Eq( z, 'init' ) ]-> - [ State_1111121111( L_h, v, lock ) ] - variants (modulo AC) - 1. v = v.8 - z = att(v.8) - - 2. v = - z = z.9 - */ - -rule (modulo E) ifattvinit_1_111112111[color=#ffffff, - process="if att(v)='init'"]: - [ State_111112111( L_h, v, lock.2 ) ] - --[ Pred_Not_Eq( att(v), 'init' ) ]-> - [ State_1111121112( L_h, v, lock.2 ) ] - - /* - rule (modulo AC) ifattvinit_1_111112111[color=#ffffff, - process="if att(v)='init'"]: - [ State_111112111( L_h, v, lock ) ] - --[ Pred_Not_Eq( z, 'init' ) ]-> - [ State_1111121112( L_h, v, lock ) ] + [ State_1111121111( lock, v, L_h ) ] variants (modulo AC) - 1. v = v.8 - z = att(v.8) + 1. v = v.9 + z = attC(v.9) - 2. v = - z = z.9 + 2. v = + z = z.10 */ rule (modulo E) eventDecKeyLhkeyv_0_1111121111[color=#ffffff, - process="event DecKey( L_h, key(v) );"]: - [ State_1111121111( L_h, v, lock.2 ) ] - --[ DecKey( L_h, key(v) ) ]-> - [ State_11111211111( L_h, v, lock.2 ) ] + process="event DecKey( L_h.3, key(v.2) );"]: + [ State_1111121111( lock.2, v.2, L_h.3 ) ] + --[ DecKey( L_h.3, key(v.2) ) ]-> + [ State_11111211111( lock.2, v.2, L_h.3 ) ] /* rule (modulo AC) eventDecKeyLhkeyv_0_1111121111[color=#ffffff, - process="event DecKey( L_h, key(v) );"]: - [ State_1111121111( L_h, v, lock ) ] + process="event DecKey( L_h.3, key(v.2) );"]: + [ State_1111121111( lock, v, L_h ) ] --[ DecKey( L_h, z ) ]-> - [ State_11111211111( L_h, v, lock ) ] + [ State_11111211111( lock, v, L_h ) ] variants (modulo AC) - 1. v = v.7 - z = key(v.7) + 1. v = v.8 + z = key(v.8) - 2. v = - z = x.7 + 2. v = + z = x.8 */ rule (modulo E) insertLhkeyvdec_0_11111211111[color=#ffffff, - process="insert L_h,;"]: - [ State_11111211111( L_h, v, lock.2 ) ] - --[ Insert( L_h, ) ]-> - [ State_111112111111( L_h, v, lock.2 ) ] + process="insert L_h.3,;"]: + [ State_11111211111( lock.2, v.2, L_h.3 ) ] + --[ Insert( L_h.3, ) ]-> + [ State_111112111111( lock.2, v.2, L_h.3 ) ] /* rule (modulo AC) insertLhkeyvdec_0_11111211111[color=#ffffff, - process="insert L_h,;"]: - [ State_11111211111( L_h, v, lock ) ] + process="insert L_h.3,;"]: + [ State_11111211111( lock, v, L_h ) ] --[ Insert( L_h, ) ]-> - [ State_111112111111( L_h, v, lock ) ] + [ State_111112111111( lock, v, L_h ) ] variants (modulo AC) - 1. v = v.8 - z = key(v.8) + 1. v = v.9 + z = key(v.9) - 2. v = - z = z.9 + 2. v = + z = z.10 */ rule (modulo E) unlockLh_0_111112111111[color=#ffffff, - process="unlock L_h;"]: - [ State_111112111111( L_h, v, lock.2 ) ] - --[ Unlock_2( '2', lock.2, L_h ), Unlock( '2', lock.2, L_h ) ]-> - [ State_1111121111111( L_h, v, lock.2 ) ] + process="unlock L_h.3;"]: + [ State_111112111111( lock.2, v.2, L_h.3 ) ] + --[ Unlock_2( '2', lock.2, L_h.3 ), Unlock( '2', lock.2, L_h.3 ) ]-> + [ ] /* rule (modulo AC) unlockLh_0_111112111111[color=#ffffff, - process="unlock L_h;"]: - [ State_111112111111( L_h, v, lock ) ] + process="unlock L_h.3;"]: + [ State_111112111111( lock, v, L_h ) ] --[ Unlock_2( '2', lock, L_h ), Unlock( '2', lock, L_h ) ]-> - [ State_1111121111111( L_h, v, lock ) ] - */ - -rule (modulo E) p_0_1111121111111[color=#ffffff, process="0"]: - [ State_1111121111111( L_h, v, lock.2 ) ] --> [ ] - - /* - rule (modulo AC) p_0_1111121111111[color=#ffffff, process="0"]: - [ State_1111121111111( L_h, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_1111121112[color=#ffffff, process="0"]: - [ State_1111121112( L_h, v, lock.2 ) ] --> [ ] - - /* - rule (modulo AC) p_0_1111121112[color=#ffffff, process="0"]: - [ State_1111121112( L_h, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_111112112[color=#ffffff, process="0"]: - [ State_111112112( L_h, lock.2 ) ] --> [ ] - - /* - rule (modulo AC) p_0_111112112[color=#ffffff, process="0"]: - [ State_111112112( L_h, lock ) ] --> [ ] - */ - -rule (modulo E) inLhc_0_11112[color=#ffffff, process="in();"]: - [ State_11112( ), In( ) ] --> [ State_111121( L_h, c ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockLh_0_111121[color=#ffffff, process="lock L_h;"]: - [ State_111121( L_h, c ), Fr( lock.3 ) ] - --[ Lock_3( '3', lock.3, L_h ), Lock( '3', lock.3, L_h ) ]-> - [ State_1111211( L_h, c, lock.3 ) ] - - /* - rule (modulo AC) lockLh_0_111121[color=#ffffff, process="lock L_h;"]: - [ State_111121( L_h, c ), Fr( lock ) ] - --[ Lock_3( '3', lock, L_h ), Lock( '3', lock, L_h ) ]-> - [ State_1111211( L_h, c, lock ) ] - */ - -rule (modulo E) lookupLhasv_0_1111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_1111211( L_h, c, lock.3 ) ] - --[ IsIn( L_h, v ) ]-> - [ State_11112111( L_h, c, v, lock.3 ) ] - - /* - rule (modulo AC) lookupLhasv_0_1111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_1111211( L_h, c, lock ) ] - --[ IsIn( L_h, v ) ]-> - [ State_11112111( L_h, c, v, lock ) ] - */ - -rule (modulo E) lookupLhasv_1_1111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_1111211( L_h, c, lock.3 ) ] - --[ IsNotSet( L_h ) ]-> - [ State_11112112( L_h, c, lock.3 ) ] - - /* - rule (modulo AC) lookupLhasv_1_1111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_1111211( L_h, c, lock ) ] - --[ IsNotSet( L_h ) ]-> - [ State_11112112( L_h, c, lock ) ] + [ ] */ -rule (modulo E) ifattvdec_0_11112111[color=#ffffff, - process="if att(v)='dec'"]: - [ State_11112111( L_h, c, v, lock.3 ) ] - --[ Pred_Eq( att(v), 'dec' ) ]-> - [ State_111121111( L_h, c, v, lock.3 ) ] +rule (modulo E) ifattCvinit_1_111112111[color=#ffffff, + process="if attC(v.2)='init'"]: + [ State_111112111( lock.2, v.2, L_h.3 ) ] + --[ Pred_Not_Eq( attC(v.2), 'init' ) ]-> + [ ] /* - rule (modulo AC) ifattvdec_0_11112111[color=#ffffff, - process="if att(v)='dec'"]: - [ State_11112111( L_h, c, v, lock ) ] - --[ Pred_Eq( z, 'dec' ) ]-> - [ State_111121111( L_h, c, v, lock ) ] + rule (modulo AC) ifattCvinit_1_111112111[color=#ffffff, + process="if attC(v.2)='init'"]: + [ State_111112111( lock, v, L_h ) ] --[ Pred_Not_Eq( z, 'init' ) ]-> [ ] variants (modulo AC) - 1. v = v.10 - z = att(v.10) + 1. v = v.9 + z = attC(v.9) - 2. v = - z = z.11 + 2. v = + z = z.10 */ -rule (modulo E) ifattvdec_1_11112111[color=#ffffff, - process="if att(v)='dec'"]: - [ State_11112111( L_h, c, v, lock.3 ) ] - --[ Pred_Not_Eq( att(v), 'dec' ) ]-> - [ State_111121112( L_h, c, v, lock.3 ) ] +rule (modulo E) lookupLhasv_1_11111211[color=#ffffff, + process="lookup L_h.3 as v.2"]: + [ State_11111211( lock.2, L_h.3 ) ] --[ IsNotSet( L_h.3 ) ]-> [ ] /* - rule (modulo AC) ifattvdec_1_11112111[color=#ffffff, - process="if att(v)='dec'"]: - [ State_11112111( L_h, c, v, lock ) ] - --[ Pred_Not_Eq( z, 'dec' ) ]-> - [ State_111121112( L_h, c, v, lock ) ] - variants (modulo AC) - 1. v = v.10 - z = att(v.10) - - 2. v = - z = z.11 + rule (modulo AC) lookupLhasv_1_11111211[color=#ffffff, + process="lookup L_h.3 as v.2"]: + [ State_11111211( lock, L_h ) ] --[ IsNotSet( L_h ) ]-> [ ] */ -rule (modulo E) ifsencSuccckeyvtrue_0_111121111[color=#ffffff, - process="if sencSucc(c, key(v))=true"]: - [ State_111121111( L_h, c, v, lock.3 ) ] - --[ Pred_Eq( sencSucc(c, key(v)), true ) ]-> - [ State_1111211111( L_h, c, v, lock.3 ) ] +rule (modulo E) inLhc_0_11112[color=#ffffff, + process="in();"]: + [ State_11112( ), In( ), Fr( lock.3 ) ] + --[ Lock_3( '3', lock.3, L_h.4 ), Lock( '3', lock.3, L_h.4 ) ]-> + [ State_1111211( c.1, lock.3, L_h.4 ) ] /* - rule (modulo AC) ifsencSuccckeyvtrue_0_111121111[color=#ffffff, - process="if sencSucc(c, key(v))=true"]: - [ State_111121111( L_h, c, v, lock ) ] - --[ Pred_Eq( z, true ) ]-> - [ State_1111211111( L_h, c, v, lock ) ] - variants (modulo AC) - 1. c = c.9 - v = v.9 - z = sencSucc(c.9, key(v.9)) - - 2. c = c.11 - v = - z = sencSucc(c.11, x.9) - - 3. c = senc(x.9, x.10) - v = - z = true - - 4. c = senc(x.9, key(x.10)) - v = x.10 - z = true + rule (modulo AC) inLhc_0_11112[color=#ffffff, + process="in();"]: + [ State_11112( ), In( ), Fr( lock ) ] + --[ Lock_3( '3', lock, L_h ), Lock( '3', lock, L_h ) ]-> + [ State_1111211( c, lock, L_h ) ] + */ + +rule (modulo E) lookupLhasv_0_1111211[color=#ffffff, + process="lookup L_h.4 as v.3"]: + [ State_1111211( c.1, lock.3, L_h.4 ) ] + --[ IsIn( L_h.4, v.3 ) ]-> + [ State_11112111( c.1, lock.3, v.3, L_h.4 ) ] + + /* + rule (modulo AC) lookupLhasv_0_1111211[color=#ffffff, + process="lookup L_h.4 as v.3"]: + [ State_1111211( c, lock, L_h ) ] + --[ IsIn( L_h, v ) ]-> + [ State_11112111( c, lock, v, L_h ) ] */ -rule (modulo E) ifsencSuccckeyvtrue_1_111121111[color=#ffffff, - process="if sencSucc(c, key(v))=true"]: - [ State_111121111( L_h, c, v, lock.3 ) ] - --[ Pred_Not_Eq( sencSucc(c, key(v)), true ) ]-> - [ State_1111211112( L_h, c, v, lock.3 ) ] +rule (modulo E) ifattCvdec_0_11112111[color=#ffffff, + process="if attC(v.3)='dec'"]: + [ State_11112111( c.1, lock.3, v.3, L_h.4 ) ] + --[ Pred_Eq( attC(v.3), 'dec' ) ]-> + [ State_111121111( c.1, lock.3, v.3, L_h.4 ) ] /* - rule (modulo AC) ifsencSuccckeyvtrue_1_111121111[color=#ffffff, - process="if sencSucc(c, key(v))=true"]: - [ State_111121111( L_h, c, v, lock ) ] - --[ Pred_Not_Eq( z, true ) ]-> - [ State_1111211112( L_h, c, v, lock ) ] + rule (modulo AC) ifattCvdec_0_11112111[color=#ffffff, + process="if attC(v.3)='dec'"]: + [ State_11112111( c, lock, v, L_h ) ] + --[ Pred_Eq( z, 'dec' ) ]-> + [ State_111121111( c, lock, v, L_h ) ] variants (modulo AC) - 1. c = c.9 - v = v.9 - z = sencSucc(c.9, key(v.9)) - - 2. c = c.11 - v = - z = sencSucc(c.11, x.9) - - 3. c = senc(x.9, x.10) - v = - z = true + 1. v = v.11 + z = attC(v.11) - 4. c = senc(x.9, key(x.10)) - v = x.10 - z = true + 2. v = + z = z.12 */ -rule (modulo E) eventDecUsingkeyvsdecckeyv_0_1111211111[color=#ffffff, - process="event DecUsing( key(v), sdec(c, key(v)) );"]: - [ State_1111211111( L_h, c, v, lock.3 ) ] - --[ DecUsing( key(v), sdec(c, key(v)) ) ]-> - [ State_11112111111( L_h, c, v, lock.3 ) ] +rule (modulo E) ifsencSuccckeyvtrue_0_111121111[color=#ffffff, + process="if sencSucc(c.1, key(v.3))=true"]: + [ State_111121111( c.1, lock.3, v.3, L_h.4 ) ] + --[ Pred_Eq( sencSucc(c.1, key(v.3)), true ) ]-> + [ Let_11112111111( , c.1, lock.3, v.3, L_h.4 ) ] /* - rule (modulo AC) eventDecUsingkeyvsdecckeyv_0_1111211111[color=#ffffff, - process="event DecUsing( key(v), sdec(c, key(v)) );"]: - [ State_1111211111( L_h, c, v, lock ) ] - --[ DecUsing( z, z.1 ) ]-> - [ State_11112111111( L_h, c, v, lock ) ] + rule (modulo AC) ifsencSuccckeyvtrue_0_111121111[color=#ffffff, + process="if sencSucc(c.1, key(v.3))=true"]: + [ State_111121111( c, lock, v, L_h ) ] + --[ Pred_Eq( z.1, true ) ]-> + [ Let_11112111111( , c, lock, v, L_h ) ] variants (modulo AC) - 1. c = c.10 - v = v.10 - z = key(v.10) - z.1 = sdec(c.10, key(v.10)) - - 2. c = c.12 - v = - z = x.10 - z.1 = sdec(c.12, x.10) + 1. c = c.11 + v = v.13 + z = key(v.13) + z.1 = sencSucc(c.11, key(v.13)) - 3. c = senc(x.10, x.11) + 2. c = c.13 v = z = x.11 - z.1 = x.10 + z.1 = sencSucc(c.13, x.11) - 4. c = senc(x.10, key(x.11)) - v = x.11 - z = key(x.11) - z.1 = x.10 + 3. c = senc(x.11, x.12) + v = + z = x.12 + z.1 = true + + 4. c = senc(x.11, key(x.12)) + v = x.12 + z = key(x.12) + z.1 = true */ -rule (modulo E) outsdecckeyv_0_11112111111[color=#ffffff, - process="out(sdec(c, key(v)));"]: - [ State_11112111111( L_h, c, v, lock.3 ) ] +rule (modulo E) letmsdecckeyv_1_1111211111[color=#ffffff, + process="let m.1=sdec(c.1, key(v.3))"]: + [ Let_11112111111( , c.1, lock.3, v.3, L_h.4 ) ] --> - [ State_111121111111( L_h, c, v, lock.3 ), Out( sdec(c, key(v)) ) ] + [ State_11112111111( c.1, m.1, lock.3, v.3, L_h.4 ) ] /* - rule (modulo AC) outsdecckeyv_0_11112111111[color=#ffffff, - process="out(sdec(c, key(v)));"]: - [ State_11112111111( L_h, c, v, lock ) ] + rule (modulo AC) letmsdecckeyv_1_1111211111[color=#ffffff, + process="let m.1=sdec(c.1, key(v.3))"]: + [ Let_11112111111( , c, lock, v, L_h ) ] --> - [ State_111121111111( L_h, c, v, lock ), Out( z ) ] - variants (modulo AC) - 1. c = c.9 - v = v.9 - z = sdec(c.9, key(v.9)) - - 2. c = c.11 - v = - z = sdec(c.11, x.9) - - 3. c = senc(x.9, x.10) - v = - z = x.9 - - 4. c = senc(x.9, key(x.10)) - v = x.10 - z = x.9 + [ State_11112111111( c, m, lock, v, L_h ) ] */ -rule (modulo E) unlockLh_0_111121111111[color=#ffffff, - process="unlock L_h;"]: - [ State_111121111111( L_h, c, v, lock.3 ) ] - --[ Unlock_3( '3', lock.3, L_h ), Unlock( '3', lock.3, L_h ) ]-> - [ State_1111211111111( L_h, c, v, lock.3 ) ] +rule (modulo E) eventDecUsingkeyvm_0_11112111111[color=#ffffff, + process="event DecUsing( key(v.3), m.1 );"]: + [ State_11112111111( c.1, m.1, lock.3, v.3, L_h.4 ) ] + --[ DecUsing( key(v.3), m.1 ) ]-> + [ State_1111211111111( c.1, m.1, lock.3, v.3, L_h.4 ), Out( m.1 ) ] /* - rule (modulo AC) unlockLh_0_111121111111[color=#ffffff, - process="unlock L_h;"]: - [ State_111121111111( L_h, c, v, lock ) ] - --[ Unlock_3( '3', lock, L_h ), Unlock( '3', lock, L_h ) ]-> - [ State_1111211111111( L_h, c, v, lock ) ] + rule (modulo AC) eventDecUsingkeyvm_0_11112111111[color=#ffffff, + process="event DecUsing( key(v.3), m.1 );"]: + [ State_11112111111( c, m, lock, v, L_h ) ] + --[ DecUsing( z, m ) ]-> + [ State_1111211111111( c, m, lock, v, L_h ), Out( m ) ] + variants (modulo AC) + 1. v = v.13 + z = key(v.13) + + 2. v = + z = x.11 */ -rule (modulo E) p_0_1111211111111[color=#ffffff, process="0"]: - [ State_1111211111111( L_h, c, v, lock.3 ) ] --> [ ] +rule (modulo E) unlockLh_0_1111211111111[color=#ffffff, + process="unlock L_h.4;"]: + [ State_1111211111111( c.1, m.1, lock.3, v.3, L_h.4 ) ] + --[ Unlock_3( '3', lock.3, L_h.4 ), Unlock( '3', lock.3, L_h.4 ) ]-> + [ ] /* - rule (modulo AC) p_0_1111211111111[color=#ffffff, process="0"]: - [ State_1111211111111( L_h, c, v, lock ) ] --> [ ] + rule (modulo AC) unlockLh_0_1111211111111[color=#ffffff, + process="unlock L_h.4;"]: + [ State_1111211111111( c, m, lock, v, L_h ) ] + --[ Unlock_3( '3', lock, L_h ), Unlock( '3', lock, L_h ) ]-> + [ ] */ -rule (modulo E) p_0_1111211112[color=#ffffff, process="0"]: - [ State_1111211112( L_h, c, v, lock.3 ) ] --> [ ] +rule (modulo E) ifsencSuccckeyvtrue_1_111121111[color=#ffffff, + process="if sencSucc(c.1, key(v.3))=true"]: + [ State_111121111( c.1, lock.3, v.3, L_h.4 ) ] + --[ Pred_Not_Eq( sencSucc(c.1, key(v.3)), true ) ]-> + [ ] /* - rule (modulo AC) p_0_1111211112[color=#ffffff, process="0"]: - [ State_1111211112( L_h, c, v, lock ) ] --> [ ] + rule (modulo AC) ifsencSuccckeyvtrue_1_111121111[color=#ffffff, + process="if sencSucc(c.1, key(v.3))=true"]: + [ State_111121111( c, lock, v, L_h ) ] --[ Pred_Not_Eq( z, true ) ]-> [ ] + variants (modulo AC) + 1. c = c.10 + v = v.12 + z = sencSucc(c.10, key(v.12)) + + 2. c = c.12 + v = + z = sencSucc(c.12, x.10) + + 3. c = senc(x.10, x.11) + v = + z = true + + 4. c = senc(x.10, key(x.11)) + v = x.11 + z = true */ -rule (modulo E) p_0_111121112[color=#ffffff, process="0"]: - [ State_111121112( L_h, c, v, lock.3 ) ] --> [ ] +rule (modulo E) ifattCvdec_1_11112111[color=#ffffff, + process="if attC(v.3)='dec'"]: + [ State_11112111( c.1, lock.3, v.3, L_h.4 ) ] + --[ Pred_Not_Eq( attC(v.3), 'dec' ) ]-> + [ ] /* - rule (modulo AC) p_0_111121112[color=#ffffff, process="0"]: - [ State_111121112( L_h, c, v, lock ) ] --> [ ] + rule (modulo AC) ifattCvdec_1_11112111[color=#ffffff, + process="if attC(v.3)='dec'"]: + [ State_11112111( c, lock, v, L_h ) ] --[ Pred_Not_Eq( z, 'dec' ) ]-> [ ] + variants (modulo AC) + 1. v = v.11 + z = attC(v.11) + + 2. v = + z = z.12 */ -rule (modulo E) p_0_11112112[color=#ffffff, process="0"]: - [ State_11112112( L_h, c, lock.3 ) ] --> [ ] +rule (modulo E) lookupLhasv_1_1111211[color=#ffffff, + process="lookup L_h.4 as v.3"]: + [ State_1111211( c.1, lock.3, L_h.4 ) ] --[ IsNotSet( L_h.4 ) ]-> [ ] /* - rule (modulo AC) p_0_11112112[color=#ffffff, process="0"]: - [ State_11112112( L_h, c, lock ) ] --> [ ] + rule (modulo AC) lookupLhasv_1_1111211[color=#ffffff, + process="lookup L_h.4 as v.3"]: + [ State_1111211( c, lock, L_h ) ] --[ IsNotSet( L_h ) ]-> [ ] */ -rule (modulo E) inLhm_0_1112[color=#ffffff, process="in();"]: - [ State_1112( ), In( ) ] --> [ State_11121( L_h, m ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockLh_0_11121[color=#ffffff, process="lock L_h;"]: - [ State_11121( L_h, m ), Fr( lock.4 ) ] - --[ Lock_4( '4', lock.4, L_h ), Lock( '4', lock.4, L_h ) ]-> - [ State_111211( L_h, m, lock.4 ) ] +rule (modulo E) inLhm_0_1112[color=#ffffff, process="in();"]: + [ State_1112( ), In( ), Fr( lock.4 ) ] + --[ Lock_4( '4', lock.4, L_h.5 ), Lock( '4', lock.4, L_h.5 ) ]-> + [ State_111211( m.2, lock.4, L_h.5 ) ] /* - rule (modulo AC) lockLh_0_11121[color=#ffffff, process="lock L_h;"]: - [ State_11121( L_h, m ), Fr( lock ) ] + rule (modulo AC) inLhm_0_1112[color=#ffffff, + process="in();"]: + [ State_1112( ), In( ), Fr( lock ) ] --[ Lock_4( '4', lock, L_h ), Lock( '4', lock, L_h ) ]-> - [ State_111211( L_h, m, lock ) ] + [ State_111211( m, lock, L_h ) ] */ rule (modulo E) lookupLhasv_0_111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_111211( L_h, m, lock.4 ) ] - --[ IsIn( L_h, v ) ]-> - [ State_1112111( L_h, m, v, lock.4 ) ] + process="lookup L_h.5 as v.4"]: + [ State_111211( m.2, lock.4, L_h.5 ) ] + --[ IsIn( L_h.5, v.4 ) ]-> + [ State_1112111( m.2, lock.4, v.4, L_h.5 ) ] /* rule (modulo AC) lookupLhasv_0_111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_111211( L_h, m, lock ) ] + process="lookup L_h.5 as v.4"]: + [ State_111211( m, lock, L_h ) ] --[ IsIn( L_h, v ) ]-> - [ State_1112111( L_h, m, v, lock ) ] + [ State_1112111( m, lock, v, L_h ) ] */ -rule (modulo E) lookupLhasv_1_111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_111211( L_h, m, lock.4 ) ] - --[ IsNotSet( L_h ) ]-> - [ State_1112112( L_h, m, lock.4 ) ] - - /* - rule (modulo AC) lookupLhasv_1_111211[color=#ffffff, - process="lookup L_h as v"]: - [ State_111211( L_h, m, lock ) ] - --[ IsNotSet( L_h ) ]-> - [ State_1112112( L_h, m, lock ) ] - */ - -rule (modulo E) ifattvdec_0_1112111[color=#ffffff, - process="if att(v)='dec'"]: - [ State_1112111( L_h, m, v, lock.4 ) ] - --[ Pred_Eq( att(v), 'dec' ) ]-> - [ State_11121111( L_h, m, v, lock.4 ) ] +rule (modulo E) ifattCvdec_0_1112111[color=#ffffff, + process="if attC(v.4)='dec'"]: + [ State_1112111( m.2, lock.4, v.4, L_h.5 ) ] + --[ Pred_Eq( attC(v.4), 'dec' ) ]-> + [ State_11121111( m.2, lock.4, v.4, L_h.5 ) ] /* - rule (modulo AC) ifattvdec_0_1112111[color=#ffffff, - process="if att(v)='dec'"]: - [ State_1112111( L_h, m, v, lock ) ] + rule (modulo AC) ifattCvdec_0_1112111[color=#ffffff, + process="if attC(v.4)='dec'"]: + [ State_1112111( m, lock, v, L_h ) ] --[ Pred_Eq( z, 'dec' ) ]-> - [ State_11121111( L_h, m, v, lock ) ] - variants (modulo AC) - 1. v = v.11 - z = att(v.11) - - 2. v = - z = z.12 - */ - -rule (modulo E) ifattvdec_1_1112111[color=#ffffff, - process="if att(v)='dec'"]: - [ State_1112111( L_h, m, v, lock.4 ) ] - --[ Pred_Not_Eq( att(v), 'dec' ) ]-> - [ State_11121112( L_h, m, v, lock.4 ) ] - - /* - rule (modulo AC) ifattvdec_1_1112111[color=#ffffff, - process="if att(v)='dec'"]: - [ State_1112111( L_h, m, v, lock ) ] - --[ Pred_Not_Eq( z, 'dec' ) ]-> - [ State_11121112( L_h, m, v, lock ) ] + [ State_11121111( m, lock, v, L_h ) ] variants (modulo AC) - 1. v = v.11 - z = att(v.11) + 1. v = v.12 + z = attC(v.12) - 2. v = - z = z.12 + 2. v = + z = z.13 */ rule (modulo E) eventEncUsingkeyvm_0_11121111[color=#ffffff, - process="event EncUsing( key(v), m );"]: - [ State_11121111( L_h, m, v, lock.4 ) ] - --[ EncUsing( key(v), m ) ]-> - [ State_111211111( L_h, m, v, lock.4 ) ] + process="event EncUsing( key(v.4), m.2 );"]: + [ State_11121111( m.2, lock.4, v.4, L_h.5 ) ] + --[ EncUsing( key(v.4), m.2 ) ]-> + [ State_1112111111( m.2, lock.4, v.4, L_h.5 ), Out( senc(m.2, key(v.4)) ) + ] /* rule (modulo AC) eventEncUsingkeyvm_0_11121111[color=#ffffff, - process="event EncUsing( key(v), m );"]: - [ State_11121111( L_h, m, v, lock ) ] + process="event EncUsing( key(v.4), m.2 );"]: + [ State_11121111( m, lock, v, L_h ) ] --[ EncUsing( z, m ) ]-> - [ State_111211111( L_h, m, v, lock ) ] - variants (modulo AC) - 1. v = v.10 - z = key(v.10) - - 2. v = - z = x.10 - */ - -rule (modulo E) outsencmkeyv_0_111211111[color=#ffffff, - process="out(senc(m, key(v)));"]: - [ State_111211111( L_h, m, v, lock.4 ) ] - --> - [ State_1112111111( L_h, m, v, lock.4 ), Out( senc(m, key(v)) ) ] - - /* - rule (modulo AC) outsencmkeyv_0_111211111[color=#ffffff, - process="out(senc(m, key(v)));"]: - [ State_111211111( L_h, m, v, lock ) ] - --> - [ State_1112111111( L_h, m, v, lock ), Out( senc(m, z) ) ] + [ State_1112111111( m, lock, v, L_h ), Out( senc(m, z) ) ] variants (modulo AC) - 1. v = v.10 - z = key(v.10) + 1. v = v.13 + z = key(v.13) - 2. v = - z = x.10 + 2. v = + z = x.11 */ rule (modulo E) unlockLh_0_1112111111[color=#ffffff, - process="unlock L_h;"]: - [ State_1112111111( L_h, m, v, lock.4 ) ] - --[ Unlock_4( '4', lock.4, L_h ), Unlock( '4', lock.4, L_h ) ]-> - [ State_11121111111( L_h, m, v, lock.4 ) ] + process="unlock L_h.5;"]: + [ State_1112111111( m.2, lock.4, v.4, L_h.5 ) ] + --[ Unlock_4( '4', lock.4, L_h.5 ), Unlock( '4', lock.4, L_h.5 ) ]-> + [ ] /* rule (modulo AC) unlockLh_0_1112111111[color=#ffffff, - process="unlock L_h;"]: - [ State_1112111111( L_h, m, v, lock ) ] + process="unlock L_h.5;"]: + [ State_1112111111( m, lock, v, L_h ) ] --[ Unlock_4( '4', lock, L_h ), Unlock( '4', lock, L_h ) ]-> - [ State_11121111111( L_h, m, v, lock ) ] - */ - -rule (modulo E) p_0_11121111111[color=#ffffff, process="0"]: - [ State_11121111111( L_h, m, v, lock.4 ) ] --> [ ] - - /* - rule (modulo AC) p_0_11121111111[color=#ffffff, process="0"]: - [ State_11121111111( L_h, m, v, lock ) ] --> [ ] + [ ] */ -rule (modulo E) p_0_11121112[color=#ffffff, process="0"]: - [ State_11121112( L_h, m, v, lock.4 ) ] --> [ ] +rule (modulo E) ifattCvdec_1_1112111[color=#ffffff, + process="if attC(v.4)='dec'"]: + [ State_1112111( m.2, lock.4, v.4, L_h.5 ) ] + --[ Pred_Not_Eq( attC(v.4), 'dec' ) ]-> + [ ] /* - rule (modulo AC) p_0_11121112[color=#ffffff, process="0"]: - [ State_11121112( L_h, m, v, lock ) ] --> [ ] + rule (modulo AC) ifattCvdec_1_1112111[color=#ffffff, + process="if attC(v.4)='dec'"]: + [ State_1112111( m, lock, v, L_h ) ] --[ Pred_Not_Eq( z, 'dec' ) ]-> [ ] + variants (modulo AC) + 1. v = v.12 + z = attC(v.12) + + 2. v = + z = z.13 */ -rule (modulo E) p_0_1112112[color=#ffffff, process="0"]: - [ State_1112112( L_h, m, lock.4 ) ] --> [ ] +rule (modulo E) lookupLhasv_1_111211[color=#ffffff, + process="lookup L_h.5 as v.4"]: + [ State_111211( m.2, lock.4, L_h.5 ) ] --[ IsNotSet( L_h.5 ) ]-> [ ] /* - rule (modulo AC) p_0_1112112[color=#ffffff, process="0"]: - [ State_1112112( L_h, m, lock ) ] --> [ ] + rule (modulo AC) lookupLhasv_1_111211[color=#ffffff, + process="lookup L_h.5 as v.4"]: + [ State_111211( m, lock, L_h ) ] --[ IsNotSet( L_h ) ]-> [ ] */ -rule (modulo E) inLhLh_0_112[color=#ffffff, process="in();"]: - [ State_112( ), In( ) ] --> [ State_1121( L_h1, L_h2 ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockLh_0_1121[color=#ffffff, process="lock L_h1;"]: - [ State_1121( L_h1, L_h2 ), Fr( lock.5 ) ] - --[ Lock_5( '5', lock.5, L_h1 ), Lock( '5', lock.5, L_h1 ) ]-> - [ State_11211( L_h1, L_h2, lock.5 ) ] +rule (modulo E) inLhLh_0_112[color=#ffffff, + process="in();"]: + [ State_112( ), In( ), Fr( lock.5 ) ] + --[ Lock_5( '5', lock.5, L_h1.1 ), Lock( '5', lock.5, L_h1.1 ) ]-> + [ State_11211( L_h1.1, L_h2.1, lock.5 ) ] /* - rule (modulo AC) lockLh_0_1121[color=#ffffff, process="lock L_h1;"]: - [ State_1121( L_h1, L_h2 ), Fr( lock ) ] + rule (modulo AC) inLhLh_0_112[color=#ffffff, + process="in();"]: + [ State_112( ), In( ), Fr( lock ) ] --[ Lock_5( '5', lock, L_h1 ), Lock( '5', lock, L_h1 ) ]-> [ State_11211( L_h1, L_h2, lock ) ] */ rule (modulo E) lookupLhasv_0_11211[color=#ffffff, - process="lookup L_h1 as v1"]: - [ State_11211( L_h1, L_h2, lock.5 ) ] - --[ IsIn( L_h1, v1 ) ]-> - [ State_112111( L_h1, L_h2, v1, lock.5 ) ] + process="lookup L_h1.1 as v1.1"]: + [ State_11211( L_h1.1, L_h2.1, lock.5 ) ] + --[ IsIn( L_h1.1, v1.1 ) ]-> + [ State_112111( L_h1.1, L_h2.1, v1.1, lock.5 ) ] /* rule (modulo AC) lookupLhasv_0_11211[color=#ffffff, - process="lookup L_h1 as v1"]: + process="lookup L_h1.1 as v1.1"]: [ State_11211( L_h1, L_h2, lock ) ] --[ IsIn( L_h1, v1 ) ]-> [ State_112111( L_h1, L_h2, v1, lock ) ] */ -rule (modulo E) lookupLhasv_1_11211[color=#ffffff, - process="lookup L_h1 as v1"]: - [ State_11211( L_h1, L_h2, lock.5 ) ] - --[ IsNotSet( L_h1 ) ]-> - [ State_112112( L_h1, L_h2, lock.5 ) ] - - /* - rule (modulo AC) lookupLhasv_1_11211[color=#ffffff, - process="lookup L_h1 as v1"]: - [ State_11211( L_h1, L_h2, lock ) ] - --[ IsNotSet( L_h1 ) ]-> - [ State_112112( L_h1, L_h2, lock ) ] - */ - -rule (modulo E) ifattvwrap_0_112111[color=#ffffff, - process="if att(v1)='wrap'"]: - [ State_112111( L_h1, L_h2, v1, lock.5 ) ] - --[ Pred_Eq( att(v1), 'wrap' ) ]-> - [ State_1121111( L_h1, L_h2, v1, lock.5 ) ] +rule (modulo E) ifattCvwrap_0_112111[color=#ffffff, + process="if attC(v1.1)='wrap'"]: + [ State_112111( L_h1.1, L_h2.1, v1.1, lock.5 ) ] + --[ Pred_Eq( attC(v1.1), 'wrap' ) ]-> + [ State_1121111( L_h1.1, L_h2.1, v1.1, lock.5 ) ] /* - rule (modulo AC) ifattvwrap_0_112111[color=#ffffff, - process="if att(v1)='wrap'"]: + rule (modulo AC) ifattCvwrap_0_112111[color=#ffffff, + process="if attC(v1.1)='wrap'"]: [ State_112111( L_h1, L_h2, v1, lock ) ] --[ Pred_Eq( z, 'wrap' ) ]-> [ State_1121111( L_h1, L_h2, v1, lock ) ] variants (modulo AC) 1. v1 = v1.12 - z = att(v1.12) - - 2. v1 = - z = z.13 - */ - -rule (modulo E) ifattvwrap_1_112111[color=#ffffff, - process="if att(v1)='wrap'"]: - [ State_112111( L_h1, L_h2, v1, lock.5 ) ] - --[ Pred_Not_Eq( att(v1), 'wrap' ) ]-> - [ State_1121112( L_h1, L_h2, v1, lock.5 ) ] - - /* - rule (modulo AC) ifattvwrap_1_112111[color=#ffffff, - process="if att(v1)='wrap'"]: - [ State_112111( L_h1, L_h2, v1, lock ) ] - --[ Pred_Not_Eq( z, 'wrap' ) ]-> - [ State_1121112( L_h1, L_h2, v1, lock ) ] - variants (modulo AC) - 1. v1 = v1.12 - z = att(v1.12) + z = attC(v1.12) 2. v1 = z = z.13 */ rule (modulo E) lookupLhasv_0_1121111[color=#ffffff, - process="lookup L_h2 as v2"]: - [ State_1121111( L_h1, L_h2, v1, lock.5 ) ] - --[ IsIn( L_h2, v2 ) ]-> - [ State_11211111( L_h1, L_h2, v1, v2, lock.5 ) ] + process="lookup L_h2.1 as v2.1"]: + [ State_1121111( L_h1.1, L_h2.1, v1.1, lock.5 ) ] + --[ IsIn( L_h2.1, v2.1 ) ]-> + [ State_11211111( L_h1.1, L_h2.1, v1.1, v2.1, lock.5 ) ] /* rule (modulo AC) lookupLhasv_0_1121111[color=#ffffff, - process="lookup L_h2 as v2"]: + process="lookup L_h2.1 as v2.1"]: [ State_1121111( L_h1, L_h2, v1, lock ) ] --[ IsIn( L_h2, v2 ) ]-> [ State_11211111( L_h1, L_h2, v1, v2, lock ) ] */ -rule (modulo E) lookupLhasv_1_1121111[color=#ffffff, - process="lookup L_h2 as v2"]: - [ State_1121111( L_h1, L_h2, v1, lock.5 ) ] - --[ IsNotSet( L_h2 ) ]-> - [ State_11211112( L_h1, L_h2, v1, lock.5 ) ] - - /* - rule (modulo AC) lookupLhasv_1_1121111[color=#ffffff, - process="lookup L_h2 as v2"]: - [ State_1121111( L_h1, L_h2, v1, lock ) ] - --[ IsNotSet( L_h2 ) ]-> - [ State_11211112( L_h1, L_h2, v1, lock ) ] - */ - -rule (modulo E) ifattvwrap_0_11211111[color=#ffffff, - process="if att(v2)='wrap'"]: - [ State_11211111( L_h1, L_h2, v1, v2, lock.5 ) ] - --[ Pred_Eq( att(v2), 'wrap' ) ]-> - [ State_112111111( L_h1, L_h2, v1, v2, lock.5 ) ] +rule (modulo E) ifattCvwrap_0_11211111[color=#ffffff, + process="if attC(v2.1)='wrap'"]: + [ State_11211111( L_h1.1, L_h2.1, v1.1, v2.1, lock.5 ) ] + --[ Pred_Eq( attC(v2.1), 'wrap' ) ]-> + [ State_112111111( L_h1.1, L_h2.1, v1.1, v2.1, lock.5 ) ] /* - rule (modulo AC) ifattvwrap_0_11211111[color=#ffffff, - process="if att(v2)='wrap'"]: + rule (modulo AC) ifattCvwrap_0_11211111[color=#ffffff, + process="if attC(v2.1)='wrap'"]: [ State_11211111( L_h1, L_h2, v1, v2, lock ) ] --[ Pred_Eq( z, 'wrap' ) ]-> [ State_112111111( L_h1, L_h2, v1, v2, lock ) ] variants (modulo AC) 1. v2 = v2.13 - z = att(v2.13) - - 2. v2 = - z = z.14 - */ - -rule (modulo E) ifattvwrap_1_11211111[color=#ffffff, - process="if att(v2)='wrap'"]: - [ State_11211111( L_h1, L_h2, v1, v2, lock.5 ) ] - --[ Pred_Not_Eq( att(v2), 'wrap' ) ]-> - [ State_112111112( L_h1, L_h2, v1, v2, lock.5 ) ] - - /* - rule (modulo AC) ifattvwrap_1_11211111[color=#ffffff, - process="if att(v2)='wrap'"]: - [ State_11211111( L_h1, L_h2, v1, v2, lock ) ] - --[ Pred_Not_Eq( z, 'wrap' ) ]-> - [ State_112111112( L_h1, L_h2, v1, v2, lock ) ] - variants (modulo AC) - 1. v2 = v2.13 - z = att(v2.13) + z = attC(v2.13) 2. v2 = z = z.14 */ rule (modulo E) eventWrapkeyvkeyv_0_112111111[color=#ffffff, - process="event Wrap( key(v1), key(v2) );"]: - [ State_112111111( L_h1, L_h2, v1, v2, lock.5 ) ] - --[ Wrap( key(v1), key(v2) ) ]-> - [ State_1121111111( L_h1, L_h2, v1, v2, lock.5 ) ] - - /* - rule (modulo AC) eventWrapkeyvkeyv_0_112111111[color=#ffffff, - process="event Wrap( key(v1), key(v2) );"]: - [ State_112111111( L_h1, L_h2, v1, v2, lock ) ] - --[ Wrap( z, z.1 ) ]-> - [ State_1121111111( L_h1, L_h2, v1, v2, lock ) ] - variants (modulo AC) - 1. v1 = v1.13 - v2 = v2.13 - z = key(v1.13) - z.1 = key(v2.13) - - 2. v1 = v1.15 - v2 = - z = key(v1.15) - z.1 = x.13 - - 3. v1 = - v2 = v2.15 - z = x.13 - z.1 = key(v2.15) - - 4. v1 = - v2 = - z = x.13 - z.1 = x.15 - */ - -rule (modulo E) outsenckeyvkeyv_0_1121111111[color=#ffffff, - process="out(senc(key(v2), key(v1)));"]: - [ State_1121111111( L_h1, L_h2, v1, v2, lock.5 ) ] - --> + process="event Wrap( key(v1.1), key(v2.1) );"]: + [ State_112111111( L_h1.1, L_h2.1, v1.1, v2.1, lock.5 ) ] + --[ Wrap( key(v1.1), key(v2.1) ) ]-> [ - State_11211111111( L_h1, L_h2, v1, v2, lock.5 ), - Out( senc(key(v2), key(v1)) ) + State_11211111111( L_h1.1, L_h2.1, v1.1, v2.1, lock.5 ), + Out( senc(key(v2.1), key(v1.1)) ) ] /* - rule (modulo AC) outsenckeyvkeyv_0_1121111111[color=#ffffff, - process="out(senc(key(v2), key(v1)));"]: - [ State_1121111111( L_h1, L_h2, v1, v2, lock ) ] - --> + rule (modulo AC) eventWrapkeyvkeyv_0_112111111[color=#ffffff, + process="event Wrap( key(v1.1), key(v2.1) );"]: + [ State_112111111( L_h1, L_h2, v1, v2, lock ) ] + --[ Wrap( z.1, z ) ]-> [ State_11211111111( L_h1, L_h2, v1, v2, lock ), Out( senc(z, z.1) ) ] variants (modulo AC) 1. v1 = v1.13 @@ -17213,277 +15515,249 @@ rule (modulo E) outsenckeyvkeyv_0_1121111111[color=#ffffff, */ rule (modulo E) unlockLh_0_11211111111[color=#ffffff, - process="unlock L_h1;"]: - [ State_11211111111( L_h1, L_h2, v1, v2, lock.5 ) ] - --[ Unlock_5( '5', lock.5, L_h1 ), Unlock( '5', lock.5, L_h1 ) ]-> - [ State_112111111111( L_h1, L_h2, v1, v2, lock.5 ) ] + process="unlock L_h1.1;"]: + [ State_11211111111( L_h1.1, L_h2.1, v1.1, v2.1, lock.5 ) ] + --[ Unlock_5( '5', lock.5, L_h1.1 ), Unlock( '5', lock.5, L_h1.1 ) ]-> + [ ] /* rule (modulo AC) unlockLh_0_11211111111[color=#ffffff, - process="unlock L_h1;"]: + process="unlock L_h1.1;"]: [ State_11211111111( L_h1, L_h2, v1, v2, lock ) ] --[ Unlock_5( '5', lock, L_h1 ), Unlock( '5', lock, L_h1 ) ]-> - [ State_112111111111( L_h1, L_h2, v1, v2, lock ) ] + [ ] */ -rule (modulo E) p_0_112111111111[color=#ffffff, process="0"]: - [ State_112111111111( L_h1, L_h2, v1, v2, lock.5 ) ] --> [ ] +rule (modulo E) ifattCvwrap_1_11211111[color=#ffffff, + process="if attC(v2.1)='wrap'"]: + [ State_11211111( L_h1.1, L_h2.1, v1.1, v2.1, lock.5 ) ] + --[ Pred_Not_Eq( attC(v2.1), 'wrap' ) ]-> + [ ] /* - rule (modulo AC) p_0_112111111111[color=#ffffff, process="0"]: - [ State_112111111111( L_h1, L_h2, v1, v2, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_112111112[color=#ffffff, process="0"]: - [ State_112111112( L_h1, L_h2, v1, v2, lock.5 ) ] --> [ ] - - /* - rule (modulo AC) p_0_112111112[color=#ffffff, process="0"]: - [ State_112111112( L_h1, L_h2, v1, v2, lock ) ] --> [ ] + rule (modulo AC) ifattCvwrap_1_11211111[color=#ffffff, + process="if attC(v2.1)='wrap'"]: + [ State_11211111( L_h1, L_h2, v1, v2, lock ) ] + --[ Pred_Not_Eq( z, 'wrap' ) ]-> + [ ] + variants (modulo AC) + 1. v2 = v2.13 + z = attC(v2.13) + + 2. v2 = + z = z.14 */ -rule (modulo E) p_0_11211112[color=#ffffff, process="0"]: - [ State_11211112( L_h1, L_h2, v1, lock.5 ) ] --> [ ] +rule (modulo E) lookupLhasv_1_1121111[color=#ffffff, + process="lookup L_h2.1 as v2.1"]: + [ State_1121111( L_h1.1, L_h2.1, v1.1, lock.5 ) ] + --[ IsNotSet( L_h2.1 ) ]-> + [ ] /* - rule (modulo AC) p_0_11211112[color=#ffffff, process="0"]: - [ State_11211112( L_h1, L_h2, v1, lock ) ] --> [ ] + rule (modulo AC) lookupLhasv_1_1121111[color=#ffffff, + process="lookup L_h2.1 as v2.1"]: + [ State_1121111( L_h1, L_h2, v1, lock ) ] --[ IsNotSet( L_h2 ) ]-> [ ] */ -rule (modulo E) p_0_1121112[color=#ffffff, process="0"]: - [ State_1121112( L_h1, L_h2, v1, lock.5 ) ] --> [ ] +rule (modulo E) ifattCvwrap_1_112111[color=#ffffff, + process="if attC(v1.1)='wrap'"]: + [ State_112111( L_h1.1, L_h2.1, v1.1, lock.5 ) ] + --[ Pred_Not_Eq( attC(v1.1), 'wrap' ) ]-> + [ ] /* - rule (modulo AC) p_0_1121112[color=#ffffff, process="0"]: - [ State_1121112( L_h1, L_h2, v1, lock ) ] --> [ ] + rule (modulo AC) ifattCvwrap_1_112111[color=#ffffff, + process="if attC(v1.1)='wrap'"]: + [ State_112111( L_h1, L_h2, v1, lock ) ] + --[ Pred_Not_Eq( z, 'wrap' ) ]-> + [ ] + variants (modulo AC) + 1. v1 = v1.12 + z = attC(v1.12) + + 2. v1 = + z = z.13 */ -rule (modulo E) p_0_112112[color=#ffffff, process="0"]: - [ State_112112( L_h1, L_h2, lock.5 ) ] --> [ ] +rule (modulo E) lookupLhasv_1_11211[color=#ffffff, + process="lookup L_h1.1 as v1.1"]: + [ State_11211( L_h1.1, L_h2.1, lock.5 ) ] --[ IsNotSet( L_h1.1 ) ]-> [ ] /* - rule (modulo AC) p_0_112112[color=#ffffff, process="0"]: - [ State_112112( L_h1, L_h2, lock ) ] --> [ ] + rule (modulo AC) lookupLhasv_1_11211[color=#ffffff, + process="lookup L_h1.1 as v1.1"]: + [ State_11211( L_h1, L_h2, lock ) ] --[ IsNotSet( L_h1 ) ]-> [ ] */ -rule (modulo E) inLhsencmk_0_12[color=#ffffff, - process="in();"]: - [ State_12( ), In( ) ] --> [ State_121( L_h, k, m ) ] +rule (modulo E) p_1_[color=#ffffff, process="!"]: + [ !Semistate_1( ) ] + --> + [ + State_1111111( ), State_1111112( ), State_111112( ), State_11112( ), + State_1112( ), State_112( ), State_12( ) + ] /* has exactly the trivial AC variant */ -rule (modulo E) lockLh_0_121[color=#ffffff, process="lock L_h;"]: - [ State_121( L_h, k, m ), Fr( lock.6 ) ] - --[ Lock_6( '6', lock.6, L_h ), Lock( '6', lock.6, L_h ) ]-> - [ State_1211( L_h, k, m, lock.6 ) ] +rule (modulo E) inLhsencmk_0_12[color=#ffffff, + process="in();"]: + [ State_12( ), In( ), Fr( lock.6 ) ] + --[ Lock_6( '6', lock.6, L_h.6 ), Lock( '6', lock.6, L_h.6 ) ]-> + [ State_1211( k.2, m.3, L_h.6, lock.6 ) ] /* - rule (modulo AC) lockLh_0_121[color=#ffffff, process="lock L_h;"]: - [ State_121( L_h, k, m ), Fr( lock ) ] + rule (modulo AC) inLhsencmk_0_12[color=#ffffff, + process="in();"]: + [ State_12( ), In( ), Fr( lock ) ] --[ Lock_6( '6', lock, L_h ), Lock( '6', lock, L_h ) ]-> - [ State_1211( L_h, k, m, lock ) ] + [ State_1211( k, m, L_h, lock ) ] */ rule (modulo E) lookupLhasv_0_1211[color=#ffffff, - process="lookup L_h as v"]: - [ State_1211( L_h, k, m, lock.6 ) ] - --[ IsIn( L_h, v ) ]-> - [ State_12111( L_h, k, m, v, lock.6 ) ] + process="lookup L_h.6 as v.5"]: + [ State_1211( k.2, m.3, L_h.6, lock.6 ) ] + --[ IsIn( L_h.6, v.5 ) ]-> + [ State_12111( k.2, m.3, v.5, L_h.6, lock.6 ) ] /* rule (modulo AC) lookupLhasv_0_1211[color=#ffffff, - process="lookup L_h as v"]: - [ State_1211( L_h, k, m, lock ) ] + process="lookup L_h.6 as v.5"]: + [ State_1211( k, m, L_h, lock ) ] --[ IsIn( L_h, v ) ]-> - [ State_12111( L_h, k, m, v, lock ) ] - */ - -rule (modulo E) lookupLhasv_1_1211[color=#ffffff, - process="lookup L_h as v"]: - [ State_1211( L_h, k, m, lock.6 ) ] - --[ IsNotSet( L_h ) ]-> - [ State_12112( L_h, k, m, lock.6 ) ] - - /* - rule (modulo AC) lookupLhasv_1_1211[color=#ffffff, - process="lookup L_h as v"]: - [ State_1211( L_h, k, m, lock ) ] - --[ IsNotSet( L_h ) ]-> - [ State_12112( L_h, k, m, lock ) ] + [ State_12111( k, m, v, L_h, lock ) ] */ -rule (modulo E) ifattvwrap_0_12111[color=#ffffff, - process="if att(v)='wrap'"]: - [ State_12111( L_h, k, m, v, lock.6 ) ] - --[ Pred_Eq( att(v), 'wrap' ) ]-> - [ State_121111( L_h, k, m, v, lock.6 ) ] +rule (modulo E) ifattCvwrap_0_12111[color=#ffffff, + process="if attC(v.5)='wrap'"]: + [ State_12111( k.2, m.3, v.5, L_h.6, lock.6 ) ] + --[ Pred_Eq( attC(v.5), 'wrap' ) ]-> + [ State_121111( k.2, m.3, v.5, L_h.6, lock.6 ) ] /* - rule (modulo AC) ifattvwrap_0_12111[color=#ffffff, - process="if att(v)='wrap'"]: - [ State_12111( L_h, k, m, v, lock ) ] + rule (modulo AC) ifattCvwrap_0_12111[color=#ffffff, + process="if attC(v.5)='wrap'"]: + [ State_12111( k, m, v, L_h, lock ) ] --[ Pred_Eq( z, 'wrap' ) ]-> - [ State_121111( L_h, k, m, v, lock ) ] - variants (modulo AC) - 1. v = v.14 - z = att(v.14) - - 2. v = - z = z.15 - */ - -rule (modulo E) ifattvwrap_1_12111[color=#ffffff, - process="if att(v)='wrap'"]: - [ State_12111( L_h, k, m, v, lock.6 ) ] - --[ Pred_Not_Eq( att(v), 'wrap' ) ]-> - [ State_121112( L_h, k, m, v, lock.6 ) ] - - /* - rule (modulo AC) ifattvwrap_1_12111[color=#ffffff, - process="if att(v)='wrap'"]: - [ State_12111( L_h, k, m, v, lock ) ] - --[ Pred_Not_Eq( z, 'wrap' ) ]-> - [ State_121112( L_h, k, m, v, lock ) ] + [ State_121111( k, m, v, L_h, lock ) ] variants (modulo AC) 1. v = v.14 - z = att(v.14) + z = attC(v.14) 2. v = z = z.15 */ -rule (modulo E) ifkeyvk_0_121111[color=#ffffff, process="if key(v)=k"]: - [ State_121111( L_h, k, m, v, lock.6 ) ] - --[ Pred_Eq( key(v), k ) ]-> - [ State_1211111( L_h, k, m, v, lock.6 ) ] +rule (modulo E) ifkeyvk_0_121111[color=#ffffff, + process="if key(v.5)=k.2"]: + [ State_121111( k.2, m.3, v.5, L_h.6, lock.6 ), Fr( L_h2.2 ) ] + --[ Pred_Eq( key(v.5), k.2 ) ]-> + [ State_12111111( L_h2.2, k.2, m.3, v.5, L_h.6, lock.6 ) ] /* - rule (modulo AC) ifkeyvk_0_121111[color=#ffffff, process="if key(v)=k"]: - [ State_121111( L_h, k, m, v, lock ) ] + rule (modulo AC) ifkeyvk_0_121111[color=#ffffff, + process="if key(v.5)=k.2"]: + [ State_121111( k, m, v, L_h, lock ), Fr( L_h2 ) ] --[ Pred_Eq( z, k ) ]-> - [ State_1211111( L_h, k, m, v, lock ) ] - variants (modulo AC) - 1. v = v.13 - z = key(v.13) - - 2. v = - z = x.13 - */ - -rule (modulo E) ifkeyvk_1_121111[color=#ffffff, process="if key(v)=k"]: - [ State_121111( L_h, k, m, v, lock.6 ) ] - --[ Pred_Not_Eq( key(v), k ) ]-> - [ State_1211112( L_h, k, m, v, lock.6 ) ] - - /* - rule (modulo AC) ifkeyvk_1_121111[color=#ffffff, process="if key(v)=k"]: - [ State_121111( L_h, k, m, v, lock ) ] - --[ Pred_Not_Eq( z, k ) ]-> - [ State_1211112( L_h, k, m, v, lock ) ] + [ State_12111111( L_h2, k, m, v, L_h, lock ) ] variants (modulo AC) - 1. v = v.13 - z = key(v.13) + 1. v = v.17 + z = key(v.17) - 2. v = - z = x.13 - */ - -rule (modulo E) newLh_0_1211111[color=#ffffff, process="new L_h2;"]: - [ State_1211111( L_h, k, m, v, lock.6 ), Fr( L_h2 ) ] - --> - [ State_12111111( L_h, L_h2, k, m, v, lock.6 ) ] - - /* - rule (modulo AC) newLh_0_1211111[color=#ffffff, process="new L_h2;"]: - [ State_1211111( L_h, k, m, v, lock ), Fr( L_h2 ) ] - --> - [ State_12111111( L_h, L_h2, k, m, v, lock ) ] + 2. v = + z = x.14 */ rule (modulo E) eventUnwrappedLhm_0_12111111[color=#ffffff, - process="event Unwrapped( L_h2, m );"]: - [ State_12111111( L_h, L_h2, k, m, v, lock.6 ) ] - --[ Unwrapped( L_h2, m ) ]-> - [ State_121111111( L_h, L_h2, k, m, v, lock.6 ) ] + process="event Unwrapped( L_h2.2, m.3 );"]: + [ State_12111111( L_h2.2, k.2, m.3, v.5, L_h.6, lock.6 ) ] + --[ Unwrapped( L_h2.2, m.3 ) ]-> + [ State_121111111( L_h2.2, k.2, m.3, v.5, L_h.6, lock.6 ) ] /* rule (modulo AC) eventUnwrappedLhm_0_12111111[color=#ffffff, - process="event Unwrapped( L_h2, m );"]: - [ State_12111111( L_h, L_h2, k, m, v, lock ) ] + process="event Unwrapped( L_h2.2, m.3 );"]: + [ State_12111111( L_h2, k, m, v, L_h, lock ) ] --[ Unwrapped( L_h2, m ) ]-> - [ State_121111111( L_h, L_h2, k, m, v, lock ) ] + [ State_121111111( L_h2, k, m, v, L_h, lock ) ] */ rule (modulo E) insertLhmwrap_0_121111111[color=#ffffff, - process="insert L_h2,;"]: - [ State_121111111( L_h, L_h2, k, m, v, lock.6 ) ] - --[ Insert( L_h2, ) ]-> - [ State_1211111111( L_h, L_h2, k, m, v, lock.6 ) ] + process="insert L_h2.2,;"]: + [ State_121111111( L_h2.2, k.2, m.3, v.5, L_h.6, lock.6 ) ] + --[ Insert( L_h2.2, ) ]-> + [ + State_12111111111( L_h2.2, k.2, m.3, v.5, L_h.6, lock.6 ), Out( L_h2.2 ) + ] /* rule (modulo AC) insertLhmwrap_0_121111111[color=#ffffff, - process="insert L_h2,;"]: - [ State_121111111( L_h, L_h2, k, m, v, lock ) ] + process="insert L_h2.2,;"]: + [ State_121111111( L_h2, k, m, v, L_h, lock ) ] --[ Insert( L_h2, ) ]-> - [ State_1211111111( L_h, L_h2, k, m, v, lock ) ] - */ - -rule (modulo E) outLh_0_1211111111[color=#ffffff, process="out(L_h2);"]: - [ State_1211111111( L_h, L_h2, k, m, v, lock.6 ) ] - --> - [ State_12111111111( L_h, L_h2, k, m, v, lock.6 ), Out( L_h2 ) ] - - /* - rule (modulo AC) outLh_0_1211111111[color=#ffffff, process="out(L_h2);"]: - [ State_1211111111( L_h, L_h2, k, m, v, lock ) ] - --> - [ State_12111111111( L_h, L_h2, k, m, v, lock ), Out( L_h2 ) ] + [ State_12111111111( L_h2, k, m, v, L_h, lock ), Out( L_h2 ) ] */ rule (modulo E) unlockLh_0_12111111111[color=#ffffff, - process="unlock L_h;"]: - [ State_12111111111( L_h, L_h2, k, m, v, lock.6 ) ] - --[ Unlock_6( '6', lock.6, L_h ), Unlock( '6', lock.6, L_h ) ]-> - [ State_121111111111( L_h, L_h2, k, m, v, lock.6 ) ] + process="unlock L_h.6;"]: + [ State_12111111111( L_h2.2, k.2, m.3, v.5, L_h.6, lock.6 ) ] + --[ Unlock_6( '6', lock.6, L_h.6 ), Unlock( '6', lock.6, L_h.6 ) ]-> + [ ] /* rule (modulo AC) unlockLh_0_12111111111[color=#ffffff, - process="unlock L_h;"]: - [ State_12111111111( L_h, L_h2, k, m, v, lock ) ] + process="unlock L_h.6;"]: + [ State_12111111111( L_h2, k, m, v, L_h, lock ) ] --[ Unlock_6( '6', lock, L_h ), Unlock( '6', lock, L_h ) ]-> - [ State_121111111111( L_h, L_h2, k, m, v, lock ) ] + [ ] */ -rule (modulo E) p_0_121111111111[color=#ffffff, process="0"]: - [ State_121111111111( L_h, L_h2, k, m, v, lock.6 ) ] --> [ ] +rule (modulo E) ifkeyvk_1_121111[color=#ffffff, + process="if key(v.5)=k.2"]: + [ State_121111( k.2, m.3, v.5, L_h.6, lock.6 ) ] + --[ Pred_Not_Eq( key(v.5), k.2 ) ]-> + [ ] /* - rule (modulo AC) p_0_121111111111[color=#ffffff, process="0"]: - [ State_121111111111( L_h, L_h2, k, m, v, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_1211112[color=#ffffff, process="0"]: - [ State_1211112( L_h, k, m, v, lock.6 ) ] --> [ ] - - /* - rule (modulo AC) p_0_1211112[color=#ffffff, process="0"]: - [ State_1211112( L_h, k, m, v, lock ) ] --> [ ] + rule (modulo AC) ifkeyvk_1_121111[color=#ffffff, + process="if key(v.5)=k.2"]: + [ State_121111( k, m, v, L_h, lock ) ] --[ Pred_Not_Eq( z, k ) ]-> [ ] + variants (modulo AC) + 1. v = v.16 + z = key(v.16) + + 2. v = + z = x.13 */ -rule (modulo E) p_0_121112[color=#ffffff, process="0"]: - [ State_121112( L_h, k, m, v, lock.6 ) ] --> [ ] +rule (modulo E) ifattCvwrap_1_12111[color=#ffffff, + process="if attC(v.5)='wrap'"]: + [ State_12111( k.2, m.3, v.5, L_h.6, lock.6 ) ] + --[ Pred_Not_Eq( attC(v.5), 'wrap' ) ]-> + [ ] /* - rule (modulo AC) p_0_121112[color=#ffffff, process="0"]: - [ State_121112( L_h, k, m, v, lock ) ] --> [ ] + rule (modulo AC) ifattCvwrap_1_12111[color=#ffffff, + process="if attC(v.5)='wrap'"]: + [ State_12111( k, m, v, L_h, lock ) ] + --[ Pred_Not_Eq( z, 'wrap' ) ]-> + [ ] + variants (modulo AC) + 1. v = v.14 + z = attC(v.14) + + 2. v = + z = z.15 */ -rule (modulo E) p_0_12112[color=#ffffff, process="0"]: - [ State_12112( L_h, k, m, lock.6 ) ] --> [ ] +rule (modulo E) lookupLhasv_1_1211[color=#ffffff, + process="lookup L_h.6 as v.5"]: + [ State_1211( k.2, m.3, L_h.6, lock.6 ) ] --[ IsNotSet( L_h.6 ) ]-> [ ] /* - rule (modulo AC) p_0_12112[color=#ffffff, process="0"]: - [ State_12112( L_h, k, m, lock ) ] --> [ ] + rule (modulo AC) lookupLhasv_1_1211[color=#ffffff, + process="lookup L_h.6 as v.5"]: + [ State_1211( k, m, L_h, lock ) ] --[ IsNotSet( L_h ) ]-> [ ] */ restriction set_in: @@ -17628,7 +15902,7 @@ restriction locking_6: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -17638,13 +15912,12 @@ analyzing: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy analyzed: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy output: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy.tmp - processing time: 131.279208378s + processing time: 270.052537099s dec_limits (all-traces): verified (290 steps) - wrap_key_origins (all-traces): verified (1236 steps) - no_key_is_wrap_and_dec_ind (all-traces): verified (152 steps) + wrap_key_origins (all-traces): verified (1140 steps) + no_key_is_wrap_and_dec_ind (all-traces): verified (140 steps) no_key_is_wrap_and_dec_ind2 (all-traces): verified (540 steps) - cannot_obtain_key_ind (all-traces): verified (422 steps) - cannot_obtain_key (all-traces): verified (2 steps) + cannot_obtain_key_ind (all-traces): verified (395 steps) ------------------------------------------------------------------------------ @@ -17654,13 +15927,12 @@ summary of summaries: analyzed: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy output: examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy.tmp - processing time: 131.279208378s + processing time: 270.052537099s dec_limits (all-traces): verified (290 steps) - wrap_key_origins (all-traces): verified (1236 steps) - no_key_is_wrap_and_dec_ind (all-traces): verified (152 steps) + wrap_key_origins (all-traces): verified (1140 steps) + no_key_is_wrap_and_dec_ind (all-traces): verified (140 steps) no_key_is_wrap_and_dec_ind2 (all-traces): verified (540 steps) - cannot_obtain_key_ind (all-traces): verified (422 steps) - cannot_obtain_key (all-traces): verified (2 steps) + cannot_obtain_key_ind (all-traces): verified (395 steps) ============================================================================== */ diff --git a/case-studies-regression/sapic/slow/feature-locations/AC_counter_with_attack_analyzed.spthy b/case-studies-regression/sapic/slow/feature-locations/AC_counter_with_attack_analyzed.spthy deleted file mode 100644 index e5700d3de..000000000 --- a/case-studies-regression/sapic/slow/feature-locations/AC_counter_with_attack_analyzed.spthy +++ /dev/null @@ -1,684 +0,0 @@ -theory AC_counter begin - -// Function signature and definition of the equational theory E - -functions: check_rep/2, fst/1, get_rep/1, list/2, null/0, pair/2, prog/3, - rep/2 [private], report/1, snd/1, succ/1 -equations: - check_rep(rep(x.1, x.2), x.2) = x.1, - fst() = x.1, - get_rep(rep(x.1, x.2)) = x.1, - snd() = x.2 - -heuristic: S - -predicate: Report( x, y )<=>¬(y = 'l') - -lemma attested_comput_second_step: - exists-trace - "¬(∀ #t1 o2 i2 o i. - (Voutput( ) @ #t1) ⇒ - (∃ #t2. (Poutput( ) @ #t2) ∧ (#t2 < #t1)))" -/* -guarded formula characterizing all satisfying traces: -"∃ #t1 o2 i2 o i. - (Voutput( ) @ #t1) - ∧ - ∀ #t2. (Poutput( ) @ #t2) ⇒ ¬(#t2 < #t1)" -*/ -simplify -solve( State_12111111111( i2, o2, signedios, <, x>, - state, lock - ) ▶₀ #t1 ) - case ifoipsndstcheckrepsignediosl_0_1211111111_case_1 - solve( (#vr.7 < #t2) ∥ (#vr.7 = #t2) ) - case case_1 - solve( (#vr.24 < #t2.1) ∥ (#vr.24 = #t2.1) ) - case case_1 - solve( Insert( ~n.1, <, x> ) @ #t2 ) - case insertstateolistipfststsuccsndst_0_121111111111 - solve( State_121111111111( i, o, signedios, <'init', z.1>, ~n.1, lock - ) ▶₀ #t2 ) - case eventVoutputoipfstst_0_12111111111_case_1 - solve( ((#vr.4 < #vr.33) ∧ - (∃ #t2. - (Unlock_1( '1', ~n.3, ~n.2 ) @ #t2) - ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.33) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.3, ~n.2 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.2 ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.2 ) @ #t0) - ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.33 < #vr.4) ∥ (#vr.4 = #vr.33) ) - case case_2 - solve( (#vr.7 < #t2.3) ∥ (#vr.7 = #t2.3) ) - case case_2 - solve( (#vr.43 < #t2.4) ∥ (#vr.43 = #t2.4) ) - case case_2 - solve( State_1211111111111( ip, o, signedios, st, ~n.2, ~n.4 ) ▶₀ #t2.1 ) - case insertstateolistipfststsuccsndst_0_121111111111_case_1 - solve( (#t2.2 < #t2.5) ∥ (#t2.2 = #t2.5) ) - case case_2 - solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) - case case_2 - solve( Insert( ~n.7, ) @ #t2.4 ) - case insertstateprogripfststlistipfststsuccsndst_0_11111111111 - solve( State_11111111111( ip, lock, r, st, ~n.6 ) ▶₀ #t2.4 ) - case outprogripfststrepprogripfststipsndstl_0_1111111111 - solve( ((#vr.20 < #vr.51) ∧ - (∃ #t2. - (Unlock_0( '0', ~n.9, ~n.8 ) @ #t2) - ∧ - (#vr.20 < #t2) ∧ - (#t2 < #vr.51) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.9, ~n.8 ) @ #t0) ⇒ #t0 = #t2) ∧ - (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.8 ) @ #t0) - ⇒ - ((#t0 < #vr.20) ∨ (#t0 = #vr.20) ∨ (#t2 < #t0))) ∧ - (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.8 ) @ #t0) - ⇒ - ((#t0 < #vr.20) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.51 < #vr.20) ∥ (#vr.20 = #vr.51) ) - case case_2 - solve( (#vr.23 < #t2.6) ∥ (#vr.23 = #t2.6) ) - case case_2 - solve( State_111111111111( ip.1, ~n.7, r, st.1, ~n.8 ) ▶₀ #t2.5 ) - case insertstateprogripfststlistipfststsuccsndst_0_11111111111 - solve( (#t2.6 < #t2.7) ∥ (#t2.6 = #t2.7) ) - case case_2 - solve( Insert( ~n.3, <'init', z.1> ) @ #t2.2 ) - case insertstateinitnull_0_1211 - solve( Insert( ~n.6, ) @ #t2.3 ) - case insertstateinitnull_0_111 - solve( Insert( ~n.8, ) @ #t2.6 ) - case insertstateinitnull_0_111 - solve( !KU( prog(~n, i2, ) - ) @ #vk.4 ) - case outprogripfststrepprogripfststipsndstl_0_1111111111_case_1 - solve( (#t2.6 < #t2.7) ∥ (#t2.6 = #t2.7) ) - case case_1 - solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) - case case_2 - solve( !KU( prog(~n.2, i, 'init') ) @ #vk.6 ) - case outprogripfststrepprogripfststipsndstl_0_1111111111_case_1 - solve( (#t2.3 < #t2.7) ∥ (#t2.3 = #t2.7) ) - case case_2 - SOLVED // trace found - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed - qed -qed - -restriction Restr_ReportRule_1: - "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'l'))" - // safety formula - -rule (modulo E) ReportRule[color=#ffffff, process="!"]: - [ In( ) ] - --[ Restr_ReportRule_1( loc ) ]-> - [ Out( rep(x, loc) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) Init[color=#ffffff, process="!"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_[color=#ffffff, process="!"]: - [ State_( ) ] --> [ !Semistate_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_[color=#ffffff, process="!"]: - [ !Semistate_1( ) ] --> [ State_1( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1[color=#ffffff, process="|"]: - [ State_1( ) ] --> [ State_11( ), State_12( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newstate_0_11[color=#ffffff, process="new state;"]: - [ State_11( ), Fr( state ) ] --> [ State_111( state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertstateinitnull_0_111[color=#ffffff, - process="insert state,<'init', null>;"]: - [ State_111( state ) ] - --[ Insert( state, <'init', null> ) ]-> - [ State_1111( state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111[color=#ffffff, process="!"]: - [ State_1111( state ) ] --> [ !Semistate_11111( state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_1111[color=#ffffff, process="!"]: - [ !Semistate_11111( state ) ] --> [ State_11111( state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockstate_0_11111[color=#405280, process="lock state;"]: - [ State_11111( state ), Fr( lock ) ] - --[ Lock_0( '0', lock, state ), Lock( '0', lock, state ) ]-> - [ State_111111( lock, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupstateasst_0_111111[color=#405280, - process="lookup state as st"]: - [ State_111111( lock, state ) ] - --[ IsIn( state, st ) ]-> - [ State_1111111( lock, st, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupstateasst_1_111111[color=#405280, - process="lookup state as st"]: - [ State_111111( lock, state ) ] - --[ IsNotSet( state ) ]-> - [ State_1111112( lock, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inip_0_1111111[color=#405280, process="in(ip);"]: - [ State_1111111( lock, st, state ), In( ip ) ] - --> - [ State_11111111( ip, lock, st, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newr_0_11111111[color=#405280, process="new r;"]: - [ State_11111111( ip, lock, st, state ), Fr( r ) ] - --> - [ State_111111111( ip, lock, r, st, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventPoutputprogripfststipfstst_0_111111111[color=#405280, - process="event Poutput( );"]: - [ State_111111111( ip, lock, r, st, state ) ] - --[ Poutput( ) ]-> - [ State_1111111111( ip, lock, r, st, state ) ] - - /* - rule (modulo AC) eventPoutputprogripfststipfstst_0_111111111[color=#405280, - process="event Poutput( );"]: - [ State_111111111( ip, lock, r, st, state ) ] - --[ Poutput( ) ]-> - [ State_1111111111( ip, lock, r, st, state ) ] - variants (modulo AC) - 1. st = st.7 - z = fst(st.7) - - 2. st = - z = x.7 - */ - -rule (modulo E) outprogripfststrepprogripfststipsndstl_0_1111111111[color=#405280, - process="out(, 'l')>);"]: - [ State_1111111111( ip, lock, r, st, state ) ] - --> - [ - State_11111111111( ip, lock, r, st, state ), - Out( , 'l') - > - ) - ] - - /* - rule (modulo AC) outprogripfststrepprogripfststipsndstl_0_1111111111[color=#405280, - process="out(, 'l')>);"]: - [ State_1111111111( ip, lock, r, st, state ) ] - --> - [ - State_11111111111( ip, lock, r, st, state ), - Out( , 'l')> ) - ] - variants (modulo AC) - 1. st = st.9 - z = fst(st.9) - z.1 = snd(st.9) - - 2. st = - z = z.10 - z.1 = z.11 - */ - -rule (modulo E) insertstateprogripfststlistipfststsuccsndst_0_11111111111[color=#405280, - process="insert state,<, succ(snd(st))>;"]: - [ State_11111111111( ip, lock, r, st, state ) ] - --[ - Insert( state, <, succ(snd(st))> - ) - ]-> - [ State_111111111111( ip, lock, r, st, state ) ] - - /* - rule (modulo AC) insertstateprogripfststlistipfststsuccsndst_0_11111111111[color=#405280, - process="insert state,<, succ(snd(st))>;"]: - [ State_11111111111( ip, lock, r, st, state ) ] - --[ Insert( state, <, succ(z.1)> ) ]-> - [ State_111111111111( ip, lock, r, st, state ) ] - variants (modulo AC) - 1. st = st.8 - z = fst(st.8) - z.1 = snd(st.8) - - 2. st = - z = x.8 - z.1 = x.9 - */ - -rule (modulo E) unlockstate_0_111111111111[color=#405280, - process="unlock state;"]: - [ State_111111111111( ip, lock, r, st, state ) ] - --[ Unlock_0( '0', lock, state ), Unlock( '0', lock, state ) ]-> - [ State_1111111111111( ip, lock, r, st, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111111111111[color=#405280, process="0"]: - [ State_1111111111111( ip, lock, r, st, state ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_1111112[color=#405280, process="0"]: - [ State_1111112( lock, state ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12[color=#ffffff, process="!"]: - [ State_12( ) ] --> [ !Semistate_121( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_12[color=#ffffff, process="!"]: - [ !Semistate_121( ) ] --> [ State_121( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newstate_0_121[color=#ffffff, process="new state;"]: - [ State_121( ), Fr( state ) ] --> [ State_1211( state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertstateinitnull_0_1211[color=#ffffff, - process="insert state,<'init', null>;"]: - [ State_1211( state ) ] - --[ Insert( state, <'init', null> ) ]-> - [ State_12111( state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_12111[color=#ffffff, process="!"]: - [ State_12111( state ) ] --> [ !Semistate_121111( state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_12111[color=#ffffff, process="!"]: - [ !Semistate_121111( state ) ] --> [ State_121111( state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockstate_0_121111[color=#658040, process="lock state;"]: - [ State_121111( state ), Fr( lock.1 ) ] - --[ Lock_1( '1', lock.1, state ), Lock( '1', lock.1, state ) ]-> - [ State_1211111( state, lock.1 ) ] - - /* - rule (modulo AC) lockstate_0_121111[color=#658040, - process="lock state;"]: - [ State_121111( state ), Fr( lock ) ] - --[ Lock_1( '1', lock, state ), Lock( '1', lock, state ) ]-> - [ State_1211111( state, lock ) ] - */ - -rule (modulo E) lookupstateasst_0_1211111[color=#658040, - process="lookup state as st"]: - [ State_1211111( state, lock.1 ) ] - --[ IsIn( state, st ) ]-> - [ State_12111111( st, state, lock.1 ) ] - - /* - rule (modulo AC) lookupstateasst_0_1211111[color=#658040, - process="lookup state as st"]: - [ State_1211111( state, lock ) ] - --[ IsIn( state, st ) ]-> - [ State_12111111( st, state, lock ) ] - */ - -rule (modulo E) lookupstateasst_1_1211111[color=#658040, - process="lookup state as st"]: - [ State_1211111( state, lock.1 ) ] - --[ IsNotSet( state ) ]-> - [ State_12111112( state, lock.1 ) ] - - /* - rule (modulo AC) lookupstateasst_1_1211111[color=#658040, - process="lookup state as st"]: - [ State_1211111( state, lock ) ] - --[ IsNotSet( state ) ]-> - [ State_12111112( state, lock ) ] - */ - -rule (modulo E) inip_0_12111111[color=#658040, process="in(ip);"]: - [ State_12111111( st, state, lock.1 ), In( ip ) ] - --> - [ State_121111111( ip, st, state, lock.1 ) ] - - /* - rule (modulo AC) inip_0_12111111[color=#658040, process="in(ip);"]: - [ State_12111111( st, state, lock ), In( ip ) ] - --> - [ State_121111111( ip, st, state, lock ) ] - */ - -rule (modulo E) inosignedios_0_121111111[color=#658040, - process="in();"]: - [ State_121111111( ip, st, state, lock.1 ), In( ) ] - --> - [ State_1211111111( ip, o, signedios, st, state, lock.1 ) ] - - /* - rule (modulo AC) inosignedios_0_121111111[color=#658040, - process="in();"]: - [ State_121111111( ip, st, state, lock ), In( ) ] - --> - [ State_1211111111( ip, o, signedios, st, state, lock ) ] - */ - -rule (modulo E) ifoipsndstcheckrepsignediosl_0_1211111111[color=#658040, - process="if =check_rep(signedios, 'l')"]: - [ State_1211111111( ip, o, signedios, st, state, lock.1 ) ] - --[ Pred_Eq( , check_rep(signedios, 'l') ) ]-> - [ State_12111111111( ip, o, signedios, st, state, lock.1 ) ] - - /* - rule (modulo AC) ifoipsndstcheckrepsignediosl_0_1211111111[color=#658040, - process="if =check_rep(signedios, 'l')"]: - [ State_1211111111( ip, o, signedios, st, state, lock ) ] - --[ Pred_Eq( , z.1 ) ]-> - [ State_12111111111( ip, o, signedios, st, state, lock ) ] - variants (modulo AC) - 1. signedios - = signedios.10 - st = st.10 - z = snd(st.10) - z.1 = check_rep(signedios.10, 'l') - - 2. signedios - = signedios.12 - st = - z = x.11 - z.1 = check_rep(signedios.12, 'l') - - 3. signedios - = rep(x.10, 'l') - st = st.11 - z = snd(st.11) - z.1 = x.10 - - 4. signedios - = rep(x.10, 'l') - st = - z = x.12 - z.1 = x.10 - */ - -rule (modulo E) ifoipsndstcheckrepsignediosl_1_1211111111[color=#658040, - process="if =check_rep(signedios, 'l')"]: - [ State_1211111111( ip, o, signedios, st, state, lock.1 ) ] - --[ Pred_Not_Eq( , check_rep(signedios, 'l') ) ]-> - [ State_12111111112( ip, o, signedios, st, state, lock.1 ) ] - - /* - rule (modulo AC) ifoipsndstcheckrepsignediosl_1_1211111111[color=#658040, - process="if =check_rep(signedios, 'l')"]: - [ State_1211111111( ip, o, signedios, st, state, lock ) ] - --[ Pred_Not_Eq( , z.1 ) ]-> - [ State_12111111112( ip, o, signedios, st, state, lock ) ] - variants (modulo AC) - 1. signedios - = signedios.10 - st = st.10 - z = snd(st.10) - z.1 = check_rep(signedios.10, 'l') - - 2. signedios - = signedios.12 - st = - z = x.11 - z.1 = check_rep(signedios.12, 'l') - - 3. signedios - = rep(x.10, 'l') - st = st.11 - z = snd(st.11) - z.1 = x.10 - - 4. signedios - = rep(x.10, 'l') - st = - z = x.12 - z.1 = x.10 - */ - -rule (modulo E) eventVoutputoipfstst_0_12111111111[color=#658040, - process="event Voutput( );"]: - [ State_12111111111( ip, o, signedios, st, state, lock.1 ) ] - --[ Voutput( ) ]-> - [ State_121111111111( ip, o, signedios, st, state, lock.1 ) ] - - /* - rule (modulo AC) eventVoutputoipfstst_0_12111111111[color=#658040, - process="event Voutput( );"]: - [ State_12111111111( ip, o, signedios, st, state, lock ) ] - --[ Voutput( ) ]-> - [ State_121111111111( ip, o, signedios, st, state, lock ) ] - variants (modulo AC) - 1. st = st.9 - z = fst(st.9) - - 2. st = - z = x.9 - */ - -rule (modulo E) insertstateolistipfststsuccsndst_0_121111111111[color=#658040, - process="insert state,<, succ(snd(st))>;"]: - [ State_121111111111( ip, o, signedios, st, state, lock.1 ) ] - --[ Insert( state, <, succ(snd(st))> ) ]-> - [ State_1211111111111( ip, o, signedios, st, state, lock.1 ) ] - - /* - rule (modulo AC) insertstateolistipfststsuccsndst_0_121111111111[color=#658040, - process="insert state,<, succ(snd(st))>;"]: - [ State_121111111111( ip, o, signedios, st, state, lock ) ] - --[ Insert( state, <, succ(z.1)> ) ]-> - [ State_1211111111111( ip, o, signedios, st, state, lock ) ] - variants (modulo AC) - 1. st = st.10 - z = fst(st.10) - z.1 = snd(st.10) - - 2. st = - z = x.10 - z.1 = x.11 - */ - -rule (modulo E) unlockstate_0_1211111111111[color=#658040, - process="unlock state;"]: - [ State_1211111111111( ip, o, signedios, st, state, lock.1 ) ] - --[ Unlock_1( '1', lock.1, state ), Unlock( '1', lock.1, state ) ]-> - [ State_12111111111111( ip, o, signedios, st, state, lock.1 ) ] - - /* - rule (modulo AC) unlockstate_0_1211111111111[color=#658040, - process="unlock state;"]: - [ State_1211111111111( ip, o, signedios, st, state, lock ) ] - --[ Unlock_1( '1', lock, state ), Unlock( '1', lock, state ) ]-> - [ State_12111111111111( ip, o, signedios, st, state, lock ) ] - */ - -rule (modulo E) p_0_12111111111111[color=#658040, process="0"]: - [ State_12111111111111( ip, o, signedios, st, state, lock.1 ) ] --> [ ] - - /* - rule (modulo AC) p_0_12111111111111[color=#658040, process="0"]: - [ State_12111111111111( ip, o, signedios, st, state, lock ) ] --> [ ] - */ - -rule (modulo E) eventFail_0_12111111112[color=#658040, - process="event Fail( );"]: - [ State_12111111112( ip, o, signedios, st, state, lock.1 ) ] - --[ Fail( ) ]-> - [ State_121111111121( ip, o, signedios, st, state, lock.1 ) ] - - /* - rule (modulo AC) eventFail_0_12111111112[color=#658040, - process="event Fail( );"]: - [ State_12111111112( ip, o, signedios, st, state, lock ) ] - --[ Fail( ) ]-> - [ State_121111111121( ip, o, signedios, st, state, lock ) ] - */ - -rule (modulo E) p_0_121111111121[color=#658040, process="0"]: - [ State_121111111121( ip, o, signedios, st, state, lock.1 ) ] --> [ ] - - /* - rule (modulo AC) p_0_121111111121[color=#658040, process="0"]: - [ State_121111111121( ip, o, signedios, st, state, lock ) ] --> [ ] - */ - -rule (modulo E) p_0_12111112[color=#658040, process="0"]: - [ State_12111112( state, lock.1 ) ] --> [ ] - - /* - rule (modulo AC) p_0_12111112[color=#658040, process="0"]: - [ State_12111112( state, lock ) ] --> [ ] - */ - -restriction set_in: - "∀ x y #t3. - (IsIn( x, y ) @ #t3) ⇒ - (∃ #t2. - ((Insert( x, y ) @ #t2) ∧ (#t2 < #t3)) ∧ - (∀ #t1 yp. - (Insert( x, yp ) @ #t1) ⇒ (((#t1 < #t2) ∨ (#t1 = #t2)) ∨ (#t3 < #t1))))" - -restriction set_notin: - "∀ x #t3. - (IsNotSet( x ) @ #t3) ⇒ (∀ #t1 y. (Insert( x, y ) @ #t1) ⇒ (#t3 < #t1))" - // safety formula - -restriction predicate_eq: - "∀ #i a b. (Pred_Eq( a, b ) @ #i) ⇒ (a = b)" - // safety formula - -restriction predicate_not_eq: - "∀ #i a b. (Pred_Not_Eq( a, b ) @ #i) ⇒ (¬(a = b))" - // safety formula - -restriction single_session: - "∀ #i #j. ((Init( ) @ #i) ∧ (Init( ) @ #j)) ⇒ (#i = #j)" - // safety formula - -restriction locking_0: - "∀ p pp l x lp #t1 #t3. - ((Lock_0( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_0( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - -restriction locking_1: - "∀ p pp l x lp #t1 #t3. - ((Lock_1( p, l, x ) @ #t1) ∧ (Lock( pp, lp, x ) @ #t3)) ⇒ - ((((#t1 < #t3) ∧ - (∃ #t2. - (((((Unlock_1( p, l, x ) @ #t2) ∧ (#t1 < #t2)) ∧ (#t2 < #t3)) ∧ - (∀ #t0 pp.1. (Unlock( pp.1, l, x ) @ #t0) ⇒ (#t0 = #t2))) ∧ - (∀ pp.1 lpp #t0. - (Lock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t0 = #t1)) ∨ (#t2 < #t0)))) ∧ - (∀ pp.1 lpp #t0. - (Unlock( pp.1, lpp, x ) @ #t0) ⇒ - (((#t0 < #t1) ∨ (#t2 < #t0)) ∨ (#t2 = #t0))))) ∨ - (#t3 < #t1)) ∨ - (#t1 = #t3))" - -/* All well-formedness checks were successful. */ - -end -/* Output -maude tool: 'maude' - checking version: 3.1. OK. - checking installation: OK. - - -analyzing: examples/sapic/slow/feature-locations/AC_counter_with_attack.spthy - ------------------------------------------------------------------------------- -analyzed: examples/sapic/slow/feature-locations/AC_counter_with_attack.spthy - - output: examples/sapic/slow/feature-locations/AC_counter_with_attack.spthy.tmp - processing time: 57.643638829s - attested_comput_second_step (exists-trace): verified (27 steps) - ------------------------------------------------------------------------------- - -============================================================================== -summary of summaries: - -analyzed: examples/sapic/slow/feature-locations/AC_counter_with_attack.spthy - - output: examples/sapic/slow/feature-locations/AC_counter_with_attack.spthy.tmp - processing time: 57.643638829s - attested_comput_second_step (exists-trace): verified (27 steps) - -============================================================================== -*/ diff --git a/case-studies-regression/sapic/slow/feature-locations/AC_sid_with_attack_analyzed.spthy b/case-studies-regression/sapic/slow/feature-locations/AC_sid_with_attack_analyzed.spthy index c0d9b2f32..c1583a38a 100644 --- a/case-studies-regression/sapic/slow/feature-locations/AC_sid_with_attack_analyzed.spthy +++ b/case-studies-regression/sapic/slow/feature-locations/AC_sid_with_attack_analyzed.spthy @@ -2,8 +2,9 @@ theory AC_sid begin // Function signature and definition of the equational theory E -functions: check_rep/2, fst/1, get_rep/1, list/2, pair/2, prog/3, - rep/2 [private], report/1, snd/1 +functions: check_rep/2[destructor], fst/1[destructor], + get_rep/1[destructor], list/2, pair/2, prog/3, rep/2[private,destructor], + report/1, snd/1[destructor] equations: check_rep(rep(x.1, x.2), x.2) = x.1, fst() = x.1, @@ -12,8 +13,16 @@ equations: heuristic: p + + predicate: Report( x, y )<=>¬(y = 'l') + + + + + + lemma attested_comput: exists-trace "¬(∀ #t1 h. @@ -24,103 +33,103 @@ guarded formula characterizing all satisfying traces: (Voutput( h ) @ #t1) ∧ ∀ #t2. (Poutput( h ) @ #t2) ⇒ ¬(#t2 < #t1)" */ simplify -solve( State_112111111111111( init, ip, ipo, o, r_sid, sid, signedios, - state, lock +solve( State_1121111111111111( init, lock, signedios, ip, ipo, o, r_sid, + sid, state ) ▶₀ #t1 ) - case ifoipsidcheckrepsignediosl_0_11211111111111 - solve( (#vr.11 < #t2) ∥ (#vr.11 = #t2) ) + case ifoipsidcheckrepsignediosl_0_112111111111111 + solve( (#vr.5 < #t2) ∥ (#vr.5 = #t2) ) case case_1 - solve( (#vr.33 < #t2.1) ∥ (#vr.33 = #t2.1) ) + solve( (#vr.13 < #t2.1) ∥ (#vr.13 = #t2.1) ) case case_1 - solve( Insert( ~n.3, ipo ) @ #t2 ) - case insertstateolistipipo_0_1121111111111111 - solve( State_1121111111111111( init, ip.1, ipo, o, r_sid, sid, signedios, - ~n.3, lock + solve( Insert( ~n.4, ipo.1 ) @ #t2 ) + case insertstateolistipipo_0_11211111111111111 + solve( State_11211111111111111( init, lock, signedios, ip.1, ipo.1, o, + r_sid, sid, ~n.4 ) ▶₀ #t2 ) - case eventVoutputoipipo_0_112111111111111 - solve( ((#vr.4 < #vr.42) ∧ + case eventVoutputoipipo_0_1121111111111111 + solve( ((#vr.2 < #vr.18) ∧ (∃ #t2. - (Unlock_1( '1', ~n.5, ~n.4 ) @ #t2) + (Unlock_1( '1', ~n.1, ~n.5 ) @ #t2) ∧ - (#vr.4 < #t2) ∧ - (#t2 < #vr.42) ∧ - (∀ #t0 pp. (Unlock( pp, ~n.5, ~n.4 ) @ #t0) ⇒ #t0 = #t2) ∧ + (#vr.2 < #t2) ∧ + (#t2 < #vr.18) ∧ + (∀ #t0 pp. (Unlock( pp, ~n.1, ~n.5 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. - (Lock( pp, lpp, ~n.4 ) @ #t0) + (Lock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t0 = #vr.4) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.2) ∨ (#t0 = #vr.2) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. - (Unlock( pp, lpp, ~n.4 ) @ #t0) + (Unlock( pp, lpp, ~n.5 ) @ #t0) ⇒ - ((#t0 < #vr.4) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.42 < #vr.4) ∥ (#vr.4 = #vr.42) ) + ((#t0 < #vr.2) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.18 < #vr.2) ∥ (#vr.2 = #vr.18) ) case case_2 - solve( (#vr.11 < #t2.3) ∥ (#vr.11 = #t2.3) ) + solve( (#vr.5 < #t2.3) ∥ (#vr.5 = #t2.3) ) case case_2 - solve( (#vr.60 < #t2.4) ∥ (#vr.60 = #t2.4) ) + solve( (#vr.25 < #t2.4) ∥ (#vr.25 = #t2.4) ) case case_2 - solve( State_11211111111111111( init, ip.2, ipo.3, o, r_sid, sid, - signedios, ~n.4, ~n.7 + solve( State_112111111111111111( init, ~n.6, signedios, ip.2, ipo.3, o, + r_sid, sid, ~n.5 ) ▶₀ #t2.1 ) - case insertstateolistipipo_0_1121111111111111 + case insertstateolistipipo_0_11211111111111111 solve( (#t2.2 < #t2.5) ∥ (#t2.2 = #t2.5) ) case case_2 solve( (#t2.3 < #t2.5) ∥ (#t2.3 = #t2.5) ) case case_2 - solve( Insert( ~n.10, ipo.2 ) @ #t2.4 ) - case insertstateprogripipolistipipo_0_111111111111111 - solve( State_111111111111111( init, ip.2, ipo.2, lock, r, sid, ~n.9 + solve( Insert( ~n.10, ipo ) @ #t2.4 ) + case insertstateprogripipolistipipo_0_1111111111111111 + solve( State_1111111111111111( lock, init, ip.1, ipo, r, sid, ~n.9 ) ▶₀ #t2.4 ) - case outprogripiporepprogripipoipsidl_0_11111111111111 - solve( ((#vr.25 < #vr.68) ∧ + case eventPoutputprogripipoipipo_0_11111111111111 + solve( ((#vr.10 < #vr.28) ∧ (∃ #t2. (Unlock_0( '0', ~n.13, ~n.12 ) @ #t2) ∧ - (#vr.25 < #t2) ∧ - (#t2 < #vr.68) ∧ + (#vr.10 < #t2) ∧ + (#t2 < #vr.28) ∧ (∀ #t0 pp. (Unlock( pp, ~n.13, ~n.12 ) @ #t0) ⇒ #t0 = #t2) ∧ (∀ pp lpp #t0. (Lock( pp, lpp, ~n.12 ) @ #t0) ⇒ - ((#t0 < #vr.25) ∨ (#t0 = #vr.25) ∨ (#t2 < #t0))) ∧ + ((#t0 < #vr.10) ∨ (#t0 = #vr.10) ∨ (#t2 < #t0))) ∧ (∀ pp lpp #t0. (Unlock( pp, lpp, ~n.12 ) @ #t0) ⇒ - ((#t0 < #vr.25) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ - (#vr.68 < #vr.25) ∥ (#vr.25 = #vr.68) ) + ((#t0 < #vr.10) ∨ (#t2 < #t0) ∨ (#t2 = #t0))))) ∥ + (#vr.28 < #vr.10) ∥ (#vr.10 = #vr.28) ) case case_2 - solve( (#vr.32 < #t2.6) ∥ (#vr.32 = #t2.6) ) + solve( (#vr.12 < #t2.6) ∥ (#vr.12 = #t2.6) ) case case_2 - solve( State_1111111111111111( init, ip.3, ipo.3, ~n.10, r, sid, ~n.12 + solve( State_11111111111111111( ~n.10, init, ip.3, ipo.3, r, sid, ~n.12 ) ▶₀ #t2.5 ) - case insertstateprogripipolistipipo_0_111111111111111 + case insertstateprogripipolistipipo_0_1111111111111111 solve( (#t2.6 < #t2.7) ∥ (#t2.6 = #t2.7) ) case case_2 - solve( Insert( ~n.5, ipo.1 ) @ #t2.2 ) - case insertstateinit_0_11211 - solve( Insert( ~n.9, ipo ) @ #t2.3 ) - case insertstateinit_0_1111 + solve( Insert( ~n.6, ipo.2 ) @ #t2.2 ) + case p_1_112 + solve( Insert( ~n.9, ipo.1 ) @ #t2.3 ) + case newstate_0_111 solve( Insert( ~n.12, ipo ) @ #t2.6 ) - case insertstateinit_0_1111 + case newstate_0_111 solve( !KU( rep(~n.4, 'l') ) @ #vk.8 ) - case outsidrepsidl_0_1111111 - solve( !KU( rep(~n.7, 'l') ) @ #vk.13 ) - case outsidrepsidl_0_1111111 - solve( !KU( prog(~n.2, ip, ) - ) @ #vk.7 ) - case outprogripiporepprogripipoipsidl_0_11111111111111_case_1 + case p_1_11111 + solve( !KU( rep(~n.8, 'l') ) @ #vk.13 ) + case p_1_11111 + solve( !KU( prog(~n.2, ip, ) + ) @ #vk.8 ) + case eventPoutputprogripipoipipo_0_11111111111111_case_1 solve( (#t2.6 < #t2.7) ∥ (#t2.6 = #t2.7) ) case case_1 solve( (#t2.4 < #t2.7) ∥ (#t2.4 = #t2.7) ) case case_2 solve( !KU( ~n.4 ) @ #vk.10 ) - case outsidrepsidl_0_1111111_case_1 - solve( !KU( prog(~n.1, ip.1, ~n) ) @ #vk.11 ) - case outprogripiporepprogripipoipsidl_0_11111111111111_case_1 + case p_1_11111_case_1 + solve( !KU( prog(~n.5, ip.2, ~n) ) @ #vk.12 ) + case eventPoutputprogripipoipipo_0_11111111111111_case_1 solve( (#t2.3 < #t2.7) ∥ (#t2.3 = #t2.7) ) case case_2 - solve( !KU( ~n.7 ) @ #vk.13 ) - case outsidrepsidl_0_1111111_case_1 + solve( !KU( ~n.8 ) @ #vk.13 ) + case p_1_11111_case_1 SOLVED // trace found qed qed @@ -152,604 +161,471 @@ solve( State_112111111111111( init, ip, ipo, o, r_sid, sid, signedios, qed qed -restriction Restr_ReportRule_1: - "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'l'))" - // safety formula - -rule (modulo E) ReportRule[color=#ffffff, process="new init;"]: - [ In( ) ] - --[ Restr_ReportRule_1( loc ) ]-> - [ Out( rep(x, loc) ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) Init[color=#ffffff, process="new init;"]: - [ ] --[ Init( ) ]-> [ State_( ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) newinit_0_[color=#ffffff, process="new init;"]: - [ State_( ), Fr( init ) ] --> [ State_1( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_1[color=#ffffff, process="!"]: - [ State_1( init ) ] --> [ !Semistate_11( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_1_1[color=#ffffff, process="!"]: - [ !Semistate_11( init ) ] --> [ State_11( init ) ] - /* has exactly the trivial AC variant */ -rule (modulo E) p_0_11[color=#ffffff, process="|"]: - [ State_11( init ) ] --> [ State_111( init ), State_112( init ) ] - - /* has exactly the trivial AC variant */ +restriction Restr_ReportRule_1: + "∀ x #NOW. (Restr_ReportRule_1( x ) @ #NOW) ⇒ (¬(x = 'l'))" + // safety formula -rule (modulo E) newstate_0_111[color=#ffffff, process="new state;"]: - [ State_111( init ), Fr( state ) ] --> [ State_1111( init, state ) ] +rule (modulo E) ReportRule[color=#ffffff, process="new init.1;"]: + [ In( ) ] + --[ Restr_ReportRule_1( loc ) ]-> + [ Out( rep(x, loc) ) ] /* has exactly the trivial AC variant */ -rule (modulo E) insertstateinit_0_1111[color=#ffffff, - process="insert state,init;"]: - [ State_1111( init, state ) ] - --[ Insert( state, init ) ]-> - [ State_11111( init, state ) ] +rule (modulo E) Init[color=#ffffff, process="new init.1;"]: + [ Fr( init.1 ) ] --[ Init( ) ]-> [ !Semistate_11( init.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) Init[color=#ffffff, process="new init.1;"]: + [ Fr( init ) ] --[ Init( ) ]-> [ !Semistate_11( init ) ] + */ -rule (modulo E) p_0_11111[color=#ffffff, process="!"]: - [ State_11111( init, state ) ] --> [ !Semistate_111111( init, state ) ] +rule (modulo E) newstate_0_111[color=#ffffff, process="new state.1;"]: + [ State_111( init.1 ), Fr( state.1 ) ] + --[ Insert( state.1, init.1 ) ]-> + [ !Semistate_111111( init.1, state.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) newstate_0_111[color=#ffffff, process="new state.1;"]: + [ State_111( init ), Fr( state ) ] + --[ Insert( state, init ) ]-> + [ !Semistate_111111( init, state ) ] + */ rule (modulo E) p_1_11111[color=#ffffff, process="!"]: - [ !Semistate_111111( init, state ) ] --> [ State_111111( init, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newsid_0_111111[color=#405280, process="new sid;"]: - [ State_111111( init, state ), Fr( sid ) ] - --> - [ State_1111111( init, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outsidrepsidl_0_1111111[color=#405280, - process="out();"]: - [ State_1111111( init, sid, state ) ] - --> - [ State_11111111( init, sid, state ), Out( ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111[color=#405280, process="!"]: - [ State_11111111( init, sid, state ) ] - --> - [ !Semistate_111111111( init, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_11111111[color=#405280, process="!"]: - [ !Semistate_111111111( init, sid, state ) ] - --> - [ State_111111111( init, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockstate_0_111111111[color=#405280, - process="lock state;"]: - [ State_111111111( init, sid, state ), Fr( lock ) ] - --[ Lock_0( '0', lock, state ), Lock( '0', lock, state ) ]-> - [ State_1111111111( init, lock, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupstateasipo_0_1111111111[color=#405280, - process="lookup state as ipo"]: - [ State_1111111111( init, lock, sid, state ) ] - --[ IsIn( state, ipo ) ]-> - [ State_11111111111( init, ipo, lock, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lookupstateasipo_1_1111111111[color=#405280, - process="lookup state as ipo"]: - [ State_1111111111( init, lock, sid, state ) ] - --[ IsNotSet( state ) ]-> - [ State_11111111112( init, lock, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) inip_0_11111111111[color=#405280, process="in(ip);"]: - [ State_11111111111( init, ipo, lock, sid, state ), In( ip ) ] - --> - [ State_111111111111( init, ip, ipo, lock, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newr_0_111111111111[color=#405280, process="new r;"]: - [ State_111111111111( init, ip, ipo, lock, sid, state ), Fr( r ) ] - --> - [ State_1111111111111( init, ip, ipo, lock, r, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) eventPoutputprogripipoipipo_0_1111111111111[color=#405280, - process="event Poutput( );"]: - [ State_1111111111111( init, ip, ipo, lock, r, sid, state ) ] - --[ Poutput( ) ]-> - [ State_11111111111111( init, ip, ipo, lock, r, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) outprogripiporepprogripipoipsidl_0_11111111111111[color=#405280, - process="out(, 'l')>);"]: - [ State_11111111111111( init, ip, ipo, lock, r, sid, state ) ] + [ !Semistate_111111( init.1, state.1 ), Fr( sid.1 ) ] --> [ - State_111111111111111( init, ip, ipo, lock, r, sid, state ), - Out( , 'l')> ) + !Semistate_1111111111( init.1, sid.1, state.1 ), + Out( ) ] - /* has exactly the trivial AC variant */ - -rule (modulo E) insertstateprogripipolistipipo_0_111111111111111[color=#405280, - process="insert state,;"]: - [ State_111111111111111( init, ip, ipo, lock, r, sid, state ) ] - --[ Insert( state, ) ]-> - [ State_1111111111111111( init, ip, ipo, lock, r, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) unlockstate_0_1111111111111111[color=#405280, - process="unlock state;"]: - [ State_1111111111111111( init, ip, ipo, lock, r, sid, state ) ] - --[ Unlock_0( '0', lock, state ), Unlock( '0', lock, state ) ]-> - [ State_11111111111111111( init, ip, ipo, lock, r, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111111111111[color=#405280, process="0"]: - [ State_11111111111111111( init, ip, ipo, lock, r, sid, state ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_11111111112[color=#405280, process="0"]: - [ State_11111111112( init, lock, sid, state ) ] --> [ ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_0_112[color=#ffffff, process="!"]: - [ State_112( init ) ] --> [ !Semistate_1121( init ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) p_1_112[color=#ffffff, process="!"]: - [ !Semistate_1121( init ) ] --> [ State_1121( init ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) newstate_0_1121[color=#ffffff, process="new state;"]: - [ State_1121( init ), Fr( state ) ] --> [ State_11211( init, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) insertstateinit_0_11211[color=#ffffff, - process="insert state,init;"]: - [ State_11211( init, state ) ] - --[ Insert( state, init ) ]-> - [ State_112111( init, state ) ] - - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_11111[color=#ffffff, process="!"]: + [ !Semistate_111111( init, state ), Fr( sid ) ] + --> + [ !Semistate_1111111111( init, sid, state ), Out( ) + ] + */ -rule (modulo E) p_0_112111[color=#ffffff, process="!"]: - [ State_112111( init, state ) ] --> [ !Semistate_1121111( init, state ) ] +rule (modulo E) p_1_111111111[color=#405280, process="!"]: + [ !Semistate_1111111111( init.1, sid.1, state.1 ), Fr( lock ) ] + --[ Lock_0( '0', lock, state.1 ), Lock( '0', lock, state.1 ) ]-> + [ State_11111111111( lock, init.1, sid.1, state.1 ) ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) p_1_111111111[color=#405280, process="!"]: + [ !Semistate_1111111111( init, sid, state ), Fr( lock ) ] + --[ Lock_0( '0', lock, state ), Lock( '0', lock, state ) ]-> + [ State_11111111111( lock, init, sid, state ) ] + */ -rule (modulo E) p_1_112111[color=#ffffff, process="!"]: - [ !Semistate_1121111( init, state ) ] - --> - [ State_1121111( init, state ) ] +rule (modulo E) lookupstateasipo_0_11111111111[color=#405280, + process="lookup state.1 as ipo.1"]: + [ + State_11111111111( lock, init.1, sid.1, state.1 ), In( ip.1 ), Fr( r.1 ) + ] + --[ IsIn( state.1, ipo.1 ) ]-> + [ State_11111111111111( lock, init.1, ip.1, ipo.1, r.1, sid.1, state.1 ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupstateasipo_0_11111111111[color=#405280, + process="lookup state.1 as ipo.1"]: + [ State_11111111111( lock, init, sid, state ), In( ip ), Fr( r ) ] + --[ IsIn( state, ipo ) ]-> + [ State_11111111111111( lock, init, ip, ipo, r, sid, state ) ] + */ -rule (modulo E) insidrsid_0_1121111[color=#658040, - process="in();"]: - [ State_1121111( init, state ), In( ) ] - --> - [ State_11211111( init, r_sid, sid, state ) ] +rule (modulo E) eventPoutputprogripipoipipo_0_11111111111111[color=#405280, + process="event Poutput( );"]: + [ State_11111111111111( lock, init.1, ip.1, ipo.1, r.1, sid.1, state.1 ) + ] + --[ Poutput( ) ]-> + [ + State_1111111111111111( lock, init.1, ip.1, ipo.1, r.1, sid.1, state.1 ), + Out( , 'l')> + ) + ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) eventPoutputprogripipoipipo_0_11111111111111[color=#405280, + process="event Poutput( );"]: + [ State_11111111111111( lock, init, ip, ipo, r, sid, state ) ] + --[ Poutput( ) ]-> + [ + State_1111111111111111( lock, init, ip, ipo, r, sid, state ), + Out( , 'l')> ) + ] + */ -rule (modulo E) ifsidcheckreprsidl_0_11211111[color=#658040, - process="if sid=check_rep(r_sid, 'l')"]: - [ State_11211111( init, r_sid, sid, state ) ] - --[ Pred_Eq( sid, check_rep(r_sid, 'l') ) ]-> - [ State_112111111( init, r_sid, sid, state ) ] +rule (modulo E) insertstateprogripipolistipipo_0_1111111111111111[color=#405280, + process="insert state.1,;"]: + [ + State_1111111111111111( lock, init.1, ip.1, ipo.1, r.1, sid.1, state.1 ) + ] + --[ Insert( state.1, ) ]-> + [ + State_11111111111111111( lock, init.1, ip.1, ipo.1, r.1, sid.1, state.1 ) + ] /* - rule (modulo AC) ifsidcheckreprsidl_0_11211111[color=#658040, - process="if sid=check_rep(r_sid, 'l')"]: - [ State_11211111( init, r_sid, sid, state ) ] - --[ Pred_Eq( sid, z ) ]-> - [ State_112111111( init, r_sid, sid, state ) ] - variants (modulo AC) - 1. r_sid = r_sid.6 - z = check_rep(r_sid.6, 'l') - - 2. r_sid = rep(x.6, 'l') - z = x.6 + rule (modulo AC) insertstateprogripipolistipipo_0_1111111111111111[color=#405280, + process="insert state.1,;"]: + [ State_1111111111111111( lock, init, ip, ipo, r, sid, state ) ] + --[ Insert( state, ) ]-> + [ State_11111111111111111( lock, init, ip, ipo, r, sid, state ) ] */ -rule (modulo E) ifsidcheckreprsidl_1_11211111[color=#658040, - process="if sid=check_rep(r_sid, 'l')"]: - [ State_11211111( init, r_sid, sid, state ) ] - --[ Pred_Not_Eq( sid, check_rep(r_sid, 'l') ) ]-> - [ State_112111112( init, r_sid, sid, state ) ] +rule (modulo E) unlockstate_0_11111111111111111[color=#405280, + process="unlock state.1;"]: + [ + State_11111111111111111( lock, init.1, ip.1, ipo.1, r.1, sid.1, state.1 ) + ] + --[ Unlock_0( '0', lock, state.1 ), Unlock( '0', lock, state.1 ) ]-> + [ ] /* - rule (modulo AC) ifsidcheckreprsidl_1_11211111[color=#658040, - process="if sid=check_rep(r_sid, 'l')"]: - [ State_11211111( init, r_sid, sid, state ) ] - --[ Pred_Not_Eq( sid, z ) ]-> - [ State_112111112( init, r_sid, sid, state ) ] - variants (modulo AC) - 1. r_sid = r_sid.6 - z = check_rep(r_sid.6, 'l') - - 2. r_sid = rep(x.6, 'l') - z = x.6 + rule (modulo AC) unlockstate_0_11111111111111111[color=#405280, + process="unlock state.1;"]: + [ State_11111111111111111( lock, init, ip, ipo, r, sid, state ) ] + --[ Unlock_0( '0', lock, state ), Unlock( '0', lock, state ) ]-> + [ ] */ -rule (modulo E) p_0_112111111[color=#658040, process="!"]: - [ State_112111111( init, r_sid, sid, state ) ] - --> - [ !Semistate_1121111111( init, r_sid, sid, state ) ] +rule (modulo E) lookupstateasipo_1_11111111111[color=#405280, + process="lookup state.1 as ipo.1"]: + [ State_11111111111( lock, init.1, sid.1, state.1 ) ] + --[ IsNotSet( state.1 ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) lookupstateasipo_1_11111111111[color=#405280, + process="lookup state.1 as ipo.1"]: + [ State_11111111111( lock, init, sid, state ) ] + --[ IsNotSet( state ) ]-> + [ ] + */ -rule (modulo E) p_1_112111111[color=#658040, process="!"]: - [ !Semistate_1121111111( init, r_sid, sid, state ) ] +rule (modulo E) p_1_1[color=#ffffff, process="!"]: + [ !Semistate_11( init.1 ) ] --> - [ State_1121111111( init, r_sid, sid, state ) ] - - /* has exactly the trivial AC variant */ - -rule (modulo E) lockstate_0_1121111111[color=#658040, - process="lock state;"]: - [ State_1121111111( init, r_sid, sid, state ), Fr( lock.1 ) ] - --[ Lock_1( '1', lock.1, state ), Lock( '1', lock.1, state ) ]-> - [ State_11211111111( init, r_sid, sid, state, lock.1 ) ] + [ !Semistate_1121( init.1 ), State_111( init.1 ) ] /* - rule (modulo AC) lockstate_0_1121111111[color=#658040, - process="lock state;"]: - [ State_1121111111( init, r_sid, sid, state ), Fr( lock ) ] - --[ Lock_1( '1', lock, state ), Lock( '1', lock, state ) ]-> - [ State_11211111111( init, r_sid, sid, state, lock ) ] + rule (modulo AC) p_1_1[color=#ffffff, process="!"]: + [ !Semistate_11( init ) ] + --> + [ !Semistate_1121( init ), State_111( init ) ] */ -rule (modulo E) lookupstateasipo_0_11211111111[color=#658040, - process="lookup state as ipo"]: - [ State_11211111111( init, r_sid, sid, state, lock.1 ) ] - --[ IsIn( state, ipo ) ]-> - [ State_112111111111( init, ipo, r_sid, sid, state, lock.1 ) ] +rule (modulo E) p_1_112[color=#ffffff, process="!"]: + [ !Semistate_1121( init.1 ), Fr( state.2 ) ] + --[ Insert( state.2, init.1 ) ]-> + [ !Semistate_1121111( init.1, state.2 ) ] /* - rule (modulo AC) lookupstateasipo_0_11211111111[color=#658040, - process="lookup state as ipo"]: - [ State_11211111111( init, r_sid, sid, state, lock ) ] - --[ IsIn( state, ipo ) ]-> - [ State_112111111111( init, ipo, r_sid, sid, state, lock ) ] + rule (modulo AC) p_1_112[color=#ffffff, process="!"]: + [ !Semistate_1121( init ), Fr( state ) ] + --[ Insert( state, init ) ]-> + [ !Semistate_1121111( init, state ) ] */ -rule (modulo E) lookupstateasipo_1_11211111111[color=#658040, - process="lookup state as ipo"]: - [ State_11211111111( init, r_sid, sid, state, lock.1 ) ] - --[ IsNotSet( state ) ]-> - [ State_112111111112( init, r_sid, sid, state, lock.1 ) ] +rule (modulo E) p_1_112111[color=#ffffff, process="!"]: + [ !Semistate_1121111( init.1, state.2 ), In( ) ] + --> + [ State_112111111( init.1, r_sid.2, sid.2, state.2 ) ] /* - rule (modulo AC) lookupstateasipo_1_11211111111[color=#658040, - process="lookup state as ipo"]: - [ State_11211111111( init, r_sid, sid, state, lock ) ] - --[ IsNotSet( state ) ]-> - [ State_112111111112( init, r_sid, sid, state, lock ) ] + rule (modulo AC) p_1_112111[color=#ffffff, process="!"]: + [ !Semistate_1121111( init, state ), In( ) ] + --> + [ State_112111111( init, r_sid, sid, state ) ] */ -rule (modulo E) inip_0_112111111111[color=#658040, process="in(ip);"]: - [ State_112111111111( init, ipo, r_sid, sid, state, lock.1 ), In( ip ) ] - --> - [ State_1121111111111( init, ip, ipo, r_sid, sid, state, lock.1 ) ] +rule (modulo E) ifsidcheckreprsidl_0_112111111[color=#658040, + process="if sid.2=check_rep(r_sid.2, 'l')"]: + [ State_112111111( init.1, r_sid.2, sid.2, state.2 ) ] + --[ Pred_Eq( sid.2, check_rep(r_sid.2, 'l') ) ]-> + [ !Semistate_11211111111( init.1, r_sid.2, sid.2, state.2 ) ] /* - rule (modulo AC) inip_0_112111111111[color=#658040, process="in(ip);"]: - [ State_112111111111( init, ipo, r_sid, sid, state, lock ), In( ip ) ] - --> - [ State_1121111111111( init, ip, ipo, r_sid, sid, state, lock ) ] + rule (modulo AC) ifsidcheckreprsidl_0_112111111[color=#658040, + process="if sid.2=check_rep(r_sid.2, 'l')"]: + [ State_112111111( init, r_sid, sid, state ) ] + --[ Pred_Eq( sid, z ) ]-> + [ !Semistate_11211111111( init, r_sid, sid, state ) ] + variants (modulo AC) + 1. r_sid = r_sid.9 + z = check_rep(r_sid.9, 'l') + + 2. r_sid = rep(x.8, 'l') + z = x.8 */ -rule (modulo E) inosignedios_0_1121111111111[color=#658040, - process="in();"]: - [ - State_1121111111111( init, ip, ipo, r_sid, sid, state, lock.1 ), - In( ) - ] - --> - [ - State_11211111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 - ) +rule (modulo E) p_1_1121111111[color=#658040, process="!"]: + [ !Semistate_11211111111( init.1, r_sid.2, sid.2, state.2 ), Fr( lock.1 ) ] + --[ Lock_1( '1', lock.1, state.2 ), Lock( '1', lock.1, state.2 ) ]-> + [ State_112111111111( init.1, lock.1, r_sid.2, sid.2, state.2 ) ] /* - rule (modulo AC) inosignedios_0_1121111111111[color=#658040, - process="in();"]: - [ - State_1121111111111( init, ip, ipo, r_sid, sid, state, lock ), - In( ) - ] - --> - [ - State_11211111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock - ) - ] + rule (modulo AC) p_1_1121111111[color=#658040, process="!"]: + [ !Semistate_11211111111( init, r_sid, sid, state ), Fr( lock ) ] + --[ Lock_1( '1', lock, state ), Lock( '1', lock, state ) ]-> + [ State_112111111111( init, lock, r_sid, sid, state ) ] */ -rule (modulo E) ifoipsidcheckrepsignediosl_0_11211111111111[color=#658040, - process="if =check_rep(signedios, 'l')"]: +rule (modulo E) lookupstateasipo_0_112111111111[color=#658040, + process="lookup state.2 as ipo.2"]: [ - State_11211111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 - ) + State_112111111111( init.1, lock.1, r_sid.2, sid.2, state.2 ), + In( ip.2 ), In( ) ] - --[ Pred_Eq( , check_rep(signedios, 'l') ) ]-> + --[ IsIn( state.2, ipo.2 ) ]-> [ - State_112111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_112111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] /* - rule (modulo AC) ifoipsidcheckrepsignediosl_0_11211111111111[color=#658040, - process="if =check_rep(signedios, 'l')"]: + rule (modulo AC) lookupstateasipo_0_112111111111[color=#658040, + process="lookup state.2 as ipo.2"]: [ - State_11211111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock - ) + State_112111111111( init, lock, r_sid, sid, state ), In( ip ), + In( ) ] - --[ Pred_Eq( , z ) ]-> + --[ IsIn( state, ipo ) ]-> [ - State_112111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_112111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] - variants (modulo AC) - 1. signedios - = signedios.12 - z = check_rep(signedios.12, 'l') - - 2. signedios - = rep(x.12, 'l') - z = x.12 */ -rule (modulo E) ifoipsidcheckrepsignediosl_1_11211111111111[color=#658040, - process="if =check_rep(signedios, 'l')"]: +rule (modulo E) ifoipsidcheckrepsignediosl_0_112111111111111[color=#658040, + process="if =check_rep(signedios.1, 'l')"]: [ - State_11211111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_112111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] - --[ Pred_Not_Eq( , check_rep(signedios, 'l') ) ]-> + --[ Pred_Eq( , check_rep(signedios.1, 'l') ) ]-> [ - State_112111111111112( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_1121111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] /* - rule (modulo AC) ifoipsidcheckrepsignediosl_1_11211111111111[color=#658040, - process="if =check_rep(signedios, 'l')"]: + rule (modulo AC) ifoipsidcheckrepsignediosl_0_112111111111111[color=#658040, + process="if =check_rep(signedios.1, 'l')"]: [ - State_11211111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_112111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] - --[ Pred_Not_Eq( , z ) ]-> + --[ Pred_Eq( , z ) ]-> [ - State_112111111111112( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_1121111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] variants (modulo AC) 1. signedios - = signedios.12 - z = check_rep(signedios.12, 'l') + = signedios.13 + z = check_rep(signedios.13, 'l') 2. signedios - = rep(x.12, 'l') - z = x.12 + = rep(x.13, 'l') + z = x.13 */ -rule (modulo E) eventVoutputoipipo_0_112111111111111[color=#658040, - process="event Voutput( );"]: +rule (modulo E) eventVoutputoipipo_0_1121111111111111[color=#658040, + process="event Voutput( );"]: [ - State_112111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_1121111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] - --[ Voutput( ) ]-> + --[ Voutput( ) ]-> [ - State_1121111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_11211111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] /* - rule (modulo AC) eventVoutputoipipo_0_112111111111111[color=#658040, - process="event Voutput( );"]: + rule (modulo AC) eventVoutputoipipo_0_1121111111111111[color=#658040, + process="event Voutput( );"]: [ - State_112111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_1121111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] --[ Voutput( ) ]-> [ - State_1121111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_11211111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] */ -rule (modulo E) insertstateolistipipo_0_1121111111111111[color=#658040, - process="insert state,;"]: +rule (modulo E) insertstateolistipipo_0_11211111111111111[color=#658040, + process="insert state.2,;"]: [ - State_1121111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_11211111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] - --[ Insert( state, ) ]-> + --[ Insert( state.2, ) ]-> [ - State_11211111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_112111111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] /* - rule (modulo AC) insertstateolistipipo_0_1121111111111111[color=#658040, - process="insert state,;"]: + rule (modulo AC) insertstateolistipipo_0_11211111111111111[color=#658040, + process="insert state.2,;"]: [ - State_1121111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_11211111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] --[ Insert( state, ) ]-> [ - State_11211111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_112111111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] */ -rule (modulo E) unlockstate_0_11211111111111111[color=#658040, - process="unlock state;"]: - [ - State_11211111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 - ) - ] - --[ Unlock_1( '1', lock.1, state ), Unlock( '1', lock.1, state ) ]-> +rule (modulo E) unlockstate_0_112111111111111111[color=#658040, + process="unlock state.2;"]: [ - State_112111111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_112111111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] - - /* - rule (modulo AC) unlockstate_0_11211111111111111[color=#658040, - process="unlock state;"]: - [ - State_11211111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock - ) - ] - --[ Unlock_1( '1', lock, state ), Unlock( '1', lock, state ) ]-> - [ - State_112111111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock - ) - ] - */ - -rule (modulo E) p_0_112111111111111111[color=#658040, process="0"]: - [ - State_112111111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 - ) - ] - --> + --[ Unlock_1( '1', lock.1, state.2 ), Unlock( '1', lock.1, state.2 ) ]-> [ ] /* - rule (modulo AC) p_0_112111111111111111[color=#658040, process="0"]: + rule (modulo AC) unlockstate_0_112111111111111111[color=#658040, + process="unlock state.2;"]: [ - State_112111111111111111( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_112111111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] - --> + --[ Unlock_1( '1', lock, state ), Unlock( '1', lock, state ) ]-> [ ] */ -rule (modulo E) eventFail_0_112111111111112[color=#658040, - process="event Fail( );"]: +rule (modulo E) ifoipsidcheckrepsignediosl_1_112111111111111[color=#658040, + process="if =check_rep(signedios.1, 'l')"]: [ - State_112111111111112( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_112111111111111( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] - --[ Fail( ) ]-> + --[ Pred_Not_Eq( , check_rep(signedios.1, 'l') ) ]-> [ - State_1121111111111121( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_1121111111111112( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] /* - rule (modulo AC) eventFail_0_112111111111112[color=#658040, - process="event Fail( );"]: + rule (modulo AC) ifoipsidcheckrepsignediosl_1_112111111111111[color=#658040, + process="if =check_rep(signedios.1, 'l')"]: [ - State_112111111111112( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_112111111111111( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] - --[ Fail( ) ]-> + --[ Pred_Not_Eq( , z ) ]-> [ - State_1121111111111121( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_1121111111111112( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] + variants (modulo AC) + 1. signedios + = signedios.13 + z = check_rep(signedios.13, 'l') + + 2. signedios + = rep(x.13, 'l') + z = x.13 */ -rule (modulo E) p_0_1121111111111121[color=#658040, process="0"]: +rule (modulo E) eventFail_0_1121111111111112[color=#658040, + process="event Fail( );"]: [ - State_1121111111111121( init, ip, ipo, o, r_sid, sid, signedios, state, - lock.1 + State_1121111111111112( init.1, lock.1, signedios.1, ip.2, ipo.2, o.2, + r_sid.2, sid.2, state.2 ) ] - --> + --[ Fail( ) ]-> [ ] /* - rule (modulo AC) p_0_1121111111111121[color=#658040, process="0"]: + rule (modulo AC) eventFail_0_1121111111111112[color=#658040, + process="event Fail( );"]: [ - State_1121111111111121( init, ip, ipo, o, r_sid, sid, signedios, state, - lock + State_1121111111111112( init, lock, signedios, ip, ipo, o, r_sid, sid, + state ) ] - --> + --[ Fail( ) ]-> [ ] */ -rule (modulo E) p_0_112111111112[color=#658040, process="0"]: - [ State_112111111112( init, r_sid, sid, state, lock.1 ) ] --> [ ] +rule (modulo E) lookupstateasipo_1_112111111111[color=#658040, + process="lookup state.2 as ipo.2"]: + [ State_112111111111( init.1, lock.1, r_sid.2, sid.2, state.2 ) ] + --[ IsNotSet( state.2 ) ]-> + [ ] /* - rule (modulo AC) p_0_112111111112[color=#658040, process="0"]: - [ State_112111111112( init, r_sid, sid, state, lock ) ] --> [ ] + rule (modulo AC) lookupstateasipo_1_112111111111[color=#658040, + process="lookup state.2 as ipo.2"]: + [ State_112111111111( init, lock, r_sid, sid, state ) ] + --[ IsNotSet( state ) ]-> + [ ] */ -rule (modulo E) p_0_112111112[color=#658040, process="0"]: - [ State_112111112( init, r_sid, sid, state ) ] --> [ ] +rule (modulo E) ifsidcheckreprsidl_1_112111111[color=#658040, + process="if sid.2=check_rep(r_sid.2, 'l')"]: + [ State_112111111( init.1, r_sid.2, sid.2, state.2 ) ] + --[ Pred_Not_Eq( sid.2, check_rep(r_sid.2, 'l') ) ]-> + [ ] - /* has exactly the trivial AC variant */ + /* + rule (modulo AC) ifsidcheckreprsidl_1_112111111[color=#658040, + process="if sid.2=check_rep(r_sid.2, 'l')"]: + [ State_112111111( init, r_sid, sid, state ) ] + --[ Pred_Not_Eq( sid, z ) ]-> + [ ] + variants (modulo AC) + 1. r_sid = r_sid.9 + z = check_rep(r_sid.9, 'l') + + 2. r_sid = rep(x.8, 'l') + z = x.8 + */ restriction set_in: "∀ x y #t3. @@ -813,7 +689,7 @@ restriction locking_1: end /* Output maude tool: 'maude' - checking version: 3.1. OK. + checking version: 3.0. OK. checking installation: OK. @@ -823,7 +699,7 @@ analyzing: examples/sapic/slow/feature-locations/AC_sid_with_attack.spthy analyzed: examples/sapic/slow/feature-locations/AC_sid_with_attack.spthy output: examples/sapic/slow/feature-locations/AC_sid_with_attack.spthy.tmp - processing time: 58.385430289s + processing time: 77.497069458s attested_comput (exists-trace): verified (31 steps) ------------------------------------------------------------------------------ @@ -834,7 +710,7 @@ summary of summaries: analyzed: examples/sapic/slow/feature-locations/AC_sid_with_attack.spthy output: examples/sapic/slow/feature-locations/AC_sid_with_attack.spthy.tmp - processing time: 58.385430289s + processing time: 77.497069458s attested_comput (exists-trace): verified (31 steps) ============================================================================== diff --git a/case-studies-regression/system.info b/case-studies-regression/system.info index 80840894c..82b74e64c 100644 --- a/case-studies-regression/system.info +++ b/case-studies-regression/system.info @@ -1,4 +1,4 @@ Colossus05 model name : Intel(R) Xeon(R) CPU E5-4650L 0 @ 2.60GHz 64 -MemTotal: 792422396 kB +MemTotal: 792420508 kB diff --git a/etc/docker/Dockerfile b/etc/docker/Dockerfile index f46df290d..1b5ba1850 100644 --- a/etc/docker/Dockerfile +++ b/etc/docker/Dockerfile @@ -17,10 +17,12 @@ WORKDIR /workspace # copy dependency specifications first (need stack.yaml for resolver spec) RUN mkdir -p lib/export lib/theory lib/sapic lib/tools lib/term COPY stack.yaml tamarin-prover.cabal ./ + COPY lib/sapic/tamarin-prover-sapic.cabal lib/sapic/ COPY lib/term/tamarin-prover-term.cabal lib/term/ COPY lib/theory/tamarin-prover-theory.cabal lib/theory/ COPY lib/utils/tamarin-prover-utils.cabal lib/utils/ +COPY lib/export/tamarin-prover-export.cabal lib/export/ # cache stack package index RUN stack update # > Compiling language-javascript requires a UTF-8 locale. diff --git a/etc/docker/Dockerfile-benchmarks b/etc/docker/Dockerfile-benchmarks new file mode 100644 index 000000000..d37f01502 --- /dev/null +++ b/etc/docker/Dockerfile-benchmarks @@ -0,0 +1,8 @@ +FROM protocolplatform/protocolplatform +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 +WORKDIR /opt/protocolplatform/examples +RUN ./run-tamarin-CS.sh +RUN ./run-proverif-CS.sh + diff --git a/etc/docker/Dockerfile-platform b/etc/docker/Dockerfile-platform new file mode 100644 index 000000000..3ee1a8678 --- /dev/null +++ b/etc/docker/Dockerfile-platform @@ -0,0 +1,93 @@ +FROM ocaml/opam as build-ocaml +# MAINTAINER Protocol Platform +USER root +RUN opam install -y ocamlfind ocamlbuild + +WORKDIR /opt/build +ENV RES="etc/docker/res" +ENV CONFIG="etc/docker/config" +ENV PROVERIF_URL="https://prosecco.gforge.inria.fr/personal/bblanche/proverif/proverif2.04.tar.gz" +ENV PROVERIF_DIR_NAME="proverif2.04" +ENV GSVERIF_TGZ="gsverif2.0.zip" +ENV GSVERIF_DIR_NAME="gsverif" +ENV DEEPSEC_URL="https://github.com/DeepSec-prover/deepsec.git" +ENV DEEPSEC_DIR_NAME="deepsec" +# Install ProVerif from source +# Note: need to install ProVerif before switching to 4.05.0, because that one doesn't have ocamlyacc +RUN curl -SL ${PROVERIF_URL} | tar -xzC . + +# Note: installation will fail because of lacking libgtk, but still produce the binary :D +# Note: need to run bash so the .bashrc sets the environment variables and ocamlfind can be found +# CharlieNote: running the eval is the minimal lightweight setup to build +RUN eval `opam config env` && cd ${PROVERIF_DIR_NAME} && ./build; test -x proverif + +RUN git clone --depth 1 ${DEEPSEC_URL} ${DEEPSEC_DIR_NAME} && cd ${DEEPSEC_DIR_NAME} && eval `opam config env` && make + +# Install our custom gsverif +COPY ${RES}/${GSVERIF_TGZ} ${GSVERIF_DIR_NAME}/ +RUN cd ${GSVERIF_DIR_NAME} && unzip ${GSVERIF_TGZ} && rm ${GSVERIF_TGZ} +RUN cd ${GSVERIF_DIR_NAME} && eval `opam config env` && ./build + + +# Base image for stack build so compiled artifact from previous +# stage should run +FROM protocolplatform/tamarin +USER root +RUN mkdir -p /opt/protocolplatform +WORKDIR /opt/protocolplatform + +RUN apt-get update && apt-get install -y --no-install-recommends \ + #general stuff + libncurses5 \ + bc \ + locales \ + python3 \ + && rm -rf /var/lib/apt/lists/* + +# set locales so haskell can do its thing +# https://stackoverflow.com/questions/28405902/how-to-set-the-locale-inside-a-debian-ubuntu-docker-container +# The following does NOT work -> locale-gen --no-purge en_US.UTF-8 +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +# TODO turn variables above into ARGS .. +# https://stackoverflow.com/questions/52904847/how-do-i-copy-variables-between-stages-of-multi-stage-docker-build +ENV PROVERIF_DIR_NAME="proverif2.04" +ENV GSVERIF_DIR_NAME="gsverif" +ENV DEEPSEC_DIR_NAME="deepsec" +ENV RES="etc/docker/res" +ENV CONFIG="etc/docker/config" + +# Install third party tools +COPY --from=build-ocaml /opt/build/${PROVERIF_DIR_NAME}/proverif /opt/build/bin/ +COPY --from=build-ocaml /opt/build/${GSVERIF_DIR_NAME}/gsverif /opt/build/bin/ +COPY --from=build-ocaml /opt/build/${DEEPSEC_DIR_NAME}/deepsec /opt/build/bin/ +COPY --from=build-ocaml /opt/build/${DEEPSEC_DIR_NAME}/deepsec_worker /opt/build/bin/ + +# # Install new maude maude version (not necessary, part of tamarin docker) +# ENV PRELUDE_MAUDE="${RES}/prelude.maude" +# ENV MAUDE="${RES}/maude" +# COPY ${MAUDE} /opt/build/bin/ +# COPY ${PRELUDE_MAUDE} /opt/build/bin/ + +COPY ${RES}/proverif-tamarin . +COPY ${RES}/progsverif-tamarin . +COPY ${RES}/deepsec-tamarin . +COPY ${RES}/proverif-tamarin-diff . +COPY examples/sapic/export examples +# ENV EXPORT=examples/sapic/export/ExistingSapicModels +# COPY ${EXPORT}/AC.spthy ${EXPORT}/AC_counter_with_attack.spthy ${EXPORT}/AC_sid_with_attack.spthy ${EXPORT}/AKE.spthy ${EXPORT}/OTP.spthy ${EXPORT}/nsl-no_as-untagged.spthy examples/ExistingSapicModels/ +# COPY examples/sapic/fast examples/fast +# COPY examples/sapic/slow examples/slow +# COPY ${RES}/README ${RES}/README-long ${RES}/.bashrc ./ +COPY ${RES}/README-platform ${RES}/.bashrc ./ + +ENV PATH=${PATH}:/opt/build/bin:/opt/protocolplatform +# TODO Do we need this??? +# ENV DEEPSEC_DIR=$DEEPSEC_DIR_IMAGE/deepsec + +EXPOSE 3001 +ENTRYPOINT [] # remove entrypoint from parent image +CMD ["cat", "/opt/protocolplatform/README-platform"] diff --git a/etc/docker/Dockerfile-platform.dockerignore b/etc/docker/Dockerfile-platform.dockerignore new file mode 100644 index 000000000..1b1486165 --- /dev/null +++ b/etc/docker/Dockerfile-platform.dockerignore @@ -0,0 +1,6 @@ +.git +.stack-work +.worktree +lib/*/.stack-work +examples +!examples/sapic/export diff --git a/etc/docker/README.md b/etc/docker/README.md new file mode 100644 index 000000000..e2bb87ac9 --- /dev/null +++ b/etc/docker/README.md @@ -0,0 +1,12 @@ +# Protocol verification environment + +- [Build & Usage Guide](build-instructions.md) + + +## Supports + +- ProVerif +- Tamarin +- SAPIC +- deepsec + diff --git a/etc/docker/build-benchs.sh b/etc/docker/build-benchs.sh new file mode 100755 index 000000000..e56a6c487 --- /dev/null +++ b/etc/docker/build-benchs.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +# call in top-level dir... +docker build -t protocolplatform/protocolplatformbench -f etc/docker/Dockerfile-benchmarks . diff --git a/etc/docker/build-instructions.md b/etc/docker/build-instructions.md index 599e06121..1e501b027 100644 --- a/etc/docker/build-instructions.md +++ b/etc/docker/build-instructions.md @@ -9,17 +9,28 @@ These instructions define how to run the docker image. a [package](https://docs.docker.com/docker-for-mac/), or, if you have homebrew, via `brew cask install docker`. + +## Docker images + +There are three docker images: + +etc/docker/Dockerfile -> builds a docker with tamarin in it +etc/docker/Dockerfile-platform -> builds a docker with tamarin, proverif, gsverif and deepsec in it +etc/docker/Dockerfile-benchmark -> performs some benchmarks for the tamarin-platform docker + ## Pull instructions +(For Dockerfile-platform) + ``` -TBD +docker pull protocolplatform/protocolplatform:latest ``` ## Run instructions 1. Execute ``` -docker run tamarin +docker run protocolplatform/protocolplatform:latest ``` 2. Follow instructions. diff --git a/etc/docker/build-platform.sh b/etc/docker/build-platform.sh new file mode 100755 index 000000000..9175156c6 --- /dev/null +++ b/etc/docker/build-platform.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +# call in top-level dir... +DOCKER_BUILDKIT=1 docker build -t protocolplatform/protocolplatform -f etc/docker/Dockerfile-platform . diff --git a/etc/docker/build.sh b/etc/docker/build.sh index f5f7e9bed..bb0470387 100755 --- a/etc/docker/build.sh +++ b/etc/docker/build.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash # call in top-level dir... -docker build -t tamarin-prover/tamarin:latest -f etc/docker/Dockerfile . +docker build -t protocolplatform/tamarin -f etc/docker/Dockerfile . diff --git a/etc/docker/config/.bashrc b/etc/docker/config/.bashrc new file mode 100644 index 000000000..453f4fdbb --- /dev/null +++ b/etc/docker/config/.bashrc @@ -0,0 +1,2 @@ + +echo "" diff --git a/etc/docker/config/entrypoint-user.sh b/etc/docker/config/entrypoint-user.sh new file mode 100755 index 000000000..9d796e399 --- /dev/null +++ b/etc/docker/config/entrypoint-user.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +echo " -> GoSU user: ${USER} [${USER_ID}] (currently: $(whoami) [$(id)])" +echo "" +# exec /usr/local/bin/gosu ${USER_ID} "$@" +exec gosu ${USER_ID} "$@" diff --git a/etc/docker/config/entrypoint.sh b/etc/docker/config/entrypoint.sh new file mode 100755 index 000000000..4acbd5cd1 --- /dev/null +++ b/etc/docker/config/entrypoint.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +export USER_ID=${LOCAL_USER_ID:-${USER_ID_DEFAULT}} +export GROUP_ID=${LOCAL_GROUP_ID:-${GROUP_ID_DEFAULT}} + +# Either use the LOCAL_USER_ID if passed in at runtime or fallback +echo "" +echo "- Starting with UID: ${USER_ID} USER: ${USER} GID: ${GROUP_ID}" +usermod ${USER} -u ${USER_ID} +groupmod ${USER} -g ${GROUP_ID} +# useradd --shell /bin/bash -u $USER_ID -o -c "" -m ${USER} + +export HOME=/home/${USER} +chown -R ${USER_ID}:${GROUP_ID} ${HOME} +chown ${USER_ID}:${GROUP_ID} ${WORKDIR} +# chown ${USER_ID}:${GROUP_ID} ${PYTHON_ENV} +ls ${WORKDIR} | xargs chown ${USER_ID}:${GROUP_ID} + +echo " -> GoSU user: ${USER} [${USER_ID}] (currently: $(whoami) [$(id)])" +echo "" +# exec /usr/local/bin/gosu ${USER_ID} "$@" +exec gosu ${USER_ID} "$@" diff --git a/etc/docker/res/.bashrc b/etc/docker/res/.bashrc new file mode 100644 index 000000000..f341682b2 --- /dev/null +++ b/etc/docker/res/.bashrc @@ -0,0 +1 @@ +cat /opt/protocolplatform/README diff --git a/etc/docker/res/README-platform b/etc/docker/res/README-platform new file mode 100644 index 000000000..435eb6318 --- /dev/null +++ b/etc/docker/res/README-platform @@ -0,0 +1,63 @@ +Hi! This is the protocolplatform Docker image. You can now: + +1. Browse the image interactively: + +docker run -it protocolplatform/protocolplatform:latest bash + +You should obtain a shell that reads like that: `root@976d3bce69f8:/opt/protocolplatform#`. + +- execute tamarin-prover, proverif, gsverif, deepse etc. as usual +- execute the scripts below for the export: + - proverif-tamarin .. Translates input file with the modified tamarin-prover and runs proverif on output. + - progsverif-tamarin .. same for gsverif + - proverif-tamarin-diff .. same for proverif with diff queries + - deepsec-tamarin .. same for deepsec + + Their usage is `[proverif|progsverif|deepsec]-tamarin file`. They are kept + simple on purpose, see `examples/export/README.md` for details. + +2. Using the platform: + +The protocol platform consists a modified version of tamarin-prover that parses .spthy and, with the -m flag, outputs: +``` + -m --output-module[=spthy|spthytyped|msr|proverif|deepsec] What to output:- spthy (including + processes),- spthy with explicit types,- pure + msrs (processes translated to msrs) or- DeepSec + or- ProVerif. +``` + other important tamarin-flags are: +``` + --prove[=LEMMAPREFIX*|LEMMANAME] Attempt to prove all lemmas that start with + LEMMAPREFIX or the lemma which name is + LEMMANAME + -D --defines[=STRING] Define flags for pseudo-preprocessor + --diff Turn on observational equivalence mode using + diff terms +``` + For more details on the command line arguments offered by tamarin-prover, including it's interactive mode, we refer to the official documentation at http://tamarin-prover.github.io/manual/ + +On most examples inside the `examples/export` repository, `tamarin-prover name.spthy --prove` will verify the file, and `tamarin-prover -m=proverif name.spthy` gives an output that can be written to a file and executed using proverif or gsverif. + +From this docker image, try e.g., +``` +$ cd /opt/protocolplatform/examples/ +$ cat ex1.spthy +$ tamarin-prover ex1.spthy --prove +$ tamarin-prover ex1.spthy -m=proverif > ex1.pv +$ proverif ex1.pv +``` + +We refer to `examples/README.md` for details about the case studies and some usage example. + +3. Use it on your host: + +- set up the following alias to give the image access to your host's current working + dir (at the time of calling) and forward port 3001: + +alias pp='docker run -p 3001:3001 -v "$PWD:$PWD" -w "$PWD" protocolplatform/protocolplatform' + +- run, e.g., "pp tamarin-prover" to run tamarin-prover from the docker +- remember to use the "-i" flag in tamarin's interactive mode to accept clients + on all interfaces, as the docker host is not localhost to the guest: + + pp tamarin-prover interactive . -i='*4' diff --git a/etc/docker/res/deepsec-tamarin b/etc/docker/res/deepsec-tamarin new file mode 100755 index 000000000..27add53ca --- /dev/null +++ b/etc/docker/res/deepsec-tamarin @@ -0,0 +1,5 @@ +#!/bin/bash + +set -x # print what we do +temp=$(mktemp -d)/$(basename "$1") +tamarin-prover "$1" -m=deepsec -D=DEEPSECEQUIV > "$temp.dps"; deepsec "$temp.dps" diff --git a/etc/docker/res/gsverif2.0.zip b/etc/docker/res/gsverif2.0.zip new file mode 100644 index 000000000..bba7bf4ef Binary files /dev/null and b/etc/docker/res/gsverif2.0.zip differ diff --git a/etc/docker/res/maude b/etc/docker/res/maude new file mode 100755 index 000000000..9b0d65f94 Binary files /dev/null and b/etc/docker/res/maude differ diff --git a/etc/docker/res/prelude.maude b/etc/docker/res/prelude.maude new file mode 100644 index 000000000..1a2b9f5d0 --- /dev/null +++ b/etc/docker/res/prelude.maude @@ -0,0 +1,2520 @@ +***( + + This file is part of the Maude 2 interpreter. + + Copyright 1997-2014 SRI International, Menlo Park, CA 94025, USA. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. + +) + +*** +*** Maude interpreter standard prelude. +*** Version alpha109 +*** +*** Some of the overall structure is taken from the OBJ3 +*** interpreter standard prelude. +*** + +set include BOOL off . + +fmod TRUTH-VALUE is + sort Bool . + op true : -> Bool [ctor special (id-hook SystemTrue)] . + op false : -> Bool [ctor special (id-hook SystemFalse)] . +endfm + +fmod BOOL-OPS is + protecting TRUTH-VALUE . + op _and_ : Bool Bool -> Bool [assoc comm prec 55] . + op _or_ : Bool Bool -> Bool [assoc comm prec 59] . + op _xor_ : Bool Bool -> Bool [assoc comm prec 57] . + op not_ : Bool -> Bool [prec 53] . + op _implies_ : Bool Bool -> Bool [gather (e E) prec 61] . + vars A B C : Bool . + eq true and A = A . + eq false and A = false . + eq A and A = A . + eq false xor A = A . + eq A xor A = false . + eq A and (B xor C) = A and B xor A and C . + eq not A = A xor true . + eq A or B = A and B xor A xor B . + eq A implies B = not(A xor A and B) . +endfm + +fmod TRUTH is + protecting TRUTH-VALUE . + op if_then_else_fi : Bool Universal Universal -> Universal + [poly (2 3 0) + special (id-hook BranchSymbol + term-hook 1 (true) + term-hook 2 (false))] . + + op _==_ : Universal Universal -> Bool + [prec 51 poly (1 2) + special (id-hook EqualitySymbol + term-hook equalTerm (true) + term-hook notEqualTerm (false))] . + + op _=/=_ : Universal Universal -> Bool + [prec 51 poly (1 2) + special (id-hook EqualitySymbol + term-hook equalTerm (false) + term-hook notEqualTerm (true))] . +endfm + +fmod BOOL is + protecting BOOL-OPS . + protecting TRUTH . +endfm + +fmod EXT-BOOL is + protecting BOOL . + op _and-then_ : Bool Bool -> Bool [strat (1 0) gather (e E) prec 55] . + op _or-else_ : Bool Bool -> Bool [strat (1 0) gather (e E) prec 59] . + var B : [Bool] . + eq true and-then B = B . + eq false and-then B = false . + eq true or-else B = true . + eq false or-else B = B . +endfm + +*** +*** Builtin data types. +*** + +fmod NAT is + protecting BOOL . + sorts Zero NzNat Nat . + subsort Zero NzNat < Nat . + op 0 : -> Zero [ctor] . + + op s_ : Nat -> NzNat + [ctor iter + special (id-hook SuccSymbol + term-hook zeroTerm (0))] . + + op _+_ : NzNat Nat -> NzNat + [assoc comm prec 33 + special (id-hook ACU_NumberOpSymbol (+) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + op _+_ : Nat Nat -> Nat [ditto] . + + op sd : Nat Nat -> Nat + [comm + special (id-hook CUI_NumberOpSymbol (sd) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op _*_ : NzNat NzNat -> NzNat + [assoc comm prec 31 + special (id-hook ACU_NumberOpSymbol (*) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + op _*_ : Nat Nat -> Nat [ditto] . + + op _quo_ : Nat NzNat -> Nat + [prec 31 gather (E e) + special (id-hook NumberOpSymbol (quo) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op _rem_ : Nat NzNat -> Nat + [prec 31 gather (E e) + special (id-hook NumberOpSymbol (rem) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op _^_ : Nat Nat -> Nat + [prec 29 gather (E e) + special (id-hook NumberOpSymbol (^) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + op _^_ : NzNat Nat -> NzNat [ditto] . + + op modExp : Nat Nat NzNat ~> Nat + [special (id-hook NumberOpSymbol (modExp) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op gcd : NzNat Nat -> NzNat + [assoc comm + special (id-hook ACU_NumberOpSymbol (gcd) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + op gcd : Nat Nat -> Nat [ditto] . + + op lcm : NzNat NzNat -> NzNat + [assoc comm + special (id-hook ACU_NumberOpSymbol (lcm) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + op lcm : Nat Nat -> Nat [ditto] . + + op min : NzNat NzNat -> NzNat + [assoc comm + special (id-hook ACU_NumberOpSymbol (min) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + op min : Nat Nat -> Nat [ditto] . + + op max : NzNat Nat -> NzNat + [assoc comm + special (id-hook ACU_NumberOpSymbol (max) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + op max : Nat Nat -> Nat [ditto] . + + op _xor_ : Nat Nat -> Nat + [assoc comm prec 55 + special (id-hook ACU_NumberOpSymbol (xor) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op _&_ : Nat Nat -> Nat + [assoc comm prec 53 + special (id-hook ACU_NumberOpSymbol (&) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op _|_ : NzNat Nat -> NzNat + [assoc comm prec 57 + special (id-hook ACU_NumberOpSymbol (|) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + op _|_ : Nat Nat -> Nat [ditto] . + + op _>>_ : Nat Nat -> Nat + [prec 35 gather (E e) + special (id-hook NumberOpSymbol (>>) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op _<<_ : Nat Nat -> Nat + [prec 35 gather (E e) + special (id-hook NumberOpSymbol (<<) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op _<_ : Nat Nat -> Bool + [prec 37 + special (id-hook NumberOpSymbol (<) + op-hook succSymbol (s_ : Nat ~> NzNat) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _<=_ : Nat Nat -> Bool + [prec 37 + special (id-hook NumberOpSymbol (<=) + op-hook succSymbol (s_ : Nat ~> NzNat) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _>_ : Nat Nat -> Bool + [prec 37 + special (id-hook NumberOpSymbol (>) + op-hook succSymbol (s_ : Nat ~> NzNat) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _>=_ : Nat Nat -> Bool + [prec 37 + special (id-hook NumberOpSymbol (>=) + op-hook succSymbol (s_ : Nat ~> NzNat) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _divides_ : NzNat Nat -> Bool + [prec 51 + special (id-hook NumberOpSymbol (divides) + op-hook succSymbol (s_ : Nat ~> NzNat) + term-hook trueTerm (true) + term-hook falseTerm (false))] . +endfm + +fmod INT is + protecting NAT . + sorts NzInt Int . + subsorts NzNat < NzInt Nat < Int . + + op -_ : NzNat -> NzInt + [ctor + special (id-hook MinusSymbol + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op -_ : NzInt -> NzInt [ditto] . + op -_ : Int -> Int [ditto] . + + op _+_ : Int Int -> Int + [assoc comm prec 33 + special (id-hook ACU_NumberOpSymbol (+) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + op _-_ : Int Int -> Int + [prec 33 gather (E e) + special (id-hook NumberOpSymbol (-) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + op _*_ : NzInt NzInt -> NzInt + [assoc comm prec 31 + special (id-hook ACU_NumberOpSymbol (*) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op _*_ : Int Int -> Int [ditto] . + + op _quo_ : Int NzInt -> Int + [prec 31 gather (E e) + special (id-hook NumberOpSymbol (quo) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + op _rem_ : Int NzInt -> Int + [prec 31 gather (E e) + special (id-hook NumberOpSymbol (rem) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + op _^_ : Int Nat -> Int + [prec 29 gather (E e) + special (id-hook NumberOpSymbol (^) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op _^_ : NzInt Nat -> NzInt [ditto] . + + op abs : NzInt -> NzNat + [special (id-hook NumberOpSymbol (abs) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op abs : Int -> Nat [ditto] . + + op gcd : NzInt Int -> NzNat + [assoc comm + special (id-hook ACU_NumberOpSymbol (gcd) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op gcd : Int Int -> Nat [ditto] . + + op lcm : NzInt NzInt -> NzNat + [assoc comm + special (id-hook ACU_NumberOpSymbol (lcm) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op lcm : Int Int -> Nat [ditto] . + + op min : NzInt NzInt -> NzInt + [assoc comm + special (id-hook ACU_NumberOpSymbol (min) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op min : Int Int -> Int [ditto] . + + op max : NzInt NzInt -> NzInt + [assoc comm + special (id-hook ACU_NumberOpSymbol (max) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op max : Int Int -> Int [ditto] . + op max : NzNat Int -> NzNat [ditto] . + op max : Nat Int -> Nat [ditto] . + + op ~_ : Int -> Int + [special (id-hook NumberOpSymbol (~) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + op _xor_ : Int Int -> Int + [assoc comm prec 55 + special (id-hook ACU_NumberOpSymbol (xor) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + op _&_ : Nat Int -> Nat + [assoc comm prec 53 + special (id-hook ACU_NumberOpSymbol (&) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op _&_ : Int Int -> Int [ditto] . + + op _|_ : NzInt Int -> NzInt + [assoc comm prec 57 + special (id-hook ACU_NumberOpSymbol (|) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + op _|_ : Int Int -> Int [ditto] . + + op _>>_ : Int Nat -> Int + [prec 35 gather (E e) + special (id-hook NumberOpSymbol (>>) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + op _<<_ : Int Nat -> Int + [prec 35 gather (E e) + special (id-hook NumberOpSymbol (<<) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + op _<_ : Int Int -> Bool + [prec 37 + special (id-hook NumberOpSymbol (<) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _<=_ : Int Int -> Bool + [prec 37 + special (id-hook NumberOpSymbol (<=) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _>_ : Int Int -> Bool + [prec 37 + special (id-hook NumberOpSymbol (>) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _>=_ : Int Int -> Bool + [prec 37 + special (id-hook NumberOpSymbol (>=) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _divides_ : NzInt Int -> Bool + [prec 51 + special (id-hook NumberOpSymbol (divides) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + term-hook trueTerm (true) + term-hook falseTerm (false))] . +endfm + +fmod RAT is + protecting INT . + sorts PosRat NzRat Rat . + subsorts NzInt < NzRat Int < Rat . + subsorts NzNat < PosRat < NzRat . + + op _/_ : NzInt NzNat -> NzRat + [ctor prec 31 gather (E e) + special (id-hook DivisionSymbol + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int))] . + + var I J : NzInt . + var N M : NzNat . + var K : Int . + var Z : Nat . + var Q : NzRat . + var R : Rat . + + op _/_ : NzNat NzNat -> PosRat [ctor ditto] . + op _/_ : PosRat PosRat -> PosRat [ditto] . + op _/_ : NzRat NzRat -> NzRat [ditto] . + op _/_ : Rat NzRat -> Rat [ditto] . + eq 0 / Q = 0 . + eq I / - N = - I / N . + eq (I / N) / (J / M) = (I * M) / (J * N) . + eq (I / N) / J = I / (J * N) . + eq I / (J / M) = (I * M) / J . + + op -_ : NzRat -> NzRat [ditto] . + op -_ : Rat -> Rat [ditto] . + eq - (I / N) = - I / N . + + op _+_ : PosRat PosRat -> PosRat [ditto] . + op _+_ : PosRat Nat -> PosRat [ditto] . + op _+_ : Rat Rat -> Rat [ditto] . + eq I / N + J / M = (I * M + J * N) / (N * M) . + eq I / N + K = (I + K * N) / N . + + op _-_ : Rat Rat -> Rat [ditto] . + eq I / N - J / M = (I * M - J * N) / (N * M) . + eq I / N - K = (I - K * N) / N . + eq K - J / M = (K * M - J ) / M . + + op _*_ : PosRat PosRat -> PosRat [ditto] . + op _*_ : NzRat NzRat -> NzRat [ditto] . + op _*_ : Rat Rat -> Rat [ditto] . + eq Q * 0 = 0 . + eq (I / N) * (J / M) = (I * J) / (N * M). + eq (I / N) * K = (I * K) / N . + + op _quo_ : PosRat PosRat -> Nat [ditto] . + op _quo_ : Rat NzRat -> Int [ditto] . + eq (I / N) quo Q = I quo (N * Q) . + eq K quo (J / M) = (K * M) quo J . + + op _rem_ : Rat NzRat -> Rat [ditto] . + eq (I / N) rem (J / M) = ((I * M) rem (J * N)) / (N * M) . + eq K rem (J / M) = ((K * M) rem J) / M . + eq (I / N) rem J = (I rem (J * N)) / N . + + op _^_ : PosRat Nat -> PosRat [ditto] . + op _^_ : NzRat Nat -> NzRat [ditto] . + op _^_ : Rat Nat -> Rat [ditto] . + eq (I / N) ^ Z = (I ^ Z) / (N ^ Z) . + + op abs : NzRat -> PosRat [ditto] . + op abs : Rat -> Rat [ditto] . + eq abs(I / N) = abs(I) / N . + + op gcd : NzRat Rat -> PosRat [ditto] . + op gcd : Rat Rat -> Rat [ditto] . + eq gcd(I / N, R) = gcd(I, N * R) / N . + + op lcm : NzRat NzRat -> PosRat [ditto] . + op lcm : Rat Rat -> Rat [ditto] . + eq lcm(I / N, R) = lcm(I, N * R) / N . + + op min : PosRat PosRat -> PosRat [ditto] . + op min : NzRat NzRat -> NzRat [ditto] . + op min : Rat Rat -> Rat [ditto] . + eq min(I / N, R) = min(I, N * R) / N . + + op max : PosRat Rat -> PosRat [ditto] . + op max : NzRat NzRat -> NzRat [ditto] . + op max : Rat Rat -> Rat [ditto] . + eq max(I / N, R) = max(I, N * R) / N . + + op _<_ : Rat Rat -> Bool [ditto] . + eq (I / N) < (J / M) = (I * M) < (J * N) . + eq (I / N) < K = I < (K * N) . + eq K < (J / M) = (K * M) < J . + + op _<=_ : Rat Rat -> Bool [ditto] . + eq (I / N) <= (J / M) = (I * M) <= (J * N) . + eq (I / N) <= K = I <= (K * N) . + eq K <= (J / M) = (K * M) <= J . + + op _>_ : Rat Rat -> Bool [ditto] . + eq (I / N) > (J / M) = (I * M) > (J * N) . + eq (I / N) > K = I > (K * N) . + eq K > (J / M) = (K * M) > J . + + op _>=_ : Rat Rat -> Bool [ditto] . + eq (I / N) >= (J / M) = (I * M) >= (J * N) . + eq (I / N) >= K = I >= (K * N) . + eq K >= (J / M) = (K * M) >= J . + + op _divides_ : NzRat Rat -> Bool [ditto] . + eq (I / N) divides K = I divides N * K . + eq Q divides (J / M) = Q * M divides J . + + op trunc : PosRat -> Nat . + op trunc : Rat -> Int . + eq trunc(K) = K . + eq trunc(I / N) = I quo N . + + op frac : Rat -> Rat . + eq frac(K) = 0 . + eq frac(I / N) = (I rem N) / N . + + op floor : PosRat -> Nat . + op floor : Rat -> Int . + op ceiling : PosRat -> NzNat . + op ceiling : Rat -> Int . + eq floor(K) = K . + eq ceiling(K) = K . + eq floor(N / M) = N quo M . + eq ceiling(N / M) = ((N + M) - 1) quo M . + eq floor(- N / M) = - ceiling(N / M) . + eq ceiling(- N / M) = - floor(N / M) . +endfm + +fmod FLOAT is + protecting BOOL . + sorts FiniteFloat Float . + subsort FiniteFloat < Float . + +*** pseudo constructor for the set of double precision floats + op : -> FiniteFloat [special (id-hook FloatSymbol)] . + op : -> Float [ditto] . + + op -_ : Float -> Float + [prec 15 + special (id-hook FloatOpSymbol (-) + op-hook floatSymbol ( : ~> Float))] . + + op -_ : FiniteFloat -> FiniteFloat [ditto] . + + op _+_ : Float Float -> Float + [prec 33 gather (E e) + special (id-hook FloatOpSymbol (+) + op-hook floatSymbol ( : ~> Float))] . + + op _-_ : Float Float -> Float + [prec 33 gather (E e) + special (id-hook FloatOpSymbol (-) + op-hook floatSymbol ( : ~> Float))] . + + op _*_ : Float Float -> Float + [prec 31 gather (E e) + special (id-hook FloatOpSymbol (*) + op-hook floatSymbol ( : ~> Float))] . + + op _/_ : Float Float ~> Float + [prec 31 gather (E e) + special (id-hook FloatOpSymbol (/) + op-hook floatSymbol ( : ~> Float))] . + + op _rem_ : Float Float ~> Float + [prec 31 gather (E e) + special (id-hook FloatOpSymbol (rem) + op-hook floatSymbol ( : ~> Float))] . + + op _^_ : Float Float ~> Float + [prec 29 gather (E e) + special (id-hook FloatOpSymbol (^) + op-hook floatSymbol ( : ~> Float))] . + + op abs : Float -> Float + [special (id-hook FloatOpSymbol (abs) + op-hook floatSymbol ( : ~> Float))] . + + op abs : FiniteFloat -> FiniteFloat [ditto] . + + op floor : Float -> Float + [special (id-hook FloatOpSymbol (floor) + op-hook floatSymbol ( : ~> Float))] . + + op ceiling : Float -> Float + [special (id-hook FloatOpSymbol (ceiling) + op-hook floatSymbol ( : ~> Float))] . + + op min : Float Float -> Float + [special (id-hook FloatOpSymbol (min) + op-hook floatSymbol ( : ~> Float))] . + + op max : Float Float -> Float + [special (id-hook FloatOpSymbol (max) + op-hook floatSymbol ( : ~> Float))] . + + op sqrt : Float ~> Float + [special (id-hook FloatOpSymbol (sqrt) + op-hook floatSymbol ( : ~> Float))] . + + op exp : Float -> Float + [special (id-hook FloatOpSymbol (exp) + op-hook floatSymbol ( : ~> Float))] . + + op log : Float ~> Float + [special (id-hook FloatOpSymbol (log) + op-hook floatSymbol ( : ~> Float))] . + + op sin : Float -> Float + [special (id-hook FloatOpSymbol (sin) + op-hook floatSymbol ( : ~> Float))] . + + op cos : Float -> Float + [special (id-hook FloatOpSymbol (cos) + op-hook floatSymbol ( : ~> Float))] . + + op tan : Float -> Float + [special (id-hook FloatOpSymbol (tan) + op-hook floatSymbol ( : ~> Float))] . + + op asin : Float ~> Float + [special (id-hook FloatOpSymbol (asin) + op-hook floatSymbol ( : ~> Float))] . + + op acos : Float ~> Float + [special (id-hook FloatOpSymbol (acos) + op-hook floatSymbol ( : ~> Float))] . + + op atan : Float -> Float + [special (id-hook FloatOpSymbol (atan) + op-hook floatSymbol ( : ~> Float))] . + + op atan : Float Float -> Float + [special (id-hook FloatOpSymbol (atan) + op-hook floatSymbol ( : ~> Float))] . + + op _<_ : Float Float -> Bool + [prec 51 + special (id-hook FloatOpSymbol (<) + op-hook floatSymbol ( : ~> Float) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _<=_ : Float Float -> Bool + [prec 51 + special (id-hook FloatOpSymbol (<=) + op-hook floatSymbol ( : ~> Float) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _>_ : Float Float -> Bool + [prec 51 + special (id-hook FloatOpSymbol (>) + op-hook floatSymbol ( : ~> Float) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _>=_ : Float Float -> Bool + [prec 51 + special (id-hook FloatOpSymbol (>=) + op-hook floatSymbol ( : ~> Float) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op pi : -> FiniteFloat . + eq pi = 3.1415926535897931 . + + op _=[_]_ : Float FiniteFloat Float -> Bool [prec 51 format (d d d d d s d)] . + var X Y : Float . + var Z : FiniteFloat . + eq X =[Z] Y = abs(X - Y) < Z . +endfm + +fmod STRING is + protecting NAT . + sorts String Char FindResult . + subsort Char < String . + subsort Nat < FindResult . + +*** pseudo constructor for the infinite set of strings + op : -> Char [special (id-hook StringSymbol)] . + op : -> String [ditto] . + + op notFound : -> FindResult [ctor] . + + op ascii : Char -> Nat + [special (id-hook StringOpSymbol (ascii) + op-hook stringSymbol ( : ~> Char) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op char : Nat ~> Char + [special (id-hook StringOpSymbol (char) + op-hook stringSymbol ( : ~> Char) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op _+_ : String String -> String + [prec 33 gather (E e) + special (id-hook StringOpSymbol (+) + op-hook stringSymbol ( : ~> String))] . + + op length : String -> Nat + [special (id-hook StringOpSymbol (length) + op-hook stringSymbol ( : ~> String) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op substr : String Nat Nat -> String + [special (id-hook StringOpSymbol (substr) + op-hook stringSymbol ( : ~> String) + op-hook succSymbol (s_ : Nat ~> NzNat))] . + + op find : String String Nat -> FindResult + [special (id-hook StringOpSymbol (find) + op-hook stringSymbol ( : ~> String) + op-hook succSymbol (s_ : Nat ~> NzNat) + term-hook notFoundTerm (notFound))] . + + op rfind : String String Nat -> FindResult + [special (id-hook StringOpSymbol (rfind) + op-hook stringSymbol ( : ~> String) + op-hook succSymbol (s_ : Nat ~> NzNat) + term-hook notFoundTerm (notFound))] . + + op _<_ : String String -> Bool + [prec 37 + special (id-hook StringOpSymbol (<) + op-hook stringSymbol ( : ~> String) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _<=_ : String String -> Bool + [prec 37 + special (id-hook StringOpSymbol (<=) + op-hook stringSymbol ( : ~> String) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _>_ : String String -> Bool + [prec 37 + special (id-hook StringOpSymbol (>) + op-hook stringSymbol ( : ~> String) + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op _>=_ : String String -> Bool + [prec 37 + special (id-hook StringOpSymbol (>=) + op-hook stringSymbol ( : ~> String) + term-hook trueTerm (true) + term-hook falseTerm (false))] . +endfm + +fmod CONVERSION is + protecting RAT . + protecting FLOAT . + protecting STRING . + sort DecFloat . + op <_,_,_> : Int String Int -> DecFloat [ctor] . + + op float : Rat -> Float + [special (id-hook FloatOpSymbol (float) + op-hook floatSymbol ( : ~> Float) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + op-hook divisionSymbol (_/_ : NzInt NzNat ~> NzRat))] . + + op rat : FiniteFloat -> Rat + [special (id-hook FloatOpSymbol (rat) + op-hook floatSymbol ( : ~> Float) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + op-hook divisionSymbol (_/_ : NzInt NzNat ~> NzRat))] . + + op string : Rat NzNat ~> String + [special (id-hook StringOpSymbol (string) + op-hook stringSymbol ( : ~> String) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + op-hook divisionSymbol (_/_ : NzInt NzNat ~> NzRat))] . + + op rat : String NzNat ~> Rat + [special (id-hook StringOpSymbol (rat) + op-hook stringSymbol ( : ~> String) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + op-hook divisionSymbol (_/_ : NzInt NzNat ~> NzRat))] . + + op string : Float -> String + [special (id-hook StringOpSymbol (string) + op-hook stringSymbol ( : ~> String) + op-hook floatSymbol ( : ~> Float))] . + + op float : String ~> Float + [special (id-hook StringOpSymbol (float) + op-hook stringSymbol ( : ~> String) + op-hook floatSymbol ( : ~> Float))] . + + op decFloat : Float Nat -> DecFloat + [special (id-hook StringOpSymbol (decFloat) + op-hook stringSymbol ( : ~> String) + op-hook floatSymbol ( : ~> Float) + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook minusSymbol (-_ : NzNat ~> Int) + op-hook decFloatSymbol + (<_,_,_> : Int String Int ~> DecFloat))] . +endfm + +fmod RANDOM is + protecting NAT . + op random : Nat -> Nat + [special (id-hook RandomOpSymbol + op-hook succSymbol (s_ : Nat ~> NzNat))] . +endfm + +fmod QID is + protecting STRING . + sort Qid . + +*** pseudo constructor for the infinite set of quoted identifiers + op : -> Qid [special (id-hook QuotedIdentifierSymbol)] . + + op string : Qid -> String + [special (id-hook QuotedIdentifierOpSymbol (string) + op-hook quotedIdentifierSymbol ( : ~> Qid) + op-hook stringSymbol ( : ~> String))] . + + op qid : String ~> Qid + [special (id-hook QuotedIdentifierOpSymbol (qid) + op-hook quotedIdentifierSymbol ( : ~> Qid) + op-hook stringSymbol ( : ~> String))] . +endfm + +*** +*** Standard theories and views. +*** + +fth TRIV is + sort Elt . +endfth + +view TRIV from TRIV to TRIV is endv + +view Bool from TRIV to BOOL is + sort Elt to Bool . +endv + +view Nat from TRIV to NAT is + sort Elt to Nat . +endv + +view Int from TRIV to INT is + sort Elt to Int . +endv + +view Rat from TRIV to RAT is + sort Elt to Rat . +endv + +view Float from TRIV to FLOAT is + sort Elt to Float . +endv + +view String from TRIV to STRING is + sort Elt to String . +endv + +view Qid from TRIV to QID is + sort Elt to Qid . +endv + +fth STRICT-WEAK-ORDER is + protecting BOOL . + including TRIV . + op _<_ : Elt Elt -> Bool . + vars X Y Z : Elt . + ceq X < Z = true if X < Y /\ Y < Z [nonexec label transitive] . + eq X < X = false [nonexec label irreflexive] . + ceq X < Y or Y < X or Y < Z or Z < Y = true if X < Z or Z < X + [nonexec label incomparability-transitive] . +endfth + +view STRICT-WEAK-ORDER from TRIV to STRICT-WEAK-ORDER is endv + +fth STRICT-TOTAL-ORDER is + inc STRICT-WEAK-ORDER . + vars X Y : Elt . + ceq X = Y if X < Y = false /\ Y < X = false [nonexec label total] . +endfth + +view STRICT-TOTAL-ORDER from STRICT-WEAK-ORDER to STRICT-TOTAL-ORDER is endv + +view Nat< from STRICT-TOTAL-ORDER to NAT is + sort Elt to Nat . +endv + +view Int< from STRICT-TOTAL-ORDER to INT is + sort Elt to Int . +endv + +view Rat< from STRICT-TOTAL-ORDER to RAT is + sort Elt to Rat . +endv + +view Float< from STRICT-TOTAL-ORDER to FLOAT is + sort Elt to Float . +endv + +view String< from STRICT-TOTAL-ORDER to STRING is + sort Elt to String . +endv + +fth TOTAL-PREORDER is + protecting BOOL . + including TRIV . + op _<=_ : Elt Elt -> Bool . + vars X Y Z : Elt . + eq X <= X = true [nonexec label reflexive] . + ceq X <= Z = true if X <= Y /\ Y <= Z [nonexec label transitive] . + eq X <= Y or Y <= X = true [nonexec label total] . +endfth + +view TOTAL-PREORDER from TRIV to TOTAL-PREORDER is endv + +fth TOTAL-ORDER is + inc TOTAL-PREORDER . + vars X Y : Elt . + ceq X = Y if X <= Y /\ Y <= X [nonexec label antisymmetric] . +endfth + +view TOTAL-ORDER from TOTAL-PREORDER to TOTAL-ORDER is endv + +view Nat<= from TOTAL-ORDER to NAT is + sort Elt to Nat . +endv + +view Int<= from TOTAL-ORDER to INT is + sort Elt to Int . +endv + +view Rat<= from TOTAL-ORDER to RAT is + sort Elt to Rat . +endv + +view Float<= from TOTAL-ORDER to FLOAT is + sort Elt to Float . +endv + +view String<= from TOTAL-ORDER to STRING is + sort Elt to String . +endv + +fth DEFAULT is + including TRIV . + op 0 : -> Elt . +endfth + +view DEFAULT from TRIV to DEFAULT is endv + +view Nat0 from DEFAULT to NAT is + sort Elt to Nat . +endv + +view Int0 from DEFAULT to INT is + sort Elt to Int . +endv + +view Rat0 from DEFAULT to RAT is + sort Elt to Rat . +endv + +view Float0 from DEFAULT to FLOAT is + sort Elt to Float . + op 0 to term 0.0 . +endv + +view String0 from DEFAULT to STRING is + sort Elt to String . + op 0 to term "" . +endv + +view Qid0 from DEFAULT to QID is + sort Elt to Qid . + op 0 to term ' . +endv + +*** +*** Container data types defined in Maude. +*** + +fmod LIST{X :: TRIV} is + protecting NAT . + sorts NeList{X} List{X} . + subsort X$Elt < NeList{X} < List{X} . + + op nil : -> List{X} [ctor] . + op __ : List{X} List{X} -> List{X} [ctor assoc id: nil prec 25] . + op __ : NeList{X} List{X} -> NeList{X} [ctor ditto] . + op __ : List{X} NeList{X} -> NeList{X} [ctor ditto] . + + var E E' : X$Elt . + vars A L : List{X} . + var C : Nat . + + op append : List{X} List{X} -> List{X} . + op append : NeList{X} List{X} -> NeList{X} . + op append : List{X} NeList{X} -> NeList{X} . + eq append(A, L) = A L . + + op head : NeList{X} -> X$Elt . + eq head(E L) = E . + + op tail : NeList{X} -> List{X} . + eq tail(E L) = L . + + op last : NeList{X} -> X$Elt . + eq last(L E) = E . + + op front : NeList{X} -> List{X} . + eq front(L E) = L . + + op occurs : X$Elt List{X} -> Bool . + eq occurs(E, nil) = false . + eq occurs(E, E' L) = if E == E' then true else occurs(E, L) fi . + + op reverse : List{X} -> List{X} . + op reverse : NeList{X} -> NeList{X} . + eq reverse(L) = $reverse(L, nil) . + + op $reverse : List{X} List{X} -> List{X} . + eq $reverse(nil, A) = A . + eq $reverse(E L, A) = $reverse(L, E A). + + op size : List{X} -> Nat . + op size : NeList{X} -> NzNat . + eq size(L) = $size(L, 0) . + + op $size : List{X} Nat -> Nat . + eq $size(nil, C) = C . + eq $size(E L, C) = $size(L, C + 1) . +endfm + +fmod WEAKLY-SORTABLE-LIST{X :: STRICT-WEAK-ORDER} is + protecting LIST{STRICT-WEAK-ORDER}{X} * + (sort NeList{STRICT-WEAK-ORDER}{X} to NeList{X}, + sort List{STRICT-WEAK-ORDER}{X} to List{X}) . + sort $Split{X} . + + vars E E' : X$Elt . + vars A A' L L' : List{X} . + var N : NeList{X} . + + op sort : List{X} -> List{X} . + op sort : NeList{X} -> NeList{X} . + eq sort(nil) = nil . + eq sort(E) = E . + eq sort(E N) = $sort($split(E N, nil, nil)) . + + op $sort : $Split{X} -> List{X} . + eq $sort($split(nil, L, L')) = $merge(sort(L), sort(L'), nil) . + + op $split : List{X} List{X} List{X} -> $Split{X} [ctor] . + eq $split(E, A, A') = $split(nil, A E, A') . + eq $split(E L E', A, A') = $split(L, A E, E' A') . + + op merge : List{X} List{X} -> List{X} . + op merge : NeList{X} List{X} -> NeList{X} . + op merge : List{X} NeList{X} -> NeList{X} . + eq merge(L, L') = $merge(L, L', nil) . + + op $merge : List{X} List{X} List{X} -> List{X} . + eq $merge(L, nil, A) = A L . + eq $merge(nil, L, A) = A L . + eq $merge(E L, E' L', A) = + if E' < E then $merge(E L, L', A E') + else $merge(L, E' L', A E) + fi . +endfm + +fmod SORTABLE-LIST{X :: STRICT-TOTAL-ORDER} is + protecting WEAKLY-SORTABLE-LIST{STRICT-TOTAL-ORDER}{X} * + (sort NeList{STRICT-TOTAL-ORDER}{X} to NeList{X}, + sort List{STRICT-TOTAL-ORDER}{X} to List{X}) . +endfm + +fmod WEAKLY-SORTABLE-LIST'{X :: TOTAL-PREORDER} is + protecting LIST{TOTAL-PREORDER}{X} * + (sort NeList{TOTAL-PREORDER}{X} to NeList{X}, + sort List{TOTAL-PREORDER}{X} to List{X}) . + sort $Split{X} . + + vars E E' : X$Elt . + vars A A' L L' : List{X} . + var N : NeList{X} . + + op sort : List{X} -> List{X} . + op sort : NeList{X} -> NeList{X} . + eq sort(nil) = nil . + eq sort(E) = E . + eq sort(E N) = $sort($split(E N, nil, nil)) . + + op $sort : $Split{X} -> List{X} . + eq $sort($split(nil, L, L')) = $merge(sort(L), sort(L'), nil) . + + op $split : List{X} List{X} List{X} -> $Split{X} [ctor] . + eq $split(E, A, A') = $split(nil, A E, A') . + eq $split(E L E', A, A') = $split(L, A E, E' A') . + + op merge : List{X} List{X} -> List{X} . + op merge : NeList{X} List{X} -> NeList{X} . + op merge : List{X} NeList{X} -> NeList{X} . + eq merge(L, L') = $merge(L, L', nil) . + + op $merge : List{X} List{X} List{X} -> List{X} . + eq $merge(L, nil, A) = A L . + eq $merge(nil, L, A) = A L . + eq $merge(E L, E' L', A) = + if E <= E' then $merge(L, E' L', A E) + else $merge(E L, L', A E') + fi . +endfm + +fmod SORTABLE-LIST'{X :: TOTAL-ORDER} is + protecting WEAKLY-SORTABLE-LIST'{TOTAL-ORDER}{X} * + (sort NeList{TOTAL-ORDER}{X} to NeList{X}, + sort List{TOTAL-ORDER}{X} to List{X}) . +endfm + +fmod SET{X :: TRIV} is + protecting EXT-BOOL . + protecting NAT . + sorts NeSet{X} Set{X} . + subsort X$Elt < NeSet{X} < Set{X} . + + op empty : -> Set{X} [ctor] . + op _,_ : Set{X} Set{X} -> Set{X} [ctor assoc comm id: empty prec 121 format (d r os d)] . + op _,_ : NeSet{X} Set{X} -> NeSet{X} [ctor ditto] . + + var E : X$Elt . + var N : NeSet{X} . + vars A S S' : Set{X} . + var C : Nat . + + eq N, N = N . + + op insert : X$Elt Set{X} -> Set{X} . + eq insert(E, S) = E, S . + + op delete : X$Elt Set{X} -> Set{X} . + eq delete(E, (E, S)) = delete(E, S) . + eq delete(E, S) = S [owise] . + + op _in_ : X$Elt Set{X} -> Bool . + eq E in (E, S) = true . + eq E in S = false [owise] . + + op |_| : Set{X} -> Nat . + op |_| : NeSet{X} -> NzNat . + eq | S | = $card(S, 0) . + + op $card : Set{X} Nat -> Nat . + eq $card(empty, C) = C . + eq $card((N, N, S), C) = $card((N, S), C) . + eq $card((E, S), C) = $card(S, C + 1) [owise] . + + op union : Set{X} Set{X} -> Set{X} . + op union : NeSet{X} Set{X} -> NeSet{X} . + op union : Set{X} NeSet{X} -> NeSet{X} . + eq union(S, S') = S, S' . + + op intersection : Set{X} Set{X} -> Set{X} . + eq intersection(S, empty) = empty . + eq intersection(S, N) = $intersect(S, N, empty) . + + op $intersect : Set{X} Set{X} Set{X} -> Set{X} . + eq $intersect(empty, S', A) = A . + eq $intersect((E, S), S', A) = $intersect(S, S', if E in S' then E, A else A fi) . + + op _\_ : Set{X} Set{X} -> Set{X} [gather (E e)]. + eq S \ empty = S . + eq S \ N = $diff(S, N, empty) . + + op $diff : Set{X} Set{X} Set{X} -> Set{X} . + eq $diff(empty, S', A) = A . + eq $diff((E, S), S', A) = $diff(S, S', if E in S' then A else E, A fi) . + + op _subset_ : Set{X} Set{X} -> Bool . + eq empty subset S' = true . + eq (E, S) subset S' = E in S' and-then S subset S' . + + op _psubset_ : Set{X} Set{X} -> Bool . + eq S psubset S' = S =/= S' and-then S subset S' . +endfm + +fmod LIST-AND-SET{X :: TRIV} is + protecting LIST{X} . + protecting SET{X} . + + var E : X$Elt . + vars A L : List{X} . + var S : Set{X} . + + op makeSet : List{X} -> Set{X} . + op makeSet : NeList{X} -> NeSet{X} . + eq makeSet(L) = $makeSet(L, empty) . + + op $makeSet : List{X} Set{X} -> Set{X} . + op $makeSet : NeList{X} Set{X} -> NeSet{X} . + op $makeSet : List{X} NeSet{X} -> NeSet{X} . + eq $makeSet(nil, S) = S . + eq $makeSet(E L, S) = $makeSet(L, (E, S)) . + + op filter : List{X} Set{X} -> List{X} . + eq filter(L, S) = $filter(L, S, nil) . + + op $filter : List{X} Set{X} List{X} -> List{X} . + eq $filter(nil, S, A) = A . + eq $filter(E L, S, A) = $filter(L, S, if E in S then A E else A fi) . + + op filterOut : List{X} Set{X} -> List{X} . + eq filterOut(L, S) = $filterOut(L, S, nil) . + + op $filterOut : List{X} Set{X} List{X} -> List{X} . + eq $filterOut(nil, S, A) = A . + eq $filterOut(E L, S, A) = $filterOut(L, S, if E in S then A else A E fi) . +endfm + +fmod SORTABLE-LIST-AND-SET{X :: STRICT-TOTAL-ORDER} is + protecting SORTABLE-LIST{X} . +*** +*** This double renaming is needed for correct sharing of a renamed +*** copy of LIST since Core Maude does not evaluate the composition +*** of renamings but applies them sequentially. +*** + protecting LIST-AND-SET{STRICT-WEAK-ORDER}{STRICT-TOTAL-ORDER}{X} * + (sort NeList{STRICT-WEAK-ORDER}{STRICT-TOTAL-ORDER}{X} to NeList{STRICT-TOTAL-ORDER}{X}, + sort List{STRICT-WEAK-ORDER}{STRICT-TOTAL-ORDER}{X} to List{STRICT-TOTAL-ORDER}{X}) * + (sort NeList{STRICT-TOTAL-ORDER}{X} to NeList{X}, + sort List{STRICT-TOTAL-ORDER}{X} to List{X}, + sort NeSet{STRICT-WEAK-ORDER}{STRICT-TOTAL-ORDER}{X} to NeSet{X}, + sort Set{STRICT-WEAK-ORDER}{STRICT-TOTAL-ORDER}{X} to Set{X}) . + + var E : X$Elt . + var L : List{X} . + var S : Set{X} . + + op makeList : Set{X} -> List{X} . + op makeList : NeSet{X} -> NeList{X} . + eq makeList(S) = $makeList(S, nil) . + + op $makeList : Set{X} List{X} -> List{X} . + op $makeList : NeSet{X} List{X} -> NeList{X} . + op $makeList : Set{X} NeList{X} -> NeList{X} . + eq $makeList(empty, L) = sort(L) . + eq $makeList((E, E, S), L) = $makeList((E, S), L) . + eq $makeList((E, S), L) = $makeList(S, E L) [owise] . +endfm + +fmod SORTABLE-LIST-AND-SET'{X :: TOTAL-ORDER} is + protecting SORTABLE-LIST'{X} . +*** +*** This double renaming is needed for the same reasons as above. +*** + protecting LIST-AND-SET{TOTAL-PREORDER}{TOTAL-ORDER}{X} * + (sort NeList{TOTAL-PREORDER}{TOTAL-ORDER}{X} to NeList{TOTAL-ORDER}{X}, + sort List{TOTAL-PREORDER}{TOTAL-ORDER}{X} to List{TOTAL-ORDER}{X}) * + (sort NeList{TOTAL-ORDER}{X} to NeList{X}, + sort List{TOTAL-ORDER}{X} to List{X}, + sort NeSet{TOTAL-PREORDER}{TOTAL-ORDER}{X} to NeSet{X}, + sort Set{TOTAL-PREORDER}{TOTAL-ORDER}{X} to Set{X}) . + + var E : X$Elt . + var L : List{X} . + var S : Set{X} . + + op makeList : Set{X} -> List{X} . + op makeList : NeSet{X} -> NeList{X} . + eq makeList(S) = $makeList(S, nil) . + + op $makeList : Set{X} List{X} -> List{X} . + op $makeList : NeSet{X} List{X} -> NeList{X} . + op $makeList : Set{X} NeList{X} -> NeList{X} . + eq $makeList(empty, L) = sort(L) . + eq $makeList((E, E, S), L) = $makeList((E, S), L) . + eq $makeList((E, S), L) = $makeList(S, E L) [owise] . +endfm + +fmod LIST*{X :: TRIV} is + protecting NAT . + sorts Item{X} PreList{X} NeList{X} List{X} . + subsort X$Elt List{X} < Item{X} < PreList{X} . + subsort NeList{X} < List{X} . + + op __ : PreList{X} PreList{X} -> PreList{X} [ctor assoc prec 25] . + op [_] : PreList{X} -> NeList{X} [ctor] . + op [] : -> List{X} [ctor] . + + vars A P : PreList{X} . + var L : List{X} . + var E E' : Item{X} . + var C : Nat . + + op append : List{X} List{X} -> List{X} . + op append : NeList{X} List{X} -> NeList{X} . + op append : List{X} NeList{X} -> NeList{X} . + eq append([], L) = L . + eq append(L, []) = L . + eq append([P], [A]) = [P A] . + + op head : NeList{X} -> Item{X} . + eq head([E]) = E . + eq head([E P]) = E . + + op tail : NeList{X} -> List{X} . + eq tail([E]) = [] . + eq tail([E P]) = [P] . + + op last : NeList{X} -> Item{X} . + eq last([E]) = E . + eq last([P E]) = E . + + op front : NeList{X} -> List{X} . + eq front([E]) = [] . + eq front([P E]) = [P] . + + op occurs : Item{X} List{X} -> Bool . + eq occurs(E, []) = false . + eq occurs(E, [E']) = (E == E') . + eq occurs(E, [E' P]) = if E == E' then true else occurs(E, [P]) fi . + + op reverse : List{X} -> List{X} . + op reverse : NeList{X} -> NeList{X} . + eq reverse([]) = [] . + eq reverse([E]) = [E] . + eq reverse([E P]) = [$reverse(P, E)] . + + op $reverse : PreList{X} PreList{X} -> PreList{X} . + eq $reverse(E, A) = E A . + eq $reverse(E P, A) = $reverse(P, E A). + + op size : List{X} -> Nat . + op size : NeList{X} -> NzNat . + eq size([]) = 0 . + eq size([P]) = $size(P, 0) . + + op $size : PreList{X} Nat -> NzNat . + eq $size(E, C) = C + 1 . + eq $size(E P, C) = $size(P, C + 1) . +endfm + +fmod SET*{X :: TRIV} is + protecting EXT-BOOL . + protecting NAT . + sorts Element{X} PreSet{X} NeSet{X} Set{X} . + subsort X$Elt Set{X} < Element{X} < PreSet{X} . + subsort NeSet{X} < Set{X} . + + op _,_ : PreSet{X} PreSet{X} -> PreSet{X} [ctor assoc comm prec 121 format (d r os d)] . + op {_} : PreSet{X} -> NeSet{X} [ctor] . + op {} : -> Set{X} [ctor] . + + vars P Q : PreSet{X} . + vars A S : Set{X} . + var E : Element{X} . + var N : NeSet{X} . + var C : Nat . + + eq {P, P} = {P} . + eq {P, P, Q} = {P, Q} . + + op insert : Element{X} Set{X} -> Set{X} . + eq insert(E, {}) = {E} . + eq insert(E, {P}) = {E, P} . + + op delete : Element{X} Set{X} -> Set{X} . + eq delete(E, {E}) = {} . + eq delete(E, {E, P}) = delete(E, {P}) . + eq delete(E, S) = S [owise] . + + op _in_ : Element{X} Set{X} -> Bool . + eq E in {E} = true . + eq E in {E, P} = true . + eq E in S = false [owise] . + + op |_| : Set{X} -> Nat . + op |_| : NeSet{X} -> NzNat . + eq | {} | = 0 . + eq | {P} | = $card(P, 0) . + + op $card : PreSet{X} Nat -> Nat . + eq $card(E, C) = C + 1 . + eq $card((N, N, P), C) = $card((N, P), C) . + eq $card((E, P), C) = $card(P, C + 1) [owise] . + + op union : Set{X} Set{X} -> Set{X} . + op union : NeSet{X} Set{X} -> NeSet{X} . + op union : Set{X} NeSet{X} -> NeSet{X} . + eq union({}, S) = S . + eq union(S, {}) = S . + eq union({P}, {Q}) = {P, Q} . + + op intersection : Set{X} Set{X} -> Set{X} . + eq intersection({}, S) = {} . + eq intersection(S, {}) = {} . + eq intersection({P}, N) = $intersect(P, N, {}) . + + op $intersect : PreSet{X} Set{X} Set{X} -> Set{X} . + eq $intersect(E, S, A) = if E in S then insert(E, A) else A fi . + eq $intersect((E, P), S, A) = $intersect(P, S, $intersect(E, S, A)) . + + op _\_ : Set{X} Set{X} -> Set{X} [gather (E e)] . + eq {} \ S = {} . + eq S \ {} = S . + eq {P} \ N = $diff(P, N, {}) . + + op $diff : PreSet{X} Set{X} Set{X} -> Set{X} . + eq $diff(E, S, A) = if E in S then A else insert(E, A) fi . + eq $diff((E, P), S, A) = $diff(P, S, $diff(E, S, A)) . + + op 2^_ : Set{X} -> Set{X} . + eq 2^{} = {{}} . + eq 2^{E} = {{}, {E}} . + eq 2^{E, P} = union(2^{P}, $augment(2^{P}, E, {})) . + + op $augment : NeSet{X} Element{X} Set{X} -> Set{X} . + eq $augment({S}, E, A) = insert(insert(E, S), A) . + eq $augment({S, P}, E, A) = $augment({P}, E, $augment({S}, E, A)) . + + op _subset_ : Set{X} Set{X} -> Bool . + eq {} subset S = true . + eq {E} subset S = E in S . + eq {E, P} subset S = E in S and-then {P} subset S . + + op _psubset_ : Set{X} Set{X} -> Bool . + eq A psubset S = A =/= S and-then A subset S . +endfm + +fmod MAP{X :: TRIV, Y :: TRIV} is + protecting BOOL . + sorts Entry{X,Y} Map{X,Y} . + subsort Entry{X,Y} < Map{X,Y} . + + op _|->_ : X$Elt Y$Elt -> Entry{X,Y} [ctor] . + op empty : -> Map{X,Y} [ctor] . + op _,_ : Map{X,Y} Map{X,Y} -> Map{X,Y} [ctor assoc comm id: empty prec 121 format (d r os d)] . + op undefined : -> [Y$Elt] [ctor] . + + var D : X$Elt . + vars R R' : Y$Elt . + var M : Map{X,Y} . + + op insert : X$Elt Y$Elt Map{X,Y} -> Map{X,Y} . + eq insert(D, R, (M, D |-> R')) = + if $hasMapping(M, D) then insert(D, R, M) + else (M, D |-> R) + fi . + eq insert(D, R, M) = (M, D |-> R) [owise] . + + op _[_] : Map{X,Y} X$Elt -> [Y$Elt] [prec 23] . + eq (M, D |-> R)[D] = + if $hasMapping(M, D) then undefined + else R + fi . + eq M[D] = undefined [owise] . + + op $hasMapping : Map{X,Y} X$Elt -> Bool . + eq $hasMapping((M, D |-> R), D) = true . + eq $hasMapping(M, D) = false [owise] . +endfm + +fmod ARRAY{X :: TRIV, Y :: DEFAULT} is + protecting BOOL . + sorts Entry{X,Y} Array{X,Y} . + subsort Entry{X,Y} < Array{X,Y} . + + op _|->_ : X$Elt Y$Elt -> Entry{X,Y} [ctor] . + op empty : -> Array{X,Y} [ctor] . + op _;_ : Array{X,Y} Array{X,Y} -> Array{X,Y} [ctor assoc comm id: empty prec 71 format (d r os d)] . + + var D : X$Elt . + vars R R' : Y$Elt . + var A : Array{X,Y} . + + op insert : X$Elt Y$Elt Array{X,Y} -> Array{X,Y} . + eq insert(D, R, (A ; D |-> R')) = + if $hasMapping(A, D) then insert(D, R, A) + else if R == 0 then A else (A ; D |-> R) fi + fi . + + eq insert(D, R, A) = if R == 0 then A else (A ; D |-> R) fi [owise] . + + op _[_] : Array{X,Y} X$Elt -> Y$Elt [prec 23] . + eq (A ; D |-> R)[D] = + if $hasMapping(A, D) then 0 + else R + fi . + eq A[D] = 0 [owise] . + + op $hasMapping : Array{X,Y} X$Elt -> Bool . + eq $hasMapping((A ; D |-> R), D) = true . + eq $hasMapping(A, D) = false [owise] . +endfm + +*** +*** Container instantiations on builtin data types needed by the metalevel. +*** + +fmod NAT-LIST is + protecting LIST{Nat} * (sort NeList{Nat} to NeNatList, sort List{Nat} to NatList) . +endfm + +fmod QID-LIST is + protecting LIST{Qid} * (sort NeList{Qid} to NeQidList, sort List{Qid} to QidList) . +endfm + +fmod QID-SET is + protecting SET{Qid} * (sort NeSet{Qid} to NeQidSet, sort Set{Qid} to QidSet) . +endfm + +*** +*** The metalevel. +*** + +fmod META-TERM is + protecting QID . + +*** types + sorts Sort Kind Type . + subsorts Sort Kind < Type < Qid . + op : -> Sort [special (id-hook QuotedIdentifierSymbol (sortQid))] . + op : -> Kind [special (id-hook QuotedIdentifierSymbol (kindQid))] . + +*** terms + sorts Constant Variable TermQid GroundTerm Term NeGroundTermList GroundTermList NeTermList TermList . + subsorts Constant Variable < TermQid < Qid Term . + subsorts Constant < GroundTerm < Term NeGroundTermList < NeTermList . + subsorts NeGroundTermList < NeTermList GroundTermList < TermList . + op : -> Constant [special (id-hook QuotedIdentifierSymbol (constantQid))] . + op : -> Variable [special (id-hook QuotedIdentifierSymbol (variableQid))] . + op empty : -> GroundTermList [ctor] . + op _,_ : NeGroundTermList GroundTermList -> NeGroundTermList [ctor assoc id: empty gather (e E) prec 121] . + op _,_ : GroundTermList NeGroundTermList -> NeGroundTermList [ctor ditto] . + op _,_ : GroundTermList GroundTermList -> GroundTermList [ctor ditto] . + op _,_ : NeTermList TermList -> NeTermList [ctor ditto] . + op _,_ : TermList NeTermList -> NeTermList [ctor ditto] . + op _,_ : TermList TermList -> TermList [ctor ditto] . + op _[_] : Qid NeGroundTermList -> GroundTerm [ctor] . + op _[_] : Qid NeTermList -> Term [ctor] . + +*** extraction of names and types + op getName : Constant -> Qid . + op getType : Constant -> Type . + var C : Constant . + eq getName(C) = qid(substr(string(C), + 0, + rfind(string(C), ".", length(string(C))))) . + eq getType(C) = qid(substr(string(C), + rfind(string(C), ".", length(string(C))) + 1, + length(string(C)))) . + + op getName : Variable -> Qid . + op getType : Variable -> Type . + var V : Variable . + eq getName(V) = qid(substr(string(V), + 0, + rfind(string(V), ":", length(string(V))))) . + eq getType(V) = qid(substr(string(V), + rfind(string(V), ":", length(string(V))) + 1, + length(string(V)))) . + +*** substitutions + sorts Assignment Substitution . + subsort Assignment < Substitution . + op _<-_ : Variable Term -> Assignment [ctor prec 63 format (nt d d d)] . + op none : -> Substitution [ctor] . + op _;_ : Substitution Substitution -> Substitution + [ctor assoc comm id: none prec 65] . + eq A:Assignment ; A:Assignment = A:Assignment . + +*** contexts (terms with a single hole) + sorts Context NeCTermList GTermList . + subsort Context < NeCTermList < GTermList . + subsorts TermList < GTermList . + + op [] : -> Context [ctor] . + op _,_ : TermList NeCTermList -> NeCTermList [ctor ditto] . + op _,_ : NeCTermList TermList -> NeCTermList [ctor ditto] . + op _,_ : GTermList GTermList -> GTermList [ctor ditto] . + op _[_] : Qid NeCTermList -> Context [ctor] . +endfm + +fmod META-MODULE is + protecting META-TERM . + protecting NAT-LIST . + protecting QID-LIST . + protecting QID-SET * (op empty to none, op _,_ to _;_ [prec 43]) . + +*** subsort declarations + sorts SubsortDecl SubsortDeclSet . + subsort SubsortDecl < SubsortDeclSet . + op subsort_<_. : Sort Sort -> SubsortDecl [ctor] . + op none : -> SubsortDeclSet [ctor] . + op __ : SubsortDeclSet SubsortDeclSet -> SubsortDeclSet + [ctor assoc comm id: none format (d ni d)] . + eq S:SubsortDecl S:SubsortDecl = S:SubsortDecl . + +*** sort, kind and type sets + sorts EmptyTypeSet NeSortSet NeKindSet NeTypeSet SortSet KindSet TypeSet . + subsort EmptyTypeSet < SortSet KindSet < TypeSet < QidSet . + subsort Sort < NeSortSet < SortSet . + subsort Kind < NeKindSet < KindSet . + subsort Type NeSortSet NeKindSet < NeTypeSet < TypeSet NeQidSet . + op none : -> EmptyTypeSet [ctor] . + op _;_ : TypeSet TypeSet -> TypeSet [ctor ditto] . + op _;_ : NeTypeSet TypeSet -> NeTypeSet [ctor ditto] . + op _;_ : SortSet SortSet -> SortSet [ctor ditto] . + op _;_ : NeSortSet SortSet -> NeSortSet [ctor ditto] . + op _;_ : KindSet KindSet -> KindSet [ctor ditto] . + op _;_ : NeKindSet KindSet -> NeKindSet [ctor ditto] . + op _;_ : EmptyTypeSet EmptyTypeSet -> EmptyTypeSet [ctor ditto] . + +*** type lists + sort NeTypeList TypeList . + subsorts Type < NeTypeList < TypeList < QidList . + subsorts NeTypeList < NeQidList . + op nil : -> TypeList [ctor] . + op __ : TypeList TypeList -> TypeList [ctor ditto] . + op __ : NeTypeList TypeList -> NeTypeList [ctor ditto] . + op __ : TypeList NeTypeList -> NeTypeList [ctor ditto] . + eq T:TypeList ; T:TypeList = T:TypeList . + +*** sets of type lists + sort TypeListSet . + subsort TypeList TypeSet < TypeListSet . + op _;_ : TypeListSet TypeListSet -> TypeListSet [ctor ditto] . + +*** attribute sets + sorts Attr AttrSet . + subsort Attr < AttrSet . + op none : -> AttrSet [ctor] . + op __ : AttrSet AttrSet -> AttrSet [ctor assoc comm id: none] . + eq A:Attr A:Attr = A:Attr . + +*** renamings + sorts Renaming RenamingSet . + subsort Renaming < RenamingSet . + op sort_to_ : Qid Qid -> Renaming [ctor] . + op op_to_[_] : Qid Qid AttrSet -> Renaming + [ctor format (d d d d s d d d)] . + op op_:_->_to_[_] : Qid TypeList Type Qid AttrSet -> Renaming + [ctor format (d d d d d d d d s d d d)] . + op label_to_ : Qid Qid -> Renaming [ctor] . + op _,_ : RenamingSet RenamingSet -> RenamingSet + [ctor assoc comm prec 43 format (d d ni d)] . + +*** parameter lists + sort EmptyCommaList NeParameterList ParameterList . + subsorts Sort < NeParameterList < ParameterList . + subsort EmptyCommaList < GroundTermList ParameterList . + op empty : -> EmptyCommaList [ctor] . + op _,_ : ParameterList ParameterList -> ParameterList [ctor ditto] . + op _,_ : NeParameterList ParameterList -> NeParameterList [ctor ditto] . + op _,_ : ParameterList NeParameterList -> NeParameterList [ctor ditto] . + op _,_ : EmptyCommaList EmptyCommaList -> EmptyCommaList [ctor ditto] . + +*** module expressions + sort ModuleExpression . + subsort Qid < ModuleExpression . + op _+_ : ModuleExpression ModuleExpression -> ModuleExpression + [ctor assoc comm] . + op _*(_) : ModuleExpression RenamingSet -> ModuleExpression + [ctor prec 39 format (d d s n++i n--i d)] . + op _{_} : ModuleExpression ParameterList -> ModuleExpression [ctor prec 37]. + +*** parameter declarations + sorts ParameterDecl NeParameterDeclList ParameterDeclList . + subsorts ParameterDecl < NeParameterDeclList < ParameterDeclList . + op _::_ : Sort ModuleExpression -> ParameterDecl . + op nil : -> ParameterDeclList [ctor] . + op _,_ : ParameterDeclList ParameterDeclList -> ParameterDeclList [ctor assoc id: nil prec 121] . + op _,_ : NeParameterDeclList ParameterDeclList -> NeParameterDeclList [ctor ditto] . + op _,_ : ParameterDeclList NeParameterDeclList -> NeParameterDeclList [ctor ditto] . + +*** importations + sorts Import ImportList . + subsort Import < ImportList . + op protecting_. : ModuleExpression -> Import [ctor] . + op extending_. : ModuleExpression -> Import [ctor] . + op including_. : ModuleExpression -> Import [ctor] . + op nil : -> ImportList [ctor] . + op __ : ImportList ImportList -> ImportList + [ctor assoc id: nil format (d ni d)] . + +*** hooks + sorts Hook NeHookList HookList . + subsort Hook < NeHookList < HookList . + op id-hook : Qid QidList -> Hook [ctor format (nssss d)] . + op op-hook : Qid Qid QidList Qid -> Hook [ctor format (nssss d)] . + op term-hook : Qid Term -> Hook [ctor format (nssss d)] . + op nil : -> HookList [ctor] . + op __ : HookList HookList -> HookList [ctor assoc id: nil] . + op __ : NeHookList HookList -> NeHookList [ctor ditto] . + op __ : HookList NeHookList -> NeHookList [ctor ditto] . + +*** operator attributes + op assoc : -> Attr [ctor] . + op comm : -> Attr [ctor] . + op idem : -> Attr [ctor] . + op iter : -> Attr [ctor] . + op id : Term -> Attr [ctor] . + op left-id : Term -> Attr [ctor] . + op right-id : Term -> Attr [ctor] . + op strat : NeNatList -> Attr [ctor] . + op memo : -> Attr [ctor] . + op prec : Nat -> Attr [ctor] . + op gather : QidList -> Attr [ctor] . + op format : QidList -> Attr [ctor] . + op ctor : -> Attr [ctor] . + op config : -> Attr [ctor] . + op object : -> Attr [ctor] . + op msg : -> Attr [ctor] . + op frozen : NeNatList -> Attr [ctor] . + op poly : NeNatList -> Attr [ctor] . + op special : NeHookList -> Attr [ctor] . + +*** statement attributes + op label : Qid -> Attr [ctor] . + op metadata : String -> Attr [ctor] . + op owise : -> Attr [ctor] . + op nonexec : -> Attr [ctor] . + op variant : -> Attr [ctor] . + op print : QidList -> Attr [ctor] . + +*** operator declarations + sorts OpDecl OpDeclSet . + subsort OpDecl < OpDeclSet . + op (op_:_->_[_].) : Qid TypeList Type AttrSet -> OpDecl + [ctor format (d d d d d d s d d s d)] . + op none : -> OpDeclSet [ctor] . + op __ : OpDeclSet OpDeclSet -> OpDeclSet + [ctor assoc comm id: none format (d ni d)] . + eq O:OpDecl O:OpDecl = O:OpDecl . + +*** conditions + sorts EqCondition Condition . + subsort EqCondition < Condition . + op nil : -> EqCondition [ctor] . + op _=_ : Term Term -> EqCondition [ctor prec 71] . + op _:_ : Term Sort -> EqCondition [ctor prec 71] . + op _:=_ : Term Term -> EqCondition [ctor prec 71] . + op _=>_ : Term Term -> Condition [ctor prec 71] . + op _/\_ : EqCondition EqCondition -> EqCondition [ctor assoc id: nil prec 73] . + op _/\_ : Condition Condition -> Condition [ctor assoc id: nil prec 73] . + +*** membership axioms + sorts MembAx MembAxSet . + subsort MembAx < MembAxSet . + op mb_:_[_]. : Term Sort AttrSet -> MembAx + [ctor format (d d d d s d d s d)] . + op cmb_:_if_[_]. : Term Sort EqCondition AttrSet -> MembAx + [ctor format (d d d d d d s d d s d)] . + op none : -> MembAxSet [ctor] . + op __ : MembAxSet MembAxSet -> MembAxSet + [ctor assoc comm id: none format (d ni d)] . + eq M:MembAx M:MembAx = M:MembAx . + +*** equations + sorts Equation EquationSet . + subsort Equation < EquationSet . + op eq_=_[_]. : Term Term AttrSet -> Equation + [ctor format (d d d d s d d s d)] . + op ceq_=_if_[_]. : Term Term EqCondition AttrSet -> Equation + [ctor format (d d d d d d s d d s d)] . + op none : -> EquationSet [ctor] . + op __ : EquationSet EquationSet -> EquationSet + [ctor assoc comm id: none format (d ni d)] . + eq E:Equation E:Equation = E:Equation . + +*** rules + sorts Rule RuleSet . + subsort Rule < RuleSet . + op rl_=>_[_]. : Term Term AttrSet -> Rule + [ctor format (d d d d s d d s d)] . + op crl_=>_if_[_]. : Term Term Condition AttrSet -> Rule + [ctor format (d d d d d d s d d s d)] . + op none : -> RuleSet [ctor] . + op __ : RuleSet RuleSet -> RuleSet + [ctor assoc comm id: none format (d ni d)] . + eq R:Rule R:Rule = R:Rule . + +*** modules + sorts FModule SModule FTheory STheory Module . + subsorts FModule < SModule < Module . + subsorts FTheory < STheory < Module . + sort Header . + subsort Qid < Header . + op _{_} : Qid ParameterDeclList -> Header [ctor] . + op fmod_is_sorts_.____endfm : Header ImportList SortSet SubsortDeclSet + OpDeclSet MembAxSet EquationSet -> FModule [ctor gather (& & & & & & &) + format (d d s n++i ni d d ni ni ni ni n--i d)] . + op mod_is_sorts_._____endm : Header ImportList SortSet SubsortDeclSet + OpDeclSet MembAxSet EquationSet RuleSet -> SModule + [ctor gather (& & & & & & & &) + format (d d s n++i ni d d ni ni ni ni ni n--i d)] . + op fth_is_sorts_.____endfth : Qid ImportList SortSet SubsortDeclSet + OpDeclSet MembAxSet EquationSet -> FTheory [ctor gather (& & & & & & &) + format (d d d n++i ni d d ni ni ni ni n--i d)] . + op th_is_sorts_._____endth : Qid ImportList SortSet SubsortDeclSet + OpDeclSet MembAxSet EquationSet RuleSet -> STheory + [ctor gather (& & & & & & & &) + format (d d d n++i ni d d ni ni ni ni ni n--i d)] . + op [_] : Qid -> Module . + eq [Q:Qid] = (th Q:Qid is including Q:Qid . + sorts none . none none none none none endth) . + +*** projection functions + var Q : Qid . + var PDL : ParameterDeclList . + var H : Header . + var M : Module . + var IL : ImportList . + var SS : SortSet . + var SSDS : SubsortDeclSet . + var OPDS : OpDeclSet . + var MAS : MembAxSet . + var EQS : EquationSet . + var RLS : RuleSet . + + op getName : Module -> Qid . + eq getName(fmod Q is IL sorts SS . SSDS OPDS MAS EQS endfm) = Q . + eq getName(mod Q is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = Q . + eq getName(fmod Q{PDL} is IL sorts SS . SSDS OPDS MAS EQS endfm) = Q . + eq getName(mod Q{PDL} is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = Q . + eq getName(fth Q is IL sorts SS . SSDS OPDS MAS EQS endfth) = Q . + eq getName(th Q is IL sorts SS . SSDS OPDS MAS EQS RLS endth) = Q . + + op getImports : Module -> ImportList . + eq getImports(fmod H is IL sorts SS . SSDS OPDS MAS EQS endfm) = IL . + eq getImports(mod H is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = IL . + eq getImports(fth Q is IL sorts SS . SSDS OPDS MAS EQS endfth) = IL . + eq getImports(th Q is IL sorts SS . SSDS OPDS MAS EQS RLS endth) = IL . + + op getSorts : Module -> SortSet . + eq getSorts(fmod H is IL sorts SS . SSDS OPDS MAS EQS endfm) = SS . + eq getSorts(mod H is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = SS . + eq getSorts(fth Q is IL sorts SS . SSDS OPDS MAS EQS endfth) = SS . + eq getSorts(th Q is IL sorts SS . SSDS OPDS MAS EQS RLS endth) = SS . + + op getSubsorts : Module -> SubsortDeclSet . + eq getSubsorts(fmod H is IL sorts SS . SSDS OPDS MAS EQS endfm) = SSDS . + eq getSubsorts(mod H is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = SSDS . + eq getSubsorts(fth Q is IL sorts SS . SSDS OPDS MAS EQS endfth) = SSDS . + eq getSubsorts(th Q is IL sorts SS . SSDS OPDS MAS EQS RLS endth) = SSDS . + + op getOps : Module -> OpDeclSet . + eq getOps(fmod H is IL sorts SS . SSDS OPDS MAS EQS endfm) = OPDS . + eq getOps(mod H is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = OPDS . + eq getOps(fth Q is IL sorts SS . SSDS OPDS MAS EQS endfth) = OPDS . + eq getOps(th Q is IL sorts SS . SSDS OPDS MAS EQS RLS endth) = OPDS . + + op getMbs : Module -> MembAxSet . + eq getMbs(fmod H is IL sorts SS . SSDS OPDS MAS EQS endfm) = MAS . + eq getMbs(mod H is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = MAS . + eq getMbs(fth Q is IL sorts SS . SSDS OPDS MAS EQS endfth) = MAS . + eq getMbs(th Q is IL sorts SS . SSDS OPDS MAS EQS RLS endth) = MAS . + + op getEqs : Module -> EquationSet . + eq getEqs(fmod H is IL sorts SS . SSDS OPDS MAS EQS endfm) = EQS . + eq getEqs(mod H is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = EQS . + eq getEqs(fth Q is IL sorts SS . SSDS OPDS MAS EQS endfth) = EQS . + eq getEqs(th Q is IL sorts SS . SSDS OPDS MAS EQS RLS endth) = EQS . + + op getRls : Module -> RuleSet . + eq getRls(fmod H is IL sorts SS . SSDS OPDS MAS EQS endfm) = none . + eq getRls(mod H is IL sorts SS . SSDS OPDS MAS EQS RLS endm) = RLS . + eq getRls(fth Q is IL sorts SS . SSDS OPDS MAS EQS endfth) = none . + eq getRls(th Q is IL sorts SS . SSDS OPDS MAS EQS RLS endth) = RLS . +endfm + +fmod META-VIEW is + protecting META-MODULE . + +*** sort mappings + sorts SortMapping SortMappingSet . + subsort SortMapping < SortMappingSet . + op sort_to_. : Sort Sort -> SortMapping [ctor] . + op none : -> SortMappingSet [ctor] . + op __ : SortMappingSet SortMappingSet -> SortMappingSet + [ctor assoc comm id: none format (d ni d)] . + eq S:SortMapping S:SortMapping = S:SortMapping . + +*** operator mappings + sorts OpMapping OpMappingSet . + subsort OpMapping < OpMappingSet . + + op (op_to_.) : Qid Qid -> OpMapping [ctor] . + op (op_:_->_to_.) : Qid TypeList Type Qid -> OpMapping [ctor] . + op (op_to term_.) : Term Term -> OpMapping [ctor] . + + op none : -> OpMappingSet [ctor] . + op __ : OpMappingSet OpMappingSet -> OpMappingSet + [ctor assoc comm id: none format (d ni d)] . + eq O:OpMapping O:OpMapping = O:OpMapping . + + sort View . + op view_from_to_is__endv : Header ModuleExpression ModuleExpression + SortMappingSet OpMappingSet -> View [ctor gather (& & & & &) + format (d d d d d d d n++i ni n--i d)] . + +*** projection functions + var Q : Qid . + vars ME ME' : ModuleExpression . + var SMS : SortMappingSet . + var OMS : OpMappingSet . + + op getName : View -> Qid . + eq getName(view Q from ME to ME' is SMS OMS endv) = Q . + + op getFrom : View -> ModuleExpression . + eq getFrom(view Q from ME to ME' is SMS OMS endv) = ME . + + op getTo : View -> ModuleExpression . + eq getTo(view Q from ME to ME' is SMS OMS endv) = ME' . + + op getSortMappings : View -> SortMappingSet . + eq getSortMappings(view Q from ME to ME' is SMS OMS endv) = SMS . + + op getOpMappings : View -> OpMappingSet . + eq getOpMappings(view Q from ME to ME' is SMS OMS endv) = OMS . +endfm + +fmod META-LEVEL is + protecting META-VIEW . + +*** bounds + sort Bound . + subsort Nat < Bound . + op unbounded : -> Bound [ctor] . + +*** parents + sort Parent . + subsort Nat < Parent . + op none : -> Parent . + +*** argument values + sort Type? . + subsort Type < Type? . + op anyType : -> Type? [ctor] . + +*** options for metaPrettyPrint() + sorts PrintOption PrintOptionSet . + subsort PrintOption < PrintOptionSet . + ops mixfix with-parens flat format number rat : -> PrintOption [ctor] . + op none : -> PrintOptionSet [ctor] . + op __ : PrintOptionSet PrintOptionSet -> PrintOptionSet [ctor assoc comm id: none] . + +*** unification problems + sorts UnificandPair UnificationProblem . + subsort UnificandPair < UnificationProblem . + op _=?_ : Term Term -> UnificandPair [ctor prec 71] . + op _/\_ : UnificationProblem UnificationProblem -> UnificationProblem [ctor assoc comm prec 73] . + +*** success results + sorts ResultPair ResultTriple Result4Tuple MatchPair TraceStep Trace + UnificationPair UnificationTriple Variant SmtResult . + subsort TraceStep < Trace . + + op {_,_} : Term Type -> ResultPair [ctor] . + op {_,_,_} : Term Type Substitution -> ResultTriple [ctor] . + op {_,_,_,_} : Term Type Substitution Context -> Result4Tuple [ctor] . + op {_,_} : Substitution Context -> MatchPair [ctor] . + op {_,_} : Substitution Nat -> UnificationPair [ctor] . + op {_,_,_} : Substitution Substitution Nat -> UnificationTriple [ctor] . + op {_,_,_,_,_} : Term Substitution Nat Parent Bool -> Variant [ctor] . + op {_,_,_} : Term Type Rule -> TraceStep [ctor] . + op nil : -> Trace [ctor] . + op __ : Trace Trace -> Trace [ctor assoc id: nil format (d n d)] . + op {_,_,_,_} : Term Substitution Term Nat -> SmtResult [ctor] . + +*** failure results + sorts ResultPair? ResultTriple? Result4Tuple? MatchPair? Substitution? Trace? + UnificationPair? UnificationTriple? Variant? SmtResult? . + subsort ResultPair < ResultPair? . + subsort ResultTriple < ResultTriple? . + subsort Result4Tuple < Result4Tuple? . + subsort MatchPair < MatchPair? . + subsort UnificationPair < UnificationPair? . + subsort UnificationTriple < UnificationTriple? . + subsort Variant < Variant? . + subsort Substitution < Substitution? . + subsort Trace < Trace? . + subsort SmtResult < SmtResult? . + + op noParse : Nat -> ResultPair? [ctor] . + op ambiguity : ResultPair ResultPair -> ResultPair? [ctor] . + op failure : -> ResultPair? [ctor] . + + op failure : -> ResultTriple? [ctor] . + op failure : -> Result4Tuple? [ctor] . + op noUnifier : -> UnificationPair? [ctor] . + op noUnifier : -> UnificationTriple? [ctor] . + op noUnifierIncomplete : -> UnificationPair? [ctor] . + op noUnifierIncomplete : -> UnificationTriple? [ctor] . + op noVariant : -> Variant? [ctor] . + op noVariantIncomplete : -> Variant? [ctor] . + op noMatch : -> Substitution? [ctor] . + op noMatch : -> MatchPair? [ctor] . + op failure : -> Trace? [ctor] . + op failure : -> SmtResult? [ctor] . + +*** projection functions + op getTerm : ResultPair -> Term . + eq getTerm({T:Term, T:Type}) = T:Term . + op getType : ResultPair -> Type . + eq getType({T:Term, T:Type}) = T:Type . + + op getTerm : ResultTriple -> Term . + eq getTerm({T:Term, T:Type, S:Substitution}) = T:Term . + op getType : ResultTriple -> Type . + eq getType({T:Term, T:Type, S:Substitution}) = T:Type . + op getSubstitution : ResultTriple -> Substitution . + eq getSubstitution({T:Term, T:Type, S:Substitution}) = S:Substitution . + + op getTerm : Result4Tuple -> Term . + eq getTerm({T:Term, T:Type, S:Substitution, C:Context}) = T:Term . + op getType : Result4Tuple -> Type . + eq getType({T:Term, T:Type, S:Substitution, C:Context}) = T:Type . + op getSubstitution : Result4Tuple -> Substitution . + eq getSubstitution({T:Term, T:Type, S:Substitution, C:Context}) = S:Substitution . + op getContext : Result4Tuple -> Context . + eq getContext({T:Term, T:Type, S:Substitution, C:Context}) = C:Context . + + op getSubstitution : MatchPair -> Substitution . + eq getSubstitution({S:Substitution, C:Context}) = S:Substitution . + op getContext : MatchPair -> Context . + eq getContext({S:Substitution, C:Context}) = C:Context . + +*** descent functions + op metaReduce : Module Term ~> ResultPair + [special ( + id-hook MetaLevelOpSymbol (metaReduce) + + op-hook qidSymbol ( : ~> Qid) + op-hook metaTermSymbol (_[_] : Qid NeTermList ~> Term) + op-hook metaArgSymbol (_,_ : NeTermList NeTermList ~> NeTermList) + op-hook emptyTermListSymbol (empty : ~> GroundTermList) + + op-hook assignmentSymbol (_<-_ : Qid Term ~> Assignment) + op-hook substitutionSymbol + (_;_ : Substitution Substitution ~> Substitution) + op-hook emptySubstitutionSymbol (none : ~> Substitution) + op-hook holeSymbol ([] : ~> Context) + + op-hook headerSymbol (_{_} : Qid ParameterDeclList ~> Header) + op-hook parameterDeclSymbol (_::_ : Sort ModuleExpression ~> ParameterDecl) + op-hook parameterDeclListSymbol (_,_ : ParameterDeclList ParameterDeclList ~> ParameterDeclList) + + op-hook emptyAttrSetSymbol (none : ~> AttrSet) + op-hook attrSetSymbol (__ : AttrSet AttrSet ~> AttrSet) + + op-hook sortRenamingSymbol (sort_to_ : Qid Qid ~> Renaming) + op-hook opRenamingSymbol (op_to_[_] : Qid Qid AttrSet ~> Renaming) + op-hook opRenamingSymbol2 + (op_:_->_to_[_] : Qid TypeList Type Qid AttrSet ~> Renaming) + op-hook labelRenamingSymbol (label_to_ : Qid Qid ~> Renaming) + op-hook renamingSetSymbol (_,_ : RenamingSet RenamingSet ~> RenamingSet) + + op-hook sumSymbol + (_+_ : ModuleExpression ModuleExpression ~> ModuleExpression) + op-hook renamingSymbol + (_*(_) : ModuleExpression RenamingSet ~> ModuleExpression) + op-hook instantiationSymbol + (_{_} : ModuleExpression ParameterList ~> ModuleExpression) + + op-hook protectingSymbol (protecting_. : ModuleExpression ~> Import) + op-hook extendingSymbol (extending_. : ModuleExpression ~> Import) + op-hook includingSymbol (including_. : ModuleExpression ~> Import) + op-hook nilImportListSymbol (nil : ~> ImportList) + op-hook importListSymbol (__ : ImportList ImportList ~> ImportList) + + op-hook emptySortSetSymbol (none : ~> SortSet) + op-hook sortSetSymbol (_;_ : SortSet SortSet ~> SortSet) + + op-hook subsortSymbol (subsort_<_. : Sort Sort ~> SubsortDecl) + op-hook emptySubsortDeclSetSymbol (none : ~> SubsortDeclSet) + op-hook subsortDeclSetSymbol + (__ : SubsortDeclSet SubsortDeclSet ~> SubsortDeclSet) + + op-hook nilQidListSymbol (nil : ~> QidList) + op-hook qidListSymbol (__ : QidList QidList ~> QidList) + + op-hook succSymbol (s_ : Nat ~> NzNat) + op-hook natListSymbol (__ : NeNatList NeNatList ~> NeNatList) + op-hook unboundedSymbol (unbounded : ~> Bound) + op-hook noParentSymbol (none : ~> Parent) + + op-hook stringSymbol ( : ~> String) + op-hook idHookSymbol (id-hook : Qid QidList ~> Hook) + op-hook opHookSymbol (op-hook : Qid Qid QidList Qid ~> Hook) + op-hook termHookSymbol (term-hook : Qid Term ~> Hook) + op-hook hookListSymbol (__ : HookList HookList ~> HookList) + + op-hook assocSymbol (assoc : ~> Attr) + op-hook commSymbol (comm : ~> Attr) + op-hook idemSymbol (idem : ~> Attr) + op-hook iterSymbol (iter : ~> Attr) + op-hook idSymbol (id : Term ~> Attr) + op-hook leftIdSymbol (left-id : Term ~> Attr) + op-hook rightIdSymbol (right-id : Term ~> Attr) + op-hook stratSymbol (strat : NeNatList ~> Attr) + op-hook memoSymbol (memo : ~> Attr) + op-hook precSymbol (prec : Nat ~> Attr) + op-hook gatherSymbol (gather : QidList ~> Attr) + op-hook formatSymbol (format : QidList ~> Attr) + op-hook ctorSymbol (ctor : ~> Attr) + op-hook frozenSymbol (frozen : NeNatList ~> Attr) + op-hook polySymbol (poly : NeNatList ~> Attr) + op-hook configSymbol (config : ~> Attr) + op-hook objectSymbol (object : ~> Attr) + op-hook msgSymbol (msg : ~> Attr) + op-hook specialSymbol (special : NeHookList ~> Attr) + + op-hook labelSymbol (label : Qid ~> Attr) + op-hook metadataSymbol (metadata : String ~> Attr) + op-hook owiseSymbol (owise : ~> Attr) + op-hook variantAttrSymbol (variant : ~> Attr) + op-hook nonexecSymbol (nonexec : ~> Attr) + op-hook printSymbol (print : QidList ~> Attr) + + op-hook opDeclSymbol + (op_:_->_[_]. : Qid TypeList Type AttrSet ~> OpDecl) + op-hook emptyOpDeclSetSymbol (none : ~> OpDeclSet) + op-hook opDeclSetSymbol (__ : OpDeclSet OpDeclSet ~> OpDeclSet) + + op-hook noConditionSymbol (nil : ~> EqCondition) + op-hook equalityConditionSymbol (_=_ : Term Term ~> EqCondition) + op-hook sortTestConditionSymbol (_:_ : Term Sort ~> EqCondition) + op-hook matchConditionSymbol (_:=_ : Term Term ~> EqCondition) + op-hook rewriteConditionSymbol (_=>_ : Term Term ~> Condition) + op-hook conjunctionSymbol (_/\_ : Condition Condition ~> Condition) + + op-hook mbSymbol (mb_:_[_]. : Term Sort AttrSet ~> MembAx) + op-hook cmbSymbol + (cmb_:_if_[_]. : Term Sort EqCondition AttrSet ~> MembAx) + op-hook emptyMembAxSetSymbol (none : ~> MembAxSet) + op-hook membAxSetSymbol (__ : MembAxSet MembAxSet ~> MembAxSet) + + op-hook eqSymbol (eq_=_[_]. : Term Term AttrSet ~> Equation) + op-hook ceqSymbol + (ceq_=_if_[_]. : Term Term EqCondition AttrSet ~> Equation) + op-hook emptyEquationSetSymbol (none : ~> EquationSet) + op-hook equationSetSymbol + (__ : EquationSet EquationSet ~> EquationSet) + + op-hook rlSymbol (rl_=>_[_]. : Term Term AttrSet ~> Rule) + op-hook crlSymbol + (crl_=>_if_[_]. : Term Term Condition AttrSet ~> Rule) + op-hook emptyRuleSetSymbol (none : ~> RuleSet) + op-hook ruleSetSymbol (__ : RuleSet RuleSet ~> RuleSet) + + op-hook fmodSymbol + (fmod_is_sorts_.____endfm : + Qid ImportList SortSet SubsortDeclSet OpDeclSet + MembAxSet EquationSet ~> FModule) + op-hook fthSymbol + (fth_is_sorts_.____endfth : + Qid ImportList SortSet SubsortDeclSet OpDeclSet + MembAxSet EquationSet ~> FModule) + op-hook modSymbol + (mod_is_sorts_._____endm : + Qid ImportList SortSet SubsortDeclSet OpDeclSet + MembAxSet EquationSet RuleSet ~> Module) + op-hook thSymbol + (th_is_sorts_._____endth : + Qid ImportList SortSet SubsortDeclSet OpDeclSet + MembAxSet EquationSet RuleSet ~> Module) + + op-hook sortMappingSymbol (sort_to_. : Sort Sort ~> SortMapping [ctor] .) + op-hook emptySortMappingSetSymbol (none : ~> SortMappingSet) + op-hook sortMappingSetSymbol + (__ : SortMappingSet SortMappingSet ~> SortMappingSet) + + op-hook opMappingSymbol (op_to_. : Qid Qid ~> OpMapping) + op-hook opSpecificMappingSymbol (op_:_->_to_. : Qid TypeList Type Qid ~> OpMapping) + op-hook opTermMappingSymbol (op_to`term_. : Term Term ~> OpMapping) + + op-hook emptyOpMappingSetSymbol (none : ~> OpMappingSet) + op-hook opMappingSetSymbol + (__ : OpMappingSet OpMappingSet ~> OpMappingSet) + + op-hook viewSymbol + (view_from_to_is__endv : Header ModuleExpression ModuleExpression + SortMappingSet OpMappingSet ~> View) + + op-hook anyTypeSymbol (anyType : ~> Type?) + + op-hook unificandPairSymbol (_=?_ : Term Term ~> UnificandPair) + op-hook unificationConjunctionSymbol + (_/\_ : UnificationProblem UnificationProblem ~> UnificationProblem) + + op-hook resultPairSymbol ({_,_} : Term Type ~> ResultPair) + op-hook resultTripleSymbol + ({_,_,_} : Term Type Substitution ~> ResultTriple) + op-hook result4TupleSymbol + ({_,_,_,_} : Term Type Substitution Context ~> Result4Tuple) + op-hook matchPairSymbol ({_,_} : Substitution Context ~> MatchPair) + op-hook unificationPairSymbol ({_,_} : Substitution Nat ~> UnificationPair) + op-hook unificationTripleSymbol ({_,_,_} : Substitution Substitution Nat ~> UnificationTriple) + op-hook variantSymbol ({_,_,_,_,_} : Term Substitution Nat Parent Bool ~> Variant) + op-hook smtResultSymbol ({_,_,_,_} : Term Substitution Term Nat ~> SmtResult) + + op-hook traceStepSymbol ({_,_,_} : Term Type Rule ~> TraceStep) + op-hook nilTraceSymbol (nil : ~> Trace) + op-hook traceSymbol (__ : Trace Trace ~> Trace) + + op-hook noParseSymbol (noParse : Nat ~> ResultPair?) + op-hook ambiguitySymbol (ambiguity : ResultPair ResultPair ~> ResultPair?) + op-hook failure2Symbol (failure : ~> ResultPair?) + op-hook failure3Symbol (failure : ~> ResultTriple?) + op-hook failure4Symbol (failure : ~> Result4Tuple?) + op-hook noUnifierPairSymbol (noUnifier : ~> UnificationPair?) + op-hook noUnifierTripleSymbol (noUnifier : ~> UnificationTriple?) + op-hook noUnifierIncompletePairSymbol (noUnifierIncomplete : ~> UnificationPair?) + op-hook noUnifierIncompleteTripleSymbol (noUnifierIncomplete : ~> UnificationTriple?) + op-hook noVariantSymbol (noVariant : ~> Variant?) + op-hook noVariantIncompleteSymbol (noVariantIncomplete : ~> Variant?) + op-hook noMatchSubstSymbol (noMatch : ~> Substitution?) + op-hook noMatchPairSymbol (noMatch : ~> MatchPair?) + op-hook failureTraceSymbol (failure : ~> Trace?) + op-hook smtFailureSymbol (failure : ~> SmtResult?) + + op-hook mixfixSymbol (mixfix : ~> PrintOption) + op-hook withParensSymbol (with-parens : ~> PrintOption) + op-hook flatSymbol (flat : ~> PrintOption) + op-hook formatPrintOptionSymbol (format : ~> PrintOption) + op-hook numberSymbol (number : ~> PrintOption) + op-hook ratSymbol (rat : ~> PrintOption) + op-hook emptyPrintOptionSetSymbol (none : ~> PrintOptionSet) + op-hook printOptionSetSymbol (__ : PrintOptionSet PrintOptionSet ~> PrintOptionSet) + + term-hook trueTerm (true) + term-hook falseTerm (false))] . + + op metaNormalize : Module Term ~> ResultPair + [special ( + id-hook MetaLevelOpSymbol (metaNormalize) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaRewrite : Module Term Bound ~> ResultPair + [special ( + id-hook MetaLevelOpSymbol (metaRewrite) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaFrewrite : Module Term Bound Nat ~> ResultPair + [special ( + id-hook MetaLevelOpSymbol (metaFrewrite) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaApply : Module Term Qid Substitution Nat ~> ResultTriple? + [special ( + id-hook MetaLevelOpSymbol (metaApply) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaXapply : Module Term Qid Substitution Nat Bound Nat ~> Result4Tuple? + [special ( + id-hook MetaLevelOpSymbol (metaXapply) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaMatch : Module Term Term Condition Nat ~> Substitution? + [special ( + id-hook MetaLevelOpSymbol (metaMatch) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaXmatch : Module Term Term Condition Nat Bound Nat ~> MatchPair? + [special ( + id-hook MetaLevelOpSymbol (metaXmatch) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaUnify : Module UnificationProblem Nat Nat ~> UnificationPair? + [special ( + id-hook MetaLevelOpSymbol (metaUnify) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaDisjointUnify : Module UnificationProblem Nat Nat ~> UnificationTriple? + [special ( + id-hook MetaLevelOpSymbol (metaDisjointUnify) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaSearch : Module Term Term Condition Qid Bound Nat ~> ResultTriple? + [special ( + id-hook MetaLevelOpSymbol (metaSearch) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaSearchPath : Module Term Term Condition Qid Bound Nat ~> Trace? + [special ( + id-hook MetaLevelOpSymbol (metaSearchPath) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaNarrow : Module Term Term Qid Bound Nat ~> ResultTriple? + [special ( + id-hook MetaLevelOpSymbol (metaNarrow) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaNarrow : Module Term Qid Bound Bool Nat ~> ResultPair? + [special ( + id-hook MetaLevelOpSymbol (metaNarrow2) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaGetVariant : Module Term TermList Nat Nat ~> Variant? + [special ( + id-hook MetaLevelOpSymbol (metaGetVariant) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaGetIrredundantVariant : Module Term TermList Nat Nat ~> Variant? + [special ( + id-hook MetaLevelOpSymbol (metaGetIrredundantVariant) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaVariantUnify : Module UnificationProblem TermList Nat Nat ~> UnificationPair? + [special ( + id-hook MetaLevelOpSymbol (metaVariantUnify) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaVariantDisjointUnify : Module UnificationProblem TermList Nat Nat ~> UnificationTriple? + [special ( + id-hook MetaLevelOpSymbol (metaVariantDisjointUnify) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op sortLeq : Module Type Type ~> Bool + [special ( + id-hook MetaLevelOpSymbol (metaSortLeq) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op sameKind : Module Type Type ~> Bool + [special ( + id-hook MetaLevelOpSymbol (metaSameKind) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op lesserSorts : Module Type ~> SortSet + [special ( + id-hook MetaLevelOpSymbol (metaLesserSorts) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op glbSorts : Module Type Type ~> TypeSet + [special ( + id-hook MetaLevelOpSymbol (metaGlbSorts) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op leastSort : Module Term ~> Type + [special ( + id-hook MetaLevelOpSymbol (metaLeastSort) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op completeName : Module Type ~> Type + [special ( + id-hook MetaLevelOpSymbol (metaCompleteName) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaParse : Module QidList Type? ~> ResultPair? + [special ( + id-hook MetaLevelOpSymbol (metaParse) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaPrettyPrint : Module Term PrintOptionSet ~> QidList + [special ( + id-hook MetaLevelOpSymbol (metaPrettyPrint) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaCheck : Module Term ~> Bool + [special ( + id-hook MetaLevelOpSymbol (metaCheck) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op metaSmtSearch : Module Term Term Condition Qid Nat Bound Nat ~> SmtResult? + [special ( + id-hook MetaLevelOpSymbol (metaSmtSearch) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op wellFormed : Module -> Bool + [special ( + id-hook MetaLevelOpSymbol (metaWellFormedModule) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op wellFormed : Module Term ~> Bool + [special ( + id-hook MetaLevelOpSymbol (metaWellFormedTerm) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op wellFormed : Module Substitution ~> Bool + [special ( + id-hook MetaLevelOpSymbol (metaWellFormedSubstitution) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op getKind : Module Type ~> Kind + [special ( + id-hook MetaLevelOpSymbol (metaGetKind) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op getKinds : Module ~> KindSet + [special ( + id-hook MetaLevelOpSymbol (metaGetKinds) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op maximalSorts : Module Kind ~> SortSet + [special ( + id-hook MetaLevelOpSymbol (metaMaximalSorts) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op minimalSorts : Module Kind ~> SortSet + [special ( + id-hook MetaLevelOpSymbol (metaMinimalSorts) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op maximalAritySet : Module Qid TypeList Sort ~> TypeListSet + [special ( + id-hook MetaLevelOpSymbol (metaMaximalAritySet) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upModule : Qid Bool ~> Module + [special ( + id-hook MetaLevelOpSymbol (metaUpModule) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upImports : Qid ~> ImportList + [special ( + id-hook MetaLevelOpSymbol (metaUpImports) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upSorts : Qid Bool ~> SortSet + [special ( + id-hook MetaLevelOpSymbol (metaUpSorts) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upSubsortDecls : Qid Bool ~> SubsortDeclSet + [special ( + id-hook MetaLevelOpSymbol (metaUpSubsortDecls) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upOpDecls : Qid Bool ~> OpDeclSet + [special ( + id-hook MetaLevelOpSymbol (metaUpOpDecls) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upMbs : Qid Bool ~> MembAxSet + [special ( + id-hook MetaLevelOpSymbol (metaUpMbs) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upEqs : Qid Bool ~> EquationSet + [special ( + id-hook MetaLevelOpSymbol (metaUpEqs) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upRls : Qid Bool ~> RuleSet + [special ( + id-hook MetaLevelOpSymbol (metaUpRls) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upView : Qid ~> View + [special ( + id-hook MetaLevelOpSymbol (metaUpView) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op upTerm : Universal -> Term + [poly (1) + special ( + id-hook MetaLevelOpSymbol (metaUpTerm) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + + op downTerm : Term Universal -> Universal + [poly (2 0) + special ( + id-hook MetaLevelOpSymbol (metaDownTerm) + op-hook shareWith (metaReduce : Module Term ~> ResultPair))] . + +*** backward compatibility + op metaPrettyPrint : Module Term ~> QidList . + eq metaPrettyPrint(M:Module, T:Term) = metaPrettyPrint(M:Module, T:Term, mixfix flat format number rat) . +endfm + +*** +*** System modules. +*** + +mod COUNTER is + protecting NAT . + op counter : -> [Nat] + [special (id-hook CounterSymbol + op-hook succSymbol (s_ : Nat ~> NzNat))] . +endm + +mod LOOP-MODE is + protecting QID-LIST . + sorts State System . + op [_,_,_] : QidList State QidList -> System + [ctor special ( + id-hook LoopSymbol + op-hook qidSymbol ( : ~> Qid) + op-hook nilQidListSymbol (nil : ~> QidList) + op-hook qidListSymbol (__ : QidList QidList ~> QidList))] . +endm + +mod CONFIGURATION is + sorts Attribute AttributeSet . + subsort Attribute < AttributeSet . + op none : -> AttributeSet [ctor] . + op _,_ : AttributeSet AttributeSet -> AttributeSet [ctor assoc comm id: none] . + + sorts Oid Cid Object Msg Portal Configuration . + subsort Object Msg Portal < Configuration . + op <_:_|_> : Oid Cid AttributeSet -> Object [ctor object] . + op none : -> Configuration [ctor] . + op __ : Configuration Configuration -> Configuration [ctor config assoc comm id: none] . + op <> : -> Portal [ctor] . +endm + +set include BOOL on . +set omod include CONFIGURATION on . + +select CONVERSION . diff --git a/etc/docker/res/progsverif-tamarin b/etc/docker/res/progsverif-tamarin new file mode 100755 index 000000000..e4d223edb --- /dev/null +++ b/etc/docker/res/progsverif-tamarin @@ -0,0 +1,7 @@ +#!/bin/bash + +set -x # print what we do +temp=$(mktemp -d)/$(basename "$1") + +tamarin-prover "$1" -m=proverif > "$temp.gs" && echo "$temp.gs" && gsverif -o "$temp.pv" "$temp.gs" && proverif "$temp.pv" +#requires gsverif 2.0, i.e. the new version made by Vincent with assumeCell tag diff --git a/etc/docker/res/proverif-tamarin b/etc/docker/res/proverif-tamarin new file mode 100755 index 000000000..9987ff824 --- /dev/null +++ b/etc/docker/res/proverif-tamarin @@ -0,0 +1,5 @@ +#!/bin/bash + +set -x # print what we do +temp=$(mktemp -d)/$(basename "$1") +tamarin-prover "$1" -m=proverif > "$temp.pv"; proverif "$temp.pv" diff --git a/etc/docker/res/proverif-tamarin-diff b/etc/docker/res/proverif-tamarin-diff new file mode 100755 index 000000000..eacf5ba30 --- /dev/null +++ b/etc/docker/res/proverif-tamarin-diff @@ -0,0 +1,5 @@ +#!/bin/bash + +set -x # print what we do +temp=$(mktemp -d)/$(basename "$1") +tamarin-prover "$1" --diff -m=proverif -D=PROVERIFEQUIV > "$temp.pv"; proverif "$temp.pv" diff --git a/etc/docker/run.template.sh b/etc/docker/run.template.sh new file mode 100755 index 000000000..5a60bbe69 --- /dev/null +++ b/etc/docker/run.template.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash +HOSTNAME="ProtoMachine" +HOST_PATH_1="/Users/robert/lab/teaching/2018-WS-Hands-On-Protocol-Verification/handsonws18/projects" +DOCKER_PATH_1="/workspace" +# VIRTUAL_ENV="/PATH/TO/LOCAL/VIRTUALENV/" + +docker run -ti \ + --hostname ${HOSTNAME} \ + --volume ${HOST_PATH_1}:${DOCKER_PATH_1} \ + -e LOCAL_USER_ID=`id -u $USER` \ + -e LOCAL_GROUP_ID=`id -g $USER` \ + protocolplatform-user:latest + + # --volume ${VIRTUAL_ENV}:"/env/external" \ diff --git a/etc/tamarin-troop.py b/etc/tamarin-troop.py new file mode 100755 index 000000000..373675a0b --- /dev/null +++ b/etc/tamarin-troop.py @@ -0,0 +1,572 @@ +#!/usr/bin/python3 + +import signal +import multiprocessing +import re +import argparse +import subprocess +import os +import itertools +import sys +import subprocess +import shutil +import time + +def eprint(*args, **kwargs): + print(*args, file=sys.stderr, **kwargs) + +# Timeout for the jobs in seconds +JOB_TIMEOUT = 5 + +# Tamarins heustics +HEURISTICS = [ 's', 'S', 'c', 'C', 'i', 'I' ] +DEEPSEC = "deepsec" +SPTHY = "spthy" +PROVERIF = "proverif" +TAMARIN_COMMAND = "tamarin-prover" +PROVERIF_COMMAND = "proverif" +DEEPSEC_COMMAND = "deepsec" +GSVERIF_COMMAND = "gsverif" +PROOF = "proof" +COUNTEREXAMPLE = 'counterexample' +INCONCLUSIVE = 'inconclusive' +NOT_STARTED = 'not_started' +STARTED = 'started' +FINISHED = 'finished' +TIMEOUT = 'timeout' +INTERRUPTED = 'interrupted' +ERROR = 'error' +PARSE_ERROR = "parse_error" + +# Colors +GREEN = '\033[92m' +WARNING = '\033[93m' +FAIL = '\033[91m' +ENDC = '\033[0m' + +# These job classes only exists to dynamically decide how we execute a job +# The arguments are fixed in the 'generate_tamarin/non_tamarin_jobs' functions +class Job(): + def __init__(self, arguments, lemma): + # Arguments to execute the job + self.arguments = arguments + # Lemmas the proofs + # For a Deepsec/ProVerif job, this will be a singleton list + self.lemma = lemma + # The result of the job + self.result = None + # returncode of job + self.returncode = None + # Status of the job + self.status = NOT_STARTED + # Time the job took + self.time = "" + + def __str__(self): + return str(self.arguments) + + def __repr__(self): + return str(self) + + def execute(self, result_queue): + """ + Executes the job specified by self.arguments and, iff + it was sucessful, returns a dictionary containing the result + """ + self.status = STARTED + call = "'" + " ".join(self.arguments) + "'" + print("Executing " + call) + try: + p = None + def execute_signal_handler(signum, frame): + self.status = INTERRUPTED + if p: + # If the job already started + p.terminate() + # kill own process + sys.exit(1) + + # Register new signal handler + signal.signal(signal.SIGINT, execute_signal_handler) + signal.signal(signal.SIGTERM, execute_signal_handler) + p = subprocess.Popen(self.arguments, stdout=subprocess.PIPE, + stderr=subprocess.PIPE, universal_newlines=True) + # Start timer + starttime = time.time() + stdout_data, stderr_data = p.communicate(timeout=JOB_TIMEOUT) + # calculate time + self.time = format(time.time() - starttime, '.4f') + if p.returncode != 0: + # Check if job completed correctly + # Save returncode to later report it + self.returncode = p.returncode + self.status = ERROR + return + # Get the results + self.parse_results(stdout_data, stderr_data) + if self.status == PARSE_ERROR: + return + + self.status = FINISHED + except subprocess.TimeoutExpired: + self.status = TIMEOUT + finally: + result = (self.status, call, self.lemma, self.returncode, self.result, self.time) + result_queue.put(result) + print_single_result(result) + + +class TamarinJob(Job): + + def parse_results(self, stdout, stderr): + # Parse the results for the self.lemma from the output + # and save them in self.results + # If no lemmas was specified, we assume that there is + # only one lemma in a .spthy file + # Search for the time Tamarin took + basepattern = self.lemma + " .*: " + verpattern = re.compile(basepattern + "verified") + falsepattern = re.compile(basepattern + "falsified") + incpattern = re.compile(basepattern + "analysis incomplete") + result = "" + if verpattern.search(stdout): + result = PROOF + elif falsepattern.search(stdout): + result = COUNTEREXAMPLE + elif incpattern.search(stdout): + result = INCONCLUSIVE + else: + self.status = PARSE_ERROR + return + + self.result = result + + +class ProverifJob(Job): + + def parse_results(self, stdout, stderr): + # Parse the results for the self.lemma from the output + # and save them in self.results + # We assume that there is only one query in a .pv file + # Search for the time ProVerif took + # Search for the result in ProVerif stdout + result = "" + if re.search(r"RESULT .* is true", stdout): + result = PROOF + elif re.search(r"RESULT .* is false", stdout): + result = COUNTEREXAMPLE + elif re.search(r"RESULT .* cannot be proved", stdout): + result = INCONCLUSIVE + else: + self.status = PARSE_ERROR + return + # Update dict + self.result = result + +class DeepsecJob(Job): + + def parse_results(self, stdout, stderr): + # Parse the results for the self.lemma from the output + # and save them in self.results + # We assume that there is only one query in a .dps file + # Search for the time Deepsec took + result = "" + if re.search(r"not session equivalent", stdout): + result = COUNTEREXAMPLE + elif re.search(r"session equivalent", stdout): + result = PROOF + else: + self.status = PARSE_ERROR + return + + self.result = result + + + +# Dict mapping tool to file type +TOOL_TO_FILE_TYPE = { SPTHY: ".spthy", PROVERIF: ".pv", DEEPSEC: ".dps" } +TOOL_TO_JOB_CLASS = { SPTHY: TamarinJob, PROVERIF: ProverifJob, + DEEPSEC: DeepsecJob } + +def add_double_dashes_to_arguments(cliarguments): + return [['--' + argument for argument in argumentlist] for argumentlist \ + in cliarguments ] + +def add_dashes_to_arguments(cliarguments): + return [['-' + argument for argument in argumentlist] for argumentlist \ + in cliarguments ] + + +def execute_joblist(joblist, queue): + # Concurrently execute the jobs in the joblist. + processes = [None] * len(joblist) + result_queue = multiprocessing.SimpleQueue() + for i in range(len(processes)): + job = joblist[i] + processes[i] = multiprocessing.Process(target=job.execute, + args=(result_queue, )) + + try: + for p in processes: + p.start() + # Counter to abort once all jobs are done + counter = len(processes) + # We want the results as they finish + results = [] + + while counter: + result = result_queue.get() + counter -= 1 + results.append(result) + # Check job status + if result[0] == FINISHED: + # abort all jobs as we got a valid result + for p in processes: + if p.is_alive(): + os.kill(p.pid, signal.SIGINT) + break + + finally: + for p in processes: + p.join() + + # return results via queue + queue.put(results) + + + +def print_single_result(result): + status, call, lemma, returncode, outcome, time = result + if status == ERROR: + eprint(FAIL + "ERROR: " + ENDC + \ + call + " returned returncode " + str(returncode)) + elif status == TIMEOUT: + eprint(WARNING + "WARNING: " + ENDC + \ + call + " timed out after " + str(JOB_TIMEOUT) + " seconds") + elif status == INTERRUPTED: + eprint(WARNING + "INTERRUPTED: " + ENDC + call) + elif status == PARSE_ERROR: + eprint(FAIL + "ERROR: " + ENDC + "The result from "\ + + call + " could not be parsed.") + elif status == FINISHED: + color = GREEN if outcome == PROOF else \ + (FAIL if outcome == COUNTEREXAMPLE else WARNING) + print("Finished " + call + " after " + str(time) + " seconds: " + color + outcome + ENDC) + + +def report_results(results): + # Here we save the good results + for results_per_lemma in results: + # get lemma name, ugly... but yeah + # Initialize best result to None + best_result = None + bad_results = [] + lemma = "" + for result in results_per_lemma: + lemma = result[2] + # String for error reporting + status, call, lemma, returncode, outcome, time = result + # Make sure every job ran + assert status == FINISHED or status == TIMEOUT or \ + status == ERROR or status == PARSE_ERROR + if status != FINISHED: + # Report error/timeout etc. + bad_results.append(result) + continue + # Result is good + if best_result is None: + best_result = result + + if best_result[0] != status: + # Report mismatch + oldcall = best_result[1] + oldresult = best_result[5] + eprint(FAIL + "ERROR: " + ENDC + "'" + oldcall + "'" + \ + " had result: " + oldresult) + eprint(FAIL + "ERROR: " + ENDC + "'" + call + "'" + \ + " had result: " + outcome) + elif best_result[5] > time: + # compare time + best_result = result + + + # Report results for this lemma + print("=" * 90) + lemmastring = " for " + lemma if lemma else "" + if bad_results: + print("Reporting errors" + lemmastring + ":\n") + for bad_result in bad_results: + print_single_result(bad_result) + + if best_result: + print("Reporting result" + lemmastring + ":\n") + print_single_result(best_result) + + return results + + + +def intermediate_file_name(input_file, tool, lemma): + """ + This function generates a file name for the intermediate generated + for deepsec/proverif. + TODO: Once we can generate files on a per lemma basis, we need to + include the name of the lemma in the file name as well. + """ + # Get input_file without '.spthy' + file_name, _ = os.path.splitext(input_file) + lemmastring = lemma + "_" if lemma else "" + return file_name + "_" + lemmastring + tool + TOOL_TO_FILE_TYPE[tool] + +def generate_files(input_file, flags, lemmas, argdict, diff, gsverif): + """ + This function generates files for all tools in argdict except + for Tamarin. For Tamarin, we do not need to generate intermediate + files, but can use the original input file. + """ + # Format flags in the way the Tamarin CLI wants them + flags = [ '-D=' + flag for flag in flags ] if flags else [] + + # Diff mode? + diffstring = " --diff" if diff else "" + + + for tool in argdict.keys(): + if tool == SPTHY: + # Skip Tamarin/spthy. Tamarin does not need intermediate files. + # It works on the sapic file itself. + continue + + # For each tool generate a file using Tamarin -m + + # Hack to make the loop work if not lemmas are specified + lemmas = lemmas if lemmas else [""] + + for lemma in lemmas: + if lemma: + # Not the dummy value but a real lemma + tamarin_call = [TAMARIN_COMMAND, '-m='+tool, '--lemma=' + lemma] + else: + tamarin_call = [TAMARIN_COMMAND, '-m='+tool] + + cmd = " ".join(tamarin_call + flags + [input_file]) + # Add diff flag + cmd = cmd + diffstring + # Change file type according to current tool + file_name = intermediate_file_name(input_file, tool, lemma) + destination = " > " + file_name + # Concatenate the cmd and destination, and run it + subprocess.run(cmd + destination, shell=True, check=True) + + if tool == PROVERIF and gsverif: + # If GSVerif flag is set, we use it on the ProVerif file + gsverif_call = [GSVERIF_COMMAND, file_name, '-o', file_name] + subprocess.run(gsverif_call, check=True) + +def generate_jobs(input_file, lemmas, argdict, flags): + """ + This function generates the jobs that we want to concurrently execute. + A job is a list of arguments that, when used by a Popen call, + correspond to a call to Tamarin/Deepsec/Proverif on a file/lemma we + want to time. + + For instance: + [ proverif, example.pv, -test] + is a valid job. Another example: + [ deepsec, example.dps, --local-workers 12] + is also a valid job. + """ + jobs = [] + # Hack to make the loop work even if not lemmas were specified + lemmas = lemmas if lemmas else [""] + + for lemma in lemmas: + jobs_for_lemma = [] + # For every lemma create the jobs for each tool + for tool in argdict.keys(): + if tool == SPTHY: + jobs_for_lemma += generate_tamarin_jobs( + input_file, lemma, argdict, flags) + else: + jobs_for_lemma += generate_non_tamarin_jobs( + tool, input_file, lemma, argdict) + + jobs.append(jobs_for_lemma) + return jobs + + +def generate_non_tamarin_jobs(tool, input_file, lemma, argdict): + """ + Returns a list of jobs (list of lists). + """ + jobs = [] + toolcmd = TOOL_TO_COMMAND[tool] + toolclass = TOOL_TO_JOB_CLASS[tool] + if not argdict[tool][0]: + # If there were no CLI params specified. + jobs += [toolclass([toolcmd, \ + intermediate_file_name(input_file, tool, lemma)], lemma)] + else: + # If CLI params were specified, we use them. + jobs += [toolclass([toolcmd, intermediate_file_name(input_file, \ + tool, lemma)] + list(tuple), lemma) \ + for tuple in itertools.product(*argdict[tool])] + + return jobs + +def generate_tamarin_jobs(input_file, lemma, argdict, flags): + # TODO: Might need to revisit this once the Tamarin CLI has changed + lemmacli = [ '--prove=' + lemma ] if lemma else ["--prove"] + # heuristics = [] if argdict. + flags = [ '-D=' + flag for flag in flags ] if flags else [] + toolcmd = TOOL_TO_COMMAND[SPTHY] + jobs = [] + if not argdict[SPTHY]: + jobs = [TamarinJob([toolcmd, input_file] + lemmacli + flags, lemma)] + else: + jobs = [TamarinJob([toolcmd, input_file] + lemmacli + flags + \ + list(tuple), lemma) for tuple in itertools.product(*argdict[SPTHY])] + return jobs + +def std_signal_handler(sig, frame): + # Standard signal handler that exits. + # We use this to catch SIGINT + print("Std sig handler called") + sys.exit(1) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser() + parser._action_groups.pop() + required = parser.add_argument_group('required arguments') + optional = parser.add_argument_group('optional arguments') + # The source file we built the models from + required.add_argument('-file', type=str, help='the sapic file', required=True) + optional.add_argument('-l', '--lemma', action='extend', nargs='+', type=str, + help='prove the given lemmas. If no lemmas are \ + specified, the tool assumes that there is only one \ + lemma in the given .spthy') + # Flags for Tamarin's preprocessor. Used during file/model generation + optional.add_argument('-D', '--defines', action='extend', nargs='+', type=str, + help="flags for Tamarin's preprocessor") + # Args for ProVerif. + optional.add_argument('-p', '--proverif', action='append', + nargs='*', type=str, help='arguments for ProVerif') + # Args for Tamarin + optional.add_argument('-t', '--tamarin', action='append', + nargs='*', type=str, help='arguments for Tamarin') + # Heuristics for Tamarin + optional.add_argument('-H', '--heuristic', action='extend', + nargs='+', type=str, choices=HEURISTICS, + help='heuristics Tamarin should use') + # Args for Deepsec + optional.add_argument('-d', '--deepsec', action='append', + nargs='*', type=str, help='arguments for Deepsec') + # Flag for Tamarin diff mode + optional.add_argument('--diff', action='store_true', + help="use Tamarin's diff mode for file generation") + # Flag for GSVerif + optional.add_argument('--gs', action='store_true', + help="use GSVerif on the exported ProVerif file.") + # Custom Tamarin command + optional.add_argument('-tname', '--tname', action='store', type=str, + help='customize how Tamarin is called; defaults to \ + "tamarin-prover"') + # Custom ProVerif command + optional.add_argument('-pname', '--pname', action='store', type=str, + help='customize how ProVerif is called; defaults to \ + "proverif"') + # Custom Deepsec command + optional.add_argument('-dname', '--dname', action='store', type=str, + help='customize how Deepsec is called; defaults to \ + "deepsec"') + # Custom timeout + optional.add_argument('-to', '--timeout', action='store', + type=int, help='timeout for the jobs') + + args = parser.parse_args() + # Error handling + if args.deepsec is None and args.tamarin is None and args.proverif is None: + eprint("Provide command line arguments for at least one tool!") + sys.exit(1) + + + # Change tool commands if specified + if args.tname: + TAMARIN_COMMAND = args.tname + + if args.dname: + DEEPSEC_COMMAND = args.dname + + if args.pname: + PROVERIF_COMMAND = args.pname + + if args.timeout: + JOB_TIMEOUT = args.timeout + + # Map tools to their command + TOOL_TO_COMMAND = { SPTHY: TAMARIN_COMMAND, PROVERIF: PROVERIF_COMMAND, + DEEPSEC: DEEPSEC_COMMAND } + + # Extract the list of lemmas + lemmas = args.lemma if args.lemma else [] + # Extract the list of preprocessor Flags + flags = args.defines if args.defines else [] + # Create a dict that maps tool (Tamarin=spthy, ProVerif=proverif, + # and Deepsec=deepsec) to the parsed args + argdict = dict() + if args.deepsec: + argdict[DEEPSEC] = add_double_dashes_to_arguments(args.deepsec) + if args.proverif: + argdict[PROVERIF] = add_dashes_to_arguments(args.proverif) + if args.tamarin: + if args.tamarin[0]: + # Actual arguments, not only -t + tamarinargs = add_double_dashes_to_arguments(args.tamarin) + argdict[SPTHY] = tamarinargs + else: + tamarinargs = [] + if args.heuristic: + heuristics = [ '--heuristic=' + heuristic for heuristic in \ + args.heuristic ] + tamarinargs.append(heuristics) + argdict[SPTHY] = tamarinargs + + + # Generate desired model files from the input file + generate_files(args.file, flags, lemmas, argdict, args.diff, args.gs) + + # Generate the jobs that we want to concurrently execute + jobs = generate_jobs(args.file, lemmas, argdict, flags) + # For every lemma/joblist start a concurrent execution of its jobs. + # This first layer of concurrency uses a worker per lemma/joblist + processes = [None] * len(jobs) + + # Register signal handler + # This handler is inherited by the child processes + signal.signal(signal.SIGINT, std_signal_handler) + signal.signal(signal.SIGTERM, std_signal_handler) + for i in range(len(processes)): + # Processes[i] = jobs[i] + queue for communication + q = multiprocessing.SimpleQueue() + processes[i] = multiprocessing.Process(target=execute_joblist, + args=(jobs[i], q, )), q + + try: + # Start all the processes + for p, q in processes: + p.start() + + # Collect the results of the Processes + results = [ q.get() for p, q in processes ] + # q.get() blocks until a result is available + + finally: + for p, q in processes: + p.join() + + # Current results list contains results with timeouts, errors etc. + # Sort these out of the list, and report them. + results = report_results(results) + + sys.exit(0) diff --git a/examples/features/predicates/minimal.spthy b/examples/features/predicates/minimal.spthy index 10d031e92..d9809021b 100644 --- a/examples/features/predicates/minimal.spthy +++ b/examples/features/predicates/minimal.spthy @@ -2,10 +2,10 @@ theory function_application begin functions: true/0,eq/2 equations: eq(x,x)=x + predicate: True(x) <=> (x = true()) rule A: [In(x)] --[ _restrict(True(eq(x,x))) ]-> [] end - diff --git a/examples/sapic/export/5G_AKA/5G_AKA.spthy b/examples/sapic/export/5G_AKA/5G_AKA.spthy new file mode 100644 index 000000000..81cb89389 --- /dev/null +++ b/examples/sapic/export/5G_AKA/5G_AKA.spthy @@ -0,0 +1,971 @@ +theory 5G_aka +/* + +============================================================================== +summary of summaries: + +analyzed: 5G_AKA.spthy + + dummy (all-traces): verified (1 steps) + true_rand_autn_src (all-traces): verified (13 steps) + true_sqn_ue_src (all-traces): verified (15 steps) + true_sqn_hss_src (all-traces): verified (8 steps) + true_sqn_ue_nodecrease (all-traces): verified (348 steps) + true_sqn_ue_unique (all-traces): verified (8 steps) + false_executability_honest (all-traces): analysis incomplete (1 steps) + false_executability_keyConf_honest (all-traces): analysis incomplete (1 steps) + false_executability_desync (all-traces): analysis incomplete (1 steps) + false_executability_resync (all-traces): analysis incomplete (1 steps) + false_weakagreement_ue_seaf_noRev (all-traces): analysis incomplete (1 steps) + false_weakagreement_ue_seaf_keyConf_noAsyKeyRev_noSupiRev_noSqnRev_noChanRev (all-traces): analysis incomplete (1 steps) + false_weakagreement_ue_seaf_keyConf_noAsyKeyRev_noSupiRev_noSqnRev_noKeyRev (all-traces): analysis incomplete (1 steps) + true_injectiveagreement_ue_seaf_kseaf_keyConf_noKeyRev_noChanRev (all-traces): verified (83 steps) + false_weakagreement_seaf_ue_noKeyRev_noAsyKeyRev_noSupiRev_noSqnRev (all-traces): analysis incomplete (1 steps) + false_weakagreement_seaf_ue_noAsyKeyRev_noSupiRev_noSqnRev_noChanRev (all-traces): analysis incomplete (1 steps) + true_injectiveagreement_seaf_ue_kseaf_noKeyRev_noChanRev (all-traces): verified (95 steps) + false_weakagreement_seaf_ue_KeyConf_noKeyRev_noAsyKeyRev_noSupiRev_noSqnRev (all-traces): analysis incomplete (1 steps) + false_weakagreement_seaf_ue_KeyConf_noChanRev_noAsyKeyRev_noSupiRev_noSqnRev (all-traces): analysis incomplete (1 steps) + true_injectiveagreement_seaf_ue_kseaf_keyConf_noKeyRev_noChanRev (all-traces): verified (101 steps) + gsverif_sqn_hss_nodecrease (all-traces): verified (255 steps) + gsverif_intermediate (all-traces): verified (4 steps) + gsverif_lemma (all-traces): verified (364 steps) + +============================================================================== + +real 1m41.666s +user 8m58.637s +sys 2m5.626s +─( 11:44:18 )─< ~ >────────────────────────────────────────────────────────────────────────────[ 0 ]─ +c01chja@Colossus05 $ time tamarin-prover 5G_AKA.spthy --prove +RTS -N8 -RTS + + + +With set nounifIgnoreNtimes = 4. + +Query(ies): + - Query event(SEAF_End)@i ==> event(Rev(X,data))@r is false. + - Query event(SEAF_EndConf)@i ==> event(Rev(X,data))@r is false. + - Query event(HSS_Resync_End(dif))@i ==> event(Rev(X,data))@r is false. + - Query event(HSS_Resync_End(4))@i2 ==> event(Rev(X,data))@r is false. + - Query event(Commit(a,b,(UE[],(SEAF[],t))))@i ==> event(RunningId(b,a))@j || event(RevId(a))@r1 || +event(RevId(b))@r2 is false. + - Query event(CommitConf(a,b,(UE[],(SEAF[],t))))@i ==> event(RunningId(b,a))@j || event(RevsecureCha +nnel)@r1 || event(RevskHN)@r2 || event(Revsqn)@r3 || event(Revsupi)@r4 is false. + - Query event(CommitConf(a,b,(UE[],(SEAF[],t))))@i ==> event(RunningId(b,a))@j || event(Revk)@r1 || +event(RevskHN)@r2 || event(Revsqn)@r3 || event(Revsupi)@r4 is false. + - Query event(Commit(a,b,(SEAF[],(UE[],t))))@i ==> event(RunningId(b,a))@j || event(Revk)@r1 || even +t(RevskHN)@r2 || event(Revsqn)@r3 || event(Revsupi)@r4 is false. + - Query event(Commit(a,b,(SEAF[],(UE[],t))))@i ==> event(RunningId(b,a))@j || event(RevsecureChannel +)@r1 || event(RevskHN)@r2 || event(Revsqn)@r3 || event(Revsupi)@r4 is false. + - Query event(CommitConf(a,b,(SEAF[],(UE[],t))))@i ==> event(RunningId(b,a))@j || event(Revk)@r1 || +event(RevskHN)@r2 || event(Revsqn)@r3 || event(Revsupi)@r4 cannot be proved. + - Query event(CommitConf(a,b,(SEAF[],(UE[],t))))@i ==> event(RunningId(b,a))@j || event(RevsecureCha +nnel)@r1 || event(RevskHN)@r2 || event(Revsqn)@r3 || event(Revsupi)@r4 is false. +Associated axiom(s): + - Axiom event(Counter(d,st2,st_3,i1)) && event(Counter(d,st2,st_3,i)) ==> i1 = i; event(Counter(d,st +2,st_3,i1)) && event(Counter(d,st2,st1_1,i1)) ==> st_3 = st1_1 in process 1. + +-------------------------------------------------------------- + + +real 3m40.457s +user 3m40.075s +sys 0m0.328s +─( 21:59:08 )─< ~ >────────────────────────────────────────────────────────────────────────────[ 0 ]─ +c01chja@Colossus05 $ time proverif output.pv + +*/ +/* + + Protocol: 5G AKA + Modeler: David Basin, Jannik Dreier, Lucca Hirschi, Sasa Radomirovic, Ralf Sasse, Vincent Stettler + Date: - + Version: Model of 5G AKA v15.0.0, with SUCI, sequence number, XOR, synchronization failure mechanism. + + Based on: Security Architecture and Procedures for 5G System: + 3GPP TS 33.501 V15.0.0 + + Comments: This theory models 5G AKA including: + - the sequence number + - the resynchronization mechanism + - the XOR + - SUPI concealement (SUCI) + Not included: + - AMF (authentication management field) + + Resources: [5G] Security Architecture and Procedures for 5G System: + 3GPP TS 33.501 V15.0.0 (2018-03) + + [5G-sys] System Architecture for the 5G System: + 3GPP TS 23.501 V1.3.0 (2017-09) + + [4G] System Architecture Evolution (SAE): Security architecture + 3GPP TS 33.401 V15.0.0 (2017-06) + + [3G] 3G Security: Security architecture + 3GPP TS 33.102 V14.1.0 (2017-03) + + Notes: 5G AKA is one of the methods used in 5G primary authentication. + It is an enhancement of EPS-AKA (TS 33.401 Section 6.1), + which is based on UMTS AKA (TS 33.102 Section 6.3). + + Notations: supi -> Subscription Permanent Identifier (IMSI). + suci -> Subscription Concealed Identifier. + sqn -> Sequence Number + + UE -> User Equipment. + SEAF -> Security Anchor Function. + AUSF -> Authentication Server Function. + ARPF -> Authentication Repository and Processing Function. + HSS -> Home Subscription Server (AUSF + ARPF) + + SNID -> Visited Public Land Mobile Network ID (VPLMN-Id) + of the serving network, appended to string '5G'. + HN -> Home network including AUSF and ARPF. + SN -> Serving network. + + Channels: UE <-> SEAF .<->. HSS [.<->. is authenticated, confidential, replay protected, order-preserving, binding] + + Terms: + Assumptions: + SNid -> ~idSN, output when created (public fresh constant) + supi -> ~supi (fresh value) + sqn -> sqn ~sqn_root + '1' + ... + '1' + where ~sqn_root is the freshly generated part of Sqn. + We model an attacker who is in the vicinity of the targeted UE for a limited time only. + As a consequence, the attacker does not initially know sqn. + + TS 33.102 6.3 (3G): + ~RAND is freshly generated and unique. + MAC = f1(k, ) + XRES = f2(k, RAND) + CK = f3(k, RAND) + IK = f4(k, RAND) + AK = f5(k, RAND) + AUTN = + + MAC-S = f1*(k, ) + AKS = f5*(k, RAND) // we defined this name here + AUTS = < XOR(Sqn, AKS), MAC-S> + + TS 33.501 6.1, 6.2, A, X (5G): + SNID = <'5G', VPLMNID> ([5G] 6.1.1.4.1) + K_ausf = KDF(, ) ([5G] A.2) + K_seaf = KDF(K_ausf, SNID) ([5G] A.6) + XRES* = KDF(, ) ([5G] A.4) + HXRES* = SHA256() ([5G] A.5) + + TS 33.501 C (5G): + pk_HSS, sk_HSS (asymmetric key pair of HSS) + id_pk_HSS (identifier for pk_HSS) + ~R (freshly generated randomness) + SUCI = < aenc(, pk_HSS), HN, id_pk_HSS > + + Functions: + TS 33.102 6.3: + f1 is a message authentication function. + f2 is a (possibly truncated) message authentication function. + f3 and f4 are key generating functions. + f5 is a key generating function or f5 = 0. + + f1* is a MAC function. + f5* is a key generation function. + + TS 33.501 A: + KDF as used in 5G is defined in TS 33.220. + It is used for K_ausf, K_seaf, and RES*. + + Pre-shared + secrets: Symmetric subscription key: (UE, HSS, ~k) + Sequence number: (UE, HSS, ~sqn_root+'one') + + Protocol: 1. UE -> SEAF: suci + 2. SEAF -> AUSF: suci, SNID + 3. AUSF -> ARPF: suci, SNID + 4. ARPF -> AUSF: RAND, XRES*, K_ausf, AUTN, supi + 5. AUSF -> SEAF: RAND, HXRES*, K_seaf, AUTN + 6. SEAF -> UE : RAND, AUTN + 7. UE -> SEAF: RES* + 8. SEAF -> AUSF: RES*, suci, SNID + 9. AUSF -> SEAF: 'confirm', supi + + Protocol 1. UE -> SEAF: suci + Model: 2. SEAF -> HSS: suci, SNID + 3. HSS -> SEAF: RAND, HXRES*, K_seaf, AUTN + 4. SEAF -> UE : RAND, AUTN + 5. UE -> SEAF: RES* + 6. SEAF -> HSS: RES*, suci, SNID + 7. HSS -> SEAF: 'confirm', supi + +*/ + + + +begin + +builtins: + asymmetric-encryption, multiset, xor + +functions: + // AKA functions (TS 33.102) + f1/2, // MAC-function --> MAC + f2/2, // MAC-function --> RES + f3/2, // KDF --> CK + f4/2, // KDF --> IK + f5/2, // KDF --> AK (Hide Sqn) + f1_star/2, // MAC-function --> MAC-S + f5_star/2, // KGF --> AKS (Hide Sqn) + + // 3GPP KDFs (TS 33.501) + KDF/2, // KDF --> K_ausf, K_seaf, XRES* + SHA256/2 // KDF --> HXRES* + +options: enableStateOpt, +asynchronous-channels, compress-events, +translation-allow-pattern-lookups + + +export queries: +" +equation forall a,b:bitstring; xor(a,b)=xor(b,a). +nounif x:bitstring; mess(new StateChannel,*x) [ignoreAFewTimes]. +nounif x:bitstring; mess(new StateChannel_1,*x) [ignoreAFewTimes]. +set nounifIgnoreNtimes = 4. + +" +/************************************/ +/* UE definition */ +/************************************/ +let Ue(~supi,~idHn,~k,~sqn_root,~idHN,pk_HN) = + // Attach Request + new ~R; new ~tid; + let suci = < aenc{<~supi, ~R>}pk_HN, ~idHN> in + let msg = suci in + event Start_UE_Session(~supi); + + out(msg); + + // St_1_UE(~tid, ~supi, ~idHN, ~k, ~sqn_root), + + lock ~supi; + // Sqn_UE(~supi, ~idHN, SqnUE, ~sqn_root, count), + lookup ~supi as count:nat in + let SqnUE = <~sqn_root, count> in + // Input, checks + // Authentication Request (Auth-Req) and Sync Failure + // [3G] Clauses C.2.1, C.2.2 + // The UE reports sync failure if: + // - Received Sqn is bigger but too big (e.g., jumpsize can be at most delta), + // - or Received Sqn is not bigger. + // [3G] Clauses 6.3.3, 6.3.5 + // Input, checks + in(>); + if (xored = f5(~k, RAND) XOR <~sqn_root,c2>) & MAC = f1(~k, < <~sqn_root,c2> , RAND>) then + if count (<) c2 then +// in( < RAND, , <'FiveG', idSN> > ); + // let MAC = f1(~k, ) in// check on the MAC + ( + event CounterGS(~supi,count); + let AK = f5(~k, RAND) in + let SqnHSS = <~sqn_root,c2> in + + let MAC = f1(~k, < <~sqn_root,c2> , RAND>) in + let SNID = <'FiveG', idSN> in + let AUTN = in + // Authentication Request (Auth-Req) + Authentication Response (Auth-Resp) + // The UE accepts a Sqn iff it is greater than SqnMax (delta = infinity). + // The UE stores the greatest Sqn accepted. + +// let (=SqnHSS) = SqnUE + dif in // check freshness + // Remark: this is actually a ugly SqnHS > SqnUE + // Output + let RES = f2(~k, RAND) in + let IK = f4(~k, RAND) in + let CK = f3(~k, RAND) in + let RES_star = KDF(, ) in + let K_seaf = KDF(KDF(, ), SNID) in + let msgOut = RES_star in + // Open chains + event Sqn_UE_Invariance(~supi, ~idHN, ~sqn_root, c2); + + // Helper lemmas + event Sqn_UE_Change(~supi, ~idHN, c2); + event Sqn_UE_Use(~supi, ~idHN, c2); + // GSVerif axiom + event KSEAF(K_seaf); + + // Security properties + event RunningId(~supi, idSN); + event RunningId(~supi, ~idHN); + event Running(~supi, idSN,<'SEAF','UE',<'RES_star', RES_star>>); + event Running(~supi, idSN,<'SEAF','UE',<'K_seaf', K_seaf>>); + event Running(~supi, idSN,<'SEAF','UE',<'supi', ~supi>>); + event Running(~supi, ~idHN, <'HSS','UE', <'K_seaf', K_seaf>>); + event Running(~supi, ~idHN, <'HSS','UE', <'RAND', RAND>>); + event Secret(<'UE', ~supi>, 'key', K_seaf); + event Secret(<'UE', ~supi>, 'supi', ~supi); + event Commit(~supi, ~idHN, <'UE','HSS',<'AUTN', AUTN>>); + event Commit(~supi, ~idHN, <'UE','HSS',<'supi', ~supi>>); + event Commit(~supi, ~idHN, <'UE','HSS', <'K_seaf', K_seaf>>); + event Commit(~supi, idSN, <'UE','SEAF',<'K_seaf', K_seaf>>); + event Commit(~supi, idSN, <'UE','SEAF',<'RAND', RAND>>); + event Honest(~supi); + event Honest(~idHN); + event Honest(idSN); + // Sqn_UE(~supi, ~idHN, SqnHSS, ~sqn_root, count+dif) + insert ~supi, c2; + unlock ~supi; + out(msgOut); + // St_2_UE(~tid, ~supi, ~idHN, ~k, ~sqn_root, idSN, K_seaf), + + // Key confirmation between SEAF and UE (in order to model 'implicit authentication') + + in(f1kseaf); + if f1kseaf = f1(K_seaf, 'SEAF') then + // Security properties (after key confirmation) + event CommitConf(~supi, ~idHN, <'UE','HSS', <'K_seaf', K_seaf>>); + event CommitConf(~supi, ~idHN, <'UE','HSS', <'supi', ~supi>>); + event CommitConf(~supi, idSN, <'UE','SEAF',<'K_seaf', K_seaf>>); + event CommitConf(~supi, idSN, <'UE','SEAF',<'supi', ~supi>>); + event CommitConf(~supi, idSN, <'UE','SEAF',<'snname', idSN>>); + event Honest(~supi); + event Honest(~idHN); + event Honest(idSN); + out(f1(K_seaf, 'UE')) + + ) + else if (xored = <~sqn_root,c2> XOR f5(~k, RAND)) & MAC = f1(~k, < <~sqn_root,c2> , RAND>) then // if SqnUE > SqnHSS then + ( + in(=count); + let AKS = f5_star(~k, RAND) in + let MACS = f1_star(~k, ) in + let AUTS = in + let out_msg = AUTS in + // Restriction +// event Greater_Or_Equal_Than(SqnUE, SqnHSS); // Check freshness (FAIL) + // Open chains + event Sqn_UE_Invariance(~supi, ~idHN, ~sqn_root, count); + // Helper lemmas + event Sqn_UE_Nochange(~supi, ~idHN, count); + insert ~supi, count; + unlock ~supi; + out(out_msg) + ) + +/************************************/ +/* SEAF Rules */ +/************************************/ +let Seaf(~idSN,~secureChan) = +// Attach Request + Authentication Initiation Request (AIR) +// NOTE: The AIR message is in fact the initial authentication request of the service "Nausf_UEAuthentication_Authenticate" (see TS 33.501 9.6.2). + let SNID = <'FiveG', ~idSN> in + new ~tid; new ~cid; + in( ); + let suci = in + let msg = in + event Start_SEAF_Session(~idSN); + event SrcId(~idSN); + // SndS(~cid, ~idSN, idHN, <'air', msg>)]; + + out(~secureChan,<~cid, ~idSN, idHN, <'air', msg>>); + + // 5G Authentication Initiation Answer (5G-AIA) + Authentication Request (Auth-Req) + // [St_1_SEAF(~tid, ~idSN, SNID, conc_supi, idHN, ~cid), + // RcvS(~cid, idHN, ~idSN, <'aia', msgIn>) + ( + in(~secureChan,<=~cid, =idHN, =~idSN, <'aia', < RAND, HXRES_star, K_seaf, AUTN >>>); +// let msgIn = 5G_AV in +// let 5G_AV = < RAND, HXRES_star, K_seaf, AUTN > in + + let msgOut = < RAND, AUTN, SNID > in + event Out_Src(RAND, AUTN); + event Id(idHN); + // Security properties + event Running(~idSN, idHN, <'HSS','SEAF', <'K_seaf', K_seaf>>); + event RunningId(~idSN, idHN); + out(msgOut); + + // St_2_SEAF(~tid, ~idSN, SNID, conc_supi, idHN, RAND, HXRES_star, K_seaf, ~cid) + in(RES_star); + (if HXRES_star = SHA256(RES_star, RAND) then + // Authentication Response (Auth-Resp) + 5G Authentication Confirmation (5G-AC) + // NOTE: The 5G-AC is a subsequent authentication requests to the service "Nausf_UEAuthentication_Authenticate" (see TS 33.501 9.6.2). + ( + let suci = in + let msgOut = < RES_star, suci, SNID > in + event Running(~idSN, idHN, <'HSS','SEAF', <'RES_star', RES_star>>); + event RunningId(~idSN, idHN); +// SndS(~cid, ~idSN, idHN, <'ac', msgOut>) + out(~secureChan, <~cid, ~idSN, idHN, <'ac', msgOut>>); + // St_3_SEAF(~tid, ~idSN, SNID, conc_supi, idHN, RAND, RES_star, K_seaf, ~cid) + // Authentication Confirmation Answer (5G-ACA) + // RcvS(~cid, idHN, ~idSN, <'aca', msgIn>) + in(~secureChan,<=~cid, =idHN, =~idSN, <'aca', <'confirm', supi>>>); + let msgIn = <'confirm', supi> in + + // Executability + event SEAF_End(); + // Security properties + event RunningId(~idSN, supi); + event Running(~idSN, supi,<'UE','SEAF',<'K_seaf', K_seaf>>); + event Running(~idSN, supi,<'UE','SEAF',<'supi', supi>>); + event Running(~idSN, supi,<'UE','SEAF',<'snname', ~idSN>>); + event Secret(<'SEAF', ~idSN>, 'key', K_seaf); + event Commit(~idSN, idHN, <'SEAF','HSS', <'K_seaf', K_seaf>>); + event Commit(~idSN, idHN, <'SEAF','HSS', <'supi', supi>>); + event Commit(~idSN, idHN, <'SEAF','HSS', <'RES_star', RES_star>>); + event Commit(~idSN, supi, <'SEAF','UE', <'K_seaf', K_seaf>>); + event Commit(~idSN, supi, <'SEAF','UE', <'supi', supi>>); + event Commit(~idSN, supi, <'SEAF','UE', <'RES_star', RES_star>>); + event Honest(supi); + event Honest(idHN); + event Honest(~idSN); + out(f1(K_seaf, 'SEAF')); // Key confimration message with UE + // St_4_SEAF(~tid, ~idSN, SNID, conc_supi, idHN, ~RAND, RES_star, K_seaf, supi, ~cid) + + in(f2keaf); + if f2keaf = f1(K_seaf, 'UE') then + // Security properties + event CommitConf(~idSN, idHN, <'SEAF','HSS', <'K_seaf', K_seaf>>); + event CommitConf(~idSN, idHN, <'SEAF','HSS', <'supi', supi>>); + event CommitConf(~idSN, supi, <'SEAF','UE', <'K_seaf', K_seaf>>); + event CommitConf(~idSN, supi, <'SEAF','UE', <'supi', supi>>); + event Honest(supi); + event Honest(idHN); + event Honest(~idSN); + event SEAF_EndConf() + + ) + else + // Synchronization Failure and 5G Authentication Synchronization message + // [5G] Clause 6.1.3.2.1 + // [3G] Clauses 6.3.3 and 6.3.5 + // Note that in this model, the SEAF aborts the procedure, and does not wait + // for the resynced AVs. After resync, the HSS also does not directly send + // the AVs, but needs to be asked again. + ( + in( < SqnUEXorAKS, MACS >); + let AUTS = < SqnUEXorAKS, MACS > in + let out_msg = < RAND, AUTS > in + // SndS(~cid, ~idSN, idHN, <'resync', out_msg>) + out(~secureChan, <~cid, ~idSN, idHN, <'resync', out_msg>>) + + ) + ) + ) + +/************************************/ +/* HSS Rules */ +/************************************/ + +// Authentication Initiation Request (AIR) + 5G Authentication Initiation Answer (5G-AIA) +// For key derivarion, see [5G] clause 6.1.3.2 and annex A6 +// NOTE: The AIR message is in fact the initial authentication request to the service "Nausf_UEAuthentication_Authenticate" (see TS 33.501 9.6.2). +// NOTE: The 5G-AIA is the corresponding Nausf_UEAuthentication_Authenticate Response. +let HSS(~idHN, ~sk_HN, ~supi, ~k, ~sqn_root,~secureChan)= +// !HSS(~idHN, ~sk_HN), +// !Ltk_Sym(~supi, ~idHN, ~k, ~sqn_root), + lock ~sqn_root; +// Sqn_HSS(~supi, ~idHN, SqnHSS, ~sqn_root, count), + lookup ~sqn_root as count:nat in + in(=count); + event CounterGS(~sqn_root,count); + let SqnHSS = <~sqn_root, count> in +// RcvS(~cid, idSN, ~idHN, <'air', msgIn>), + in(idSN); + in(~secureChan,<~cid, =idSN, =~idHN, <'air', < < cyphersupirR, =~idHN> , <'FiveG', =idSN> > >>); + let <=~supi, ~R> = adec(cyphersupirR,~sk_HN) in + + event Id(idSN); + let suci = < aenc{<~supi, ~R>}pk(~sk_HN), ~idHN> in + + new ~RAND; + new ~tid; + + // 1. Receive + +// let (=idSN2) = idSN in // HSS checks that the received SNID matches the authenticated channel with idSN + let SNID = <'FiveG', idSN> in + let cnext:nat = count + 'one' in + let SqnNext = <~sqn_root,count + 'one'> in + + // 2. Send + // a. ARPF part + let MAC = f1(~k, ) in + let XRES = f2(~k, ~RAND) in + let CK = f3(~k, ~RAND) in + let IK = f4(~k, ~RAND) in + let AK = f5(~k, ~RAND) in + let AUTN = in + let K_seaf = KDF(KDF(, ), SNID) in + let XRES_star = KDF(, ) in + + // b. AUSF part + let HXRES_star = SHA256(XRES_star, ~RAND) in + let msgOut = < ~RAND, HXRES_star, K_seaf, AUTN > in // 5G_AV + + event Src(~RAND, AUTN); + // Helping + event KSEAF(K_seaf); + // Executability + event Start_HSS_Session(~idHN); + event HSS_Send_Aia(); + // Security properties + event RunningId(~idHN, idSN); + event RunningId(~idHN, ~supi); + event Running(~idHN, idSN,<'SEAF','HSS',<'K_seaf', K_seaf>>); + event Running(~idHN, idSN,<'SEAF','HSS',<'supi', ~supi>>); + event Running(~idHN, idSN,<'SEAF','HSS',<'RES_star', XRES_star>>); + event Running(~idHN, ~supi,<'UE','HSS', <'K_seaf', K_seaf>>); + event Running(~idHN, ~supi,<'UE','HSS',<'supi', ~supi>>); + event Running(~idHN, ~supi,<'UE','HSS',<'AUTN', AUTN>>); + event Honest(~supi); + event Honest(~idHN); + event Honest(idSN); + // Sqn_HSS(~supi, ~idHN, SqnNext, ~sqn_root, count+'one'), + // SndS(~cid, ~idHN, idSN, <'aia', msgOut>) + event SrcId(~idHN); +event Sqn_HSS_Invariance(~idHN, ~supi, ~sqn_root, cnext); + event Sqn_HSS_Change(~sqn_root, cnext); + out(~secureChan,<~cid, ~idHN, idSN, <'aia', msgOut>>); + insert ~sqn_root, count+'one'; + unlock ~sqn_root; + + // St_1_HSS(~tid, ~idHN, ~supi, suci, idSN, SNID, ~k, SqnNext, XRES_star, ~RAND, ~sqn_root, ~sk_HN, ~cid) + // RcvS(~cid, idSN, ~idHN, <'ac',msgIn>) + // 5G Authentication Confirmation (5G-AC) + Authentication Confirmation Answer (5G-ACA) + // NOTE: 5G-AC is a subsequent authentication requests to the service "Nausf_UEAuthentication_Authenticate" (see TS 33.501 9.6.2). + // NOTE: 5G-ACA is the corresponding response by the service. + in(~secureChan, <=~cid, =idSN, =~idHN, >); + if rty='ac' then + ( + let < =XRES_star, =suci, =SNID > = msg2 in + // Open chains + + + +// in(~secureChan, <=~cid, =idSN, =~idHN, <'ac', >>); + let Sqn = SqnNext in + let CK = f3(~k, ~RAND) in + let IK = f4(~k, ~RAND) in + let AK = f5(~k, ~RAND) in + let K_seaf = KDF(KDF(, ), SNID) in + + let msgOut = <'confirm', ~supi> in + // Executability + event HSS_End(); + // Security properties + event Secret(<'HSS', ~idHN>, 'key', K_seaf); + event Commit(~idHN, idSN, <'HSS','SEAF', <'K_seaf', K_seaf>>); + event Commit(~idHN, idSN, <'HSS','SEAF', <'RES_star', XRES_star>>); + event Commit(~idHN, ~supi, <'HSS','UE', <'K_seaf', K_seaf>>); + event Commit(~idHN, ~supi, <'HSS','UE', <'RAND', ~RAND>>); + event Honest(~idHN); + event Honest(~supi); + event Honest(idSN); + // SndS(~cid, ~idHN, idSN, <'aca', msgOut>) + out(~secureChan, <~cid, ~idHN, idSN, <'aca', msgOut>>) + + ) + else if rty='resync' then + // RcvS(~cid, idSN, ~idHN, <'resync', msg>) + // 5G Authentication Synchronization message + // In this model, the HSS aborts after resync, and does NOT + // directly send the new AVs. Need to rerun the protocol. + // Sqn is only updated if needed. (recal that delta = infinity in this model) + ( + // insert ~sqn_root, count+'one'; + // unlock ~sqn_root; + lock ~sqn_root; + // Sqn_HSS(~supi, ~idHN, SqnHSS, ~sqn_root, count), + lookup ~sqn_root as count2:nat in + event CounterGS(~sqn_root,count2); + if count2 = count+'one' then + let SqnHSS = SqnNext in + in(count3:nat); + if count2 (<) count3 then + let SqnUE = <~sqn_root,count3> in + let <=~RAND, > = msg2 in + if sqnuexoredf5 = SqnUE XOR f5_star(~k, ~RAND) then + if f1s = f1_star(~k, ) then + +// in(~secureChan, <=~cid, =idSN, =~idHN, <'resync', <=~RAND, <=SqnUE XOR f5_star(=~k, =~3RAND), f1_star(=~k, <=SqnUE, =~RAND>) > > >>); + + + +// let <=SqnHSS, =SqnUE,=SqnUE > = in + + // Open chains + event Sqn_HSS_Invariance(~idHN, ~supi, ~sqn_root, count3); + event Sqn_HSS_Change(~sqn_root, count3); + // Executability + event HSS_Resync_End(count3); + insert ~sqn_root, count3; + // Sqn_HSS(~supi, ~idHN, SqnUE, ~sqn_root, count+dif) + unlock ~sqn_root + ) + +/************************************/ +/* Subscription Rules */ +/************************************/ +// Initialize the subscription +let addSub(~idHN,~sk_HN) = // HSS(~idHN, ~sk_HN) + new ~supi; + new ~k; new ~sqn_root; + // Restriction + event Subscribe(~supi, ~idHN); + + // Helper lemmas + event Sqn_Create(~supi, ~idHN, ~sqn_root); + event CreateUser(~supi, ~k, ~idHN); + // | Sqn_UE(~supi, ~idHN, ~sqn_root+'one', ~sqn_root, 'one'), + // Remark, we use ~supi as an identifier for the state Sqn_UE + + // | Sqn_HSS(~supi, ~idHN, ~sqn_root+'one', ~sqn_root, 'one')] + // Remark, we use ~sqn_root as an identifier for the state Sqn_HSS + insert ~sqn_root, 'one'; + insert ~supi, 'one'; + //!Ltk_Sym(~supi, ~idHN, ~k, ~sqn_root), + ( + // Compromised subscriptions (symmetric key k) + (event Rev(~supi, <'k', ~k>); event Rev(~idHN, <'k', ~k>); event RevId(~supi); event RevId(~idHN); + event Revk(); event Revk(); + out(~k)) + // Compromised subscriptions ("initial" counter sqn_root) + || (event Rev(~supi, <'sqn', ~sqn_root>); event Rev(~idHN, <'sqn', ~sqn_root>); event RevId(~supi); event RevId(~idHN); + event Revsqn(); event Revsqn(); + out(~sqn_root)) + // Compromised subscriptions (identifier supi) + || (event Rev(~supi, <'supi', ~supi>); event Rev(~idHN, <'supi', ~supi>); event RevId(~supi); event RevId(~idHN); + event Revsupi(); event Revsupi(); + out(~supi)) + // Compromised home network (private asymmetric key sqn_HN) + // Rk: this could be moved upper in the process + || (event Rev(~idHN, <'skHN', ~sk_HN>);event RevskHN(); event RevId(~idHN); out(~sk_HN)) + + || + // We only allow the Sqn to increase, as a decrease would + // trivially violate injectivity + ( + lock ~supi; + lookup ~supi as count:nat in + + event CounterGS(~supi,count); +// let Sqn:nat = ~sqn_root + count in +// in(m:nat); // Open chains + event Sqn_UE_Invariance(~supi, ~idHN, ~sqn_root, count+'one'); + // Helper lemmas + event Sqn_UE_Change(~supi, ~idHN, count+'one'); + // Executability + event Sqn_UE_Desync(); + + insert ~supi, count+'one'; + unlock ~supi + //Sqn_UE(~supi, ~idHN, Sqn+m, ~sqn_root, count+m) + ) + + + || // Attach Request + !Ue(~supi,~idHN,~k,~sqn_root,~idHN,pk(~sk_HN)) + || ! HSS(~idHN, ~sk_HN, ~supi, ~k, ~sqn_root,~secureChan) +) + + + +/************************************/ +/* Initialization Rules */ +/************************************/ +process: +new ~secureChan:channel; +( +( ! + in(~secureChan,<~cid,A,B,m>); + event Rev(B, 'secureChannel'); + event RevId(B); + event RevsecureChannel(); + out(<~cid,m>)) +|| + ( ! + in(<~cid,A,B,x>); + event Rev(A, 'secureChannel'); + event RevId(A); + event RevsecureChannel(); + event Injected(x); + out(~secureChan,<~cid,A,B,x>)) +|| + // Initialize a serving network + ( + new ~idSN; event ServNet(~idSN); + let SNID = <'FiveG', ~idSN> in + out(SNID); // SEAF(~idSN,SNDI) + ! Seaf(~idSN, ~secureChan) + ) +|| + // Initialize a home network + new ~sk_HN; new ~idHN; event HomeNet(~idHN); + out(<~idHN, pk(~sk_HN)>); + //!HSS(~idHN, ~sk_HN), !Pk(~idHN, pk(~sk_HN)) + addSub(~idHN,~sk_HN, ~secureChan) +) +// the subscribe once restriction is equivalent to not having a ! on top here + + + +/************************************/ +/* Restrictions / Axioms */ +/************************************/ + +restriction subscribe_once: + " All HN1 HN2 supi #i #j. Subscribe(supi, HN1)@i & Subscribe(supi, HN2)@j ==> (#i = #j & HN1 = HN2)" + + + +// restriction greater_or_equal_than: +// " All x y #i. Greater_Or_Equal_Than(x,y)@i ==> not (Ex z. x + z = y) " + +// Dummy lemma for timing info only. +lemma dummy: "not(F)" + +/************************************/ +/* Sources lemmas */ +/************************************/ + +// lemma idSource [sources]: +// " All IDHN #i. Id(IDHN)@i ==> (Ex #j. KU(IDHN)@j & j (Ex #j. Src(RAND, AUTN)@j & j < i) + | (Ex #j x1 x2. Injected(<'aia', >)@j & j < i) " + + + +// proof (automatic) (~1 sec) +// lemma sqn_ue_invariance [use_induction, sources,output=[spthy]]: +// " All supi HN Sqn sqn_root count #i. +// Sqn_UE_Invariance(supi, HN, Sqn, sqn_root, count)@i +// ==> sqn_root + count = Sqn" + +// // proof (automatic) (~1 sec) +// lemma sqn_hss_invariance [use_induction, sources,output=[spthy]]: +// " All HN supi Sqn sqn_root count #i. +// Sqn_HSS_Invariance(HN, supi, Sqn, sqn_root, count)@i +// ==> sqn_root + count = Sqn " + +// /************************************/ +// /* Helper lemmas */ +// /************************************/ + +// proof (automatic) (~1 sec) +lemma true_sqn_ue_src [use_induction, reuse, output=[spthy], heuristic=O]: + " All supi HN sqn_root count #i. + Sqn_UE_Invariance(supi, HN, sqn_root, count)@i + ==> (Ex #j. Sqn_Create(supi, HN, sqn_root)@j & j < i) " + +// proof (automatic) (~1 sec) +lemma true_sqn_hss_src [reuse, output=[spthy], heuristic=O]: + " All HN supi sqn_root count #i. + Sqn_HSS_Invariance(HN, supi, sqn_root, count)@i + ==> (Ex #j. Sqn_Create(supi, HN, sqn_root)@j & j < i) " + +// proof (automatic) (~2 min) +lemma true_sqn_ue_nodecrease [use_induction, reuse, output=[spthy], heuristic=O]: + " (All supi HN Sqni Sqnj #i #j. + (Sqn_UE_Change(supi, HN, Sqnj)@j & + Sqn_UE_Change(supi, HN, Sqni)@i & + i < j) ==> (Ex dif. Sqnj = Sqni + dif)) & + (All supi HN Sqni Sqnj #i #j. + (Sqn_UE_Change(supi, HN, Sqnj)@j & + Sqn_UE_Nochange(supi, HN, Sqni)@i & + i < j) ==> (Ex dif. Sqnj = Sqni + dif)) & + (All supi HN Sqni Sqnj #i #j. + (Sqn_UE_Nochange(supi, HN, Sqnj)@j & + Sqn_UE_Change(supi, HN, Sqni)@i & + i < j) ==> ((Sqnj = Sqni) | (Ex dif. Sqnj = Sqni + dif))) & + (All supi HN Sqni Sqnj #i #j. + (Sqn_UE_Nochange(supi, HN, Sqnj)@j & + Sqn_UE_Nochange(supi, HN, Sqni)@i & + i < j) ==> ((Sqnj = Sqni) | (Ex dif. Sqnj = Sqni + dif))) " + +// // proof (automatic) (~1 sec) + lemma true_sqn_ue_unique [reuse, hide_lemma=true_sqn_ue_src, hide_lemma=true_sqn_hss_src, output=[spthy], heuristic=O]: + " All supi HN Sqn #i #j. + Sqn_UE_Use(supi, HN, Sqn)@i & Sqn_UE_Use(supi, HN, Sqn)@j + ==> #i = #j " + + + + +// /************************************/ +// /* Executability lemmas */ +// /************************************/ + +// This lemma shows a normal execution without resync. +// executability_honest (exists-trace): verified (22 steps) +// real 0m29.966s +lemma false_executability_honest[output=[proverif]]: + "All #i. SEAF_End()@i ==> Ex X data #r. Rev(X,data)@r +" + +// This lemma shows a normal execution without resync. but with key confirmation +// executability_keyConf_honest (exists-trace): verified (24 steps) +// real 0m55.820s +lemma false_executability_keyConf_honest[output=[proverif]]: + "All #i. SEAF_EndConf()@i + ==> (Ex X data #r. Rev(X,data)@r) +" + +// +lemma false_executability_desync[output=[proverif]]: + " All dif #i. + HSS_Resync_End(dif)@i + ==> Ex X data #r. Rev(X,data)@r +" + +// +lemma false_executability_resync[output=[proverif]]: + " All #i2. + HSS_Resync_End('one'+'one'+'one'+'one')@i2 +==> +Ex X data #r. Rev(X,data)@r +" + +// // /********************************************/ +// // /* Agreement UE -> SEAF (before KC) */ +// // /********************************************/ + +// // // attack (stored) +lemma false_weakagreement_ue_seaf_noRev [hide_lemma=true_sqn_ue_nodecrease, hide_lemma=true_sqn_ue_src, hide_lemma=true_sqn_hss_src, output=[proverif]]: + " All a b t #i. Commit(a,b,<'UE','SEAF',t>)@i + ==> (Ex #j. RunningId(b, a)@j) + | (Ex #r1. RevId(a)@r1) + | (Ex #r2. RevId(b)@r2) + " + +// // /********************************************/ +// // /* Agreement UE -> SEAF (after KC) */ +// // /********************************************/ + +// attack (stored) +lemma false_weakagreement_ue_seaf_keyConf_noAsyKeyRev_noSupiRev_noSqnRev_noChanRev [hide_lemma=sqn_ue_nodecrease, hide_lemma=sqn_ue_src, hide_lemma=sqn_hss_src, output=[proverif]]: + " All a b t #i. CommitConf(a,b,<'UE','SEAF',t>)@i + ==> (Ex #j. RunningId(b, a)@j) + | (Ex #r1. RevsecureChannel()@r1) + | (Ex #r2. RevskHN()@r2 ) + | (Ex #r3. Revsqn()@r3 ) + | (Ex #r4. Revsupi()@r4) " + +// attack (stored) +lemma false_weakagreement_ue_seaf_keyConf_noAsyKeyRev_noSupiRev_noSqnRev_noKeyRev [hide_lemma=sqn_ue_nodecrease, hide_lemma=sqn_ue_src, hide_lemma=sqn_hss_src, output=[proverif]]: + " All a b t #i. CommitConf(a,b,<'UE','SEAF',t>)@i + ==> (Ex #j. RunningId(b, a)@j) + | (Ex #r1. Revk()@r1) + | (Ex #r2. RevskHN()@r2 ) + | (Ex #r3. Revsqn()@r3 ) + | (Ex #r4. Revsupi()@r4) " + + + +lemma true_injectiveagreement_ue_seaf_kseaf_keyConf_noKeyRev_noChanRev [hide_lemma=true_sqn_ue_src, hide_lemma=true_sqn_hss_src, hide_lemma=true_sqn_ue_nodecrease, output=[spthy], heuristic=O]: + " All a b t #i. CommitConf(a,b,<'UE','SEAF',<'K_seaf', t>>)@i + ==> (Ex #j. Running(b,a,<'UE','SEAF',<'K_seaf', t>>)@j + & j < i + & not (Ex a2 b2 #i2. CommitConf(a2,b2,<'UE','SEAF',<'K_seaf', t>>)@i2 + & not (#i2 = #i))) + | (Ex X key #r. Rev(X, <'k',key>)@r & Honest(X)@i) + | (Ex X #r. Rev(X, 'secureChannel')@r & Honest(X)@i) " + + +// // /********************************************/ +// // /* Agreement SEAF -> UE (before KC) */ +// // /********************************************/ + +// attack (stored) +lemma false_weakagreement_seaf_ue_noKeyRev_noAsyKeyRev_noSupiRev_noSqnRev [hide_lemma=sqn_ue_src, hide_lemma=sqn_hss_src, hide_lemma=sqn_ue_nodecrease, output=[proverif], heuristic=O]: + " All a b t #i. Commit(a,b,<'SEAF','UE',t>)@i + ==> (Ex #j. RunningId(b, a)@j) + | (Ex #r1. Revk()@r1) + | (Ex #r2. RevskHN()@r2 ) + | (Ex #r3. Revsqn()@r3 ) + | (Ex #r4. Revsupi()@r4) " + + +// attack (stored) +lemma false_weakagreement_seaf_ue_noAsyKeyRev_noSupiRev_noSqnRev_noChanRev [hide_lemma=sqn_ue_src, hide_lemma=sqn_hss_src, hide_lemma=sqn_ue_nodecrease, output=[proverif]]: + " All a b t #i. Commit(a,b,<'SEAF','UE',t>)@i + ==> (Ex #j. RunningId(b, a)@j) + | (Ex #r1. RevsecureChannel()@r1) + | (Ex #r2. RevskHN()@r2 ) + | (Ex #r3. Revsqn()@r3 ) + | (Ex #r4. Revsupi()@r4) " + + +lemma true_injectiveagreement_seaf_ue_kseaf_noKeyRev_noChanRev [hide_lemma=true_sqn_ue_src, hide_lemma=true_sqn_hss_src, hide_lemma=true_sqn_ue_nodecrease, output=[spthy], heuristic=O]: + " All a b t #i. Commit(a,b,<'SEAF','UE',<'K_seaf', t>>)@i + ==> (Ex #j. Running(b,a,<'SEAF','UE',<'K_seaf', t>>)@j + & j < i + & not (Ex a2 b2 #i2. Commit(a2,b2,<'SEAF','UE',<'K_seaf', t>>)@i2 + & not (#i2 = #i))) + | (Ex X key #r. Rev(X, <'k',key>)@r & Honest(X)@i) + | (Ex X #r. Rev(X, 'secureChannel')@r & Honest(X)@i) " + + +// // /********************************************/ +// // /* Agreement SEAF -> UE (after KC) */ +// // /********************************************/ + +// attack (stored) +lemma false_weakagreement_seaf_ue_KeyConf_noKeyRev_noAsyKeyRev_noSupiRev_noSqnRev [hide_lemma=sqn_ue_src, hide_lemma=sqn_hss_src, hide_lemma=sqn_ue_nodecrease, output=[proverif]]: + " All a b t #i. CommitConf(a,b,<'SEAF','UE',t>)@i + ==> (Ex #j. RunningId(b, a)@j) + | (Ex #r1. Revk()@r1) + | (Ex #r2. RevskHN()@r2 ) + | (Ex #r3. Revsqn()@r3 ) + | (Ex #r4. Revsupi()@r4) " + +// attack (stored) +lemma false_weakagreement_seaf_ue_KeyConf_noChanRev_noAsyKeyRev_noSupiRev_noSqnRev [hide_lemma=sqn_ue_src, hide_lemma=sqn_hss_src, hide_lemma=sqn_ue_nodecrease, output=[proverif]]: + " All a b t #i. CommitConf(a,b,<'SEAF','UE',t>)@i + ==> (Ex #j. RunningId(b, a)@j) + | (Ex #r1. RevsecureChannel()@r1) + | (Ex #r2. RevskHN()@r2 ) + | (Ex #r3. Revsqn()@r3 ) + | (Ex #r4. Revsupi()@r4) " + + +lemma true_injectiveagreement_seaf_ue_kseaf_keyConf_noKeyRev_noChanRev [hide_lemma=true_sqn_ue_src, hide_lemma=true_sqn_hss_src, hide_lemma=true_sqn_ue_nodecrease,output=[spthy], heuristic=O]: + " All a b t #i. CommitConf(a,b,<'SEAF','UE',<'K_seaf', t>>)@i + ==> (Ex #j. Running(b,a,<'SEAF','UE',<'K_seaf', t>>)@j + & j < i + & not (Ex a2 b2 #i2. CommitConf(a2,b2,<'SEAF','UE',<'K_seaf', t>>)@i2 + & not (#i2 = #i))) + | (Ex X key #r. Rev(X, <'k',key>)@r & Honest(X)@i) + | (Ex X #r. Rev(X, 'secureChannel')@r & Honest(X)@i) " + + + +lemma gsverif_sqn_hss_nodecrease [use_induction, reuse, output=[spthy], heuristic=O]: + " (All supi Sqni Sqnj #i #j. + (Sqn_HSS_Change(supi, Sqnj)@j & + Sqn_HSS_Change(supi, Sqni)@i & + i < j) ==> (Ex dif. Sqnj = Sqni + dif)) " + + +lemma gsverif_intermediate [use_induction, reuse,hide_lemma=true_sqn_ue_src, hide_lemma=true_sqn_hss_src, output=[spthy], heuristic=O]: + " (All supi Sqni Sqnj #i #j. + (Sqn_HSS_Change(supi, Sqnj)@j & + Sqn_HSS_Change(supi, Sqni)@i) + ==> (#i = #j) | (not (Sqnj = Sqni)) ) " + + + + + + lemma gsverif_lemma [reuse, hide_lemma=gsverif_sqn_hss_nodecrease, hide_lemma=true_sqn_ue_src, hide_lemma=true_sqn_hss_src, output=[spthy], heuristic=O]: + " All x y #i #j. + CounterGS(x,y)@i & CounterGS(x,y)@j + ==> #i = #j " + +end diff --git a/examples/sapic/export/5G_AKA/oracle b/examples/sapic/export/5G_AKA/oracle new file mode 100755 index 000000000..b75b79f78 --- /dev/null +++ b/examples/sapic/export/5G_AKA/oracle @@ -0,0 +1,468 @@ +#!/usr/bin/python3 + +import re +import os +import sys +debug = True + +lines = sys.stdin.readlines() +lemma = sys.argv[1] + +# INPUT: +# - lines contain a list of "%i:goal" where "%i" is the index of the goal +# - lemma contain the name of the lemma under scrutiny +# OUTPUT: +# - (on stdout) a list of ordered index separated by EOL + + +rank = [] # list of list of goals, main list is ordered by priority +maxPrio = 111 +for i in range(0,maxPrio): + rank.append([]) + +# SOURCES AND REUSE LEMMAS + +# if lemma == "sqn_ue_invariance" or \ +# lemma == "sqn_hss_invariance" or \ +# lemma == "sqn_ue_src" or \ +# lemma == "sqn_hss_src": +# for line in lines: +# num = line.split(':')[0] +# if re.match('.*L_PureState\(.*', line): rank[90].append(num) +# elif re.match('.*State_1211111111111111112111\(.*', line): rank[95].append(num) +# elif re.match('.*State_12111111111111111121\(.*', line): rank[95].append(num) +# elif re.match('.*St_1_HSS\(.*', line): rank[95].append(num) + + # pri 2. solve( State_12111111111111111121 @last over L_Pure + + +# Prio order: +# vr .*', line): rank[80].append(num) +# elif re.match('.*Sec\(.*', line): rank[50].append(num) +# elif re.match('.*RcvS\( ~idSN.*', line): rank[48].append(num) +# elif re.match('.*RcvS\(.*', line): rank[47].append(num) +# elif ("noKeyRev" in lemma and re.match('.*!KU\( f1\(.*', line)): rank[46].append(num) +# elif ("noKeyRev" in lemma and re.match('.*Sqn_HSS\(.*', line)): rank[45].append(num) +# elif re.match('.*!KU\( \(f5\(.*', line) or \ +# re.match('.*!KD\( \(f5\(.*', line): rank[44].append(num) +# elif re.match('.*!Ltk_Sym\(.*', line): rank[40].append(num) +# elif re.match('.*!KU\( f4\(.*', line): rank[30].append(num) +# elif re.match('.*St_2_SEAF\(.*', line): rank[25].append(num) +# elif re.match('.*St_1_HSS\(.*', line): rank[25].append(num) +# elif re.match('.*!KU\( KDF\(.*', line): rank[22].append(num) +# elif re.match('.*!KU\( ~RAN.*', line): rank[20].append(num) +# elif re.match('.*!KU\( ~sup.*', line): rank[10].append(num) +# elif re.match('.*!KU\( f1\(.*', line): rank[8].append(num) +# elif re.match('.*Sqn_HSS\(.*', line): rank[7].append(num) +# elif re.match('.*!KU\( aenc\(.*', line): rank[6].append(num) +# elif re.match('.*!KU\( ~sup.*', line): rank[5].append(num) +# elif re.match('.*!KU\( ~sk.*', line): rank[4].append(num) + +# elif lemma == "weakagreement_ue_seaf_noRev": +# for line in lines: +# num = line.split(':')[0] +# if re.match('.*!KU\( ~k.*', line): rank[100].append(num) +# elif re.match('.*Sqn_HSS\(.*~sqn_root, ~sqn_root.*', line): rank[99].append(num) +# elif re.match('.*Sqn_HSS\(.*,.*,.*,.*,.* ~.*', line): rank[99].append(num) +# elif re.match('.*!HSS\(.*', line): rank[98].append(num) +# elif re.match('.*!KU\( f5\(.*', line) or \ +# re.match('.*!KU\( f5_star\(.*', line): rank[90].append(num) +# elif re.match('.*!KU\( ~sqn_root.*', line): rank[85].append(num) +# elif re.match('.*St_1_UE\(.*', line): rank[84].append(num) +# elif re.match('.*St_2_UE\(.*', line): rank[84].append(num) +# elif re.match('.*St_3_SEAF\(.*', line): rank[84].append(num) +# elif re.match('.*Sqn_UE\(.*', line): rank[84].append(num) +# elif re.match('.*~~>.*', line): rank[80].append(num) +# elif re.match('.*RcvS\( ~idSN.*', line): rank[47].append(num) +# elif re.match('.*RcvS\(.*', line): rank[46].append(num) +# elif re.match('.*!KU\( \(f5\(.*', line) or \ +# re.match('.*!KD\( \(f5\(.*', line): rank[45].append(num) +# elif re.match('.*!Ltk_Sym\(.*', line): rank[40].append(num) +# elif re.match('.*!KU\( f4\(.*', line): rank[30].append(num) +# elif re.match('.*St_2_SEAF\(.*', line): rank[25].append(num) +# elif re.match('.*St_1_HSS\(.*', line): rank[25].append(num) +# elif re.match('.*!KU\( KDF\(.*', line): rank[22].append(num) +# elif re.match('.*!KU\( ~RAN.*', line): rank[20].append(num) +# elif re.match('.*!KU\( ~sup.*', line): rank[10].append(num) +# elif re.match('.*!KU\( f1\(.*', line): rank[8].append(num) +# elif re.match('.*!KU\( aenc\(.*', line): rank[6].append(num) +# elif re.match('.*!KU\( ~sup.*', line): rank[5].append(num) +# elif re.match('.*!KU\( ~sk.*', line): rank[4].append(num) + +elif lemma == "true_injectiveagreement_seaf_ue_kseaf_noKeyRev_noChanRev": + for line in lines: + num = line.split(':')[0] + if re.match('.*!KU\( ~k.*', line): rank[100].append(num) + elif re.match('.*!KU\( ~sk_HN.*', line): rank[99].append(num) +# elif re.match('.*L_CellLocked.*', line): rank[99].append(num) +# elif re.match('.*L_PureState\(.*~sqn_root.*', line): rank[99].append(num) +# elif re.match('.*Sqn_HSS\(.*,.*,.*,.*,.* ~.*', line): rank[99].append(num) + elif re.match('.*!KU\( f3\(~k,.*', line) : rank[95].append(num) +# elif re.match('.*St_2_UE\(.*', line): rank[92].append(num) + elif re.match('.*Commit\(.*', line): rank[93].append(num) + elif re.match('.*CommitConf\(.*', line): rank[92].append(num) +# elif re.match('.*!KU\( f5\(.*', line) or \ +# re.match('.*!KU\( f5_star\(.*', line): rank[90].append(num) +# elif re.match('.*!KU\( ~sqn_root.*', line): rank[89].append(num) + + elif re.match('.*State_11211111111111111111111111\(.*', line): rank[94].append(num) + + elif re.match('.*!KU\( KDF\( f1 + elif re.match('.*Message\( ~secureChan,.*<~k, .*\'air\'.*', line): rank[80].append(num) + elif re.match('.*Message\(.*\'aia\'.*SHA.*', line): rank[80].append(num) + + elif re.match('.*State_12111111111111111212111111111111111111111111111111111\(.*#vr.40.*', line): rank[94].append(num) + elif re.match('.*State_12111111111111111212111111111111111111111111111111111\(.*#vr.57.*', line): rank[94].append(num) + elif re.match('.*State_12111111111111111212111111111111111111111111111111111\(.*#vr.48.*', line): rank[94].append(num) + elif re.match('.*State_12111111111111111212111111111111111111111111111111111\(.*#vr.53.*', line): rank[94].append(num) + elif re.match('.*State_12111111111111111212111111111111111111111111111111111\(.*#vr.34.*', line): rank[94].append(num) + elif re.match('.*Message\( ~secureChan,.*<~k, .*\'ac\'.*', line): rank[74].append(num) + elif re.match('.*cid,.*\'ac\'.*', line): rank[73].append(num) + elif re.match('.*cid,.*\'aia\'.*vr.20.*', line): rank[72].append(num) + elif re.match('.*cid,.*\'aia\'.*vr.17.*', line): rank[72].append(num) +# elif re.match('.*cid,.*\'aia\'.*vr.22.*', line): rank[70].append(num) + elif re.match('.*cid,.*\'air\'.*', line): rank[71].append(num) +elif lemma == "true_injectiveagreement_seaf_ue_kseaf_keyConf_noKeyRev_noChanRev": + for line in lines: + num = line.split(':')[0] + if re.match('.*!KU\( ~k.*', line): rank[100].append(num) + elif re.match('.*!KU\( ~sk_HN.*', line): rank[99].append(num) +# elif re.match('.*L_CellLocked.*', line): rank[99].append(num) +# elif re.match('.*L_PureState\(.*~sqn_root.*', line): rank[99].append(num) +# elif re.match('.*Sqn_HSS\(.*,.*,.*,.*,.* ~.*', line): rank[99].append(num) + elif re.match('.*!KU\( f3\(~k,.*', line) : rank[95].append(num) +# elif re.match('.*St_2_UE\(.*', line): rank[92].append(num) + elif re.match('.*Commit\(.*', line): rank[93].append(num) + elif re.match('.*CommitConf\(.*', line): rank[92].append(num) +# elif re.match('.*!KU\( f5\(.*', line) or \ +# re.match('.*!KU\( f5_star\(.*', line): rank[90].append(num) +# elif re.match('.*!KU\( ~sqn_root.*', line): rank[89].append(num) + elif re.match('.*State_112111111111111111111111\(.*', line): rank[94].append(num) + + elif re.match('.*!KU\( KDF\( f1 + elif re.match('.*Message\( ~secureChan,.*<~k, .*\'air\'.*', line): rank[80].append(num) + elif re.match('.*Message\(.*\'aia\'.*SHA.*', line): rank[80].append(num) + elif re.match('.*State_1121111111111111111111111111111111111111111\(.*#i2', line): rank[95].append(num) + + elif re.match('.*State_12111111111111111212111111111111111111111111111111111\(.*', line): rank[94].append(num) + elif re.match('.*State_1211111111111111121211111111111111111111111111111\(.*#vr.57.*', line): rank[94].append(num) + elif re.match('.*State_1211111111111111121211111111111111111111111111111\(.*#vr.48.*', line): rank[94].append(num) + elif re.match('.*State_1211111111111111121211111111111111111111111111111\(.*#vr.53.*', line): rank[94].append(num) + elif re.match('.*State_1211111111111111121211111111111111111111111111111\(.*#vr.34.*', line): rank[94].append(num) + elif re.match('.*Message\( ~secureChan,.*<~k, .*\'ac\'.*', line): rank[74].append(num) + elif re.match('.*cid,.*\'ac\'.*', line): rank[73].append(num) + elif re.match('.*cid,.*\'aia\'.*vr.20.*', line): rank[72].append(num) + elif re.match('.*cid,.*\'aia\'.*vr.17.*', line): rank[72].append(num) +# elif re.match('.*cid,.*\'aia\'.*vr.22.*', line): rank[70].append(num) + elif re.match('.*cid,.*\'air\'.*', line): rank[71].append(num) +#Old +# if re.match('.*!KU\( ~k.*', line): rank[100].append(num) + +# elif re.match('.*Sqn_HSS\(.*~sqn_root, ~sqn_root.*', line): rank[99].append(num) +# elif re.match('.*Sqn_HSS\(.*,.*,.*,.*,.* ~.*', line): rank[99].append(num) +# elif re.match('.*!HSS\(.*', line): rank[98].append(num) +# elif re.match('.*!KU\( f3\(~k,.*', line) : rank[95].append(num) +# elif re.match('.*RcvS\( ~k,.*\'air\'.*', line): rank[95].append(num) +# elif re.match('.*RcvS\( ~sqn_root.*', line): rank[95].append(num) +# elif re.match('.*RcvS\( ~sk_HN.*', line): rank[95].append(num) +# elif re.match('.*RcvS\( ~supi.*', line): rank[95].append(num) +# elif re.match('.*Commit\(.*', line): rank[80].append(num) +# elif re.match('.*CommitConf\(.*', line): rank[80].append(num) +# elif re.match('.*St_3_SEAF\(.*', line): rank[79].append(num) +# elif re.match('.*St_4_SEAF\(.*', line): rank[79].append(num) +# elif re.match('.*!KU\( KDF\(.*', line): rank[92].append(num) + # elif re.match('.*!Ltk_Sym\(.*', line): rank[90].append(num) + # elif re.match('.*RcvS\(.*', line): rank[70].append(num) + # elif re.match('.*!KU\( KDF\(.*', line): rank[60].append(num) + # elif re.match('.*!KU\( f3\(.*', line): rank[50].append(num) + # elif re.match('.*!KU\( f1_star\(.*', line): rank[40].append(num) + # elif re.match('.*!KU\( f1\(.*', line): rank[30].append(num) + # elif re.match('.*!KU\( \(f5\(.*', line): rank[20].append(num) + # elif re.match('.*!KD\( \(f5\(.*', line): rank[20].append(num) + # elif re.match('.*!KU\( \(f5_star\(.*', line): rank[20].append(num) + # elif re.match('.*!KD\( \(f5_star\(.*', line): rank[20].append(num) +elif lemma == "executability_resync": + for line in lines: + num = line.split(':')[0] + if re.match('.*!KU\( ~k.*', line): rank[109].append(num) + if re.match('.*!KU\( ~sk_HN.*', line): rank[109].append(num) + elif re.match('.*L_CellLocked.*~.*~', line): rank[99].append(num) + elif re.match('.*!KU\( \(f5_star\(.*', line): rank[100].append(num) + elif re.match('.*=.*=.*', line): rank[98].append(num) + elif re.match('.*<.*=.*', line): rank[97].append(num) + elif re.match('.*!KU\( f1_star\(.*', line): rank[101].append(num) + elif re.match('.*!KU\( f1\(~k.*', line): rank[101].append(num) + elif re.match('.*!KU\( KDF\(.*', line): rank[10].append(num) + elif re.match('.*Message\(.*', line): rank[99].append(num) + elif re.match('.*HSS_Resync_End\(.*', line): rank[96].append(num) + elif re.match('.*State_121111111111111112121111111111111111111111111\(.*', line): rank[101].append(num) +# elif re.match('.*!KU\( f5_star\(.*', line): rank[87].append(num) +# elif re.match('.*!KU\( f1\(.*', line): rank[86].append(num) + elif re.match('.*!KU\( f3\(.*', line): rank[85].append(num) + elif re.match('.*!KU\( f5\(~k.*', line): rank[84].append(num) +# elif re.match('.*!KU\( ~sqn_root.*', line): rank[83].append(num) + elif re.match('.*!KU\( KDF\(.*', line): rank[72].append(num) + elif re.match('.*!KU\( \(f5\(.*', line): rank[60].append(num) + elif re.match('.*!KD\( \(f5\(.*', line): rank[60].append(num) + elif re.match('.*!KD\( \(f5_star\(.*', line): rank[40].append(num) + + +else: + exit(0) + +# Ordering all goals by ranking (higher first) +for listGoals in reversed(rank): + for goal in listGoals: + sys.stderr.write(goal) + print(goal) diff --git a/examples/sapic/export/ExistingSapicModels/AC.spthy b/examples/sapic/export/ExistingSapicModels/AC.spthy new file mode 100644 index 000000000..13a131ac4 --- /dev/null +++ b/examples/sapic/export/ExistingSapicModels/AC.spthy @@ -0,0 +1,63 @@ +theory AttestedComputation + +/* + + This example works with both Proverif (GSVerif) and Tamarin. + +*/ + +begin + +builtins: locations-report + +functions: prog/3,list/2 +heuristic: S + +options: enableStateOpt + +predicates: +Report(x,y) <=> not (y= 'loc') + +let r = // The remote server who runs the code + (lock state; lookup state as lio in + event Read(lio); + in(i); new r; + + // A + let o = prog(r,i,lio) in // computation of the new output + let x = report () in // report call of the IEE + event Remote(,'loc'); + out(); + + insert state,list(o,list(i,lio)); + unlock state + )@'loc' + + +let v = // The verifier + in(); + lock state2; lookup state2 as lio in + event Read(lio); + if = check_rep(r,'loc') then // verification of the validity of the report + (event Local(,'loc'); + insert state2,list(o,list(i,lio)); + unlock state2) + else (insert state2,lio; unlock state2) + +process: + ( !(new state; insert state,'init'; !r) || !(new state2; insert state2,'init'; !v) ) + + +lemma can_run_v: //for sanity + exists-trace + "Ex #i m . Local(m,'loc')@i" + +lemma simp[reuse]: + "All #i m . KU(rep(m,'loc'))@i ==> (Ex #j . Remote(m,'loc')@j)" + + +// Attested computation theorem +lemma attested_comput: + "All #i m . Local(m,'loc')@i ==> (Ex #j . Remote(m,'loc')@j)" + +end diff --git a/examples/sapic/slow/feature-locations/AC_counter_with_attack.spthy b/examples/sapic/export/ExistingSapicModels/AC_counter_with_attack.spthy similarity index 93% rename from examples/sapic/slow/feature-locations/AC_counter_with_attack.spthy rename to examples/sapic/export/ExistingSapicModels/AC_counter_with_attack.spthy index 7b901a194..59702c6b5 100644 --- a/examples/sapic/slow/feature-locations/AC_counter_with_attack.spthy +++ b/examples/sapic/export/ExistingSapicModels/AC_counter_with_attack.spthy @@ -1,5 +1,7 @@ theory AC_counter +// Both Proverif and Tamarin finds the attack in a few seconds + begin builtins: locations-report @@ -8,6 +10,8 @@ functions: prog/3,null/0,succ/1,list/2 heuristic:S +options: enableStateOpt + predicates: Report(x,y) <=> not (y= 'l') @@ -37,9 +41,12 @@ let v = // The verifier + +process: ( !(new state; insert state,<'init',null()>;!r) || !(new state; insert state,<'init',null()>; !v) ) + /* lemma can_run_v: //for sanity exists-trace diff --git a/examples/sapic/export/ExistingSapicModels/AC_sid_with_attack.spthy b/examples/sapic/export/ExistingSapicModels/AC_sid_with_attack.spthy new file mode 100644 index 000000000..e4f8ed11d --- /dev/null +++ b/examples/sapic/export/ExistingSapicModels/AC_sid_with_attack.spthy @@ -0,0 +1,63 @@ +theory AC_sid + +// In this example, instead of passing along a hash of all the inputss and outputs +// The server only has a session identifier. + +// Tamarin takes a long time, Proverif says cannot be proved + +begin + +//options: enableStateOpt + +builtins: locations-report + +functions: prog/3,list/2 + +heuristic:p + +predicates: +Report(x,y) <=> not (y= 'l') + +let r = // The remote server who runs the code + (new sid; + let r_sid = report (sid) in + out(); + + !(lock state; lookup state as ipo in + in(ip); new r; let o = prog(r,ip,ipo) in // computation of the new output + let x = report () in // report call of the IEE + event Poutput(); + out(); + insert state,; + unlock state))@'l' + + +let v = // The verifier + in(); + if sid = check_rep(r_sid,'l') then + + !(lock state; lookup state as ipo in + in(ip); in(); + if = check_rep(signedios,'l') then // verification of the validity of the report + (event Voutput(); + insert state,; + unlock state) + else + event Fail()) + + +process: +new init; + ( !(new state; insert state,init; !r) || !(new state; insert state,init; !v) ) + +/* +lemma can_run_v: //for sanity + exists-trace + "Ex #t h .Voutput(h)@t" +*/ + +// Attested computation theorem +lemma attested_comput: + "All #t1 h . Voutput(h)@t1 ==> (Ex #t2 . Poutput(h)@t2 & t2)=x + +predicates: Report(x,y) <=> not(first(y) = 'loc') + + +let r= // IEE sides + in(pkV); + !( // For every pk received, an instance is launched at the corresponding trusted location + new k; + event SessionP(pkV,k); + let signed = report(aenc(k,pkV)) in + event Poutput(aenc(k,pkV),signed); + out() + )@<'loc',pkV> + + + +let v = // Initiator of the Key Exchange + new skV:skey; + event HonestP(pk(skV), 'pubkey'); + out(pk(skV)); // publish its public keys + in(); // receives the shared key and checks the report + let k = adec(cypher,skV) in + event Test(); + if cypher = check_rep(signed,<'loc',pk(skV)>) then + (event Voutput(aenc(k,pk(skV)),signed); + event SessionV(pk(skV),k) + + ) + + + +process: +( (!r) || (!v)) + +/* First some auxilliary lemmas, for sanity or to help in other proofs */ + + +lemma can_run_p: //for sanity + exists-trace + "Ex #t h1 h2 .Poutput(h1,h2)@t" + + +lemma can_run_v: //for sanity + exists-trace + "Ex #t h1 h2 .Voutput(h1,h2)@t" + + lemma sanity1: //make sure that a valid protocol run exists + exists-trace + "Ex pka k #t1 . SessionP(pka,k)@t1" + + lemma sanity2: + exists-trace + "Ex pka k #t1 . SessionV(pka,k)@t1" + + + lemma sanity3[reuse]: + "All pka k #t1 . SessionV(pka,k)@t1 ==> Ex #t2. SessionP(pka,k)@t2 & t2 not( y = 'loc') + +let user = + in(pc,code); // Side channel verification (sms,phone call) + event ProvU(code); + out(cde(code)); + !( new fr; event AskU(pw,fr); // Password requests + out(cu,)) + + +let enclave = + + (new shared_k; event SessionP(pk(skV),shared_k);let signed=report( aenc(shared_k, pk(skV))) in + out(shared()); // Key exchange with the server + in(cdcode); + let code = dcde(cdcode) in + event ProvE(code); // reception of an attested code of the user + out(dscode(senc(code,shared_k))); +// in(sko(senc(kOTP,=shared_k))); + in(skosenc); + let dssenc = dsko(skosenc) in + let kOTP = sdec(dssenc,shared_k) in + !(in(cu,<=pw,fr>); + in(cypher); + let challenge = sdec(cypher,shared_k) in +// in(senc(challenge, =shared_k)); + event Ask(pw,challenge,fr,shared_k); out() // transformation of password request into OTP + ) + )@'loc' + +let server = +// in(shared()); + in(share); + let mess = dshared(share) in + let = mess in + let shared_k = adec(cypher,skV) in + if aenc(shared_k, pk(skV))=check_rep(signed,'loc') then + ( event SessionV(pk(skV),shared_k);new code; out(pc,code); // Establish a secure channel + in(sccypher); + let cypher2 = dscode(sccypher) in + let codeb = sdec(cypher2, shared_k) in + if codeb = code then +// in(scode(senc(=code,=shared_k))); + event ProvS(code); // secure channel validated by side channel + new kOTP; out(sko(senc(kOTP,shared_k))); + !(new challenge; event Chall(challenge,shared_k);out(senc(challenge, shared_k)); // challenge emission + + // in(); + in(hashed); + if hashed = then + event Accept(pw, challenge) // Validation of OTP + ) + ) + else (0) + +process: +new skV; new pc:channel; new cu:channel; new pw; event Chan(cu); event Chan(pc); out(pw); event Key(skV);out(pk(skV));(!server||!user || !enclave) + + +lemma reachV: + exists-trace + "Ex pka k #t1 . SessionV(pka,k)@t1" + + +lemma secrecy_key[reuse]: + "not ( + Ex k #t1 #t2 . + Key(k)@t1 + & KU(k)@t2 + + )" + +lemma key_ex[reuse]: + "All pka k #t1 . SessionV(pka,k)@t1 ==> Ex #t2. SessionP(pka,k)@t2 & t2 #t1=#t2" + + +lemma secrecy_chall[reuse]: + "not ( + Ex pw chal fr k #t1 #t2 . + Ask(pw,chal,fr,k)@t1 + & KU(chal)@t2 + + )" + + +lemma valid[reuse]: + "All #t1 pw ch . Accept(pw, ch) @ t1 ==> Ex #t2 #t3 fr k. Ask(pw,ch,fr,k)@t2 & AskU(pw,fr)@t3 & #t2<#t1 " + + +lemma unic_2[reuse]: +"All #t1 #t2 pw ch fr k. Ask(pw,ch,fr,k)@t1 & Ask(pw,ch,fr,k)@t2 ==> #t1=#t2" + + +#ifdef FULL + +lemma valid_final: + "All #t1 pw ch. Accept(pw, ch) @ t1 ==> + Ex #t2 #t3 fr k. Ask(pw,ch,fr,k) @ t2 & AskU(pw,fr)@t3 & #t2< #t1 & #t3<#t2 + & not (Ex #t5 . Ask(pw,ch,fr,k)@t5 & not(#t2=#t5) ) + & not (Ex #t6. AskU(pw,fr)@t6 & not(#t3=#t6))" + +#endif + +end diff --git a/examples/sapic/export/ExistingSapicModels/nsl-no_as-untagged.spthy b/examples/sapic/export/ExistingSapicModels/nsl-no_as-untagged.spthy new file mode 100644 index 000000000..dd71a2810 --- /dev/null +++ b/examples/sapic/export/ExistingSapicModels/nsl-no_as-untagged.spthy @@ -0,0 +1,156 @@ +theory NeedhamSchroeder + +/* + * Protocol: Needham Schroeder Lowe for Secret Establising, without + * Server + * + * Tamarin status : sanity1 and sanity2, < 1 sec + * source lemma, < 2 sec on cluster + * secrecy, 1 min on cluster + * tamarin-prover nsl-no_as-untagged.spthy --prove + * Proverif status : < 1 sec + tamarin-prover nsl-no_as-untagged.spthy -m=proverif > nsl-reach.pv; proverif nsl-reach.pv + Proverif cannot be proved on: + tamarin-prover nsl-no_as-untagged.spthy -m=proverifequiv > nsl-ind.pv; proverif nsl-ind.pv + + + DeepSec proves strong secrecy in a second + tamarin-prover nsl-no_as-untagged.spthy -m=deepsec > nsl-ind.dps; deepsec nsl-ind.dps + + */ + +begin + +functions: pk/1, aenc/2, adec/2[destructor] + +equations: adec(aenc(m,pk(sk)),sk)=m + +let P(skA)= event HonestA(pk(skA)); + out(pk(skA)); + !( in(pkB); + new Na; + event OUT_I_1(aenc(,pkB)); + out(aenc( ,pkB)); + in(cypher); + let mess = adec(cypher,skA) in + let <=Na,xNb,=pkB> = mess in + event IN_I_2_nr(xNb,aenc(,pk(skA))); + new k; + event OUT_I_2(aenc(,pkB)); + out(aenc(,pkB)); + event SessionA(pk(skA),pkB,k) + ) + +let Q(skB) = + in(cypher1); + let mess1 = adec(cypher1,skB) in + let = mess1 in + event IN_R_1_ni(xNa,aenc(,pk(skB))); + new Nb; + event OUT_R_1(aenc(,pkA)); + out(aenc(,pkA)); + in(cypher2); + let mess2 = adec(cypher2,skB) in + let <=Nb,xk> = mess2 in + event SessionB(pkA,pk(skB),xk) + + +let Qleak(skB,Nb,token,pkA) = + in(cypher1); + let mess1 = adec(cypher1,skB) in + let = mess1 in + out(aenc(,pkA)); + in(cypher2); + let mess2 = adec(cypher2,skB) in + let <=Nb,xk> = mess2 in + event SessionB(pkA,pk(skB),xk); + out(token) + + + + + +process: +! ( new skA; P(skA) +) +|| +! ( new skB; event HonestB(pk(skB)); + out(pk(skB)); ! Q(skB) +) + + + +lemma source [sources, reuse, output=[msr]]: + " (All ni m1 #i. + IN_R_1_ni( ni, m1) @ i + ==> + ( (Ex #j. KU(ni) @ j & j < i) + | (Ex #j. OUT_I_1( m1 ) @ j) + | (Ex #j. OUT_I_2( m1 ) @ j) + ) + ) + & (All nr m2 #i. + IN_I_2_nr( nr, m2) @ i + ==> + ( (Ex #j. KU(nr) @ j & j < i) + | (Ex #j. OUT_R_1( m2 ) @ j) + ) + ) +" +lemma secrecy[reuse, output=[proverif,msr]]: + "not ( + Ex pka pkb k #t1 #t2 #i1 #i2. + SessionA(pka,pkb,k)@t1 + & KU(k)@t2 + & HonestA(pka)@i1 + & HonestB(pkb)@i2 + )" + +lemma sanity1: //make sure that a valid protocol run exists + exists-trace + "Ex pka pkb k #t1 . SessionA(pka,pkb,k)@t1" + +lemma sanity2: + exists-trace + "Ex pka pkb k #t1 . SessionB(pka,pkb,k)@t1" + + + +equivLemma: + + ( new skA; ( !( P(skA)) +| + ( new skB; + out(att,pk(skB)); ! ( new Nb; new test; Qleak(skB,Nb,test,pk(skA))) ) +)) + + ( new skA; ( !( P(skA)) +| + ( new skB; + out(att,pk(skB)); ! ( new Nb; new test; Qleak(skB,Nb,Nb,pk(skA))) ) +)) + + +/* +The source lemma bellow was true in the pattern matching based version, but is not in the new version. +Indeed, IN_R_1_ni may in fact accept messages either from the first or the second output of I, as they both have the same shape. + +lemma source [sources, reuse]: + " (All ni m1 #i. + IN_R_1_ni( ni, m1) @ i + ==> + ( (Ex #j. KU(ni) @ j & j < i) + | (Ex #j. OUT_I_1( m1 ) @ j) + ) + ) + & (All nr m2 #i. + IN_I_2_nr( nr, m2) @ i + ==> + ( (Ex #j. KU(nr) @ j & j < i) + | (Ex #j. OUT_R_1( m2 ) @ j) + ) + ) +" +*/ + +end diff --git a/examples/sapic/export/KEMTLS/kemtls-clientauth.spthy b/examples/sapic/export/KEMTLS/kemtls-clientauth.spthy new file mode 100644 index 000000000..4a178a7b7 --- /dev/null +++ b/examples/sapic/export/KEMTLS/kemtls-clientauth.spthy @@ -0,0 +1,235 @@ +theory KEMTLS + +/* + * Protocol: KEM TLS + proposed in CCS20, Post-quantum TLS without handshake signatures + Peter Schwabe, Douglas Stebila, Thom Wiggers. + + Client authentication version -> the client only authenticates with a server that he knows. + + Proverif : few seconds + tamarin-prover kemtls-clientauth.spthy -m=proverif > kem-reach.pv; proverif kem-reach.pv + tamarin-prover kemtls-clientauth.spthy -m=proverifequiv > kem-ind.pv; proverif kem-ind.pv + + Tamarin : 20 minutes on 64 core server + tamarin-prover kemtls-clientauth.spthy --prove + + + Unlinkability proved: + * Deepsec : 2 sessions - a second + 3 sessions - 4 min on 64 core server + + tamarin-prover kemtls-clientauth.spthy -m=deepsec > kem-ind.ds; deepsec kem-ind.ds + + +*/ + +begin + +functions: senc/2, sdec/2[destructor], kempk/1, kemenc/2, kemdec/2[destructor], hkdfext/2, hkdfexp/3, htrans/1, cert/1[private],getcert/1[destructor], hmac/2 + +equations: sdec(senc(m,sk),sk)=m, kemdec( kemenc(m,kempk(sk)) ,sk) = m, getcert(cert(m))=m + + +let P(~skP,desiredpkS) = + out('TCPSYN'); + in('TCPACK'); + new ske; + let pke = kempk(ske) in + new rc; + let ES = hkdfext('null','null') in + let dES = hkdfexp(ES,'derived','null') in // useless initial shared secret, derived to mimick old TLS + out(<'CLIENTHello',pke,rc>); + in(<'SERVERHello',cte,rs>); + event Test(); + let CHSH = htrans() in + let sse = kemdec(cte,ske) in + let HS = hkdfext(dES,sse) in + let CHTS = hkdfexp(HS, 'chsts', CHSH) in // stage 1 key, for client to server com + let SHTS = hkdfexp(HS,'shsts',CHSH) in // stage 2 key, for server to client com + let dHS = hkdfexp(HS, 'derived', 'null') in + + // Begining of Phase 2 + in(servercert); + let decservercert = sdec(servercert,SHTS) in + let <'ServerCert',certpk> = decservercert in + let pks = getcert(certpk) in + new sss; + let cts = kemenc(sss,pks) in + out(senc(<'ClientKem',cts>,CHTS)); + + let AHS = hkdfext(dES,sss) in + let CHCKC = htrans() in + let CAHTS = hkdfexp(AHS,'cahstr',CHCKC) in // stage 3, client to server + let SAHTS = hkdfexp(AHS,'sahstr',CHCKC) in // stage 4, client to server + let dAHS = hkdfexp(AHS,'derived',CHCKC) in + let pkP = kempk(~skP) in + + if pks = desiredpkS then + ( + + out(senc(<'ClientCert',cert(pkP)>,CAHTS)); + + + in(serverkem); + let decserverkem = sdec(serverkem,SAHTS) in + let <'ServerKem',ctc> = decserverkem in + let ssc = kemdec(ctc,~skP) in + + let MS = hkdfext(dAHS,ssc) in + let fkc = hkdfexp(MS,'cfinished','null') in + let fks = hkdfexp(MS,'sfinished','null') in + + let CHSKC = htrans() in + + let CF = hmac(fkc,CHSKC) in + + + // Phase 3 + let CHCF = htrans() in + let CATS = hkdfexp(AHS,'captr',CHCF) in // stage 5, client to server + let SATS = hkdfexp(AHS,'saptr',CHCF) in // stage 6, client to server + + event DerivedP(pks,pkP,CATS); + out(senc(<'ClientFinished',CF>,CAHTS)); + + in(serverfin); + let decserverfin = sdec(serverfin, SAHTS) in + let <'ServerFinished',SF> = decserverfin in + if SF = hmac(fks,CHCF) then + ( + event AcceptP(pks,pkP,CATS) + ) + ) + +let S(~skS) = + let pkS = kempk(~skS) in + in('TCPSYN'); + out('TCPACK'); + in(<'CLIENTHello',pke,rc>); + let ES = hkdfext('null','null') in + let dES = hkdfexp(ES,'derived','null') in + new sse; + new rs; + let cte = kemenc(sse,pke) in + out(<'SERVERHello',cte,rs>); + let CHSH = htrans() in + let HS = hkdfext(dES,sse) in + let CHTS = hkdfexp(HS, 'chsts', CHSH) in // stage 1 key, for client to server com + let SHTS = hkdfexp(HS,'shsts',CHSH) in // stage 2 key, for server to client com + let dHS = hkdfexp(HS, 'derived', 'null') in + + // Begining of Phase 2 + out(senc(<'ServerCert',cert(pkS)>,SHTS)); + in(clientkem); + let decclientkem = sdec(clientkem,CHTS) in + let <'ClientKem',cts> = decclientkem in + + let sss = kemdec(cts,~skS) in + let AHS = hkdfext(dES,sss) in + let CHCKC = htrans() in + let CAHTS = hkdfexp(AHS,'cahstr',CHCKC) in // stage 3, client to server + let SAHTS = hkdfexp(AHS,'sahstr',CHCKC) in // stage 4, client to server + let dAHS = hkdfexp(AHS,'derived',CHCKC) in + + in(clientcert); + let decclientcert = sdec(clientcert,CAHTS) in + let <'ClientCert',certpk> = decclientcert in + let pkp = getcert(certpk) in + new ssc; + let ctc = kemenc(ssc,pkp) in + out(senc(<'ServerKem',ctc>,SAHTS)); + + let MS = hkdfext(dAHS,ssc) in + let fkc = hkdfexp(MS,'cfinished','null') in + let fks = hkdfexp(MS,'sfinished','null') in + + let CHSKC = htrans() in + + in(clientfin); + let decclientfin = sdec(clientfin, CAHTS) in + + let <'ClientFinished',CF> = decclientfin in + + if CF = hmac(fkc,CHSKC) then + ( + + let CHCF = htrans() in + let SF = hmac(fks,CHCF) in + let CATS = hkdfexp(AHS,'captr',CHCF) in // stage 5, client to server + let SATS = hkdfexp(AHS,'saptr',CHCF) in // stage 6, client to server + event AcceptS(pkS,pkp,CATS); + out(senc(<'ServerFinished',SF>,SAHTS)) + ) + + + +process: +! ( new ~skS; out(kempk(~skS)); event Honnest(kempk(~skS),'Serv'); + new ~skA; out(<~skA,cert(kempk(~skA))>); // malicious servers and clients + ( ! S(~skS) || + ( !(new ~skP; out(kempk(~skP)); event Honnest(kempk(~skP),'Client'); + ! P(~skP, kempk(~skS)) + ) + ) + ) + ) + + + +lemma execP: // sanity check + exists-trace + "Ex #t #t2 pkP pkS k. AcceptP(pkS,pkP,k)@t & Honnest(pkS,'Serv')@t2" + + + +lemma execQ: // sanity check + exists-trace + "Ex #t #t2 pkP pkS k. AcceptS(pkS,pkP,k)@t & Honnest(pkP,'Client')@t2" + + +/* +lemma false_execbistestR: // should be false +"not(Ex #t #t2 pkP pkS. TestE()@t & Honnest()@t2)" + + +lemma false_execbistestRP: // should be false +"not(Ex #t #t2 pkP pkS. TestP()@t & Honnest()@t2)" +*/ + +lemma authPS: // should be true + "All #t #t2 pkS pkP key. (AcceptP(pkS,pkP,key)@t & Honnest(pkS,'Serv')@t2) + ==> Ex #s. (AcceptS(pkS,pkP,key)@s & s Ex #s. (DerivedP(pkS,pkP,key)@s & s); // malicious servers and clients + new ~skPDiff; out(kempk(~skPDiff)); + (S(~skS) || + ( !(new ~skP; out(kempk(~skP)); event Honnest(kempk(diff(~skP,~skPDiff)),'Client'); + ! P(diff(~skP,~skPDiff), kempk(~skS)) + ) + ) + ) + ) + + +// The queries for Deepsec are as follows. +export requests: +" +let sys1 = new sk; (!^3 (new skP; P(sk,skP)) | !^3 S(sk)). + +let sys2 = new sk; ( ( new skP; !^3 P(sk,skP)) | !^3 S(sk)). + +query session_equiv(sys1,sys2). +" + + + +end diff --git a/examples/sapic/export/KEMTLS/kemtls-noaead.spthy b/examples/sapic/export/KEMTLS/kemtls-noaead.spthy new file mode 100644 index 000000000..7f7467441 --- /dev/null +++ b/examples/sapic/export/KEMTLS/kemtls-noaead.spthy @@ -0,0 +1,166 @@ +theory KEMTLS + +/* + * Protocol: KEMTLS + proposed in CCS20, Post-quantum TLS without handshake signatures + Peter Schwabe, Douglas Stebila, Thom Wiggers. + + Alternative version of the protocol, showcasing that the Authenticated + encryption (AEAD) does not play a role in the main security properties. + We do this by adding a leak function symbol, revealing encryptions. + + Proverif : everything in a second. + + Tamarin : everything in 17 minutes on 64 core server +*/ + + + +begin + +builtins: symmetric-encryption + +functions: kempk/1, kemenc/2, kemdec/2[destructor], hkdfext/2, hkdfexp/3, htrans/1, cert/1[private],getcert/1[destructor], senc/2,msdec/2[destructor],hmac/2,leak/1[destructor] + +equations: kemdec( kemenc(m,kempk(sk)) ,sk) = m, getcert(cert(m))=m, leak(senc(m,sk))=m + + +let P(var) = + out('TCPSYN'); + in('TCPACK'); + new ske; + let pke = kempk(ske) in + new rc; + let ES = hkdfext('zeros','zeros') in + let dES = hkdfexp(ES,'derived','null') in // useless initial shared secret, derived to mimick old TLS + out(<'CLIENTHello',pke,rc>); + in(<'SERVERHello',cte,rs>); + let CHSH = htrans() in + let sse = kemdec(cte,ske) in + let HS = hkdfext(dES,sse) in + let CHTS = hkdfexp(HS, 'chsts', CHSH) in // stage 1 key, for client to server com + let SHTS = hkdfexp(HS,'shsts',CHSH) in // stage 2 key, for server to client com + let dHS = hkdfexp(HS, 'derived', 'null') in + + // Begining of Phase 2 + in(servercert); + let decservercert = sdec(servercert,SHTS) in + let <'ServerCert',certpk> = decservercert in + let pks = getcert(certpk) in + new sss; + let cts = kemenc(sss,pks) in + out(senc(<'ClientKem',cts>,CHTS)); + + let AHS = hkdfext(dES,sss) in + let CHCKC = htrans() in + let CAHTS = hkdfexp(AHS,'cahstr',CHCKC) in // stage 3, client to server + let SAHTS = hkdfexp(AHS,'sahstr',CHCKC) in // stage 4, client to server + + let dAHS = hkdfexp(AHS,'derived',CHCKC) in + let MS = hkdfext(dAHS,'zeros') in + let fkc = hkdfexp(MS,'cfinished','null') in + let fks = hkdfexp(MS,'sfinished','null') in + + let CF = hmac(fkc,CHCKC) in + out(senc(<'ClientFinished',CF>,CAHTS)); + + // Phase 3 + let CHCF = htrans() in + let CATS = hkdfexp(AHS,'captr',CHCF) in // stage 5, client to server + let SATS = hkdfexp(AHS,'saptr',CHCF) in // stage 6, client to server + in(serverfin); + let decserverfin = sdec(serverfin, SAHTS) in + let <'ServerFinished',SF> = decserverfin in + if SF = hmac(fks,CHCKC) then + ( + event ClientKey(CATS); + event AcceptP() + ) + + +let S(~skS) = + let pkS = kempk(~skS) in + !( + in('TCPSYN'); + out('TCPACK'); + in(<'CLIENTHello',pke,rc>); + let ES = hkdfext('zeros','zeros') in + let dES = hkdfexp(ES,'derived','null') in + new sse; + new rs; + let cte = kemenc(sse,pke) in + out(<'SERVERHello',cte,rs>); + let CHSH = htrans() in + let HS = hkdfext(dES,sse) in + let CHTS = hkdfexp(HS, 'chsts', CHSH) in // stage 1 key, for client to server com + let SHTS = hkdfexp(HS,'shsts',CHSH) in // stage 2 key, for server to client com + let dHS = hkdfexp(HS, 'derived', 'null') in + + // Begining of Phase 2 + out(senc(<'ServerCert',cert(pkS)>,SHTS)); + in(clientkem); + let decclientkem = sdec(clientkem,CHTS) in + let <'ClientKem',cts> = decclientkem in + + let sss = kemdec(cts,~skS) in + let AHS = hkdfext(dES,sss) in + let CHCKC = htrans() in + let CAHTS = hkdfexp(AHS,'cahstr',CHCKC) in // stage 3, client to server + let SAHTS = hkdfexp(AHS,'sahstr',CHCKC) in // stage 4, client to server + event ServerKey(SAHTS); + let dAHS = hkdfexp(AHS,'derived',CHCKC) in + let MS = hkdfext(dAHS,'zeros') in + let fkc = hkdfexp(MS,'cfinished','null') in + let fks = hkdfexp(MS,'sfinished','null') in + + in(clientfin); + let decclientfin = sdec(clientfin, CAHTS) in + + let <'ClientFinished',CF> = decclientfin in + if CF = hmac(fkc,CHCKC) then + ( + event AcceptS(); + let SF = hmac(fks,CHCKC) in + let CHCF = htrans() in + let CATS = hkdfexp(AHS,'captr',CHCF) in // stage 5, client to server + let SATS = hkdfexp(AHS,'saptr',CHCF) in // stage 6, client to server + out(senc(<'ServerFinished',SF>,SAHTS)) + ) + + ) + +process: +! ( P('null') ) + || +! ( new ~skS; !( S(~skS) ) + + // || + // ( in('compromise'); + // event Compromise(); + // out(~skS) + // ) + ) + + + + +lemma exec: // should be false + exists-trace + "Ex #t. AcceptP()@t" + +lemma execbis: // should be false + exists-trace + "Ex #t. AcceptS()@t" + +lemma auth: // should be true + "All #t. AcceptP()@t ==> (Ex #s. AcceptS()@s & s); + in(<'SERVERHello',cte,rs>); + event Test(); + let CHSH = htrans() in + let sse = kemdec(cte,ske) in + let HS = hkdfext(dES,sse) in + let CHTS = hkdfexp(HS, 'chsts', CHSH) in // stage 1 key, for client to server com + let SHTS = hkdfexp(HS,'shsts',CHSH) in // stage 2 key, for server to client com + let dHS = hkdfexp(HS, 'derived', 'null') in + + // Begining of Phase 2 + in(servercert); + let decservercert = sdec(servercert,SHTS) in + let <'ServerCert',certpk> = decservercert in + let pks = getcert(certpk) in + new sss; + let cts = kemenc(sss,pks) in + out(senc(<'ClientKem',cts>,CHTS)); + + let AHS = hkdfext(dES,sss) in + let CHCKC = htrans() in + let CAHTS = hkdfexp(AHS,'cahstr',CHCKC) in // stage 3, client to server + let SAHTS = hkdfexp(AHS,'sahstr',CHCKC) in // stage 4, client to server + + let dAHS = hkdfexp(AHS,'derived',CHCKC) in + let MS = hkdfext(dAHS,'empty') in + let fkc = hkdfexp(MS,'cfinished','null') in + let fks = hkdfexp(MS,'sfinished','null') in + + let CF = hmac(fkc,CHCKC) in + out(senc(<'ClientFinished',CF>,CAHTS)); + + // Phase 3 + let CHCF = htrans() in + let CATS = hkdfexp(AHS,'captr',CHCF) in // stage 5, client to server + let SATS = hkdfexp(AHS,'saptr',CHCF) in // stage 6, client to server + in(serverfin); + let decserverfin = sdec(serverfin, SAHTS) in + let <'ServerFinished',SF> = decserverfin in + if SF = hmac(fks,CHCKC) then + ( + event ClientKey(CATS); + event AcceptP() + ) + + +let S(~skS:skey) = + let pkS = kempk(~skS) in + !( + in('TCPSYN'); + out('TCPACK'); + in(<'CLIENTHello',pke,rc>); + let ES = hkdfext('empty','empty') in + let dES = hkdfexp(ES,'derived','null') in + new sse; + new rs; + let cte = kemenc(sse,pke) in + out(<'SERVERHello',cte,rs>); + let CHSH = htrans() in + let HS = hkdfext(dES,sse) in + let CHTS = hkdfexp(HS, 'chsts', CHSH) in // stage 1 key, for client to server com + let SHTS = hkdfexp(HS,'shsts',CHSH) in // stage 2 key, for server to client com + let dHS = hkdfexp(HS, 'derived', 'null') in + + // Begining of Phase 2 + out(senc(<'ServerCert',cert(pkS)>,SHTS)); + in(clientkem); + let decclientkem = sdec(clientkem,CHTS) in + let <'ClientKem',cts> = decclientkem in + + let sss = kemdec(cts,~skS) in + let AHS = hkdfext(dES,sss) in + let CHCKC = htrans() in + let CAHTS = hkdfexp(AHS,'cahstr',CHCKC) in // stage 3, client to server + let SAHTS = hkdfexp(AHS,'sahstr',CHCKC) in // stage 4, client to server + event ServerKey(SAHTS); + let dAHS = hkdfexp(AHS,'derived',CHCKC) in + let MS = hkdfext(dAHS,'empty') in + let fkc = hkdfexp(MS,'cfinished','null') in + let fks = hkdfexp(MS,'sfinished','null') in + + in(clientfin); + let decclientfin = sdec(clientfin, CAHTS) in + + let <'ClientFinished',CF> = decclientfin in + if CF = hmac(fkc,CHCKC) then + ( + event AcceptS(); + let SF = hmac(fks,CHCKC) in + let CHCF = htrans() in + let CATS = hkdfexp(AHS,'captr',CHCF) in // stage 5, client to server + let SATS = hkdfexp(AHS,'saptr',CHCF) in // stage 6, client to server + out(senc(<'ServerFinished',SF>,SAHTS)) + ) + + ) + +process: +! ( P('null') ) + || +! ( new ~skS:skey; !( S(~skS) ) + + || + ( in('compromise'); + event Compromise(); + out(~skS) + ) + ) + + + + +lemma exec: + exists-trace + "Ex #t. AcceptP()@t" + +lemma execbis: + exists-trace + "Ex #t. AcceptS()@t" + +lemma false_secserv: // should be false (non mutual authentication) + "not(Ex #t1 #t2 sk. ServerKey(sk)@t1 & KU(sk)@t2 )" + +lemma auth: // should be true + "All #t. AcceptP()@t ==> (Ex #s. AcceptS()@s & s Ex #t3. Compromise()@t3 & t3); + in(<'C_I',gY,rC_R,cypher_2>); + let TH_2 = hash(<'m2',gX,'C_I','AD','C_I',gY,rC_R>) in + let PRK_2e = hkdfextract('null', gY^~x2) in + let K_2e:skey = hkdfexpand(PRK_2e, ) in + let PRK_3e2m = PRK_2e in + let K_2m:skey = hkdfexpand(PRK_3e2m, ) in + // decypher using K_2e + let plaintext_2 = sdec(cypher_2,K_2e) in + let = plaintext_2 in + let MAC_2 = senc(,K_2m) in + if verify(signed,< pkR,TH_2,rAD_2,MAC_2>,pkR) = true then + let TH_3 = hash() in + let PRK_4x3m = PRK_3e2m in + event AcceptI(pk(~skI),pkR,PRK_3e2m,PRK_4x3m); + let K_3m:skey = hkdfexpand(PRK_4x3m, ) in + let MAC_3 = senc(,K_3m) in + let Signed3 = sign( ,~skI) in + let K_3ae:skey = hkdfexpand(PRK_3e2m, ) in + out(, K_3ae ),'AD_3'>) + +let I1(~kI) = // Initiator using DH long term key + new ~x1; + event Share(~x1); + let gX = 'g'^~x1 in + let gI = 'g'^~kI in + out(<'m1',gX, 'C_I','AD'>); + in(<'C_I',gY,rC_R,cypher_2>); + let TH_2 = hash(<'m1',gX,'C_I','AD','C_I',gY,rC_R>) in + let PRK_2e = hkdfextract('null', gY^~x1) in + let K_2e:skey = hkdfexpand(PRK_2e, ) in + let plaintext_2 = sdec(cypher_2,K_2e) in + let = plaintext_2 in + + let PRK_3e2m = hkdfextract(PRK_2e, gR^~x1) in + + let K_2m:skey = hkdfexpand(PRK_3e2m, ) in + let MAC2 = senc(,K_2m) in + if MAC2 = mac then + let TH_3 = hash() in + let PRK_4x3m = hkdfextract(PRK_3e2m, gY^~kI) in + event AcceptI(gI,gR,PRK_3e2m,PRK_4x3m); + + let K_3m:skey = hkdfexpand(PRK_4x3m, ) in + let MAC_3 = senc(,K_3m) in + let K_3ae:skey = hkdfexpand(PRK_3e2m, ) in + out(, K_3ae ),'AD_3'>) + + +let R(~skR:skey,~kR) = + in(); + new ~y; + event Share(~y); + let gY = 'g'^~y in + let TH_2 = hash() in + let PRK_2e = hkdfextract('null', gX^~y) in + let K_2e:skey = hkdfexpand(PRK_2e, ) in + if mcorr = 'm1' then // we merge mcorr = 1 and mcorr =3 + // static DH authentication used + ( + let gR = 'g'^~kR in + + let PRK_3e2m = hkdfextract(PRK_2e, gX^~kR) in + + let K_2m:skey = hkdfexpand(PRK_3e2m, ) in + let MAC_2 = senc(,K_2m) in + let cypher_2 = senc( ,K_2e) in + event DerivedR(gR,PRK_3e2m); + out(); + in(<'C_R', cypher_3,rAD_3>); + let TH_3 = hash() in + // to update + let K_3ae:skey = hkdfexpand(PRK_3e2m, ) in + let plaintext_3 = sdec(cypher_3,K_3ae) in + let = plaintext_3 in + + let PRK_4x3m = hkdfextract(PRK_3e2m, gI^~y) in + + + let K_3m:skey = hkdfexpand(PRK_4x3m, ) in + let MAC_3 = senc(,K_3m) in + if MAC_3 = mac3 then + event AcceptR(gI,gR,PRK_4x3m); + event AcceptR1(gI,gR,PRK_4x3m) + ) + else + // signature auth used + let PRK_3e2m = PRK_2e in + let K_2m:skey = hkdfexpand(PRK_3e2m, ) in + let MAC_2 = senc(,K_2m) in + let Signed2 = sign( ,~skR) in + let cypher_2 = senc( ,K_2e) in + event DerivedR(pk(~skR),PRK_3e2m); + out(); + in(<'C_R', cypher_3,rAD_3>); + let TH_3 = hash() in + let PRK_4x3m = PRK_3e2m in + let K_3ae:skey = hkdfexpand(PRK_3e2m, ) in + let plaintext_3 = sdec(cypher_3,K_3ae) in + let = plaintext_3 in + + let K_3m:skey = hkdfexpand(PRK_4x3m, ) in + let MAC_3 = senc(,K_3m) in + if verify(Signed3, , pkI) = true then + event AcceptR(pkI,pk(~skR),PRK_4x3m); + event AcceptR2(pkI,pk(~skR),PRK_4x3m) + + +let compromise(sk:skey) = + in('Comp'); event Compromise(pk(sk), 'Comp'); out(sk) + + +let compromiseDH(k) = + in('Comp'); event Compromise('g'^k, 'Comp'); event Leak(k); out(k) + +process: +!(new ~skR:skey; new ~skI:skey; new ~kI; new ~kR; out(); + event Share(~kI); + event Share(~kR); + event Honnest(pk(~skR), 'Resp'); + event Honnest(pk(~skI), 'Init'); + event HonnestDH('g'^~kR, 'Resp'); + event HonnestDH('g'^~kI, 'Init'); + !(I2(~skI) | I1(~kI) | R(~skR,~kR) | compromise(~skR) | compromiseDH(~kR) | compromise(~skI) | compromiseDH(~kI)) +) + + +lemma executableR1: // sanity check + exists-trace + "Ex pkI pkR k3 #i. AcceptR1(pkI,pkR,k3)@i" + +lemma executableR2: // sanity check + exists-trace + "Ex pkI pkR k3 #i. AcceptR2(pkI,pkR,k3)@i" + +lemma executableI: // sanity check + exists-trace + "Ex pkI pkR k3 k4 #i. AcceptI(pkI,pkR,k3,k4)@i" + + +lemma secretR[reuse]: // secrecy of the key (holds even if pkR was compromised) + "All pkI pkR k4 #i #j #l. (AcceptR(pkI,pkR,k4)@i & KU(k4)@j & Honnest(pkI, 'Init')@l ) + ==> Ex #t. Compromise(pkI, 'Comp')@t & t Ex #t. Compromise(pkR, 'Comp')@t & t + (Ex #j k3. (j + (Ex #j.( j); + in(<'C_I',gB,rC_R,cypher_2>); + let TH_2 = hash(<'m2',gA,'C_I','AD','C_I',gB,rC_R>) in + let PRK_2e = hkdfextract('null', gB^~a) in + let K_2e:skey = hkdfexpand(PRK_2e, ) in + let PRK_3e2m = PRK_2e in + let K_2m:skey = hkdfexpand(PRK_3e2m, ) in + // decypher using K_2e + let plaintext_2 = sdec(cypher_2,K_2e) in + let = plaintext_2 in + let MAC_2 = senc(,K_2m) in + if verify(signed,< pkR,TH_2,rAD_2,MAC_2>,pkR) = true then + let TH_3 = hash() in + let PRK_4x3m = PRK_3e2m in + event AcceptI(pk(~skI),pkR,PRK_3e2m,PRK_4x3m); + let K_3m:skey = hkdfexpand(PRK_4x3m, ) in + let MAC_3 = senc(,K_3m) in + let Signed3 = sign( ,~skI) in + let K_3ae:skey = hkdfexpand(PRK_3e2m, ) in + out(, K_3ae ),'AD_3'>) + +let R(~skR:skey) = + in(); + new ~b; + let gB = 'g'^~b in + let TH_2 = hash() in + let PRK_2e = hkdfextract('null', gA^~b) in + let K_2e:skey = hkdfexpand(PRK_2e, ) in + if mcorr = 'm1' then // we merge mcorr = 1 and mcorr =3, static DH auth used + out('notimplementedyet') +// out(senc( ,K_2e)) + else + let PRK_3e2m = PRK_2e in + let K_2m:skey = hkdfexpand(PRK_3e2m, ) in + let MAC_2 = senc(,K_2m) in + let Signed2 = sign( ,~skR) in + let cypher_2 = senc( ,K_2e) in + event DerivedR(pk(~skR),PRK_3e2m); + out(); + in(<'C_R', cypher_3,rAD_3>); + let TH_3 = hash() in + let PRK_4x3m = PRK_3e2m in + let K_3ae:skey = hkdfexpand(PRK_3e2m, ) in + let plaintext_3 = sdec(cypher_3,K_3ae) in + let = plaintext_3 in + + let K_3m:skey = hkdfexpand(PRK_4x3m, ) in + let MAC_3 = senc(,K_3m) in + if verify(Signed3, , pkI) = true then + event AcceptR(pkI,pk(~skR),PRK_4x3m) + +process: +!(new ~skR:skey; new ~skI:skey; out(); + event Honnest(pk(~skR), 'Resp'); + event Honnest(pk(~skI), 'Init'); + !(I2(~skI) | R(~skR) ) +) + +lemma secretR[reuse]: //secrecy of the key + "(not (Ex pkI pkR k4 #i #j #l. (AcceptR(pkI,pkR,k4)@i & KU(k4)@j & Honnest(pkI, 'Init')@l ) ))" + +lemma secretI[reuse]: //secrecy of the key + "(not (Ex pkI pkR k3 k4 #i #j #l. (AcceptI(pkI,pkR,k3,k4)@i & KU(k4)@j & Honnest(pkR, 'Resp')@l ) ))" + + +lemma executableR: // sanity check + exists-trace + "Ex pkI pkR k3 #i. AcceptR(pkI,pkR,k3)@i" + + +lemma executableI: // sanity check + exists-trace + "Ex pkI pkR k3 k4 #i. AcceptI(pkI,pkR,k3,k4)@i" + +lemma executableIhonnest: // sanity check + exists-trace + "Ex pkI pkR k3 k4 #i #l. (AcceptI(pkI,pkR,k3,k4)@i & Honnest(pkR, 'Resp')@l) " + +lemma executableRhonnest: + exists-trace + "Ex pkI pkR k4 #i #l. (AcceptR(pkI,pkR,k4)@i & Honnest(pkI, 'Init')@l ) " + +lemma false_dishonnestnoauthRI: // should be false as the attacker can play initiator + "All pkI pkR k4 #i. AcceptR(pkI,pkR,k4)@i ==> + (Ex #j k3. j + (Ex #j. j + (Ex #j k3. j + (Ex #j. j ex1.pv; proverif ex1.pv` + +# Convenience scripts + +If you are inside the docker image, or have installed on your path the scripts from `tamarin-prover/etc/docker/res`, you should have access to some convenience scripts, one-liners that perform the export with tamarin and run the desired tool on the file. + * ProVerif-tamarin + * progsverif-tamarin + * ProVerif-tamarin-diff + * deepsec-tamarin + +One can thus do `proverif-tamarin ex1.spthy` and directly see the ProVerif results. + +# Case-Studies from the paper + + The case studies mentionned in the paper are: + * KEMTLS -> ./KEMTLs/kemtls.spthy + * KEMTLS-CA -> ./KEMTLS/kemtls-clientauth.spthy + * KEMTLS-NOAEAD -> ./KEMTLS/kemtls-noaead.spthy + * LAKE -> ./LAKE/lake-edhoc.spthy + * LAKE-DH-KCI -> ./LAKE/lake-edhoc-DHmode-KCI.spthy + * LAKE-DH-FS ->./LAKE/lake-edhoc-DHmode-FS.spthy + * SSH -> ./SSH/ssh-without-forwarding.spthy + * SSH-NEST -> ./SSH/ssh-with-one-forwarding.spthy + * SSH-NEST-X -> ./SSH/ssh-with-forwarding-bounded.spthy + * Privacy-Pass -> ./privacypass.spthy + * AC -> ./ExistingSapicModels/AC.spthy + * AC-F-SID -> ./ExistingSapicModels/AC_sid_with_attack.spthy + * AKE -> ./ExistingSapicModels/AKE.spthy + * SOC -> tamarin-prover/examples/sapic/fast/feature-locations/SOC.spthy + * OTP -> ./ExistingSapicModels/OTP.spthy + * NSL -> ./ExistingSapicModels/nsl-no_as-untagged.spthy + * Scytl -> ./States/scytl-voting-system.spthy + * SD -> ./States/secure-device.spthy + +On all of them, `progsverif-tamarin myfile.spthy` export to ProVerif, applies GSVerif and then run ProVerif. Remark that all examples in the folders `KEMTLS|LAKE|SSH` are pure sapic files without states that can be executed simply with: + * `tamarin-prover file.spthy --prove` + * `proverif-tamarin file.spthy`, which is essentially doing `tamarin-prover -m=proverif file.spthy > file.pv; proverif file.pv` + +## Running everything + +From the docker image, one can execute either `run-tamarin-CS.sh` or `run-proverif-CS.sh` to run all the case studies in a batch, and store the final results and timings inside either `res-tam.csv` or `res-proverif.csv`. + +# A complete example with diff + +To see all the features on a single file, one can check out `toy-example.spthy`. + +Its header shows the full process that allows to export to the multiple tools. We use a single file to export to ProVerif for a reachability query and diff-equivalence queries. diff --git a/examples/sapic/export/SSH/WIP/ssh-with-forwarding-inline.gsverif b/examples/sapic/export/SSH/WIP/ssh-with-forwarding-inline.gsverif new file mode 100644 index 000000000..2aebb8338 --- /dev/null +++ b/examples/sapic/export/SSH/WIP/ssh-with-forwarding-inline.gsverif @@ -0,0 +1,190 @@ +type skey. +const g:bitstring. +free att:channel. +free server_sign:bitstring. +free sign_ans:bitstring. +free sign_req:bitstring. +free source:bitstring. +free user_answer:bitstring. +free user_auth:bitstring. +free userauth_pk_ok:bitstring. +fun exp(bitstring,bitstring):bitstring. +fun hash(bitstring):bitstring. +fun kdfPtoS(bitstring):skey. +fun kdfStoP(bitstring):skey. +fun nest(bitstring):bitstring. +fun pk(skey):bitstring. +fun senc(bitstring,skey):bitstring. +fun sign(bitstring,skey):bitstring. +event AcceptP(bitstring,bitstring,bitstring,bitstring,bitstring). +event AcceptP2(bitstring,bitstring,bitstring,bitstring,bitstring). +event AcceptS(bitstring,bitstring,bitstring,bitstring). +event AcceptS2(bitstring,bitstring,bitstring,bitstring,bitstring). +event AcceptS2TT(bitstring,bitstring,bitstring,bitstring,bitstring,bitstring). +event Honnest(bitstring). +event KeyP(bitstring). +event KeyS2(bitstring). +event Test(bitstring). +equation forall a:bitstring,b:bitstring; exp( exp(g,a),b) = exp(exp(g,b),a). +reduc forall m:bitstring, sk:skey; getMess(sign(m, sk)) = m. +reduc forall x:bitstring; ishash(hash(x)) = true. +reduc forall x_1:bitstring, x_2:bitstring; fst((x_1, x_2)) = x_1. +reduc forall x_1:bitstring, x_2:bitstring; snd((x_1, x_2)) = x_2. +reduc forall x_1:bitstring, x_2:skey; sdec(senc(x_1, x_2), x_2) = x_1. +reduc forall x_1:bitstring, x_2:skey; verify(sign(x_1, x_2), x_1, pk(x_2)) = true. + +(*reach*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, i:time, + j:time; + (event(AcceptS2( a, b, skS, skP, source ))@i) && (event(Honnest( a ))@j) +. +(*reach2*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, i:time, + j:time; + (event(AcceptS2( a, b, skS, skP, nest(source) ))@i) && + (event(Honnest( a ))@j) +. +(*reach3*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, i:time, + j:time; + (event(AcceptS2( a, b, skS, skP, nest(nest(source)) ))@i) && + (event(Honnest( a ))@j) +. +(*injPS*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, + t:bitstring, i:time, skP2:bitstring, j:time; + (event(AcceptP( a, b, skS, skP, t ))@i) ==> + ((j < i) && (event(AcceptS( a, b, skS, skP2 ))@j)) +. +(*unique_AcceptP*) +query t:bitstring, a:bitstring, b:bitstring, skS:bitstring, + skP:bitstring, i:time, j:time; + ((event(AcceptP( a, b, skS, skP, t ))@i) && + (event(AcceptP( a, b, skS, skP, t ))@j)) ==> + (i = j) +. +(*unique_AcceptS2*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, + t:bitstring, i:time, j:time; + ((event(AcceptS2( a, b, skS, skP, t ))@i) && + (event(AcceptS2( a, b, skS, skP, t ))@j)) ==> + (i = j) +. +(*unique_AcceptP2*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, + t:bitstring, i:time, j:time; + ((event(AcceptP2( a, b, skS, skP, t ))@i) && + (event(AcceptP2( a, b, skS, skP, t ))@j)) ==> + (i = j) +. +(*injSP*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, + t:bitstring, i:time, j:time; + (event(AcceptS2( a, b, skS, skP, t ))@i) ==> + ((j < i) && (event(AcceptP2( a, b, skS, skP, t ))@j)) +. +(*secretS*) +query k:bitstring, i:time, j:time; + (event(KeyS2( k ))@i) && (attacker( k )@j) +. +let P(pkS:bitstring, skP:skey, pkP:bitstring)= + new a:bitstring; + let A:bitstring=exp(g, a) in + event Honnest( A ); + out(att,A); + in(att,(sig:bitstring, (opks:bitstring, B:bitstring))); + if pkS=opks then + (let h:bitstring=hash((pkS, (A, B))) in + let k:bitstring=exp(B, a) in + if verify(sig, (server_sign, h), pkS)=true then + (event AcceptP( A, B, pkS, pkP, source ); + event KeyP( k ); + let kPS:skey=kdfPtoS((k, h)) in + let kSP:skey=kdfStoP((k, h)) in + out(att,senc((user_auth, pkP), kPS)); + in(att,userauth_answer:bitstring); + if sdec(userauth_answer, kSP)=userauth_pk_ok then + (let payload:bitstring=(source, h) in + let sig2:bitstring=sign(payload, skP) in + event AcceptP2( A, B, pkS, pkP, source ); + out(att,senc((user_answer, (source, sig2)), kPS)); + ! + (in(att,signreq:bitstring); + let (lvl:bitstring, (ms:bitstring, =sign_req))=sdec(signreq, kSP) in + out(att,senc((sign((lvl, ms), skP), sign_ans), kPS)))))). +let remoteP(rpkS:bitstring, rpkP:bitstring, b2:bitstring, A2:bitstring)= + let nestlvl:bitstring=nest(source) in + new aR:bitstring; + let A:bitstring=exp(g, aR) in + event Honnest( A ); + out(att,A); + in(att,(sig:bitstring, (opks:bitstring, B:bitstring))); + if rpkS=opks then + (let h:bitstring=hash((rpkS, (A, B))) in + let k:bitstring=exp(B, aR) in + if verify(sig, (server_sign, h), rpkS)=true then + (event AcceptP( A, B, rpkS, rpkP, nestlvl ); + event KeyP( k ); + let kPS:skey=kdfPtoS((k, h)) in + let kSP:skey=kdfStoP((k, h)) in + out(att,senc((user_auth, rpkP), kPS)); + in(att,userauth_answer:bitstring); + if sdec(userauth_answer, kSP)=userauth_pk_ok then + (let B2:bitstring=exp(g, b2) in + let h2:bitstring=hash((rpkS, (A2, B2))) in + let k2:bitstring=exp(A2, b2) in + let kPS2:skey=kdfPtoS((k2, h2)) in + let kSP2:skey=kdfStoP((k2, h2)) in + out(att,senc((nestlvl, (h, sign_req)), kSP2)); + in(att,signans:bitstring); + let (sig2:bitstring, =sign_ans)=sdec(signans, kPS2) in + let (lvlf:bitstring, dump:bitstring)=getMess(sig2) in + event AcceptP2( A, B, rpkS, rpkP, lvlf ); + out(att,senc((user_answer, (lvlf, sig2)), kPS)); + ! + (in(att,signreq:bitstring); + let (lvl:bitstring, (ms:bitstring, =sign_req))=sdec(signreq, kSP) in + out(att,senc((nest(lvl), (ms, sign_req)), kSP2)); + in(att,signans2:bitstring); + let (sig3:bitstring, =sign_ans)=sdec(signans, kPS2) in + event Test( sig3 ); + out(att,senc((sig3, sign_ans), kPS)))))). +let S(skS:skey, pkS:bitstring, pkP:bitstring)= + in(att,A:bitstring); + new b:bitstring; + let B:bitstring=exp(g, b) in + let h:bitstring=hash((pkS, (A, B))) in + let k:bitstring=exp(A, b) in + event AcceptS( A, B, pkS, pkP ); + let sig:bitstring=sign((server_sign, h), skS) in + out(att,(sig, (pkS, B))); + let kPS:skey=kdfPtoS((k, h)) in + let kSP:skey=kdfStoP((k, h)) in + in(att,userauth:bitstring); + let (messa:bitstring, messpk:bitstring)=sdec(userauth, kPS) in + if messa=user_auth then + (if messpk=pkP then + (out(att,senc(userauth_pk_ok, kSP)); + in(att,signans:bitstring); + let (=user_answer, (nestlvl:bitstring, sig2:bitstring))=sdec(signans, + kPS) in + event AcceptS2TT( A, B, pkS, pkP, sig2, h ); + if verify(sig2, (nestlvl, h), pkP)=true then + (event AcceptS2( A, B, pkS, pkP, nestlvl ); + event KeyS2( k ); + remoteP(pkS, pkP, b, A)))). + +process + new secretchannelP:channel; + new secretchannelS_1:channel; + new secretchannelremoteP_2:channel; + ! + (new skS_3:skey; + out(att,pk(skS_3)); + ! + (new skP_4:skey; + out(att,pk(skP_4)); + ! + ((P(pk(skS_3), skP_4, pk(skP_4))) + | (S(skS_3, pk(skS_3), pk(skP_4)))))) + diff --git a/examples/sapic/export/SSH/WIP/ssh-with-forwarding-inline.spthy.wip b/examples/sapic/export/SSH/WIP/ssh-with-forwarding-inline.spthy.wip new file mode 100644 index 000000000..90caba1a4 --- /dev/null +++ b/examples/sapic/export/SSH/WIP/ssh-with-forwarding-inline.spthy.wip @@ -0,0 +1,220 @@ +/* + * Protocol: SSH, with generic agent forwarding + + + WIP + + Proverif : everything in ? + + Tamarin : everything in ? +*/ + +theory temp + +begin + +builtins: diffie-hellman, symmetric-encryption, signing + +functions: hash/1, kdfPtoS(bitstring):skey, kdfStoP(bitstring):skey, nest/1, ishash/1 [destructor], getMess/1 [destructor] + +equations: ishash(hash(x))=true, getMess(sign(m,sk))=m + + +let P(pkS,~skP:skey,pkP) = + new ~a; + let A='g'^~a in + event Honnest(A); + out(A); + in(); + if pkS=opks then + ( + let h=hash() in + let k=B^~a in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,'source'); + event KeyP(k); + let kPS:skey=kdfPtoS() in + let kSP:skey=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + let payload = <'source',h> in + let sig2 = sign(payload,~skP) in + event AcceptP2(A,B,pkS,pkP,'source'); + out(senc(<'user_answer', 'source', sig2 >,kPS)) ; + + + !( + in(signreq); + let = sdec(signreq,kSP) in +// if ishash(ms)=true then + out(senc(,~skP),'sign_ans'>,kPS)) + + ) + ) + ) + ) + + +let remoteP(rpkS,rpkP,~b2,A2) = + let nestlvl = nest('source') in + new ~aR; + let A='g'^~aR in + event Honnest(A); + out(A); + in(); + if rpkS=opks then + ( + let h=hash() in + let k=B^~aR in + if verify(sig,<'server_sign',h>,rpkS)=true then + ( + event AcceptP(A,B,rpkS,rpkP,nestlvl); + event KeyP(k); + let kPS:skey=kdfPtoS() in + let kSP:skey=kdfStoP() in + out(senc(<'user_auth',rpkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + + + let B2='g'^~b2 in + let h2=hash() in + let k2=A2^~b2 in + let kPS2:skey=kdfPtoS() in + let kSP2:skey=kdfStoP() in + + out(senc(,kSP2)); + + in(signans); + let = sdec(signans,kPS2) in + let = getMess(sig2) in + event AcceptP2(A,B,rpkS,rpkP,lvlf); + + out(senc(<'user_answer', lvlf, sig2>,kPS)); + + !( + in(signreq); + let = sdec(signreq,kSP) in + out(senc(,kSP2)); + in(signans2); + let = sdec(signans,kPS2) in + event Test(sig3); + out(senc( ,kPS)) + + ) + ) + ) + ) + + +let S(~skS:skey,pkS,pkP) = + in(A); + new ~b; + let B='g'^~b in + let h=hash() in + let k=A^~b in + event AcceptS(A,B,pkS,pkP); + let sig=sign(<'server_sign',h>,~skS) in + out(); + let kPS:skey=kdfPtoS() in + let kSP:skey=kdfStoP() in + in(userauth); + let =sdec(userauth,kPS) in + if messa='user_auth' then + ( + if messpk=pkP then + ( + + out(senc('userauth_pk_ok',kSP)); + in(signans); + +/* out(senc(<'user_answer',<<'source',h>,sign(<'source',h>,~skP)>>,kPS)) ; */ + let <'user_answer',nestlvl,sig2>=sdec(signans,kPS) in + event AcceptS2TT(A,B,pkS,pkP,sig2,h); + + if verify(sig2,,pkP)=true then + ( + event AcceptS2(A,B,pkS,pkP,nestlvl); + event KeyS2(k); + + remoteP(pkS,pkP,~b,A) + ) + + ) + ) + +process: +new ~secretchannelP:channel; new ~secretchannelS:channel; new ~secretchannelremoteP:channel; + !(new ~skS:skey; + out(pk(~skS)); + !(new ~skP:skey; + out(pk(~skP)); + !( P(pk(~skS),~skP,pk(~skP)) || + S(~skS,pk(~skS),pk(~skP)) + )) + ) + +/* +export queries: +" +nounif x_2:skey, A2,b2:bitstring; attacker(hash((pk( *x_2),(A2,exp(g,*b2))))). + + + +nounif sk,x_2:skey,lvlf,dump,sign_ans,aR_8,b2_1:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,aR_8),*b2_1),hash((pk( *x_2),(exp(g,aR_8),exp(g,*b2_1)))))))). +nounif sk,x_2:skey,lvlf,dump,sign_ans,aR_8,b:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,*b),aR_8),hash((pk( *x_2),(exp(g,aR_8),exp(g,*b)))))))). +nounif sk,x_2:skey,lvlf,dump,sign_ans,A2,a,b:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,*b),a),hash((pk( *x_2),(exp(g,a),exp(g,*b)))))))). +nounif sk,x_2:skey,lvlf,dump,sign_ans,A2,b2:bitstring; attacker(senc((sign(( lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(A2,*b2),hash((pk( *x_2),(A2,exp(g,*b2)))))))). +nounif sk,x_2:skey,lvlf,dump,sign_ans,A2,b2:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(A2,*b2),hash((pk( *x_2),(A2,exp(g,*b2)))))))). +" +*/ + + + + + +lemma reach[reuse]: //secrecy of the key + "(not (Ex a b skS skP #i #j. AcceptS2(a,b,skS,skP,'source')@i & Honnest(a)@j ))" + +lemma reach2[reuse]: //secrecy of the key + "(not (Ex a b skS skP #i #j. AcceptS2(a,b,skS,skP,nest('source'))@i & Honnest(a)@j ))" + + + +lemma reach3[reuse]: //secrecy of the key + "(not (Ex a b skS skP #i #j. AcceptS2(a,b,skS,skP,nest(nest('source')))@i & Honnest(a)@j ))" + +/* + + + +lemma secretP[reuse]: //secrecy of the key + "(not (Ex k #i #j. ( KeyP(k)@i & KU(k)@j ) ))" + +*/ +/* +lemma injPS[reuse]: // if P accepts, some S also accepted in the first step (but no authentication of P at this stage) + "All a b skS skP t #i. AcceptP(a,b,skS,skP,t)@i ==> + (Ex skP2 #j. #j<#i & AcceptS(a,b,skS,skP2)@j)" + +lemma unique_AcceptP[reuse]: // unicity of event + "All t a b skS skP #i #j. AcceptP(a,b,skS,skP,t)@i & AcceptP(a,b,skS,skP,t)@j ==> #i =#j" + +lemma unique_AcceptS2[reuse]: //unicity of event + "All a b skS skP t #i #j. AcceptS2(a,b,skS,skP,t)@i & AcceptS2(a,b,skS,skP,t)@j ==> #i =#j" + +lemma unique_AcceptP2[reuse]: //unicity of event + "All a b skS skP t #i #j. AcceptP2(a,b,skS,skP,t)@i & AcceptP2(a,b,skS,skP,t)@j ==> #i =#j" + +lemma injSP[reuse,use_induction]: // injectivity of final acceptance + "All a b skS skP t #i. AcceptS2(a,b,skS,skP,t)@i ==> + (Ex #j. j); + new ~a; + let A='g'^~a in + event Honnest(A); + out(A); + in(); + if pkS=opks then + ( + let h=hash() in + let k=B^~a in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,'source'); + event KeyP(k); + let kPS:skey=kdfPtoS() in + let kSP:skey=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + let sig2 = sign(h,~skP) in + event AcceptP2(A,B,pkS,pkP); + out(senc(<'user_answer', sig2 >,kPS)) ; + + + !( + in(signreq); + let = sdec(signreq,kSP) in +// if ishash(ms)=true then + out(senc(,kPS)) + + ) + ) + ) + ) + + +let remoteP = + in(~secretchannelremoteP,); + let nestlvl = nest('source') in + new ~aR; + let A='g'^~aR in + event Honnest(A); + out(A); + in(); + if pkS=opks then + ( + let h=hash() in + let k=B^~aR in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,nestlvl); + event KeyP(k); + let kPS:skey=kdfPtoS() in + let kSP:skey=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + + + let B2='g'^~b2 in + let h2=hash() in + let k2=A2^~b2 in + let kPS2:skey=kdfPtoS() in + let kSP2:skey=kdfStoP() in + + out(senc(,kSP2)); + + in(signans); + let = sdec(signans,kPS2) in + event AcceptP2(A,B,pkS,pkP); + + out(senc(<'user_answer', sig2>,kPS)); + + !( + in(signreq); + let = sdec(signreq,kSP) in + out(senc(,kSP2)); + in(signans2); + let = sdec(signans,kPS2) in + event Test(sig3); + out(senc( ,kPS)) + + ) + ) + ) + ) + + +let S = + in(~secretchannelS,<~skS:skey,pkS,pkP>); + in(A); + new ~b; + let B='g'^~b in + let h=hash() in + let k=A^~b in + event AcceptS(A,B,pkS,pkP); + let sig=sign(<'server_sign',h>,~skS) in + out(); + let kPS:skey=kdfPtoS() in + let kSP:skey=kdfStoP() in + in(userauth); + let =sdec(userauth,kPS) in + if messa='user_auth' then + ( + if messpk=pkP then + ( + + out(senc('userauth_pk_ok',kSP)); + in(signans); + +/* out(senc(<'user_answer',<<'source',h>,sign(<'source',h>,~skP)>>,kPS)) ; */ + let <'user_answer',sig2>=sdec(signans,kPS) in + event AcceptS2TT(A,B,pkS,pkP,sig2,h); + + if verify(sig2,h,pkP)=true then + ( + event AcceptS2(A,B,pkS,pkP); + event KeyS2(k); + + out(~secretchannelremoteP,) + ) + + ) + ) + +process: +new ~secretchannelP:channel; new ~secretchannelS:channel; new ~secretchannelremoteP:channel; + !(remoteP) || +!(P) || !(S) || !(new ~skS:skey; + out(pk(~skS)); + !(new ~skP:skey; + out(pk(~skP)); + !( out(~secretchannelP,) || + out(~secretchannelS,<~skS,pk(~skS),pk(~skP)>) + )) + ) + +/* +export queries: +" +nounif x_2:skey, A2,b2:bitstring; attacker(hash((pk( *x_2),(A2,exp(g,*b2))))). + + + +nounif sk,x_2:skey,lvlf,dump,sign_ans,aR_8,b2_1:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,aR_8),*b2_1),hash((pk( *x_2),(exp(g,aR_8),exp(g,*b2_1)))))))). +nounif sk,x_2:skey,lvlf,dump,sign_ans,aR_8,b:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,*b),aR_8),hash((pk( *x_2),(exp(g,aR_8),exp(g,*b)))))))). +nounif sk,x_2:skey,lvlf,dump,sign_ans,A2,a,b:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,*b),a),hash((pk( *x_2),(exp(g,a),exp(g,*b)))))))). +nounif sk,x_2:skey,lvlf,dump,sign_ans,A2,b2:bitstring; attacker(senc((sign(( lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(A2,*b2),hash((pk( *x_2),(A2,exp(g,*b2)))))))). +nounif sk,x_2:skey,lvlf,dump,sign_ans,A2,b2:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(A2,*b2),hash((pk( *x_2),(A2,exp(g,*b2)))))))). +" +*/ +/* + +nounif attacker(hash((pk(skP_68),(exp(g,a),exp(g,*b))))). +nounif attacker(hash((pk(skS_67),(exp(g,a),exp(g,*b))))). +nounif attacker(senc((sign(( lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,b),aR_8),hash((pk( *x_2),(exp(g,aR_8),exp(g,b)))))))). + + +" +*/ + + + + + +lemma reach[reuse]: //secrecy of the key + "(not (Ex a b skS skP #i #j. AcceptS2(a,b,skS,skP)@i & Honnest(a)@j ))" + + + + + +lemma secretP[reuse]: //secrecy of the key + "(not (Ex k #i #j. ( KeyP(k)@i & KU(k)@j ) ))" +/* +lemma injPS[reuse]: // if P accepts, some S also accepted in the first step (but no authentication of P at this stage) + "All a b skS skP t #i. AcceptP(a,b,skS,skP,t)@i ==> + (Ex skP2 #j. #j<#i & AcceptS(a,b,skS,skP2)@j)" + +lemma unique_AcceptP[reuse]: // unicity of event + "All t a b skS skP #i #j. AcceptP(a,b,skS,skP,t)@i & AcceptP(a,b,skS,skP,t)@j ==> #i =#j" + +lemma unique_AcceptS2[reuse]: //unicity of event + "All a b skS skP t #i #j. AcceptS2(a,b,skS,skP,t)@i & AcceptS2(a,b,skS,skP,t)@j ==> #i =#j" + +lemma unique_AcceptP2[reuse]: //unicity of event + "All a b skS skP t #i #j. AcceptP2(a,b,skS,skP,t)@i & AcceptP2(a,b,skS,skP,t)@j ==> #i =#j" + +lemma injSP[reuse,use_induction]: // injectivity of final acceptance + "All a b skS skP t #i. AcceptS2(a,b,skS,skP,t)@i ==> + (Ex #j. j + ((j < i) && (event(AcceptS( a, b, skS, skP2 ))@j)) +. +(*unique_AcceptP*) +query t:bitstring, a:bitstring, b:bitstring, skS:bitstring, + skP:bitstring, i:time, j:time; + ((event(AcceptP( a, b, skS, skP, t ))@i) && + (event(AcceptP( a, b, skS, skP, t ))@j)) ==> + (i = j) +. +(*unique_AcceptS2*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, + t:bitstring, i:time, j:time; + ((event(AcceptS2( a, b, skS, skP, t ))@i) && + (event(AcceptS2( a, b, skS, skP, t ))@j)) ==> + (i = j) +. +(*unique_AcceptP2*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, + t:bitstring, i:time, j:time; + ((event(AcceptP2( a, b, skS, skP, t ))@i) && + (event(AcceptP2( a, b, skS, skP, t ))@j)) ==> + (i = j) +. +(*injSP*) +query a:bitstring, b:bitstring, skS:bitstring, skP:bitstring, + t:bitstring, i:time, j:time; + (event(AcceptS2( a, b, skS, skP, t ))@i) ==> + ((j < i) && (event(AcceptP2( a, b, skS, skP, t ))@j)) +. +(*secretS*) +query k:bitstring, i:time, j:time; + (event(KeyS2( k ))@i) && (attacker( k )@j) +. + +process + new secretchannelP:channel; + new secretchannelS_1:channel; + new secretchannelremoteP_2:channel; + ! + ((in(secretchannelremoteP_2,(pkS_3:bitstring, (pkP_4:bitstring, (b2_5:bitstring, A2_6:bitstring)))); + let nestlvl_7:bitstring=nest(source) in + new aR_8:bitstring; + let A_9:bitstring=exp(g, aR_8) in + event Honnest( A_9 ); + out(att,A_9); + in(att,(sig_10:bitstring, (opks_11:bitstring, B_12:bitstring))); + if pkS_3=opks_11 then + (let h_13:bitstring=hash((pkS_3, (A_9, B_12))) in + let k_14:bitstring=exp(B_12, aR_8) in + if verify(sig_10, (server_sign, h_13), pkS_3)=true then + (event AcceptP( A_9, B_12, pkS_3, pkP_4, nestlvl_7 ); + event KeyP( k_14 ); + let kPS_15:skey=kdfPtoS((k_14, h_13)) in + let kSP_16:skey=kdfStoP((k_14, h_13)) in + out(att,senc((user_auth, pkP_4), kPS_15)); + in(att,userauth_answer_17:bitstring); + if sdec(userauth_answer_17, kSP_16)=userauth_pk_ok then + (let B2_18:bitstring=exp(g, b2_5) in + let h2_19:bitstring=hash((pkS_3, (A2_6, B2_18))) in + let k2_20:bitstring=exp(A2_6, b2_5) in + let kPS2_21:skey=kdfPtoS((k2_20, h2_19)) in + let kSP2_22:skey=kdfStoP((k2_20, h2_19)) in + out(att,senc((nestlvl_7, (h_13, sign_req)), kSP2_22)); + in(att,signans_23:bitstring); + let (sig2_24:bitstring, =sign_ans)=sdec(signans_23, kPS2_21) in + let (lvlf_25:bitstring, dump_26:bitstring)=getMess(sig2_24) in + event AcceptP2( A_9, B_12, pkS_3, pkP_4, lvlf_25 ); + out(att,senc((user_answer, (lvlf_25, sig2_24)), kPS_15)); + ! + (in(att,signreq_27:bitstring); + let (lvl_28:bitstring, (ms_29:bitstring, =sign_req))=sdec(signreq_27, + kSP_16) in + out(att,senc((nest(lvl_28), (ms_29, sign_req)), kSP2_22)); + in(att,signans2_30:bitstring); + let (sig3_31:bitstring, =sign_ans)=sdec(signans_23, kPS2_21) in + event Test( sig3_31 ); + out(att,senc((sig3_31, sign_ans), kPS_15))))))) + | (! + ((in(secretchannelP,(pkS_32:bitstring, (skP_33:skey, pkP_34:bitstring))); + new a_35:bitstring; + let A_36:bitstring=exp(g, a_35) in + event Honnest( A_36 ); + out(att,A_36); + in(att,(sig_37:bitstring, (opks_38:bitstring, B_39:bitstring))); + if pkS_32=opks_38 then + (let h_40:bitstring=hash((pkS_32, (A_36, B_39))) in + let k_41:bitstring=exp(B_39, a_35) in + if verify(sig_37, (server_sign, h_40), pkS_32)=true then + (event AcceptP( A_36, B_39, pkS_32, pkP_34, source ); + event KeyP( k_41 ); + let kPS_42:skey=kdfPtoS((k_41, h_40)) in + let kSP_43:skey=kdfStoP((k_41, h_40)) in + out(att,senc((user_auth, pkP_34), kPS_42)); + in(att,userauth_answer_44:bitstring); + if sdec(userauth_answer_44, kSP_43)=userauth_pk_ok then + (let payload_45:bitstring=(source, h_40) in + let sig2_46:bitstring=sign(payload_45, skP_33) in + event AcceptP2( A_36, B_39, pkS_32, pkP_34, source ); + out(att,senc((user_answer, (source, sig2_46)), kPS_42)); + ! + (in(att,signreq_47:bitstring); + let (lvl_48:bitstring, (ms_49:bitstring, =sign_req))=sdec(signreq_47, + kSP_43) in + out(att,senc((sign((lvl_48, ms_49), skP_33), sign_ans), kPS_42))))))) + | (! + ((in(secretchannelS_1,(skS_50:skey, (pkS_51:bitstring, pkP_52:bitstring))); + in(att,A_53:bitstring); + new b_54:bitstring; + let B_55:bitstring=exp(g, b_54) in + let h_56:bitstring=hash((pkS_51, (A_53, B_55))) in + let k_57:bitstring=exp(A_53, b_54) in + event AcceptS( A_53, B_55, pkS_51, pkP_52 ); + let sig_58:bitstring=sign((server_sign, h_56), skS_50) in + out(att,(sig_58, (pkS_51, B_55))); + let kPS_59:skey=kdfPtoS((k_57, h_56)) in + let kSP_60:skey=kdfStoP((k_57, h_56)) in + in(att,userauth_61:bitstring); + let (messa_62:bitstring, messpk_63:bitstring)=sdec(userauth_61, + kPS_59) in + if messa_62=user_auth then + (if messpk_63=pkP_52 then + (out(att,senc(userauth_pk_ok, kSP_60)); + in(att,signans_64:bitstring); + let (=user_answer, (nestlvl_65:bitstring, sig2_66:bitstring))=sdec(signans_64, + kPS_59) in + event AcceptS2TT( A_53, B_55, pkS_51, pkP_52, sig2_66, h_56 ); + if verify(sig2_66, (nestlvl_65, h_56), pkP_52)=true then + (event AcceptS2( A_53, B_55, pkS_51, pkP_52, nestlvl_65 ); + event KeyS2( k_57 ); + out(secretchannelremoteP_2,(pkS_51, (pkP_52, (b_54, A_53)))))))) + | (! + (new skS_67:skey; + out(att,pk(skS_67)); + ! + (new skP_68:skey; + out(att,pk(skP_68)); + ! + ((out(secretchannelP,(pk(skS_67), (skP_68, pk(skP_68))))) + | (out(secretchannelS_1,(skS_67, (pk(skS_67), pk(skP_68)))))))))))))) + diff --git a/examples/sapic/export/SSH/WIP/ssh-with-forwarding.spthy.wip b/examples/sapic/export/SSH/WIP/ssh-with-forwarding.spthy.wip new file mode 100644 index 000000000..730083f35 --- /dev/null +++ b/examples/sapic/export/SSH/WIP/ssh-with-forwarding.spthy.wip @@ -0,0 +1,248 @@ +/* + * Protocol: SSH, with generic agent forwarding + + WIP + + Proverif : everything in ? + + Tamarin : everything in ? + +*/ + +theory SSH + +begin + +builtins: diffie-hellman, symmetric-encryption, signing + +functions: hash/1, kdfPtoS/1, kdfStoP/1, nest/1, ishash/1 [destructor], issign/2 [destructor], isnest/1 [destructor] + + +equations: ishash(hash(x))=true, issign(sign(m,sk),pk(sk))=true, isnest(nest(x))=true + + +let P(pkS,~skP,pkP) = + new ~a; + event Share(~a); + let A='g'^~a in + event Honnest(A); + out(A); + in(); + if pkS=opks then + ( + let h=hash() in + let k=B^~a in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,'source'); + event KeyP(k); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + let payload = <'source',h> in + let sig2 = sign(payload,~skP) in + event AcceptP2(A,B,pkS,pkP, 'source'); + out(senc(<'user_answer', 'source', sig2 >,kPS)) ; + + + !( + in(signreq); + let = sdec(signreq,kSP) in + if ishash(ms)=true then + if isnest(lvl) = true then + out(senc(,~skP),lvl,'sign_ans'>,kPS)) + + ) + ) + ) + ) + + +let remoteP(pkS,~remote:channel) = + in(~remote,); + let nestlvl = nest('source') in + new ~aR; + event Share(~aR); + let A='g'^~aR in + event Honnest(A); + out(A); + in(); + if pkS=opks then + ( + let h=hash() in + let k=B^~aR in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,nestlvl); + event KeyP(k); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + + + let B2='g'^~b2 in + let h2=hash() in + let k2=A2^~b2 in + let kPS2=kdfPtoS() in + let kSP2=kdfStoP() in + + out(senc(,kSP2)); + + in(signans); + let = sdec(signans,kPS2) in + if verify(sig2,,pkP)=true then + event AcceptP2(A,B,pkS,pkP,lvlf); + + out(senc(<'user_answer', lvlf, sig2>,kPS)); + + !( + in(signreq); + let = sdec(signreq,kSP) in + out(senc(,kSP2)); + in(signans2); + let = sdec(signans2,kPS2) in + // let = getMess(sig3) in + if issign(sig3,pkP)=true then + if isnest(lvl) = true then + event Test(sig3); + out(senc( ,kPS)) + + ) + ) + ) + ) + + +let S(~skS,pkS,pkP,~remote:channel) = + in(A); + new ~b; + event Share(~b); + let B='g'^~b in + let h=hash() in + let k=A^~b in + event AcceptS(A,B,pkS,pkP); + let sig=sign(<'server_sign',h>,~skS) in + out(); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + in(userauth); + let =sdec(userauth,kPS) in + if messa='user_auth' then + ( + if messpk=pkP then + ( + + out(senc('userauth_pk_ok',kSP)); + in(signans); + +/* out(senc(<'user_answer',<<'source',h>,sign(<'source',h>,~skP)>>,kPS)) ; */ + let <'user_answer',nestlvl,sig2>=sdec(signans,kPS) in + event AcceptS2TT(A,B,pkS,pkP,sig2,h); + + if verify(sig2,,pkP)=true then + ( + event AcceptS2(A,B,pkS,pkP,nestlvl); + event KeyS2(k); + + out(~remote,) + ) + + ) + ) + +process: +new ~remote:channel; + !(new ~skS; + out(pk(~skS)); + !(new ~skP; + out(pk(~skP)); + !( P(pk(~skS),~skP,pk(~skP)) || + S(~skS,pk(~skS),pk(~skP),~remote) || + remoteP(pk(~skS),~remote) + )) + ) + +/* +export queries: +" +nounif x_2, A2,b2:bitstring; attacker(hash((pk( *x_2),(A2,exp(g,*b2))))). + + + +nounif sk,x_2,lvlf,dump,sign_ans,aR_8,b2_1:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,aR_8),*b2_1),hash((pk( *x_2),(exp(g,aR_8),exp(g,*b2_1)))))))). +nounif sk,x_2,lvlf,dump,sign_ans,aR_8,b:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,*b),aR_8),hash((pk( *x_2),(exp(g,aR_8),exp(g,*b)))))))). +nounif sk,x_2,lvlf,dump,sign_ans,A2,a,b:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,*b),a),hash((pk( *x_2),(exp(g,a),exp(g,*b)))))))). +nounif sk,x_2,lvlf,dump,sign_ans,A2,b2:bitstring; attacker(senc((sign(( lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(A2,*b2),hash((pk( *x_2),(A2,exp(g,*b2)))))))). +nounif sk,x_2,lvlf,dump,sign_ans,A2,b2:bitstring; attacker(senc((sign(( *lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(A2,*b2),hash((pk( *x_2),(A2,exp(g,*b2)))))))). +" +*/ +/* + +nounif attacker(hash((pk(skP_68),(exp(g,a),exp(g,*b))))). +nounif attacker(hash((pk(skS_67),(exp(g,a),exp(g,*b))))). +nounif attacker(senc((sign(( lvlf,*dump),*sk),sign_ans),kdfPtoS((exp(exp(g,b),aR_8),hash((pk( *x_2),(exp(g,aR_8),exp(g,b)))))))). + + +" +*/ + + +/* + + + +lemma secretP[reuse]: //secrecy of the key + "(not (Ex k #i #j. ( KeyP(k)@i & KU(k)@j ) ))" +*/ + +lemma unique_AcceptP[reuse]: // unicity of event + "All t a b skS skP #i #j. AcceptP(a,b,skS,skP,t)@i & AcceptP(a,b,skS,skP,t)@j ==> #i =#j" + +lemma unique_AcceptS2[reuse]: //unicity of event + "All a b skS skP t #i #j. AcceptS2(a,b,skS,skP,t)@i & AcceptS2(a,b,skS,skP,t)@j ==> #i =#j" + +lemma unique_AcceptP2[reuse]: //unicity of event + "All a b skS skP t #i #j. AcceptP2(a,b,skS,skP,t)@i & AcceptP2(a,b,skS,skP,t)@j ==> #i =#j" + + +// Proved in 2m38 up to this point + +lemma secretShares[reuse]: //secrecy of the shares + "(not (Ex k #i #j. ( Share(k)@i & KU(k)@j ) ))" + + +lemma injPS[reuse]: // if P accepts, some S also accepted in the first step (but no authentication of P at this stage) + "All a b skS skP t #i. AcceptP(a,b,skS,skP,t)@i ==> + (Ex skP2 #j. #j<#i & AcceptS(a,b,skS,skP2)@j)" + + +lemma injSP[reuse,use_induction]: // injectivity of final acceptance + "All a b skS skP t #i. AcceptS2(a,b,skS,skP,t)@i ==> + (Ex #j. j); + if pkS=opks then + ( + let h=hash() in + let k=B^~a in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,'source'); + event KeyP(k); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + let payload = <'source',h> in + let sig2 = sign(payload,~skP) in + event AcceptP2(A,B,pkS,pkP, 'source'); + out(senc(<'user_answer', 'source', sig2 >,kPS)) ; + + + !( + in(signreq); + let = sdec(signreq,kSP) in + if lvl = nest('source') then + out(senc(,~skP),lvl,'sign_ans'>,kPS)) + else if lvl = nest(nest('source')) then + out(senc(,~skP),lvl,'sign_ans'>,kPS)) + else if lvl = nest(nest(nest('source'))) then + out(senc(,~skP),lvl,'sign_ans'>,kPS)) + else if lvl = nest(nest(nest(nest('source')))) then + out(senc(,~skP),lvl,'sign_ans'>,kPS)) + else if lvl = nest(nest(nest(nest(nest('source'))))) then + out(senc(,~skP),lvl,'sign_ans'>,kPS)) + + + // To what depth can we go ? + + ) + ) + ) + ) + + +let remoteP(pkS,~remote:channel) = + in(~remote,); + let nestlvl = nest('source') in + new ~aR; + event Share(~aR); + let A='g'^~aR in + event Honnest(A); + out(A); + in(); + if pkS=opks then + ( + let h=hash() in + let k=B^~aR in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,nestlvl); + event KeyP(k); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + + + let B2='g'^~b2 in + let h2=hash() in + let k2=A2^~b2 in + let kPS2=kdfPtoS() in + let kSP2=kdfStoP() in + + out(senc(,kSP2)); + + in(signans); + let = sdec(signans,kPS2) in + if verify(sig2,,pkP)=true then + event AcceptP2(A,B,pkS,pkP,lvlf); + + out(senc(<'user_answer', lvlf, sig2>,kPS)); + + !( + in(signreq); + let = sdec(signreq,kSP) in + out(senc(,kSP2)); + in(signans2); + let = sdec(signans2,kPS2) in + // let = getMess(sig3) in +// if issign(sig3,pkP)=true then +// if isnest(lvl) = true then + event Test(sig3); + out(senc( ,kPS)) + + ) + ) + ) + ) + + +let S(~skS,pkS,pkP,~remote:channel) = + in(A); + new ~b; + event Share(~b); + let B='g'^~b in + let h=hash() in + let k=A^~b in + event AcceptS(A,B,pkS,pkP); + let sig=sign(<'server_sign',h>,~skS) in + out(); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + in(userauth); + let =sdec(userauth,kPS) in + if messa='user_auth' then + ( + if messpk=pkP then + ( + + out(senc('userauth_pk_ok',kSP)); + in(signans); + +/* out(senc(<'user_answer',<<'source',h>,sign(<'source',h>,~skP)>>,kPS)) ; */ + let <'user_answer',nestlvl,sig2>=sdec(signans,kPS) in + event AcceptS2TT(A,B,pkS,pkP,sig2,h); + + if verify(sig2,,pkP)=true then + ( + event AcceptS2(A,B,pkS,pkP,nestlvl); + event KeyS2(k); + + out(~remote,) + ) + + ) + ) + +process: +new ~remote:channel; + !(new ~skS; + out(pk(~skS)); + !(new ~skP; + out(pk(~skP)); + !( P(pk(~skS),~skP,pk(~skP)) || + S(~skS,pk(~skS),pk(~skP),~remote) || + remoteP(pk(~skS),~remote) + )) + ) + + +// lemma unique_AcceptP[reuse]: // unicity of event +// "All t a b skS skP #i #j. AcceptP(a,b,skS,skP,t)@i & AcceptP(a,b,skS,skP,t)@j ==> #i =#j" + +// lemma unique_AcceptS2[reuse]: //unicity of event +// "All a b skS skP t #i #j. AcceptS2(a,b,skS,skP,t)@i & AcceptS2(a,b,skS,skP,t)@j ==> #i =#j" + +// lemma unique_AcceptP2[reuse]: //unicity of event +// "All a b skS skP t #i #j. AcceptP2(a,b,skS,skP,t)@i & AcceptP2(a,b,skS,skP,t)@j ==> #i =#j" + + +// Proved in 2m38 up to this point + +lemma secretShares[reuse]: //secrecy of the shares + "(not (Ex k #i #j. ( Share(k)@i & KU(k)@j ) ))" + + +lemma injPS[reuse]: // if P accepts, some S also accepted in the first step (but no authentication of P at this stage) + "All a b skS skP t #i. AcceptP(a,b,skS,skP,t)@i ==> + (Ex skP2 #j. #j<#i & AcceptS(a,b,skS,skP2)@j)" + + +lemma injSP[reuse,use_induction]: // injectivity of final acceptance + "All a b skS skP t #i. AcceptS2(a,b,skS,skP,t)@i ==> + (Ex #j. j We add a conditional test not in the program inside the remote P execution, that allows to close the sources of Tamarin. It should not change the security of the protocol, as if the check fails here, it would fail on the server side. + This check is not required for Proverif to prove the protocol. + +*/ + + +theory SSH + +begin + +builtins: diffie-hellman, symmetric-encryption, signing + +functions: hash/1, kdfPtoS/1, kdfStoP/1 + +let P(pkS,~skP,pkP) = + new ~a; + event Share(~a); + let A='g'^~a in + event Honnest(A); + out(A); + in(); + + let h=hash() in + let k=B^~a in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,'source'); + event KeyP(k); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + let payload = <'source',h> in + let sig2 = sign(payload,~skP) in + event Sig(sig2); + event AcceptP2(A,B,pkS,pkP,'source'); + out(senc(<'user_answer', 'source', sig2 >,kPS)) ; + + + !( + in(signreq); + let <'nested',ms,'sign_req'> = sdec(signreq,kSP) in + + event Sig(sign(<'nested',ms>,~skP)); + out(senc(,~skP),'sign_ans'>,kPS)) + ) + ) + + ) + + +let remoteP(pkS,~remote:channel) = + in(~remote,); + new ~aR; + event Share(~aR); + let A='g'^~aR in + event Honnest(A); + out(A); + in(); + + let h=hash() in + let k=B^~aR in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(A,B,pkS,pkP,'nested'); + event KeyP(k); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + + + let B2='g'^~b2 in + let h2=hash() in + let k2=A2^~b2 in + let kPS2=kdfPtoS() in + let kSP2=kdfStoP() in + + out(senc(<'nested',h,'sign_req'>,kSP2)); + + in(signans); + let = sdec(signans,kPS2) in + if verify(sig2,<'nested',h>,pkP)=true then + // here we cheat a bit by adding this check, which is not in the standard, but allows to close the sources. The Proverif files goes through without it, but not Tamarin, with over 400 partial deconstructions. + // Replacing this conditional with a source lemma is globaly equivalent to proving the security of the full protocol, so we are back to square one. + + (event AcceptP2(A,B,pkS,pkP,'nested'); + out(senc(<'user_answer', 'nested',sig2>,kPS))) + + ) + ) + + + +let S(~skS,pkS,pkP,~remote:channel) = + in(A); + new ~b; + event Share(~b); + let B='g'^~b in + let h=hash() in + let k=A^~b in + event AcceptS(A,B,pkS,pkP); + let sig=sign(<'server_sign',h>,~skS) in + event Sig(sig); + out(); + let kPS=kdfPtoS() in + let kSP=kdfStoP() in + in(userauth); + let <'user_auth',=pkP>=sdec(userauth,kPS) in + + out(senc('userauth_pk_ok',kSP)); + in(signans); + let <'user_answer',nestlvl,sig2>=sdec(signans,kPS) in + event AcceptS2TT(A,B,pkS,pkP,sig2,h); + + if verify(sig2,,pkP)=true then + ( + event AcceptS2(A,B,pkS,pkP,nestlvl); + event KeyS2(k); + if nestlvl = 'source' then + out(~remote,) + ) + + +process: +new ~remote:channel; + !(new ~skS; event Key(~skS); + out(pk(~skS)); + !(new ~skP; event Key(~skP); + out(pk(~skP)); + !( P(pk(~skS),~skP,pk(~skP)) || + S(~skS,pk(~skS),pk(~skP),~remote) || + remoteP(pk(~skS),~remote) + )) + ) + + + +lemma reach: // sanity check + exists-trace + "Ex a b skS skP #i #j. AcceptS2(a,b,skS,skP,'source')@i & Honnest(a)@j " + +lemma reach_nested: // sanity check + exists-trace + "Ex a b skS skP #i #j. AcceptS2(a,b,skS,skP,'nested')@i & Honnest(a)@j" + +lemma secretP[reuse]: //secrecy of the key + "(not (Ex k #i #j. ( KeyP(k)@i & KU(k)@j ) ))" + + +lemma injPS: // if P accepts, some S also accepted in the first step (but no authentication of P at this stage) + "All a b skS skP t #i. AcceptP(a,b,skS,skP,t)@i ==> + (Ex skP2 #j. #j<#i & AcceptS(a,b,skS,skP2)@j)" + +lemma injSP[reuse,use_induction]: // injectivity of final acceptance + "All a b skS skP t #i. AcceptS2(a,b,skS,skP,t)@i ==> + (Ex #j. j); + if pkS=opks then + ( + let h=hash() in + let k=B^~a in + if verify(sig,<'server_sign',h>,pkS)=true then + ( + event AcceptP(gA,B,pkS,pkP); + event KeyP(k); + let kPS:skey=kdfPtoS() in + let kSP:skey=kdfStoP() in + out(senc(<'user_auth',pkP>,kPS)); + in(userauth_answer); + if sdec(userauth_answer,kSP)='userauth_pk_ok' then + ( + event AcceptP2(gA,B,pkS,pkP); + out(senc(<'user_answer',h,sign(h,~skP)>,kPS)) + ) + ) + ) + +let S(~skS,pkS,pkP) = + in(gA); + new ~b; + let gB='g'^~b in + let h=hash() in + let k=gA^~b in + event AcceptS(gA,gB,pkS,pkP); + let sig=sign(<'server_sign',h>,~skS) in + out(); + let kPS:skey=kdfPtoS() in + let kSP:skey=kdfStoP() in + in(userauth); + let mess=sdec(userauth,kPS) in + let <'user_auth',=pkP> = mess in + out(senc('userauth_pk_ok',kSP)); + in(signans); + let mess2=sdec(signans,kPS) in + let <'user_answer',=h,sig2> = mess2 in + if verify(sig2,h,pkP)=true then + ( + event AcceptS2(gA,gB,pkS,pkP); + event KeyS2(k) + ) + +process: + !(new ~skS; out(pk(~skS)); + !(new ~skP; out(pk(~skP)); + !( + P(pk(~skS),~skP,pk(~skP)) | S(~skS,pk(~skS),pk(~skP)) + ) + ) + ) + + +lemma secretP[reuse]: //secrecy of the key + "(not (Ex k #i #j. (KeyP(k)@i & KU(k)@j)))" + + +lemma injPS[reuse]: // if P accepts, some S also accepted in the first step (but no authentication of P at this stage) + "All a b skS skP #i. AcceptP(a,b,skS,skP)@i ==> + (Ex skP2 #j. #j<#i & AcceptS(a,b,skS,skP2)@j)" + +lemma injSP[reuse,use_induction]: // injectivity of final acceptance + "All a b skS skP #i. AcceptS2(a,b,skS,skP)@i ==> + (Ex #j. j (k='zero' | Ex #j. (InitC(cell)@j) )" + +// lemma monoSent[reuse,use_induction]: +// "All sk m m2 i j #u #v. Sent(sk,m,i)@u & Sent(sk,m2,j)@v & u < v ==> i (<) j" + +lemma true_Received_only_if_Send[reuse,use_induction]: + "All sk msg i #u. + Received(sk,msg,i) @u + ==> ( Ex #v. Sent(sk,msg,i) @v)" + +// lemma multset_base[reuse]: +// "All z. 'zero' + z = 'zero' ==> F" + + +lemma true_wellformed_Received[use_induction]: + "All sk msg1 i1 msg2 i2 #u #v. + ( Received(sk,msg1,i1) @u & Received(sk,msg2,i2) @v ) + ==> (( msg1 = msg2 & i1 = i2 ) + | ( (not msg1 = msg2) & (not i1 = i2) ))" + + +/* The protocol */ + +let ReceiverA = + lock cellA; + lookup cellA as i:nat in + event Read(cellA,i); + in(); + if i (<) j then + if h = hmac(sk,) + then + event Received(sk,msg,j); + insert cellA, j; + unlock cellA + else insert cellA, i; unlock cellA + else insert cellA, i; unlock cellA + +let SenderA = + lock cellA; + lookup cellA as i:nat in + event Read(cellA,i); + new msg; + event Sent(sk,msg,i+'one'); + out()>); + insert cellA, i+'one'; + unlock cellA + +let ReceiverB = + lock cellB; + lookup cellB as i:nat in + event Read(cellB,i); + in(); + if i (<) j then + if h = hmac(sk,) + then + event Received(sk,msg,j); + insert cellB, j; + unlock cellB + else insert cellB, i; unlock cellB + else insert cellB, i; unlock cellB + +let SenderB = + lock cellB; + lookup cellB as i:nat in + event Read(cellB,i); + new msg; + let j:nat = i+'one' in + event Sent(sk,msg,j); + out()>); + insert cellB, i+'one'; + unlock cellB + + /* We generate an unbounded number of sessions, each with two senders and two receivers */ + /* sharing a private key and two cell names. However, these Receivers and Senders are only */ + /* roles for an (unbounded) number of agents playing them, since in the CANauth protocol */ + /* nothing links one role to one specific agent. For each session, the protocol */ + /* defines two roles A and B, each with it's own cell 'cell_A' and 'cell_B'. These cells */ + /* differ from one sesion to an other one. Consequently, the modeling models an unbounded */ + /* number of agents, each talking to an unbounded number of agents, and so using an */ + /* unbounded number of cells. */ +process: +!( new sk; + new cellA; insert cellA, 'zero'; event InitC(cellA); + new cellB; insert cellB, 'zero'; event InitC(cellB); + ! ( ReceiverA || SenderA || ReceiverB || SenderB ) +) + +end diff --git a/examples/sapic/export/States/scytl-voting-system.spthy b/examples/sapic/export/States/scytl-voting-system.spthy new file mode 100644 index 000000000..c638515a2 --- /dev/null +++ b/examples/sapic/export/States/scytl-voting-system.spthy @@ -0,0 +1,154 @@ +theory Scytl_Voting_System +begin + +section{* Scytl Voting System *} + +/* + + Built from the Sapic model inside the GSVerif benchmark. + The original file actually contained a modeeling error. + + Proverif: 1 second + "cannot be proved" on single_vote + + Tamarin: 1 minute + + + */ + +functions: w/2, sk/1 [private], h/1, f/2, phi/1, v/1, cc/1 [private], + cut/1, honest/1 [private], enc/3, pub/1, sign/2, zkp/7, + verifP/6 [destructor], verifE/2 [destructor], verifS/3 [destructor], dec/2, get_message/1, check/2, + get_id/1, get_w/2, true/0, pk/1 + +equations: +pk(id) = pub(sk(id)), // this equation was missing in the original GS Verif benchmark file +dec(Skey,enc(pub(Skey),M,R)) = M , +get_message(sign(Skey,M)) = M , +check(pub(Skey),sign(Skey,M)) = M , +get_id(pub(sk(Id))) = Id, +get_w(w(Skey,V),Skey) = V , +verifE(pkey,enc(pkey,m,r)) = true, +verifS(pub(skey),m,sign(skey,m)) = true, +verifP(Pke, pub(Skid), enc(Pke,phi(v1),R), w(Skid,cut(enc(Pke,phi(v1),R))), w(Skid,v1), + zkp(Pke, pub(Skid), enc(Pke,phi(v1),R), w(Skid,cut(enc(Pke,phi(v1),R))), w(Skid,v1), R,Skid)) = true, +verifP(Pke, pub(Skid), enc(Pke,phi(v1),R), w(Skid,cut(enc(Pke,phi(v1),R))), w(Skid,v1), + zkp(Pke, pub(Skid), enc(Pke,phi(v1),R), cut(enc(Pke,phi(w(Skid,v1)),R)), w(Skid,v1), R,Skid)) = true, +verifP(Pke, pub(Skid), enc(Pke,phi(v1),R), cut(enc(Pke,phi(w(Skid,v1)),R)), w(Skid,v1), + zkp(Pke, pub(Skid), enc(Pke,phi(v1),R), w(Skid,cut(enc(Pke,phi(v1),R))), w(Skid,v1), R,Skid)) = true, +verifP(Pke, pub(Skid), enc(Pke,phi(v1),R), cut(enc(Pke,phi(w(Skid,v1)),R)), w(Skid,v1), +zkp(Pke, pub(Skid), enc(Pke,phi(v1),R), cut(enc(Pke,phi(w(Skid,v1)),R)), w(Skid,v1), R,Skid)) = true + +let Alice = + let AliceSkid = sk(honest(id_seed)) in + let RCid1 = f(k,w(sk(honest(id_seed)),v(X_J))) in + let FCid = f(k,w(sk(honest(id_seed)),cc(honest(id_seed)))) in + let CCid = cc(honest(id_seed)) in + out(); + in(); + if XmCA1=mCA1 then + if RC_Set=RCid1 then + ( event Confirmed(honest(id_seed),k,X_J); + out(); + in(); + if XmCA2=mCA2 then + if offeredFC=FCid then + event HappyUser(honest(id_seed),k,X_J) + ) + +let Serv = + in(>); + let ServPks = pub(sks) in + let RFid1 = h(f(k,w(sk(ClientId),v(j)))) in + let CRFid = sign(sks,f(k,w(sk(ClientId),cc(ClientId)))) in + let B = in + + if PkId = pk(ClientId) then + ( if verifP(pke,pk(ClientId),C,EC,W,P) = true then + if verifE(pke,C) = true then + lock locktb; + lookup ClientId as otherB in + unlock locktb + else + insert ClientId, B; + event InsertBB(ClientId,B); + let RC1 = f(k,W) in + if h(RC1) = RFid1 then + (out(RC1); in(CM); + let FC = f(k,CM) in + (if verifS(ServPks,FC,CRFid) = true then +/* insert <'cb',ClientId>, ; */ + event HasVoted(pke,k,sks,ClientId,B,FC,CRFid); + out(FC); + unlock locktb + else + unlock locktb)) + else + unlock locktb + ) + +process: +new election; out(election); +new signature; out(signature); +new globalCGKP; out(globalCGKP); +let ske = sk(election) in +let pke = pub(sk(election)) in +let sks = sk(signature) in +let pks = pub(sk(signature)) in +let k = sk(globalCGKP) in +new j; new a1; out(); +new mAC1; new mAC2; new mCA1; new mCA2; +out(); +out(); +new locktb; +( + ( !( in(X_J); new id_seed; out(honest(id_seed)); Alice )) +|| ( !( in(Y_J); new eid; out(eid); + out())) +|| ( !( Serv )) +) + + +lemma exists_vote: + exists-trace + "Ex Id B1 #i. InsertBB(Id,B1) @ i " + +lemma exists_hu: + exists-trace + "Ex Id2 K2 T_J #i. HappyUser(Id2,K2,T_J) @ i" + +lemma exists_honest_hv: + exists-trace + "Ex Pke K1 Sks Id1 B3 FC1 CRFid1 #i. + HasVoted(Pke,K1,Sks,honest(Id1),B3,FC1,CRFid1) @ i" + + +lemma single_vote: + "All Id B1 B2 #i #j. InsertBB(Id,B1) @ i & InsertBB(Id,B2) @ j ==> (B1=B2)" + +lemma cast_as_intended: + "All Pke K1 Sks Id1 B3 FC1 CRFid1 #i. + HasVoted(Pke,K1,Sks,honest(Id1),B3,FC1,CRFid1) @ i + ==> ( Ex Z_J C W1 EC0 P1 R #j. + Confirmed(honest(Id1),K1,Z_J) @ j + & B3 = + & C = enc(Pke,phi(v(Z_J)),R) + )" + +lemma tallied_as_cast: + "All Id2 K2 T_J #i. + HappyUser(Id2,K2,T_J) @ i + ==> ( Ex Pke Sks B4 FC2 CRFid2 C2 W2 EC1 EC2 P2 R #j. + HasVoted(Pke,K2,Sks,Id2,B4,FC2,CRFid2) @ j + & B4 = + & C2 = enc(Pke,phi(v(T_J)),R) + & W2=w(sk(Id2),v(T_J)) + & ( EC1 = w(sk(Id2),cut(enc(Pke,phi(v(T_J)),R))) + | EC1 = cut(enc(Pke,phi(w(sk(Id2),v(T_J))),R)) ) + & P2 = zkp(Pke,pub(sk(Id2)),C2,EC2,W2,R,sk(Id2)) + & ( EC2 = w(sk(Id2),cut(enc(Pke,phi(v(T_J)),R))) + | EC2 = cut(enc(Pke,phi(w(sk(Id2),v(T_J))),R)) ) + & CRFid2 = sign(Sks,FC2) + )" + +end diff --git a/examples/sapic/export/States/secure-device.spthy b/examples/sapic/export/States/secure-device.spthy new file mode 100644 index 000000000..a444bfc16 --- /dev/null +++ b/examples/sapic/export/States/secure-device.spthy @@ -0,0 +1,118 @@ +theory StatVerif_Security_Device begin + +/* + Protocol: Simple security device (Example 1 from [1]) + + + Proverif: in a few seconds + Tamarin: in 1 minute on 64 core + +*/ + +builtins: asymmetric-encryption + +//options: enableStateOpt + +let Device=( + out(pk(~sk)) + || + !( lock ~s ; lookup ~s as status in + event Read(~s,status); + if status='init' then + in('left'); + event InitDevice(~s,'left'); + insert ~s,'left'; + unlock ~s + ) + || + !( lock ~s ; lookup ~s as status in + event Read(~s,status); + if status='init' then + in('right'); + event InitDevice(~s,'right'); + insert ~s,'right'; + unlock ~s + ) + + || + !( + lock ~s; + lookup ~s as status in + event Read(~s,status); + in(aencmess); + let =adec(aencmess,~sk) in + if status='left' then + event Access(~s,x); out(x); insert ~s, status; unlock ~s + else if status='right' then + event Access(~s,y); out(y); insert ~s, status; unlock ~s + else insert ~s, status; unlock ~s + ) +) + +let User=new lm; new rm; event L_Exclusive(~s,lm,rm); out(aenc{}pk(~sk)) + +process: +!( new ~sk:skey; new ~s; insert ~s,'init'; ( Device || ! User )) + +// Source lemma, taken from Tamarin's example directory: + +// As we use a backwards search, we must specify the possible structure of +// messages sent in 'UseLeftDevice' and 'UseRightDevice' precise enough such +// that we can solve all chain constraints starting from the sent message. We +// therefore log the message being accessed and relate it to its possible +// origins: known to the intruder in an earlier step or part of an exclusive +// message generated by 'Alice'. Source lemmas are proven by induction and +// incorporated in the precomputation of the sources. +lemma source [sources]: + "All s m #i. Access(s,m) @ i ==> + (Ex #j. KU(m) @ j & j < i) // Make use of the KU-facts logged + // // by the construction rules. + | (Ex x #j. L_Exclusive(s,x,m) @ j) + | (Ex y #j. L_Exclusive(s,m,y) @ j) + " + +// Check that there is some trace where the intruder knows the left message of +// an exclusive message-tuple. In contrast to the source lemma, we use the +// standard 'K'-fact, which is logged by the built-in 'ISend' rule. +lemma reachability_left: + exists-trace + "Ex s x y #i #j. L_Exclusive(s,x,y) @i & KU(x) @j " + +lemma reachability_right: + exists-trace + "Ex s x y #i #k. L_Exclusive(s,x,y) @i & KU(y) @ k" + +lemma initnott[reuse,use_induction]: + "All s st #t1 #t2 . Read(s,'init')@t1 & InitDevice(s,st)@t2 ==> t1 < t2" + +lemma uniqInit[reuse,use_induction]: + "All s st1 st2 #t1 #t2 . InitDevice(s,st1)@t1 & InitDevice(s,st2)@t2 ==> #t1=#t2 " + + +lemma initdev2[reuse,use_induction]: + "All s #t . Read(s,'left')@t ==> Ex #t2. InitDevice(s, 'left')@t2 & t2 < t" + +lemma initdev3[reuse,use_induction]: + "All s #t . Read(s,'right')@t ==> Ex #t2. InitDevice(s, 'right')@t2 & t2 < t" + + +lemma secrecyleft[reuse,use_induction]: + "All s x y #i #k1 . L_Exclusive(s,x,y) @i & KU(x) @ k1 ==> Ex #k2. InitDevice(s, 'left')@k2 & k2 < k1 + " + +lemma secrecyright[reuse,use_induction]: + "All s x y #i #k1 . L_Exclusive(s,x,y) @i & KU(y) @ k1 ==> Ex #k2. InitDevice(s, 'right')@k2 & k2 < k1 + " + +// Check that exclusivity is maintained +lemma secrecy[use_induction]: + "not(Ex s x y #i #k1 #k2. + L_Exclusive(s,x,y) @i & KU(x) @ k1 & KU(y) @ k2 + ) + " + + + + + +end diff --git a/examples/sapic/export/ex1.spthy b/examples/sapic/export/ex1.spthy new file mode 100644 index 000000000..fa26b080e --- /dev/null +++ b/examples/sapic/export/ex1.spthy @@ -0,0 +1,39 @@ +/* +example illustrating some proverif translations: + tuples <> -> () + constant 'test' -> must be translated with header free test:bitstring. + default bitstring type added everywhere +*/ + +theory ChannelsTestOne +begin + +builtins: symmetric-encryption + +functions: bij/1, unbij/1, kdf(bitstring):skey +/* Check for communication on private channels */ +/* - communication is private */ +/* - communication is possible */ +equations: bij(unbij(x))=x + +export queries : + " + (* This query was added manualy, and the other one automatically from the lemmas. *) + query x:bitstring; event(Secret(x)) && (attacker(x)). + " + +let P = new a; event Secret(a); out (senc(,sk)) +let Q = in( m:bitstring); let = sdec(m,sk) in event Received(md) + +process: +new sk:skey; (P || Q) + +lemma secret : + "not( Ex x #i #j. (Secret(x) @ i & KU(x) @ j))" + +lemma received : exists-trace + "Ex x #i. Received(x) @ i" + +end + +/* vim: set filetype=apip */ diff --git a/examples/sapic/export/privacypass.spthy b/examples/sapic/export/privacypass.spthy new file mode 100644 index 000000000..278b9fe4e --- /dev/null +++ b/examples/sapic/export/privacypass.spthy @@ -0,0 +1,130 @@ + +/* + * Protocol: Privacy Pass + https://tools.ietf.org/html/draft-davidson-pp-protocol-01 + + We verify both reachability and equivalence properties. + + Proverif: everything in a second + tamarin-prover privacypass.spthy -m=proverif > pp-reach.pv; proverif pp-reach.pv + tamarin-prover privacypass.spthy -m=proverifequiv > pp-ind.pv; proverif pp-ind.pv + + Tamarin : everything in a few seconds + tamarin-prover privacypass.spthy --prove + + +We rely on a an abstract VOPRF, has described in +https://tools.ietf.org/html/draft-irtf-cfrg-voprf-03#section-4.2.2 +To follow the notations of privacy pass, we rename k as sk and Y has pkV(sk), + +VOPRF +Setup phase +V --------- P + new sk ; + <-- pkV(sk) ------ + + +Evalution phase +V(x,aux,pkS) ----------- P(sk,pkV(sk)) +(r,M) = VBlind(x) + ------------ M ---------> + ZD = VEvaluate(sk,pkV(sk),M) + <-------- ZD ------------- +N = VUnblind(r,pkS,M,ZD) +ret VFinalize(x,pkS,N,aux) + +ZD = VEvaluate(sk,pkV(sk),M) +VFinalize(x, pkV(sk) , VUnblind(r,pkV(sk),M,ZD), aux) + == H_2(H_2(DST, x .. F(sk,x)), aux) + +DST := Domain Separation Label (tag), F PRF, and H_2 hash function + +*/ + + +theory privpass + +begin + +functions: pkV/1,MVBlind/2,rVBlind/2,VEvaluate/3, VUnblind/4, VFinalize/4 [destructor], H2/1,F/2 + +equations: VFinalize(x, pkV(sk), + VUnblind(rVBlind(x,r),pkV(sk),MVBlind(x,r), VEvaluate(sk,pkV(sk),MVBlind(x,r))) + , aux) = H2( < H2() , aux>) + +let Client(pkS,x) = + new r; + let tok = rVBlind(x,r) in + let Btok = MVBlind(x,r) in + out(Btok); + in(resp); + let unbTok = VUnblind(tok,pkS,Btok,resp) in + // end of issance phase + // begin redemption phase + new aux; + let redeem = VFinalize(x, pkS, unbTok,) in + out() + +let ServerIssue(~sk) = + in(btok); + event Issue(btok); + out(VEvaluate(~sk,pkV(~sk),btok)) + // end of issuance phase + +let ServerRedemp(~sk) = + in(final); + // begin redemption + let = final in + if redeem = H2( < H2() , aux>) then + event Accept(x) + + + +process: +!(new ~sk; + out(pkV(~sk)); + !(new x; Client(pkV(~sk),x) | ServerIssue(~sk) | ServerRedemp(~sk)) + +) + + +lemma true_honnestauthRI: // should be true + "All x #i . Accept(x)@i ==> + (Ex r #j. j inj-event(Issue( MVBlind(x, r) )). + +// " + + + + + +let ClientNoRed(pkS,x) = + new r; + let tok = rVBlind(x,r) in + let Btok = MVBlind(x,r) in + out(Btok) + + +diffEquivLemma: +// Adding a top-level ! makes Proverif not answer back +(new ~sk; + out(pkV(~sk)); new y; (ServerRedemp(~sk) | + ( new x; Client(pkV(~sk),diff(x,y)))| +! (new x; ClientNoRed(pkV(~sk),diff(x,y)) | ServerIssue(~sk) )) +) + + + +end diff --git a/examples/sapic/export/run-proverif-CS.sh b/examples/sapic/export/run-proverif-CS.sh new file mode 100755 index 000000000..ee2c133dc --- /dev/null +++ b/examples/sapic/export/run-proverif-CS.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +SAPIC_CASE_STUDIES_SLOW=*.spthy + + + +runners=("progsverif-tamarin") + +IFS='' # required to keep the tabs and spaces + +TIMEOUT='30m' + +exec_runner(){ + START=$(date +%s) + res=$(timeout $TIMEOUT $runner $filename) + END=$(date +%s) + DIFF=$(echo "$END - $START" | bc) + echo -n $res | grep "RESULT" | tr '\n' ' ' >> "$outfilename" + echo -n ";$DIFF;" >> "$outfilename" +} + + +outfilename="res-pro.csv" +echo -n "filename" >> "$outfilename" +for runner in "${runners[@]}"; do + echo -n "; $runner result ; $runner time" >> "$outfilename" +done +echo "" >> "$outfilename" # jump line +# for file in $files; do +find . -name "*.spthy" | while read line; do + filename="$line" + echo 'Extracting examples from '"$filename" + echo -n "$filename;" >> "$outfilename" + for runner in "${runners[@]}"; do + exec_runner + done + echo "" >> "$outfilename" # jump line +done diff --git a/examples/sapic/export/run-tamarin-CS.sh b/examples/sapic/export/run-tamarin-CS.sh new file mode 100755 index 000000000..82e27089a --- /dev/null +++ b/examples/sapic/export/run-tamarin-CS.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +filenames=( +# "SSH/ssh-with-forwarding-bounded.spthy" # this one has too many partial deconstructions +"privacypass.spthy" +"ExistingSapicModels/OTP.spthy" +"ExistingSapicModels/nsl-no_as-untagged.spthy" +"ExistingSapicModels/AC_sid_with_attack.spthy" +"ExistingSapicModels/AKE.spthy" +"ExistingSapicModels/AC.spthy" +"ExistingSapicModels/AC_counter_with_attack.spthy" +"States/scytl-voting-system.spthy" +"States/secure-device.spthy" +# "States/canauth.spthy" # not working on tamarin +"LAKE/lake-edhoc.spthy" +"LAKE/lake-edhoc-DHmode-FS-KCI.spthy" +"KEMTLS/kemtls.spthy" +"KEMTLS/kemtls-noaead.spthy" +"KEMTLS/kemtls-clientauth.spthy" +"5G_AKA/5G_AKA.spthy" +"SSH/ssh-with-one-forwarding.spthy" +"SSH/ssh-without-forwarding.spthy" +) + +runners=("tamarin-prover") + +IFS='' # required to keep the tabs and spaces + +TIMEOUT='100m' + +exec_runner(){ + START=$(date +%s) + res=$(timeout $TIMEOUT $runner $filename --prove) + END=$(date +%s) + DIFF=$(echo "$END - $START" | bc) + echo -n $res | grep "verified\|falsified" | tr '\n' ' ' >> "$outfilename" + echo -n ",$DIFF," >> "$outfilename" +} + + +outfilename="res-tam.csv" +echo -n "filename" >> "$outfilename" +for runner in "${runners[@]}"; do + echo -n ", $runner result , $runner time" >> "$outfilename" +done +echo "" >> "$outfilename" # jump line +for file in "${filenames[@]}"; do +# find . -name "*.spthy" | while read line; do + # filename="$line" + filename="$file" + echo 'Extracting examples from '"$filename" + echo -n "$filename," >> "$outfilename" + for runner in "${runners[@]}"; do + exec_runner + done + echo "" >> "$outfilename" # jump line +done diff --git a/examples/sapic/export/toy-example.spthy b/examples/sapic/export/toy-example.spthy new file mode 100644 index 000000000..7e6b013ee --- /dev/null +++ b/examples/sapic/export/toy-example.spthy @@ -0,0 +1,67 @@ +// toy example from the paper + +/* + +Reachability query verified with + $ tamarin-prover toy-example.spthy --prove + $ tamarin-prover toy-example.spthy -m=proverif > te-reach.pv; proverif te-reach.pv + +Unlinkability query "cannot be proved" with + $ tamarin-prover toy-example.spthy -m=proverifequiv > te-un.pv; proverif te-un.pv + +Unlinkability disproved with: + $ tamarin-prover toy-example.spthy -m=deepsec > te-un.ds; deepsec te-un.ds + + +*/ + +theory Toy + +begin + +functions: dec/2 [destructor], enc/2 + +equations: dec(enc(m, k), k) = m + +let P(sk,key) = + + event Honest(key); + out(enc( ,sk )) + +let Q(sk) = + in(cypher); + let =dec(cypher,sk) in + event Accept(key); + out('accept') + else + out('abort') + +process: +!new sk; event SharedKey(sk); (! new key; P(sk,key) || !Q(sk)) + +lemma Auth: + "All k #i. Accept(k)@i ==> Ex #j. Honest(k)@j & j < i" + + +equivLemma: + new sk; (! (new key; P(sk,key) | Q(sk)) ) + ! (new sk; (new key; P(sk,key) | Q(sk) )) + + + + +/* + + +Strong secrecy query verified with: + $ tamarin-prover toy-example.spthy -m=proverifequiv > te-sec.pv; proverif te-sec.pv + +// when the file only contains the following equiv query: + +diffequivLemma: + in(k1); in(k2); ! new sk; ( ( ! P(sk,diff(k1,k2)) ) | (! Q(sk) ) ) + + +*/ + +end diff --git a/examples/sapic/fast/GJM-contract/contract.spthy b/examples/sapic/fast/GJM-contract/contract.spthy index 33dcd70f3..3db82f380 100644 --- a/examples/sapic/fast/GJM-contract/contract.spthy +++ b/examples/sapic/fast/GJM-contract/contract.spthy @@ -4,11 +4,11 @@ begin section{* GM Protocol for Contract signing *} /* - * Protocol: GM contract signing - * Modeler: Robert Kunnemann + * Protocol: GM contract signing + * Modeler: Robert Kunnemann * Date: March 2013 * - * Status: working + * Status: working */ /* Some more comments: @@ -17,7 +17,7 @@ section{* GM Protocol for Contract signing *} * contract. It does not so much depend on the actualy * crypto used. We could show that if all participants * reach some kind of "End"-state, fairness is given, i.e. - * either both parties have a signature, or none has. + * either both parties have a signature, or none has. * * We furthermore added an equation to the signature that * allows the communication partner to fake a pcs (but the @@ -26,7 +26,7 @@ section{* GM Protocol for Contract signing *} /* Modifications, Date: Oct 17th, 2017. * - * Bug correction : in WitnessAbort, replaced + * Bug correction : in WitnessAbort, replaced * in (sign(pcs(sign(ct,sk1), pk(ysk), pk(skT)),skT) ); * by * in (sign(<,sign(,sk1)>,skT)); @@ -35,7 +35,7 @@ section{* GM Protocol for Contract signing *} * was not accessible. Also added a sanity check for * AbortCert(ct), named aborted1_contract_reachable * Without correction, tamarin reports 'falsified' for this check. - * + * * Note: The tamarin spec outputs pcs in Abort1 instead of sign. */ @@ -91,16 +91,16 @@ if check_getmsg(ysig, pk1) = then let Resolve2 = in(<'resolve2',>); -if check_getmsg(ysig2, pk2)=ct then +if check_getmsg(ysig2, pk2)=ct then ( /* check validity of the pcs ..something not done in StatVerif/Tamarin modelling */ - if check_getmsg(convertpcs(skT,ypcs1),pk1) = ct then + if check_getmsg(convertpcs(skT,ypcs1),pk1) = ct then ( - if checkpcs(ct, pk1, pk2, pk(skT), ypcs1)=true() then + if checkpcs(ct, pk1, pk2, pk(skT), ypcs1)=true() then ( lock ct; lookup ct as status in unlock ct - else + else ( insert ct, 'resolved2'; event Resolve2(ct); @@ -113,15 +113,15 @@ if check_getmsg(ysig2, pk2)=ct then let Resolve1 = in(<'resolve1',>); -if check_getmsg(ysig1,pk1)=ct then +if check_getmsg(ysig1,pk1)=ct then ( - if check_getmsg(convertpcs(skT,ypcs2),pk2) = ct then + if check_getmsg(convertpcs(skT,ypcs2),pk2) = ct then ( if checkpcs(ct, pk2, pk1, pk(skT), ypcs2)=true() then ( lock ct; lookup ct as status in unlock ct - else + else ( insert ct, 'resolved1'; event Resolve1(ct); @@ -131,28 +131,33 @@ if check_getmsg(ysig1,pk1)=ct then ) ) ) - -let WitnessAbort = -in (sign(<,sign(,sk1)>,skT)); + +let WitnessAbort = +// in (sign(<,sign(<=ct,pk(=sk1),=pk2>,=sk1)>,skT)); +in (signed); +let <,signed2> = check_getmsg(signed, pk(skT)) in +if = check_getmsg(signed2,pk(sk1)) then + event AbortCert(ct) + /**** Previous version follows * in (sign(pcs(sign(ct,sk1), pk(ysk), pk(skT)),skT) ); */ -event AbortCert(ct) + let WitnessResolved = -in (sign(,skT)); +in (sign(,=skT)); event ResolveCert(ct) /* Honest client specification, useless here because all clients are dishonest * and play against the Trusted Third Party. Kept for reference. -let HonestClient = +let HonestClient = new skA; out(pk(skA)); in (); ( //First decision: Sign the contract! out(sign(ct,skA)); - ( - in(sigB); + ( + in(sigB); if verify(sigB,ct,xpkB)=true() then //if we get a signature back..good! event AhasSignature(ct) @@ -164,6 +169,7 @@ let HonestClient = 0 */ +process: !( new skT; out(pk(skT)); ( !Abort1 || !Resolve2 || !Resolve1 @@ -210,4 +216,4 @@ lemma resolved2_contract_reachable: Resolve2(ct1) @ i1 & Resolve2(ct2) @ i2 ==> #i1 = #i2) " -end +end diff --git a/examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy b/examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy index 8f8d4610e..78973befb 100644 --- a/examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy +++ b/examples/sapic/fast/MoedersheimWebService/set-abstr-lookup.spthy @@ -6,7 +6,7 @@ section{* The PKI-example *} /* * Protocol: Running example from Abstraction by set * membership by S. Mödersheim - * Modeler: Robert Kunnemann + * Modeler: Robert Kunnemann * Date: Januar 2013 * * Status: working @@ -25,10 +25,10 @@ let Client= unlock <'USER',user>; out(<'renew',user,pk(~nsk)>); out(sign(<'renew',user,pk(~nsk)>,~sk)); - in(sign(<'confirm',sign(<'renew',user,pk(~nsk)>,~sk)>,pki)); + in(sign(<'confirm',sign(<'renew',=user,pk(=~nsk)>,=~sk)>,=pki)); event Revoked(~sk); out(~sk) - + let Server= ( ( /* Create Honest Keys */ @@ -41,11 +41,11 @@ let Server= event HonestKey(~sk); unlock <'SERVER',user>; out(pk(~sk)) -) -|| +) +|| ( /* Revoke key */ - in(<'renew',user,pk(nsk)>); - in(sign(<'renew',user,pk(nsk)>,sk)); + in(<'renew',=user,pk(=nsk)>); + in(sign(<'renew',=user,pk(=nsk)>,sk)); lock <'SERVER',user>; lookup <'SERVER',pki,user> as pksk in if pksk = pk(sk) then @@ -56,7 +56,8 @@ let Server= ) ) -!(new pki; ! Server || (new user; out(user); ! Client) ) +process: +!(new pki; ! Server || (new user; out(user); ! Client) ) lemma Knows_Honest_Key_imp_Revoked: "All sk #i #d. HonestKey(sk) @ i & K(sk) @ d ==> diff --git a/examples/sapic/fast/MoedersheimWebService/set-abstr.spthy b/examples/sapic/fast/MoedersheimWebService/set-abstr.spthy index 0b85f79fb..64ca6be12 100644 --- a/examples/sapic/fast/MoedersheimWebService/set-abstr.spthy +++ b/examples/sapic/fast/MoedersheimWebService/set-abstr.spthy @@ -6,8 +6,8 @@ section{* The PKI-example *} /* * Protocol: Variant on the running example from Abstraction by set * membership by S. Mödersheim.. more difficult than the original, - * actually - * Modeler: Robert Kunnemann + * actually + * Modeler: Robert Kunnemann * Date: Farbuary 2013 * * Status: working @@ -15,16 +15,18 @@ section{* The PKI-example *} builtins: asymmetric-encryption, signing -heuristic: si // use heuristics for SAPIC and injective facts in a round-robin fashion +// use heuristics for SAPIC and injective facts in a round-robin fashion + +heuristic: si let Client= ( /* Revoke key */ new ~nsk; - [ ClientKey(user, ~sk) ] --[ HonestKey(~nsk) ]-> [ ClientKey(user,~nsk) ]; + [ ClientKey(=user, ~sk) ] --[ HonestKey(~nsk) ]-> [ ClientKey(user,~nsk) ]; out(<'renew',user,pk(~nsk)>); out(sign(<'renew',user,pk(~nsk)>,~sk)); - in(sign(<'confirm',sign(<'renew',user,pk(~nsk)>,~sk)>,pki)); + in(sign(<'confirm',sign(<'renew',=user,pk(=~nsk)>,=~sk)>,=pki)); event Revoked(~sk); out(~sk) ) @@ -35,7 +37,7 @@ let Server= [ ] --[ HonestKey(~sk) ]-> [ ServerDB(pki,user,pk(~sk)), ClientKey(user,~sk)]; out(pk(~sk)) -) +) || //Allow creating Dishonest Keys ( in(); [] --> [ServerDB(pki,user,pk(sk))] @@ -43,12 +45,13 @@ ClientKey(user,~sk)]; || //Revoke Key ( in(<'renew',user,pk(nsk)>); - in(sign(<'renew',user,pk(nsk)>,sk)); - [ServerDB(pki,user,pk(sk))]-->[ServerDB(pki,user,pk(nsk))]; + in(sign(<'renew',=user,pk(=nsk)>,sk)); + [ServerDB(=pki,=user,pk(=sk))]-->[ServerDB(pki,user,pk(nsk))]; out(sign(<'confirm',sign(<'renew',user,pk(nsk)>,sk)>,pki)) )) -!(new pki; ! Server || (new user; ! Client) ) +process: +!(new pki; ! Server || (new user; ! Client) ) lemma Knows_Honest_Key_imp_Revoked: "All sk #i #d. HonestKey(sk) @ i & K(sk) @ d ==> diff --git a/examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy b/examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy index 998efb838..a655856b2 100644 --- a/examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy +++ b/examples/sapic/fast/SCADA/opc_ua_secure_conversation.spthy @@ -37,7 +37,8 @@ let A = ( let B = ( let id = in !( lock id; - in('r', , kSign)>, kEnc)>); + in('r', , =kEnc)>); + if xmac = mac(, kSign) then event Seq_Recv(a, b, seq); event Recv(a, b, m); unlock id @@ -45,7 +46,7 @@ let B = ( ) /* Main process */ - +process: !( new a; new b; new kSign; new kEnc; @@ -88,9 +89,9 @@ lemma all_received_were_sent: // All received messages were sent, and are not received twice (auto) lemma all_received_were_sent_injective: - "All A B t #i. + "All A B t #i. Recv(A,B,t) @#i - ==> (Ex #j. Sent(A,B,t) @#j + ==> (Ex #j. Sent(A,B,t) @#j & #j < #i & not (Ex A2 B2 #i2. Recv(A2,B2,t) @i2 & not (#i2 = #i)))" diff --git a/examples/sapic/fast/SCADA/opc_ua_secure_conversation_variant.spthy b/examples/sapic/fast/SCADA/opc_ua_secure_conversation_variant.spthy deleted file mode 100644 index fadcd9c85..000000000 --- a/examples/sapic/fast/SCADA/opc_ua_secure_conversation_variant.spthy +++ /dev/null @@ -1,121 +0,0 @@ -theory OPC_UA_Secure_Communication_Variant -begin - -section{* The OPC UA Secure Conversation protocol *} - -/* - * Protocol: OPC UA Secure Conversation protocol - * Date: July 2021 - * Status: Working - * - * See NOTE below. - */ - -builtins: symmetric-encryption, hashing, multiset, reliable-channel -options: translation-progress - -/* Equations for MAC, similar to signatures but with symmetric keys */ -functions: mac/2, verifyMac/3, true/0 - -equations: verifyMac(mac(m, sk), m, sk)=true - - -/* Role of Alice, the sender */ - -let A = ( - let id = in - !( lock id; - in('c',seq); - event Seq_Sent(a, b, seq); - new m; - event Sent(a, b, m); - out('r', <$MH, $SH, senc(, kSign)>, kEnc)>); - unlock id - ) -) - -/* Role of Bob, the receiver */ - -let B = ( - let id = in - !( lock id; - // NOTE: Variant where we check the mac after pattern matching - /* in('r', , kSign)>, kEnc)>); */ - in('r', , kEnc)>); - if xmac = mac(, kSign) then - event Seq_Recv(a, b, seq); - event Recv(a, b, m); - unlock id - ) -) - -/* Main process */ - -!( -new a; new b; -new kSign; new kEnc; - (A || B) -) - - -// RESTRICTIONS - -// Sequence number restrictions: - -// A's counter increases -restriction A_Counter_Increases: - "All A B seq1 seq2 #i #j.(Seq_Sent(A, B, seq1) @ #i & Seq_Sent(A, B, seq2) @ #j & #i < #j ==> Ex dif. seq2 = seq1 + dif )" - -// A's counter cannot be reused -restriction A_Counter_No_Reuse: - "All A B seq #i #j.(Seq_Sent(A, B, seq) @ #i & Seq_Sent(A, B, seq) @ #j ==> #i=#j)" - -// B's counter counter increases -restriction B_Counter_Counter_Increases: - "All A B seq1 seq2 #i #j.(Seq_Recv(A, B, seq1) @ #i & Seq_Recv(A, B, seq2) @ #j & #i < #j ==> Ex dif. seq2 = seq1 + dif )" - -// B's counter cannot be reused -restriction B_Counter_No_Reuse: - "All A B seq #i #j.(Seq_Recv(A, B, seq) @ #i & Seq_Recv(A, B, seq) @ #j ==> #i=#j)" - - -// The protocol is executable. (auto) -lemma Executable: - exists-trace - "Ex A B m #i. Recv(A, B, m) @ #i" - - -// All received messages were sent (auto) -lemma all_received_were_sent: - all-traces - "All A B m #i.(Recv(A,B,m) @ #i ==> (Ex #k. (Sent(A,B,m) @ #k & #k < #i)))" - - -// All received messages were sent, and are not received twice (auto) -lemma all_received_were_sent_injective: - "All A B t #i. - Recv(A,B,t) @#i - ==> (Ex #j. Sent(A,B,t) @#j - & #j < #i - & not (Ex A2 B2 #i2. Recv(A2,B2,t) @i2 - & not (#i2 = #i)))" - -// The order of messages is preserved (auto) -// currently not auto! -lemma order: - all-traces - "All A B m m2 #i #j.(Recv(A,B,m) @ #i & Recv(A,B,m2) @ #j & #i < #j ==> (Ex #k #l. (Sent(A,B,m) @ #k & Sent(A,B,m2) @ #l & #k < #l) ))" - - -// Message Delivery: all sent messages are received (auto) -lemma delivery_wo_order: - all-traces - "All A B m #i.(Sent(A,B,m) @ #i ==> (Ex #k. (Recv(A,B,m) @ #k & #i < #k)))" - -// Message Delivery: all sent messages are received in the same order (auto) -// currently not auto! -lemma delivery_order: - all-traces - "All A B m m2 #i #j.(Sent(A,B,m) @ #i & Sent(A,B,m2) @ #j & #i < #j ==> (Ex #k #l. (Recv(A,B,m) @ #k & Recv(A,B,m2) @ #l & #k < #l) ))" - -end diff --git a/examples/sapic/slow/Yubikey/Yubikey.spthy b/examples/sapic/fast/Yubikey/Yubikey.spthy similarity index 65% rename from examples/sapic/slow/Yubikey/Yubikey.spthy rename to examples/sapic/fast/Yubikey/Yubikey.spthy index f3f7011e2..dfe05ec74 100644 --- a/examples/sapic/slow/Yubikey/Yubikey.spthy +++ b/examples/sapic/fast/Yubikey/Yubikey.spthy @@ -10,77 +10,88 @@ section{* The Yubikey-Protocol *} */ builtins: symmetric-encryption, multiset +options: enableStateOpt -predicates: -Smaller(a,b) <=> Ex z. a+z=b +let Yubikey(L_pid,YL_pid,SL_pid)= + -let Yubikey= - new k; new L_pid; new secretid; - insert <'Server',L_pid>, ; - insert <'L_Yubikey',L_pid>,('zero'+'one'); - event YubiInit(L_pid,secretid,k); - out(L_pid); !(( //Plug - lock <'Yubikey',L_pid>; - lookup <'L_Yubikey',L_pid> as sc in - in(sc); //just a trick to enforce adv learning sc - insert <'L_Yubikey',L_pid>, sc+'one'; - unlock <'Yubikey',L_pid> + lock YL_pid; + lookup YL_pid as sc in + in(=sc); //just a trick to enforce adv learning sc + insert YL_pid, sc+'one'; + unlock YL_pid )||( //ButtonPress - lock <'Yubikey',L_pid>; - lookup <'L_Yubikey',L_pid> as tc in - in(tc); //just a trick to enforce adv learning tc - insert <'L_Yubikey',L_pid>, tc + 'one'; + lock YL_pid; + lookup YL_pid as tc in + in(=sc); //just a trick to enforce adv learning tc new nonce; new npr; event YubiPress(L_pid,secretid,k,tc); out(,k)>); - unlock <'Yubikey',L_pid> + insert YL_pid, tc + 'one'; + unlock YL_pid ) ) -let Server= - !( - in(,k)>); - lock <'Server',L_pid>; - lookup <'Server',L_pid> as tuple in - if fst(tuple)=secretid then - if fst(snd(tuple))=k then - in(otc); - if snd(snd(tuple))=otc then - if Smaller(otc,tc) then - event InitStuff(L_pid,secretid,k,tuple,otc,tc); - event Login(L_pid,k,tc); - insert <'Server',L_pid>, ; - unlock <'Server',L_pid> - ) +let Server(SL_pid,L_pid)= + in(<=L_pid,nonce,senc(,k)>); + lock SL_pid; + lookup SL_pid as tuple in + in(otc); + if tuple = then + if otc (<) tc then + (event InitStuff(L_pid,secretid,k,tuple,otc,tc); + event Login(L_pid,k,tc); + insert SL_pid, ; + unlock SL_pid) + + + + +process: +!( new SL_pid; new YL_pid; new L_pid; + out(L_pid); + (!Server(SL_pid,L_pid) || + ( new k; + event Sec(k); + new secretid; + insert SL_pid, ; + insert YL_pid,('zero'+'one'); + event YubiInit(L_pid,secretid,k); + !Yubikey(L_pid,YL_pid,SL_pid) + )) -(Server || !Yubikey) + + ) /* // For sanity: Ensure that a successful login is reachable. */ -/* lemma Login_reachable: */ -/* exists-trace */ -/* "Ex #i pid k x . Login(pid,k,x)@i" */ // source lemmas: // There exists a Initialisation for every Login on the Server + +lemma secrecy_enc[sources,reuse]: + "All k #i . Sec(k)@i + ==> + not(Ex #j. KU(k)@j)" + /* lemma init_server[sources]: */ lemma init_server[sources]: - "All pid sid k tuple otc tc #i . InitStuff(pid,sid,k,tuple,otc,tc)@i - ==> + "All pid sid k tuple otc tc #i . InitStuff(pid,sid,k,tuple,otc,tc)@i + ==> tuple= & (Ex #j. YubiInit(pid, sid, k)@j & #j<#i) " lemma init_server_secrecy[use_induction, reuse]: - "All pid sid k tuple otc tc #i . InitStuff(pid,sid,k,tuple,otc,tc)@i - ==> + "All pid sid k tuple otc tc #i . InitStuff(pid,sid,k,tuple,otc,tc)@i + ==> (not Ex #j . KU(k)@j) " -lemma init_yubikey[sources]: - "All pid sid k tc #i . YubiPress(pid,sid,k,tc)@i ==> Ex #j. - YubiInit(pid, sid, k)@j & #j<#i" +// lemma init_yubikey[sources]: +// "All pid sid k tc #i . YubiPress(pid,sid,k,tc)@i ==> Ex #j. +// YubiInit(pid, sid, k)@j & #j<#i" // If a succesful Login happens before a second sucesfull Login, the // counter value of the first is smaller than the counter value of the @@ -97,18 +108,26 @@ restriction slightly_weaker_invariant: | #t2<#t1 | #t1=#t2) " +lemma Login_reachable: + exists-trace + "Ex #i pid k . Login(pid,k,'one'+'zero')@i" + +lemma Login_reachable_two: + exists-trace + "Ex #i pid k . Login(pid,k,'one'+'zero'+'one')@i" + /* // Each succesful login with counter value x was preceeded by a PressButton */ /* // event with the same counter value */ -lemma one_count_foreach_login[reuse,use_induction]: +lemma one_count_foreach_login[reuse,use_induction,heuristic=O]: "All pid k x #t2 . Login(pid,k,x)@t2 ==> - ( Ex #t1 sid . YubiPress(pid,sid,k,x)@#t1 & #t1<#t2 + ( Ex #t1 sid . YubiPress(pid,sid,k,x)@#t1 & #t1<#t2 )" /* // It is not possible to have to distinct logins with the same counter */ /* // value */ -lemma no_replay: +lemma no_replay[reuse]: "not (Ex #i #j pid k x . - Login(pid,k,x)@i & Login(pid,k,x)@j + Login(pid,k,x)@i & Login(pid,k,x)@j & not(#i=#j))" @@ -124,6 +143,9 @@ lemma Login_invalidates_smaller_counters: Login(pid,k,tc1)@#t1 & Login(pid,k,tc2)@#t2 & (Ex z. tc1+z=tc2) ==> #t1<#t2 " + + + end // Automated part.. diff --git a/examples/sapic/fast/Yubikey/oracle b/examples/sapic/fast/Yubikey/oracle new file mode 100755 index 000000000..06469a1fb --- /dev/null +++ b/examples/sapic/fast/Yubikey/oracle @@ -0,0 +1,37 @@ +#!/usr/bin/python3 +# coding: utf-8 +import sys +import re + +lines = sys.stdin.readlines() + +l0 = [] +l1 = [] + + +lemma = sys.argv[1] + + +for line in lines: + num = line.split(':')[0] + + def match(l, *keywords): + for k in keywords: + res = not re.search(k, line) is None + if res: break + if res: l.append(num) + return res + + + if "one_count_foreach_login" in lemma: + ( + match(l0, "KU\( senc\(.*") or + match(l1, "") + + ) + + +print(l0, l1) +ranked = l0 + l1 +for i in ranked: + print(i) diff --git a/examples/sapic/fast/feature-boundonce/boundonce.spthy b/examples/sapic/fast/basic/boundonce.spthy similarity index 91% rename from examples/sapic/fast/feature-boundonce/boundonce.spthy rename to examples/sapic/fast/basic/boundonce.spthy index d4a0f5dfc..c1bf8e826 100644 --- a/examples/sapic/fast/feature-boundonce/boundonce.spthy +++ b/examples/sapic/fast/basic/boundonce.spthy @@ -1,6 +1,7 @@ theory BoundOnce begin +process: // x is bound once and does not need to be renamed new x || new x diff --git a/examples/sapic/fast/basic/boundonce2.spthy b/examples/sapic/fast/basic/boundonce2.spthy new file mode 100644 index 000000000..0209221d0 --- /dev/null +++ b/examples/sapic/fast/basic/boundonce2.spthy @@ -0,0 +1,8 @@ +theory BoundOnce +begin + +// x is bound twice and should be renamed appropriately +process: +new x; new x + +end diff --git a/examples/sapic/fast/basic/channels1.spthy b/examples/sapic/fast/basic/channels1.spthy index e27da857e..83e3e7061 100644 --- a/examples/sapic/fast/basic/channels1.spthy +++ b/examples/sapic/fast/basic/channels1.spthy @@ -13,6 +13,7 @@ begin let P = new a; event Secret(a); out (c, a); out(c) let Q = in(c, x); event Received(x) +process: new c; (P || Q) lemma secret : diff --git a/examples/sapic/fast/basic/channels2.spthy b/examples/sapic/fast/basic/channels2.spthy index 4b13bb2d3..966d271fc 100644 --- a/examples/sapic/fast/basic/channels2.spthy +++ b/examples/sapic/fast/basic/channels2.spthy @@ -7,6 +7,7 @@ begin let P = new a; out (c, a); event Reached() +process: new c; P //it is impossible to reach event, because channel is synchronous diff --git a/examples/sapic/fast/basic/channels3.spthy b/examples/sapic/fast/basic/channels3.spthy index 964063999..866dc6a56 100644 --- a/examples/sapic/fast/basic/channels3.spthy +++ b/examples/sapic/fast/basic/channels3.spthy @@ -8,6 +8,7 @@ begin let P = new a; out ('c', a) let Q = in('c', x); event Received(x) +process: P || Q // the attacker may learn a secret sent on a public channel diff --git a/examples/sapic/fast/basic/channels4.spthy b/examples/sapic/fast/basic/channels4.spthy index 62ddb516d..4fb275a22 100644 --- a/examples/sapic/fast/basic/channels4.spthy +++ b/examples/sapic/fast/basic/channels4.spthy @@ -13,6 +13,7 @@ begin let P = new a; event Secret(a); out (c, a) let Q = in(c, x); event Received(x) +process: new c; (P || Q) lemma secret : diff --git a/examples/sapic/fast/basic/design-choices.spthy b/examples/sapic/fast/basic/design-choices.spthy index 5689ad29a..cb5116857 100644 --- a/examples/sapic/fast/basic/design-choices.spthy +++ b/examples/sapic/fast/basic/design-choices.spthy @@ -1,6 +1,7 @@ theory DesignChoices begin +process: !(lock 's'; lookup 'visited' as v in unlock 's' diff --git a/examples/sapic/fast/basic/destructors.spthy b/examples/sapic/fast/basic/destructors.spthy new file mode 100644 index 000000000..2da74d705 --- /dev/null +++ b/examples/sapic/fast/basic/destructors.spthy @@ -0,0 +1,30 @@ +theory Destructors +begin +section{* Testing the pattern matching with let destructors *} + +functions: senc/2,sdec/2[destructor] +equations: sdec(k,senc(k,m))=m + /* senc(k,sdec(k,m))=m */ // TODO need to check that destructors cannot occur unless at the top-level lhs. + +process: +new k; out(senc(k,'1')); in(x); +let y = sdec(k,x) in + event Dec(y); out(y) +else + event Else() + +lemma else: + exists-trace + "Ex #t. Else()@t" + + +lemma main: + exists-trace + "Ex m #t. Dec(m)@t" + + +lemma main2: + "All m #t. Dec(m)@t ==> (m='1') " + + +end diff --git a/examples/sapic/fast/basic/exclusive-secrets.spthy b/examples/sapic/fast/basic/exclusive-secrets.spthy index 9951f2cd7..75c620c25 100644 --- a/examples/sapic/fast/basic/exclusive-secrets.spthy +++ b/examples/sapic/fast/basic/exclusive-secrets.spthy @@ -20,6 +20,7 @@ let P = lookup store as v in else if v = right() then out(b) else 0 +process: in(x); insert store, x; event SetStore(x); new a; new b; event Secret(a,b); ! P diff --git a/examples/sapic/fast/feature-let-bindings/let-blocks.spthy b/examples/sapic/fast/basic/let-blocks.spthy similarity index 99% rename from examples/sapic/fast/feature-let-bindings/let-blocks.spthy rename to examples/sapic/fast/basic/let-blocks.spthy index e04a2a34a..96f3ee8b6 100644 --- a/examples/sapic/fast/feature-let-bindings/let-blocks.spthy +++ b/examples/sapic/fast/basic/let-blocks.spthy @@ -6,6 +6,7 @@ builtins: symmetric-encryption predicates: EncSucc (c,k) <=> Ex m . senc(m,k)=c +process: !( ( new h; new k; event NewKey(h,k); insert <'key',h>,k; diff --git a/examples/sapic/fast/feature-let-bindings/let-blocks2.spthy b/examples/sapic/fast/basic/let-blocks2.spthy similarity index 92% rename from examples/sapic/fast/feature-let-bindings/let-blocks2.spthy rename to examples/sapic/fast/basic/let-blocks2.spthy index 906f126ba..72fedc58d 100644 --- a/examples/sapic/fast/feature-let-bindings/let-blocks2.spthy +++ b/examples/sapic/fast/basic/let-blocks2.spthy @@ -10,5 +10,5 @@ let P = let h='g'^a in out(h) -P +process: P end diff --git a/examples/sapic/fast/feature-let-bindings/let-blocks3.spthy b/examples/sapic/fast/basic/let-blocks3.spthy similarity index 89% rename from examples/sapic/fast/feature-let-bindings/let-blocks3.spthy rename to examples/sapic/fast/basic/let-blocks3.spthy index 6afdd4d83..678002742 100644 --- a/examples/sapic/fast/feature-let-bindings/let-blocks3.spthy +++ b/examples/sapic/fast/basic/let-blocks3.spthy @@ -9,5 +9,6 @@ let P = let h=a in out(h) -P +process: P + end diff --git a/examples/sapic/fast/basic/let_pattern.spthy b/examples/sapic/fast/basic/let_pattern.spthy new file mode 100644 index 000000000..931b18e7d --- /dev/null +++ b/examples/sapic/fast/basic/let_pattern.spthy @@ -0,0 +1,21 @@ +theory PatternMatchLet +begin +section{* A few test cases for operator precedence *} + +process: +let = <'1','2'> in + in(pat_x); event E(x) +else + in(pat_x); event Fail(pat_x) +// should be parsed as +// let pat_x = 1 in (in .. | in ) + + +lemma first: + "All #e x. E(x)@e ==> x = '1'" + +lemma first2 : + "not(Ex #e x. Fail(x)@e)" + + +end diff --git a/examples/sapic/fast/feature-let-bindings/match_new.spthy b/examples/sapic/fast/basic/match_new.spthy similarity index 80% rename from examples/sapic/fast/feature-let-bindings/match_new.spthy rename to examples/sapic/fast/basic/match_new.spthy index db2bc89d3..f05700600 100644 --- a/examples/sapic/fast/feature-let-bindings/match_new.spthy +++ b/examples/sapic/fast/basic/match_new.spthy @@ -4,14 +4,15 @@ begin let P = in(c); new a; let t = in - in(); + in(<=t,'toto'>); event AcceptP() -let Q = in(c); +let Q = in(c); let t = in - in(); + in(<=t,'toto'>); event AcceptQ() +process: P | Q lemma no_acceptP: @@ -22,5 +23,3 @@ exists-trace "(Ex #i . AcceptQ()@i)" end - - diff --git a/examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy b/examples/sapic/fast/basic/ndc-nested-2.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy rename to examples/sapic/fast/basic/ndc-nested-2.spthy index 87e71bf6a..1b90688a5 100644 --- a/examples/sapic/fast/fairexchange-mini/ndc-nested-2.spthy +++ b/examples/sapic/fast/basic/ndc-nested-2.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: event Start(); ( (! event A()) + ( (! event B()) + (! event C()) ) ) lemma A_possible: diff --git a/examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy b/examples/sapic/fast/basic/ndc-nested-3.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy rename to examples/sapic/fast/basic/ndc-nested-3.spthy index f76446e56..0e1d06964 100644 --- a/examples/sapic/fast/fairexchange-mini/ndc-nested-3.spthy +++ b/examples/sapic/fast/basic/ndc-nested-3.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: ((! event A()) + ( (! event B() ) + event C())) lemma A_possible: diff --git a/examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy b/examples/sapic/fast/basic/ndc-nested-4.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy rename to examples/sapic/fast/basic/ndc-nested-4.spthy index 018794c8b..be49a7683 100644 --- a/examples/sapic/fast/fairexchange-mini/ndc-nested-4.spthy +++ b/examples/sapic/fast/basic/ndc-nested-4.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: event A() + ( (! event B() ) + (! event C()) ) lemma A_possible: diff --git a/examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy b/examples/sapic/fast/basic/ndc-nested-5.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy rename to examples/sapic/fast/basic/ndc-nested-5.spthy index 5e77e2d2c..08baced98 100644 --- a/examples/sapic/fast/fairexchange-mini/ndc-nested-5.spthy +++ b/examples/sapic/fast/basic/ndc-nested-5.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: (event A() + (! event B()) ) + ( (! event C() ) + (! event D() + (! event E())) ) lemma A_possible: diff --git a/examples/sapic/fast/fairexchange-mini/ndc-nested.spthy b/examples/sapic/fast/basic/ndc-nested.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/ndc-nested.spthy rename to examples/sapic/fast/basic/ndc-nested.spthy index 4c28fb6c8..b1ab55b71 100644 --- a/examples/sapic/fast/fairexchange-mini/ndc-nested.spthy +++ b/examples/sapic/fast/basic/ndc-nested.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: (event A()+ (event B() + event C())) lemma A_possible: diff --git a/examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy b/examples/sapic/fast/basic/ndc-two-replications.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy rename to examples/sapic/fast/basic/ndc-two-replications.spthy index 44fd6e142..146e7ffd0 100644 --- a/examples/sapic/fast/fairexchange-mini/ndc-two-replications.spthy +++ b/examples/sapic/fast/basic/ndc-two-replications.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: (! event A() ) + (! event B()) lemma A_possible: diff --git a/examples/sapic/fast/basic/no-replication.spthy b/examples/sapic/fast/basic/no-replication.spthy index 65d42b738..622b00998 100644 --- a/examples/sapic/fast/basic/no-replication.spthy +++ b/examples/sapic/fast/basic/no-replication.spthy @@ -8,6 +8,7 @@ one secret can be learned theory NoReplication begin +process: new s; event Secret(s); out(s); 0 diff --git a/examples/sapic/fast/basic/operator-precedence-1.spthy b/examples/sapic/fast/basic/operator-precedence-1.spthy index 257edcd62..b306e4bbf 100644 --- a/examples/sapic/fast/basic/operator-precedence-1.spthy +++ b/examples/sapic/fast/basic/operator-precedence-1.spthy @@ -2,6 +2,7 @@ theory OperatorPrecedencePar begin section{* A few test cases for operator precedence *} +process: event A(); event B() | event C() // Should read: ( A; B) | C // instead of diff --git a/examples/sapic/fast/basic/operator-precedence-2.spthy b/examples/sapic/fast/basic/operator-precedence-2.spthy index a147aa846..868f9d06d 100644 --- a/examples/sapic/fast/basic/operator-precedence-2.spthy +++ b/examples/sapic/fast/basic/operator-precedence-2.spthy @@ -2,6 +2,7 @@ theory OperatorPrecedenceNDC begin section{* A few test cases for operator precedence *} +process: event A(); event B() + event C() // Should read: ( A; B) + C // instead of diff --git a/examples/sapic/fast/basic/operator-precedence-3.spthy b/examples/sapic/fast/basic/operator-precedence-3.spthy index c30663158..f94e30260 100644 --- a/examples/sapic/fast/basic/operator-precedence-3.spthy +++ b/examples/sapic/fast/basic/operator-precedence-3.spthy @@ -4,6 +4,7 @@ section{* A few test cases for operator precedence *} predicate: True() <=> T +process: if True() then event PositiveBranch(); lookup 'x' as x in @@ -11,6 +12,7 @@ if True() then else // else branch does not belong to conditional, but to lookup event LookupElse(); insert 'y','y' //to avoid wellformedness error + lemma elseIsResolvedInnerFirst: exists-trace diff --git a/examples/sapic/fast/basic/operator-precedence-4.spthy b/examples/sapic/fast/basic/operator-precedence-4.spthy index c94939be4..173f4a537 100644 --- a/examples/sapic/fast/basic/operator-precedence-4.spthy +++ b/examples/sapic/fast/basic/operator-precedence-4.spthy @@ -2,10 +2,11 @@ theory OperatorPrecedenceLet begin section{* A few test cases for operator precedence *} +process: let pat_x = '1' in - in(pat_x); event E(pat_x) + in(=pat_x); event E(pat_x) | - in(pat_x); event E(pat_x) + in(=pat_x); event E(pat_x) // should be parsed as // let pat_x = 1 in (in .. | in ) diff --git a/examples/sapic/fast/basic/operator-precedence-5.spthy b/examples/sapic/fast/basic/operator-precedence-5.spthy index a07426b3b..941f1279f 100644 --- a/examples/sapic/fast/basic/operator-precedence-5.spthy +++ b/examples/sapic/fast/basic/operator-precedence-5.spthy @@ -2,12 +2,13 @@ theory OperatorPrecedenceLetTriple begin section{* A few test cases for operator precedence *} +process: let pat_x = '1' in - in(pat_x); event E(pat_x) + in(=pat_x); event E(pat_x) | - in(pat_x); event E(pat_x) + in(=pat_x); event E(pat_x) | - in(pat_x); event E(pat_x) + in(=pat_x); event E(pat_x) // should be parsed as // let pat_x = 1 in (in .. | in ) diff --git a/examples/sapic/fast/basic/patterns.spthy b/examples/sapic/fast/basic/patterns.spthy new file mode 100644 index 000000000..458c49912 --- /dev/null +++ b/examples/sapic/fast/basic/patterns.spthy @@ -0,0 +1,17 @@ +theory Patterns +begin + +process: +in(x); // allowed +in(=x); // allowed +/* in(<=x,x>); // disallowed because ambigous */ +/* in(x); // disallowed because x is bound in top-level process */ +/* in(); // disallowed, because unclear semantics... */ +in(<=x,=x>); // allowed, because clear semantics... +[In(z)]-->[]; // allowed +/* [In(z)]-->[]; // disallowed because z is bound */ +[In(=z)]-->[]; // allowed +0 + + +end diff --git a/examples/sapic/fast/basic/reliable-channel.spthy b/examples/sapic/fast/basic/reliable-channel.spthy index e9e0a51f6..edcd9096b 100644 --- a/examples/sapic/fast/basic/reliable-channel.spthy +++ b/examples/sapic/fast/basic/reliable-channel.spthy @@ -3,6 +3,7 @@ begin builtins: signing, hashing, reliable-channel +process: (in('r',m); event A()) + !(in('r',m); event B()) lemma A_possible: diff --git a/examples/sapic/fast/basic/replication.spthy b/examples/sapic/fast/basic/replication.spthy index cf9b9c479..f8f42607e 100644 --- a/examples/sapic/fast/basic/replication.spthy +++ b/examples/sapic/fast/basic/replication.spthy @@ -5,6 +5,7 @@ example illustrates replication (!) theory Replication begin +process: ! new s; event Secret(s); out(s); 0 // only a single secret can be learned by the attacker diff --git a/examples/sapic/fast/basic/running-example.spthy b/examples/sapic/fast/basic/running-example.spthy index 38318ee71..410a893a6 100644 --- a/examples/sapic/fast/basic/running-example.spthy +++ b/examples/sapic/fast/basic/running-example.spthy @@ -6,6 +6,7 @@ builtins: symmetric-encryption predicates: SencSucc (c,k) <=> Ex m . senc(m,k)=c +process: !( ( new h; new k; event NewKey(h,k); insert <'key',h>,k; diff --git a/examples/sapic/fast/basic/typing.spthy b/examples/sapic/fast/basic/typing.spthy new file mode 100644 index 000000000..75e36bcb3 --- /dev/null +++ b/examples/sapic/fast/basic/typing.spthy @@ -0,0 +1,39 @@ +theory Typing +begin + +functions: f(bitstring):bitstring, g(lol):lol, + h/1 // implicitely typed + +builtins: multiset + +let P(a:rofl) = + new x:lol; + new y; // TODO should be typed with test, too... need to propagate back + out(x); out(y); + out(f(y)); + /* out(f(x)); // should fail */ + out(); out(x + y); // should succeed + out(f()); // should succeed + out(h(x)); // implicitely types input to x as lol + out(h(h(x))); // should implictely tupe h as lol->lol now + /* out(f(h(x))); // should fail: as h goes to lol and f wants bitstring */ + event Test(x,a); // should type the arguments + (new b:lol | new b:rofl) // should be allowed + +let Q(x) = + /* in(=x); // TODO currently gives exception, investigate */ + in() + +process: +in(a:lol); // TODO we do not typecheck call to process correctly atm. I think the trick is to type check before inlining. +new n:truc; +( +( new n:lol; out(n)) | (new n:rofl; out(n)) +| +P(a) +| Q(h(a)) +) + + + +end diff --git a/examples/sapic/fast/basic/typing2.spthy b/examples/sapic/fast/basic/typing2.spthy new file mode 100644 index 000000000..c4457d90e --- /dev/null +++ b/examples/sapic/fast/basic/typing2.spthy @@ -0,0 +1,12 @@ +theory Typing +begin + +functions: f/1 + +equations: f(x)=x + +process: + new x:lol; event Test(x); out(f(f(x))) + + +end diff --git a/examples/sapic/fast/basic/typing3.spthy b/examples/sapic/fast/basic/typing3.spthy new file mode 100644 index 000000000..e51355d22 --- /dev/null +++ b/examples/sapic/fast/basic/typing3.spthy @@ -0,0 +1,14 @@ +theory Typing +begin + +functions: f(bitstring):bitstring, g(lol):lol, + h/1 // implicitely typed + +builtins: multiset + +process: + new x:lol; + out(x) | new x:lol; + out(x) + +end diff --git a/examples/sapic/fast/basic/typing4.spthy b/examples/sapic/fast/basic/typing4.spthy new file mode 100644 index 000000000..0be909913 --- /dev/null +++ b/examples/sapic/fast/basic/typing4.spthy @@ -0,0 +1,18 @@ +theory Typing +begin + +functions: f(bitstring):bitstring, g(lol):lol, + h/1 // implicitely typed + +builtins: multiset + +process: + new x:lol; + out(x) | new x:lol; new x.1:lol; event Run(x,x.1); + out() + +lemma sanity: + exists-trace + "Ex x y #i. Run(x,y)@i & not(x=y)" + +end diff --git a/examples/sapic/fast/feature-ass-immediate/test-all.spthy b/examples/sapic/fast/feature-ass-immediate/test-all.spthy new file mode 100644 index 000000000..1324e271c --- /dev/null +++ b/examples/sapic/fast/feature-ass-immediate/test-all.spthy @@ -0,0 +1,17 @@ +theory AssImmediateTestAll +begin + +process: +new x; out(x); +event A(); +in(x,=x); +event B() + +// ass_immediate guarantees that K(x) is between A() and B() + +// should verifiy and trigger addition of ass_immediate +lemma intuitiveTest: + all-traces + "All #a #b . A()@a & B()@b ==> Ex #i x. K(x)@i & #a<#i & #i<#b" + +end diff --git a/examples/sapic/fast/feature-ass-immediate/test-channelin.spthy b/examples/sapic/fast/feature-ass-immediate/test-channelin.spthy new file mode 100644 index 000000000..a50772435 --- /dev/null +++ b/examples/sapic/fast/feature-ass-immediate/test-channelin.spthy @@ -0,0 +1,15 @@ +theory AssImmediateChannelIn +begin + +process: +new x; out(x); +in(=x); +event A() + +// should verifiy and NOT trigger addition of ass_immediate +// since no ChannelIn event is present +lemma intuitiveTest: + all-traces + "All #a. A()@a ==> Ex #i x. K(x)@i & #i<#a" + +end diff --git a/examples/sapic/fast/feature-export/export-tag.spthy b/examples/sapic/fast/feature-export/export-tag.spthy new file mode 100644 index 000000000..0995490d2 --- /dev/null +++ b/examples/sapic/fast/feature-export/export-tag.spthy @@ -0,0 +1,11 @@ +/* Modifying a tag for export, e.g., to output a proverif query unmodified */ +theory ExportInfo +begin + +export tag : + "This is some weird text." + +export anothertag : + "You can have \" in the text, but you must escape it." + +end diff --git a/examples/sapic/fast/feature-export/smaller.spthy b/examples/sapic/fast/feature-export/smaller.spthy new file mode 100644 index 000000000..78b5381ec --- /dev/null +++ b/examples/sapic/fast/feature-export/smaller.spthy @@ -0,0 +1,18 @@ +theory SmallerSyntax +begin +// syntactic sugar translates this to Smaller(a,b) + +builtins: multiset + +/* predicate: Smaller(x,y) <=> Ex z. y = x+z */ + +process: + in(x); in(y); + if x (<) y then + event A() + +lemma Ahappens: + exists-trace + "Ex #i. A()@i" + +end diff --git a/examples/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel.spthy b/examples/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel.spthy index ca532a1b3..1801579f6 100644 --- a/examples/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel.spthy +++ b/examples/sapic/fast/feature-inevent-restriction/inevent-restriction-private-channel.spthy @@ -1,7 +1,8 @@ theory InEventRestrictionPrivateChannel begin -event A(); in('c', 'a'); event B() +process: + event A(); in('c', 'a'); event B() // in_event guarantees that K(x) is between A() and B() diff --git a/examples/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel.spthy b/examples/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel.spthy index 27fc2fb0f..850fbb346 100644 --- a/examples/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel.spthy +++ b/examples/sapic/fast/feature-inevent-restriction/inevent-restriction-public-channel.spthy @@ -1,7 +1,8 @@ theory InEventRestrictionPublicChannel begin -event A(); in('a'); event B() +process: + event A(); in('a'); event B() // in_event guarantees that K(x) is between A() and B() diff --git a/examples/sapic/fast/feature-locations/AC.spthy b/examples/sapic/fast/feature-locations/AC.spthy index dfde83b24..13a131ac4 100644 --- a/examples/sapic/fast/feature-locations/AC.spthy +++ b/examples/sapic/fast/feature-locations/AC.spthy @@ -1,51 +1,63 @@ theory AttestedComputation +/* + + This example works with both Proverif (GSVerif) and Tamarin. + +*/ + begin builtins: locations-report functions: prog/3,list/2 -heuristic: s +heuristic: S +options: enableStateOpt predicates: -Report(x,y) <=> not (y= 'l') +Report(x,y) <=> not (y= 'loc') let r = // The remote server who runs the code (lock state; lookup state as lio in + event Read(lio); in(i); new r; // A let o = prog(r,i,lio) in // computation of the new output let x = report () in // report call of the IEE - event Remote(,'l'); + event Remote(,'loc'); out(); insert state,list(o,list(i,lio)); unlock state - )@'l' + )@'loc' let v = // The verifier in(); - lock state; lookup state as lio in - if = check_rep(r,'l') then // verification of the validity of the report - (event Local(,'l'); - insert state,list(o,list(i,lio)); - unlock state) - else unlock state + lock state2; lookup state2 as lio in + event Read(lio); + if = check_rep(r,'loc') then // verification of the validity of the report + (event Local(,'loc'); + insert state2,list(o,list(i,lio)); + unlock state2) + else (insert state2,lio; unlock state2) + +process: + ( !(new state; insert state,'init'; !r) || !(new state2; insert state2,'init'; !v) ) -new init; - ( !(new state; insert state,init; !r) || !(new state; insert state,init; !v) ) -/* lemma can_run_v: //for sanity exists-trace - "Ex #i m . Local(m,'l')@i" -*/ + "Ex #i m . Local(m,'loc')@i" + +lemma simp[reuse]: + "All #i m . KU(rep(m,'loc'))@i ==> (Ex #j . Remote(m,'loc')@j)" + // Attested computation theorem lemma attested_comput: - "All #i m . Local(m,'l')@i ==> (Ex #j . Remote(m,'l')@j & j (Ex #j . Remote(m,'loc')@j)" end diff --git a/examples/sapic/fast/feature-locations/AC_counter_with_attack.spthy b/examples/sapic/fast/feature-locations/AC_counter_with_attack.spthy new file mode 100644 index 000000000..aba45fa36 --- /dev/null +++ b/examples/sapic/fast/feature-locations/AC_counter_with_attack.spthy @@ -0,0 +1,59 @@ +theory AC_counter + +// Both Proverif and Tamarin finds the attack in a few seconds + +begin + +builtins: locations-report + +functions: prog/3,null/0,succ/1,list/2 + +heuristic:S + +options: enableStateOpt + +predicates: +Report(x,y) <=> not (y= 'l') + +let r = // The remote server who runs the code + (lock state; lookup state as st in + let ipo = fst(st) in + let counter = snd(st) in + in(ip); new r; let o = prog(r,ip,ipo) in // computation of the new output + let x = report () in // report call of the IEE + event Poutput(); + out(); + insert state,<,succ(counter)>; + unlock state)@'l' + + +let v = // The verifier + lock state; lookup state as st in + let ipo = fst(st) in + let counter = snd(st) in + in(ip); in(); + if = check_rep(signedios,'l') then // verification of the validity of the report + (event Voutput(); + insert state,<,succ(counter)>; + unlock state) + else + event Fail() + + + + +process: + ( !(new state; insert state,<'init',null()>;!r) || + !(new state; insert state,<'init',null()>; !v) ) + + +/* +lemma can_run_v: //for sanity + exists-trace + "Ex #t h .Voutput(h)@t" +*/ + +lemma attested_comput_second_step[reuse]: + "All #t1 o2 i2 o i. Voutput(>)@t1 ==> (Ex #t2 . Poutput(>)@t2 & t2)=x + +predicates: Report(x,y) <=> not(first(y) = 'loc') -predicates: Report(x,y) <=> not(Ex z. y = <'loc',z>) - let r= // IEE sides - in(pk(skV)); - !( // For everay pk received, an instance is launched at the corresponding trusted location - new k; - event SessionP(pk(skV),k); - let signed = report(aenc(k,pk(skV))) in - event Poutput(); - out() - )@<'loc',pk(skV)> + in(pkV); + !( // For every pk received, an instance is launched at the corresponding trusted location + new k; + event SessionP(pkV,k); + let signed = report(aenc(k,pkV)) in + event Poutput(aenc(k,pkV),signed); + out() + )@<'loc',pkV> let v = // Initiator of the Key Exchange - new skV; - event HonestP(pk(skV)); - out(pk(skV)); // publishs its public keys - in(); // receives the shared key and checks the report - if aenc(k,pk(skV)) = check_rep(signed,<'loc',pk(skV)>) then - (event Voutput(); + new skV:skey; + event HonestP(pk(skV), 'pubkey'); + out(pk(skV)); // publish its public keys + in(); // receives the shared key and checks the report + let k = adec(cypher,skV) in + event Test(); + if cypher = check_rep(signed,<'loc',pk(skV)>) then + (event Voutput(aenc(k,pk(skV)),signed); event SessionV(pk(skV),k) - + ) - -new init; ( (!r) || (!v)) +process: +( (!r) || (!v)) /* First some auxilliary lemmas, for sanity or to help in other proofs */ -/* -lemma can_run_v: //for sanity - exists-trace - "Ex #t h .Voutput(h)@t" - lemma sanity1: //make sure that a valid protocol run exists - exists-trace - "Ex pka k #t1 . SessionP(pka,k)@t1" +lemma can_run_p: //for sanity + exists-trace + "Ex #t h1 h2 .Poutput(h1,h2)@t" - lemma sanity2: - exists-trace - "Ex pka k #t1 . SessionV(pka,k)@t1" -*/ - lemma sanity3[reuse]: - "All pka k #t1 . SessionV(pka,k)@t1 ==> Ex #t2. SessionP(pka,k)@t2 & t2 Ex #t2. SessionP(pka,k)@t2 & t2)); // Key exchange with the server - in(cde(code)); event ProvE(code); // reception of an attested code of the user + in(cdcode); + let code = dcde(cdcode) in + event ProvE(code); // reception of an attested code of the user out(dscode(senc(code,shared_k))); - in(sko(senc(kOTP,shared_k))); - !(in(cu,);in(senc(challenge, shared_k)); event Ask(pw,challenge,fr,shared_k); out() // transformation of password request into OTP +// in(sko(senc(kOTP,=shared_k))); + in(skosenc); + let dssenc = dsko(skosenc) in + let kOTP = sdec(dssenc,shared_k) in + !(in(cu,<=pw,fr>); + in(cypher); + let challenge = sdec(cypher,shared_k) in +// in(senc(challenge, =shared_k)); + event Ask(pw,challenge,fr,shared_k); out() // transformation of password request into OTP ) )@'loc' let server = - in(shared()); +// in(shared()); + in(share); + let mess = dshared(share) in + let = mess in + let shared_k = adec(cypher,skV) in if aenc(shared_k, pk(skV))=check_rep(signed,'loc') then ( event SessionV(pk(skV),shared_k);new code; out(pc,code); // Establish a secure channel - in(scode(senc(code,shared_k))); + in(sccypher); + let cypher2 = dscode(sccypher) in + let codeb = sdec(cypher2, shared_k) in + if codeb = code then +// in(scode(senc(=code,=shared_k))); event ProvS(code); // secure channel validated by side channel new kOTP; out(sko(senc(kOTP,shared_k))); !(new challenge; event Chall(challenge,shared_k);out(senc(challenge, shared_k)); // challenge emission - in();event Accept(pw, challenge) // Validation of OTP + // in(); + in(hashed); + if hashed = then + event Accept(pw, challenge) // Validation of OTP ) ) else (0) -new skV; new pc; new cu; new pw; event Chan(cu); event Chan(pc); out(pw); event Key(skV);out(pk(skV));(!server||!user || !enclave) +process: +new skV; new pc:channel; new cu:channel; new pw; event Chan(cu); event Chan(pc); out(pw); event Key(skV);out(pk(skV));(!server||!user || !enclave) + + +lemma reachV: + exists-trace + "Ex pka k #t1 . SessionV(pka,k)@t1" + lemma secrecy_key[reuse]: "not ( @@ -70,7 +98,7 @@ lemma secrecy_ex[reuse]: lemma unic[reuse]: -" not (Ex #t1 #t2 pw fr. AskU(pw,fr)@t1 & AskU(pw,fr)@t2 ¬(#t1=#t2))" +" All #t1 #t2 pw fr. AskU(pw,fr)@t1 & AskU(pw,fr)@t2 ==> #t1=#t2" lemma secrecy_chall[reuse]: @@ -83,15 +111,21 @@ lemma secrecy_chall[reuse]: lemma valid[reuse]: - "All #t1 pw ch . Accept(pw, ch) @ t1 ==> Ex #t2 fr k. Ask(pw,ch,fr,k)@t2 & #t2<#t1 " + "All #t1 pw ch . Accept(pw, ch) @ t1 ==> Ex #t2 #t3 fr k. Ask(pw,ch,fr,k)@t2 & AskU(pw,fr)@t3 & #t2<#t1 " lemma unic_2[reuse]: -" not (Ex #t1 #t2 pw ch fr k. Ask(pw,ch,fr,k)@t1 & Ask(pw,ch,fr,k)@t2 ¬(#t1=#t2))" +"All #t1 #t2 pw ch fr k. Ask(pw,ch,fr,k)@t1 & Ask(pw,ch,fr,k)@t2 ==> #t1=#t2" +#ifdef FULL lemma valid_final: - "All #t1 pw ch. Accept(pw, ch) @ t1 ==> Ex #t2 #t3 fr k. Ask(pw,ch,fr,k) @ t2 & AskU(pw,fr)@t3 & #t2< #t1 & #t3<#t2 & not (Ex #t5 . Ask(pw,ch,fr,k)@t5 & not(#t2=#t5) ) & not (Ex #t6. AskU(pw,fr)@t6 & not(#t3=#t6))" + "All #t1 pw ch. Accept(pw, ch) @ t1 ==> + Ex #t2 #t3 fr k. Ask(pw,ch,fr,k) @ t2 & AskU(pw,fr)@t3 & #t2< #t1 & #t3<#t2 + & not (Ex #t5 . Ask(pw,ch,fr,k)@t5 & not(#t2=#t5) ) + & not (Ex #t6. AskU(pw,fr)@t6 & not(#t3=#t6))" + +#endif end diff --git a/examples/sapic/fast/feature-locations/SOC.spthy b/examples/sapic/fast/feature-locations/SOC.spthy index be361c81f..5afcdcf33 100644 --- a/examples/sapic/fast/feature-locations/SOC.spthy +++ b/examples/sapic/fast/feature-locations/SOC.spthy @@ -2,35 +2,43 @@ theory SOC begin -heuristic:p +// Works wihtout the reuse in a minute + +//heuristic:S builtins: symmetric-encryption,asymmetric-encryption, locations-report -functions: prog/2,list/2 +functions: prog/2 +//,list/2 + +predicates: Report(x,y) <=> not(fst(y) = 'loc') +// predicates: Report(x,y) <=> not(Ex z. y = <'loc',z>) -predicates: Report(x,y) <=> not(Ex z. y = <'loc',z>) let r= - in(pk(skV)); // we begin by a Key Exchange + in(pkV); // we begin by a Key Exchange !( new shared_k; - event SessionP(pk(skV),shared_k); - let signed = report(aenc(shared_k,pk(skV))) in - event Poutput(); - out(); // The secure channel is established + event SessionP(pkV,shared_k); + let signed = report(aenc(shared_k,pkV)) in + event Poutput(); + out(); // The secure channel is established new storeP; insert storeP,init; !(lock storeP; lookup storeP as old_i in // And we start the program sequential execution - in( senc(,shared_k) ); + + // in( senc(,=shared_k) ); + in(cypher); + let = sdec(cypher, shared_k) in event Poutput(senc(, shared_k)); out(senc(, shared_k)); - insert storeP, list(ip,old_i); unlock storeP + insert storeP, ; unlock storeP ) - )@<'loc',pk(skV)> + )@<'loc',pkV> // Run part of the NSL on the verifier side. @@ -38,8 +46,9 @@ let v = new skV; event HonestP(pk(skV)); out(pk(skV)); - - in(); + // in(); + in(); + let shared_k = adec(cypher,skV) in if aenc(shared_k,pk(skV)) = check_rep(signed,<'loc',pk(skV)>) then (event Voutput(); event SessionV(pk(skV),shared_k); // Secure channel established @@ -49,15 +58,19 @@ let v = new ip; event Input(senc(ip,shared_k)); out(senc(,shared_k)); - in(senc(, shared_k)); + in(cypher2); + let mess = sdec(cypher2,shared_k) in + let = mess in + if pr = prog(ip,old_i) then +// in(senc(, =shared_k)); event Voutput(senc(, shared_k)); - insert storeV,list(ip,old_i); unlock storeV + insert storeV,; unlock storeV ) ) - +process: new init; ( (!r) || (!v)) /* First some auxilliary lemmas, for sanity or to help in other proofs */ @@ -71,9 +84,17 @@ lemma secrecy[reuse]: )" +lemma Reach: + exists-trace + "Ex #t1 h . Voutput(h)@t1" + +/* lemma Input[use_induction,reuse]: "All #t1 ip shared_key . Input(senc(ip, shared_key))@t1 ==> (Ex #t2 pk . SessionV(pk,shared_key)@t2 & t2 (Ex #t2 . Poutput(h)@t2 & t2 not(Ex z. y = <'loc',z>) +Report(x,y) <=> not(fst(y) = 'loc') let p = @@ -16,12 +16,12 @@ let p = event SessionP(pk(skV),shared_key); let z = report(aenc(shared_key,pk(skV))) in out(); - in(senc(prg(prog2),shared_key)); // we receive the program through the secure channel + in(senc(prg(prog2),=shared_key)); // we receive the program through the secure channel !( - in(input);in(senc(tkn(token),shared_key)); // a requested input along with a token + in(input);in(senc(tkn(token),=shared_key)); // a requested input along with a token new x; out(senc(ask(x,tkn(token)),shared_key)); // we ask the vendor if the token is valid - in(senc(ok(x,tkn(token)),shared_key )); + in(senc(ok(=x,tkn(=token)),=shared_key )); event Poutput(input, token); out(run( prog2 ,input)) // and only this publish the output ) @@ -31,8 +31,7 @@ let vendor = new skV; event HonestP(pk(skV)); out(pk(skV)); - - in(); + in(); if aenc(shared_key,pk(skV)) = check_rep(signed,<'loc',pk(skV)>) then ( @@ -43,8 +42,7 @@ let vendor = new token; event Token(token); out(senc(tkn(token),shared_key)); // publication of a token - - in(senc(ask(x,tkn(token2)),shared_key)); // consumption of the token and confirmation + in(senc(ask(x,tkn(token2)),=shared_key)); // consumption of the token and confirmation if tkn(token)=tkn(token2) then out(senc(ok(x,tkn(token)),shared_key)) @@ -54,14 +52,16 @@ let vendor = +process: + new prog; event Auth(prog); // initialisiation of the licensed program ( (!p) || (!vendor) ) - lemma attested_comput: "All #t1 inp pk. Poutput(inp,pk)@t1 ==> (Ex #t2 . Token(pk)@t2 & t2 Ex #a. A(x)@a & #a < #NOW +process: new a; ( event A(a) | if Added(a) then event C()) lemma C_exists: exists-trace diff --git a/examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy b/examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy index 1a060c50e..6286a056e 100644 --- a/examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy +++ b/examples/sapic/fast/feature-predicates/decwrap-destr-manual.spthy @@ -7,6 +7,7 @@ builtins: symmetric-encryption functions: encSucc/2, true/0 equations: encSucc(senc(x,y),y) = true +process: !( ( new h; new k; event NewKey(h,k); insert <'key',h>,k; diff --git a/examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant.spthy b/examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant.spthy index cee72a8cd..a9fb2dbeb 100644 --- a/examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant.spthy +++ b/examples/sapic/fast/feature-predicates/decwrap-destr-restrict-variant.spthy @@ -6,6 +6,7 @@ builtins: symmetric-encryption predicate: EncSucc(c,k) <=> Ex m. senc(m,k) = c +process: !( ( new h; new k; event NewKey(h,k); insert <'key',h>,k; diff --git a/examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy b/examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy index ac08e7da5..323caa564 100644 --- a/examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy +++ b/examples/sapic/fast/feature-predicates/decwrap-destr-restrict.spthy @@ -9,6 +9,7 @@ equations: encSucc(senc(x,y),y) = true predicate: IsTrue(x) <=> x = true() +process: !( ( new h; new k; event NewKey(h,k); insert <'key',h>,k; diff --git a/examples/sapic/fast/feature-predicates/pub.spthy b/examples/sapic/fast/feature-predicates/pub.spthy index a475fb909..a551a394b 100644 --- a/examples/sapic/fast/feature-predicates/pub.spthy +++ b/examples/sapic/fast/feature-predicates/pub.spthy @@ -12,23 +12,23 @@ predicates: // Test if we can have public names in predicates used in restrictions. // Fixed a bug in the parser that disallowed this legitimate use. -let +process: +in(x); +let z = eq(x,'test') in -in(x); -if True(x) then -if True(true()) then -if True(eq(x,x)) then +if True(x) then +if True(true()) then +if True(eq(x,x)) then if True(eq(x,'test') ) then if And2(eq(x,'test'),true()) then if True(z) then 0 rule testA: - [] --[_restrict(True('true'))]-> [] + [] --[_restrict(True('true'))]-> [] rule testB: - [In(x)] --[_restrict(True(x))]-> [] + [In(x)] --[_restrict(True(x))]-> [] end - diff --git a/examples/sapic/fast/feature-predicates/simple_example.spthy b/examples/sapic/fast/feature-predicates/simple_example.spthy index 2e424ee8b..b5f683b37 100644 --- a/examples/sapic/fast/feature-predicates/simple_example.spthy +++ b/examples/sapic/fast/feature-predicates/simple_example.spthy @@ -4,6 +4,7 @@ begin predicates: Equal(h1,h2) <=> h1=h2 +process: new h; if Equal(h,h) then event Bogus() diff --git a/examples/sapic/fast/feature-predicates/timepoints.spthy b/examples/sapic/fast/feature-predicates/timepoints.spthy index 97fd5709a..00ce7f24e 100644 --- a/examples/sapic/fast/feature-predicates/timepoints.spthy +++ b/examples/sapic/fast/feature-predicates/timepoints.spthy @@ -3,10 +3,13 @@ theory TestPredicate begin rule ActionRule: [] --[Action('hi')]-> [] predicates: Exists(#time) <=> (∃ val. Action(val)@time) +predicates: ExistsVal(val) <=> (∃ #time. Action(val)@time) lemma hi: exists-trace "∃ #t. Exists(#t)" +lemma ho: + exists-trace "∃ a. ExistsVal(a)" end diff --git a/examples/sapic/fast/fairexchange-mini/mini1.spthy b/examples/sapic/fast/feature-progress/mini1.spthy similarity index 97% rename from examples/sapic/fast/fairexchange-mini/mini1.spthy rename to examples/sapic/fast/feature-progress/mini1.spthy index f331a0da2..1796b33ee 100644 --- a/examples/sapic/fast/fairexchange-mini/mini1.spthy +++ b/examples/sapic/fast/feature-progress/mini1.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: (in('r',m); event A()) + (new n; out('r',n); event B() ) diff --git a/examples/sapic/fast/fairexchange-mini/mini10.spthy b/examples/sapic/fast/feature-progress/mini10.spthy similarity index 97% rename from examples/sapic/fast/fairexchange-mini/mini10.spthy rename to examples/sapic/fast/feature-progress/mini10.spthy index 3327884de..89aa19c8d 100644 --- a/examples/sapic/fast/fairexchange-mini/mini10.spthy +++ b/examples/sapic/fast/feature-progress/mini10.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: event A(); in('r',m); event B() lemma A_enforced: diff --git a/examples/sapic/fast/fairexchange-mini/mini2.spthy b/examples/sapic/fast/feature-progress/mini2.spthy similarity index 59% rename from examples/sapic/fast/fairexchange-mini/mini2.spthy rename to examples/sapic/fast/feature-progress/mini2.spthy index 575347241..116e64d2e 100644 --- a/examples/sapic/fast/fairexchange-mini/mini2.spthy +++ b/examples/sapic/fast/feature-progress/mini2.spthy @@ -5,13 +5,14 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress -new k; ( (in('r',sign(m,k)); event A())+(in('r',m); out('c',m);event B())) +process: +new k; ( (in('r',sign(m,=k)); event A())+(in('r',=m); out('c',m);event B())) -lemma A_impossible: +lemma A_impossible: "not(Ex #t. A()@t)" -lemma B_possible: - exists-trace +lemma B_possible: + exists-trace "Ex #t. B()@t" end diff --git a/examples/sapic/fast/fairexchange-mini/mini3.spthy b/examples/sapic/fast/feature-progress/mini3.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/mini3.spthy rename to examples/sapic/fast/feature-progress/mini3.spthy index 0c037eebc..7336039de 100644 --- a/examples/sapic/fast/fairexchange-mini/mini3.spthy +++ b/examples/sapic/fast/feature-progress/mini3.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: (in('r',m); event A()) + !(in('r',m); event B()) lemma A_possible: diff --git a/examples/sapic/fast/fairexchange-mini/mini4.spthy b/examples/sapic/fast/feature-progress/mini4.spthy similarity index 97% rename from examples/sapic/fast/fairexchange-mini/mini4.spthy rename to examples/sapic/fast/feature-progress/mini4.spthy index 5f8be147f..910a9ef25 100644 --- a/examples/sapic/fast/fairexchange-mini/mini4.spthy +++ b/examples/sapic/fast/feature-progress/mini4.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: (in('r',m); event A()) + (new n; out('r',n); event B() ) diff --git a/examples/sapic/fast/fairexchange-mini/mini5.spthy b/examples/sapic/fast/feature-progress/mini5.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/mini5.spthy rename to examples/sapic/fast/feature-progress/mini5.spthy index 30184d54d..24e9e2dac 100644 --- a/examples/sapic/fast/fairexchange-mini/mini5.spthy +++ b/examples/sapic/fast/feature-progress/mini5.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: new s; (insert s,'HELLO' || diff --git a/examples/sapic/fast/fairexchange-mini/mini6.spthy b/examples/sapic/fast/feature-progress/mini6.spthy similarity index 97% rename from examples/sapic/fast/fairexchange-mini/mini6.spthy rename to examples/sapic/fast/feature-progress/mini6.spthy index a6d3ebeb3..d72692e43 100644 --- a/examples/sapic/fast/fairexchange-mini/mini6.spthy +++ b/examples/sapic/fast/feature-progress/mini6.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: new a; !( if a=a then in('r',m); event A() else event B()) lemma A_possible: diff --git a/examples/sapic/fast/fairexchange-mini/mini7.spthy b/examples/sapic/fast/feature-progress/mini7.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/mini7.spthy rename to examples/sapic/fast/feature-progress/mini7.spthy index 41590230b..6076b9178 100644 --- a/examples/sapic/fast/fairexchange-mini/mini7.spthy +++ b/examples/sapic/fast/feature-progress/mini7.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: event A(); ! (event B() + (!event C()) ) lemma A_possible: diff --git a/examples/sapic/fast/fairexchange-mini/mini8.spthy b/examples/sapic/fast/feature-progress/mini8.spthy similarity index 97% rename from examples/sapic/fast/fairexchange-mini/mini8.spthy rename to examples/sapic/fast/feature-progress/mini8.spthy index f1e55131f..5f77debe7 100644 --- a/examples/sapic/fast/fairexchange-mini/mini8.spthy +++ b/examples/sapic/fast/feature-progress/mini8.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: event A(); in('c',m); event B() lemma A_enforced: diff --git a/examples/sapic/fast/fairexchange-mini/mini9.spthy b/examples/sapic/fast/feature-progress/mini9.spthy similarity index 98% rename from examples/sapic/fast/fairexchange-mini/mini9.spthy rename to examples/sapic/fast/feature-progress/mini9.spthy index ea83e4938..eed174827 100644 --- a/examples/sapic/fast/fairexchange-mini/mini9.spthy +++ b/examples/sapic/fast/feature-progress/mini9.spthy @@ -5,6 +5,7 @@ section{* small example for progression function *} builtins: signing, hashing, reliable-channel options: translation-progress +process: event Start(); ( ( out('r','Help') + (in('c',m); event B())) diff --git a/examples/sapic/fast/feature-secret-channel/U2F.spthy b/examples/sapic/fast/feature-secret-channel/U2F.spthy new file mode 100644 index 000000000..fbd69835c --- /dev/null +++ b/examples/sapic/fast/feature-secret-channel/U2F.spthy @@ -0,0 +1,72 @@ +/* +A small model of a multifactor authentication, with all the agents. +Its U2F, with the following roles : + - Server S + - Platform (user's computer) P + - User U + - Yubikey token T + + Single user scenario. +*/ + +theory U2F + +begin + +functions: pk/1, sign/2, getmess/1, checksign/2, succ/1 + +equations: getmess( sign(m, k )) = m, checksign( sign(m, k ) ,pk(k)) = m + +let S = + in(~tls, <=log,=pass>); + new chall:bitstring; + out(~tls, chall); + in(~tls, signed:bitstring); + if checksign( signed, pk(u2fkey)) = then + lock 'EvServer'; + lookup 'EvServer' as cnt in + event ServerAccept(cnt); + insert 'EvServer', succ(cnt); + unlock 'EvServer' + +let P = + in(~kb, ); + out(~tls, ); + in(~tls, chall:bitstring); + out(~u2f, ); + in(~u2f, signed:bitstring); + out(~tls, signed) + +let T = + in(~u2f, payload:bitstring); + out(~btn,'askpress'); + in(~btn, 'pressed'); + out(~u2f, sign( payload, u2fkey)) + + +let U = + lock 'EvToken'; + lookup 'EvToken' as cnt in + event UserInit(cnt); + insert 'EvToken', succ(cnt); + unlock 'EvToken'; + out(~kb, ); + in(~btn, 'askpress'); + out(~btn, 'pressed') + +process: +new ~tls:channel; new ~u2f:channel; new ~kb:channel; new ~btn:channel; new log; new pass; new u2fkey; +insert 'EvToken', 'zero'; +insert 'EvServer', 'zero'; +! ( S || U || T || P) + + +lemma auth[reuse,use_induction]: + "All #i cnt. ServerAccept(cnt)@i ==> Ex #j cntb. + UserInit(cntb)@j " + +// lemma reach: +// exists-trace +// "Ex #i cnt. ServerAccept(cnt)@i" + +end \ No newline at end of file diff --git a/examples/sapic/fast/feature-secret-channel/secret-channel.spthy b/examples/sapic/fast/feature-secret-channel/secret-channel.spthy index 2776069ef..995a70884 100644 --- a/examples/sapic/fast/feature-secret-channel/secret-channel.spthy +++ b/examples/sapic/fast/feature-secret-channel/secret-channel.spthy @@ -12,20 +12,21 @@ builtins: signing let P = event Secret(skP1); out (c1, skP1); out(c2, skP2) -let T1 = in(sign('test',skP1)); event Accept(skP1) -let T2 = in(sign('test',skP2)); event Accept2(skP2) +let T1 = in(sign('test',=skP1)); event Accept(skP1) +let T2 = in(sign('test',=skP2)); event Accept2(skP2) let Q = in(c1, x); event Received(x); out(sign('test',x)) let R = in(c2, x); event Received2(x); out(sign('test',x)) +process: new skP1; new skP2; new c1; new c2; (P || Q || R || T1 || T2) -lemma secret : +lemma secret : "All x #i. ( Secret(x) @ i ==> not (Ex #j. K(x) @ j) )" -lemma auth : +lemma auth : "All x #i. ( Accept(x) @ i ==> (Ex #j. j (Ex #j. j T: r1 T: fresh(r2) - T -> R: r2,lh(rot(ID,h(r1⊕r2⊕k))⊕h(r1⊕r2⊕k)) + T -> R: r2,lh(rot(ID,h(r1⊕r2⊕k))⊕h(r1⊕r2⊕k)) R -> T: rh(rot(ID,h(r1⊕r2⊕k))⊕h(r1⊕r2⊕k)) */ @@ -30,7 +30,7 @@ let Reader = event Challenge( ~r1, 'Reader' ); out( ~r1 ); in( ); - if x = lh(rot(~id, h((~r1 XOR r2 XOR ~k))) XOR h((~r1 XOR r2 XOR ~k))) then + if x = lh(rot(~id, h((~r1 XOR r2 XOR ~k))) XOR h((~r1 XOR r2 XOR ~k))) then ( event Alive( ~k, 'Tag' ); event Response(~k, 'Reader'); @@ -43,7 +43,7 @@ let Reader = else 0 -let Tag = +let Tag = in( r1 ); new ~r2; event Response( ~k, 'Tag' ); @@ -51,13 +51,14 @@ let Tag = event Running(<'R','T',<~k XOR r1 XOR ~r2>>); // event Running(<'R','T',<~k, r1, ~r2>>); out( <~r2,lh(rot(~id, h((r1 XOR ~r2 XOR ~k))) XOR h((r1 XOR ~r2 XOR ~k)) )>); - in( rh(rot(~id, h((r1 XOR ~r2 XOR ~k))) XOR h((r1 XOR ~r2 XOR ~k))) ); + in( rh(rot(=~id, h((=r1 XOR =~r2 XOR =~k))) XOR h((=r1 XOR =~r2 XOR =~k))) ); event Alive( ~k, 'Reader' ); event Commit(<'T','R',<~k XOR r1 XOR ~r2>>) +process: ! new ~k; new ~id; ! (Reader || Tag) -// FINDS ATTACK AUTOMATICALLY +// FINDS ATTACK AUTOMATICALLY /* lemma recentalive_tag: */ /* all-traces "∀ x #i. (Alive( x, 'Tag' ) @ #i) ⇒ (∃ y #j #k. Challenge(y, 'Reader') @k & Response( x, 'Tag' ) @ #j & k < j & j < i)" */ @@ -65,28 +66,28 @@ let Tag = lemma recentalive_tag_attack: exists-trace "not (∀ x #i. (Alive( x, 'Tag' ) @ #i) ⇒ (∃ y #j #k. Challenge(y, 'Reader') @k & Response( x, 'Tag' ) @ #j & k < j & j < i))" -// FINDS PROOF AUTOMATICALLY +// FINDS PROOF AUTOMATICALLY lemma recentalive_reader: all-traces "∀ x #i. (Alive( x, 'Reader' ) @ #i) ⇒ (∃ y #j #k. Challenge(y, 'Tag') @k & Response( x, 'Reader' ) @ #j & k < j & j < i)" // Depends on what data t is specified. Use the commented out Running/Commit -// claims above for attack. -// FINDS PROOF/ATTACK AUTOMATICALLY. +// claims above for attack. +// FINDS PROOF/ATTACK AUTOMATICALLY. lemma noninjectiveagreement_tag: - "All t #i. + "All t #i. Commit(<'T','R',t>) @i ==> (Ex #j. Running(<'T','R',t>) @j)" -// Depends on what data t is specified. FINDS PROOF/ATTACK AUTOMATICALLY. +// Depends on what data t is specified. FINDS PROOF/ATTACK AUTOMATICALLY. lemma noninjectiveagreement_reader: - "All t #i. + "All t #i. Commit(<'R','T',t>) @i ==> (Ex #j. Running(<'R','T',t>) @j)" -// SHOWS CORRECT EXECUTION +// SHOWS CORRECT EXECUTION lemma executable: - exists-trace "∃ x #i #j. (Alive( x, 'Reader' ) @ #i) ∧ (Response( x, 'Tag' ) @ #j) + exists-trace "∃ x #i #j. (Alive( x, 'Reader' ) @ #i) ∧ (Response( x, 'Tag' ) @ #j) // further restriction to automatically get the desired execution ∧ (not Ex #k. Response( x, 'Tag' ) @ #k & (not (#j=#k)))" diff --git a/examples/sapic/fast/feature-xor/CRxor.spthy b/examples/sapic/fast/feature-xor/CRxor.spthy index e5363f50f..98db2bdf8 100644 --- a/examples/sapic/fast/feature-xor/CRxor.spthy +++ b/examples/sapic/fast/feature-xor/CRxor.spthy @@ -38,6 +38,7 @@ let Responder = out() ) +process: new ~k; ! (Initiator || Responder) diff --git a/examples/sapic/fast/feature-xor/KCL07.spthy b/examples/sapic/fast/feature-xor/KCL07.spthy index fc7436214..8263229f2 100644 --- a/examples/sapic/fast/feature-xor/KCL07.spthy +++ b/examples/sapic/fast/feature-xor/KCL07.spthy @@ -42,6 +42,7 @@ let Tag = out( <~id XOR ~r2, h() XOR ~r2>) +process: new ~k; new ~id; (!Reader || !Tag) diff --git a/examples/sapic/fast/regression-tests/issue332-capturing-processdefinition.spthy b/examples/sapic/fast/regression-tests/issue332-capturing-processdefinition.spthy new file mode 100644 index 000000000..e38115d2a --- /dev/null +++ b/examples/sapic/fast/regression-tests/issue332-capturing-processdefinition.spthy @@ -0,0 +1,19 @@ +theory issue332 + +// issue 332 from project.cispa.saarland +// The let binding with a variable with the same name as the macro process raises an error: +// +// tamarin-prover: apply (LVar): variable 'x.1' substituted with term ''t'' +// CallStack (from HasCallStack): +// error, called at src/Term/Substitution/SubstVFree.hs:244:11 in tamarin-prover-term-1.7.1-CTfkxg1Ui7cCBvk1Ebl25t:Term.Substitution.SubstVFree + +begin + +let Pr(x) = out(x) + +process: + let x = 't' in + Pr(x) + +end + diff --git a/examples/sapic/fast/regression-tests/issue332-const-fun-clash.spthy b/examples/sapic/fast/regression-tests/issue332-const-fun-clash.spthy new file mode 100644 index 000000000..71a3d4f73 --- /dev/null +++ b/examples/sapic/fast/regression-tests/issue332-const-fun-clash.spthy @@ -0,0 +1,12 @@ +theory test + +// this file should produce a warning when called with the proverif export + +begin + +functions: toto/1 + +process: + out('toto') + +end \ No newline at end of file diff --git a/examples/sapic/fast/regression-tests/issue332-notype-header.spthy b/examples/sapic/fast/regression-tests/issue332-notype-header.spthy new file mode 100644 index 000000000..b09b69508 --- /dev/null +++ b/examples/sapic/fast/regression-tests/issue332-notype-header.spthy @@ -0,0 +1,13 @@ +theory test + +// Even when unused, the type newtype should be declared in the proverif output, as the macro process is always declared + +begin + +let P(x:newtype)=out(x) + + +process: + 0 + +end \ No newline at end of file diff --git a/examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy b/examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy index 848cf61a8..dc99106f7 100644 --- a/examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy +++ b/examples/sapic/fast/statVerifLeftRight/stateverif_left_right.spthy @@ -1,4 +1,4 @@ -theory StatVerifSecurityDevice +theory StatVerifSecurityDevice begin /* @@ -53,7 +53,7 @@ process builtins: asymmetric-encryption let Device=( - out(pk(sk)) + out(pk(sk)) || !( lock s ; in(req); lookup <'F_status',s> as status in @@ -67,11 +67,11 @@ let Device=( event InitDevice(s); insert <'F_status',s>,req; unlock s) - ) + ) || !( lock s; - in(aenc{}pk(sk)); + in(aenc{}pk(=sk)); lookup <'F_status',s> as status in if status='left' then event Access(x); out(x); unlock s @@ -83,6 +83,7 @@ let Device=( let User=new lm; new rm; event Exclusive(lm,rm); out(aenc{}pk(sk)) +process: !( new sk; new s; insert <'F_status',s>,'init'; ( Device || ! User )) // As we use a backwards search, we must specify the possible structure of diff --git a/examples/sapic/not-suitable-for-regression/feature-inevent-restriction/without-invent-restriction.spthy b/examples/sapic/not-suitable-for-regression/feature-inevent-restriction/without-invent-restriction.spthy index f57a5f6a3..cb47a143b 100644 --- a/examples/sapic/not-suitable-for-regression/feature-inevent-restriction/without-invent-restriction.spthy +++ b/examples/sapic/not-suitable-for-regression/feature-inevent-restriction/without-invent-restriction.spthy @@ -1,7 +1,8 @@ theory WithoutInEventRestriction begin -0 +process: + 0 // The following lemmas are not well formed and cannot be proven. They should // only ensure that in_event is NOT added. @@ -25,6 +26,6 @@ lemma lplus_notlminus_ex: lemma notlplus_lminus_all: all-traces "Ex x #i. not K(x)@i" - + end diff --git a/examples/sapic/not-suitable-for-regression/issue331-warn-for-capture.spthy b/examples/sapic/not-suitable-for-regression/issue331-warn-for-capture.spthy new file mode 100644 index 000000000..dc730dcfa --- /dev/null +++ b/examples/sapic/not-suitable-for-regression/issue331-warn-for-capture.spthy @@ -0,0 +1,29 @@ +theory issue331 + +/* +To avoid partial deconstructions, we often write: +lookup t as counter in + in(counter); +But currently, this will be translated (silently) to: +lookup t as counter in + in(counter.1); +What we actually need to write is: +lookup t as counter in + in(=counter); +It is the same thing as in(x);in(x) going to in(x);in(x.1). +This renaming should not be silent. +Further: in(=x) with x unbound does not give an error. +*/ + +begin + +process: + insert 'bla', 'toto' + | + lookup 'bla' as counter in + in(counter) // give warning before rewriting variable + | + in(x); in(x) // same error + +end + diff --git a/examples/sapic/proverif/t.pv b/examples/sapic/proverif/t.pv deleted file mode 100644 index f47cdcb89..000000000 --- a/examples/sapic/proverif/t.pv +++ /dev/null @@ -1,20 +0,0 @@ -free attacker_channel:channel. -free test:bitstring. -type skey. -fun bij(bitstring):bitstring. -fun senc(bitstring,skey):bitstring. -fun unbij(bitstring):bitstring. -equation forall x:bitstring; bij(unbij(x)) = x. -event Received(bitstring). -event Secret(bitstring). -reduc forall a:bitstring,b:bitstring; fst((a,b))=a. -reduc forall a:bitstring,b:bitstring; snd((a,b))=b. -reduc forall m:bitstring,sk:skey; sdec(senc(m,sk),sk) = m. -process - new sk:skey; - (new a:bitstring; - event Secret( a ); - out(attacker_channel,senc((a, test), sk))) - | (in(attacker_channel,m:bitstring); - if snd(sdec(m, sk))=test then - (event Received( fst(sdec(m, sk)) ))) diff --git a/examples/sapic/slow/NSL/nsl-no_as-untagged.spthy b/examples/sapic/slow/NSL/nsl-no_as-untagged.spthy index 6f5191382..70414010a 100644 --- a/examples/sapic/slow/NSL/nsl-no_as-untagged.spthy +++ b/examples/sapic/slow/NSL/nsl-no_as-untagged.spthy @@ -3,49 +3,64 @@ theory NeedhamSchroeder /* * Protocol: Needham Schroeder Lowe for Secret Establising, without * Server - * Modeler: Robert Kunnemann + * Modeler: Robert Kunnemann * Date: February 2013 * - * Status: working - * Note: takes a lot of memory, about 1G, but terminates + * Tamarin status : sanity1 and sanity2, < 1 sec + * source lemma, < 2 sec on cluster + * secrecy, 1 min on cluster + * Proverif status : < 1 sec */ begin builtins: asymmetric-encryption -! ( new skA; +process: +! ( new skA; event HonestA(pk(skA)); - out(pk(skA)); - !( in(pk(xB)); - new Na; - event OUT_I_1(aenc(,pk(xB))); - out(aenc( ,pk(xB))); - in(aenc(,pk(skA))); - event IN_I_2_nr(xNb,aenc(,pk(skA))); - new k; out(aenc(,pk(xB))); - event SessionA(pk(skA),pk(xB),k) - ) ) + out(pk(skA)); + !( in(pkB); + new Na; + event OUT_I_1(aenc(,pkB)); + out(aenc( ,pkB)); + in(cypher); + let mess = adec(cypher,skA) in + let <=Na,xNb,=pkB> = mess in + event IN_I_2_nr(xNb,aenc(,pk(skA))); + new k; + event OUT_I_2(aenc(,pkB)); + out(aenc(,pkB)); + event SessionA(pk(skA),pkB,k) + ) ) || -! ( new skB; +! ( new skB; event HonestB(pk(skB)); - out(pk(skB)); - !( in(aenc(,pk(skB))); - event IN_R_1_ni(xNa,aenc(,pk(skB))); - new Nb; - event OUT_R_1(aenc(,pk(xA))); - out(aenc(,pk(xA))); - in(aenc(,pk(skB))); - event SessionB(pk(xA),pk(skB),xk) - )) + out(pk(skB)); + !( in(cypher1); + let mess1 = adec(cypher1,skB) in + let = mess1 in + event IN_R_1_ni(xNa,aenc(,pk(skB))); + new Nb; + event OUT_R_1(aenc(,pkA)); + out(aenc(,pkA)); + in(cypher2); + let mess2 = adec(cypher2,skB) in + let <=Nb,xk> = mess2 in + event SessionB(pkA,pk(skB),xk) + )) -/* lemma sanity1: //make sure that a valid protocol run exists */ -/* exists-trace */ -/* "Ex pka pkb k #t1 . SessionA(pka,pkb,k)@t1" */ + lemma sanity1: //make sure that a valid protocol run exists -/* lemma sanity2: */ -/* exists-trace */ -/* "Ex pka pkb k #t1 . SessionB(pka,pkb,k)@t1" */ + "not( Ex pka pkb k #t1 . SessionA(pka,pkb,k)@t1)" + + lemma sanity2: + "not( Ex pka pkb k #t1 . SessionB(pka,pkb,k)@t1)" + + +/* +The source lemma bellow was true in the pattern matching based version, but is not in the new version. +Indeed, IN_R_1_ni may in fact accept messages either from the first or the second output of I, as they both have the same shape. lemma source [sources, reuse]: " (All ni m1 #i. @@ -63,15 +78,32 @@ lemma source [sources, reuse]: ) ) " +*/ +lemma source [sources, reuse]: + " (All ni m1 #i. + IN_R_1_ni( ni, m1) @ i + ==> + ( (Ex #j. KU(ni) @ j & j < i) + | (Ex #j. OUT_I_1( m1 ) @ j) + | (Ex #j. OUT_I_2( m1 ) @ j) + ) + ) + & (All nr m2 #i. + IN_I_2_nr( nr, m2) @ i + ==> + ( (Ex #j. KU(nr) @ j & j < i) + | (Ex #j. OUT_R_1( m2 ) @ j) + ) + ) +" lemma secrecy: "not ( - Ex pka pkb k #t1 #t2 . - SessionA(pka,pkb,k)@t1 - & K(k)@t2 - & ( Ex #i . HonestA(pka)@i) - & ( Ex #i . HonestB(pkb)@i) + Ex pka pkb k #t1 #t2 #i1 #i2. + SessionA(pka,pkb,k)@t1 + & KU(k)@t2 + & HonestA(pka)@i1 + & HonestB(pkb)@i2 )" end - diff --git a/examples/sapic/slow/PKCS11/pkcs11-templates.spthy b/examples/sapic/slow/PKCS11/pkcs11-templates.spthy index 97a207a02..05a217993 100644 --- a/examples/sapic/slow/PKCS11/pkcs11-templates.spthy +++ b/examples/sapic/slow/PKCS11/pkcs11-templates.spthy @@ -181,6 +181,7 @@ attwt(tem(v)), attut(tem(v))) then event GetKeyValue(key(v)); out(key(v)); unlock 'device' ) +process: insert <'F_template','trusted'>, // wrap, unwrap, enc, dec, sens, extr, trus, wwt, wt, ut < 'on', 'on', 'off','off','on','on', 'on', 'on','usage','usage'>; diff --git a/examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy b/examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy index 87604c379..d01e505a9 100644 --- a/examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy +++ b/examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap-nolocks.spthy @@ -1,11 +1,11 @@ theory EncWrapDecUnwrap /* - * Protocol: Enc/Wrap/Dec/Unwrap + * Protocol: Enc/Wrap/Dec/Unwrap * Modeller: Robert Kunnemann * Date: November 2014 * - * Status: working + * Status: working */ /* Some more comments: This is supposed to model typical problems that @@ -13,7 +13,7 @@ theory EncWrapDecUnwrap * four commands, besides the creation of a key: Encryption of userdata, * Decryption of arbitrary Cyphertexts, Key-wrapping and Unwrapping, that * is: re-importing of keys. The configuration allows to move from 'init' - * to 'wrap', or to move from 'init' to 'dec'. + * to 'wrap', or to move from 'init' to 'dec'. * * 'dec' allows to encrypt/decrypt * 'wrap' allows to wrap/unwrap @@ -24,14 +24,15 @@ begin builtins: symmetric-encryption +process: !( - ( in('create'); new h; new k; event NewKey(h,k); - insert <'key',h>,k; + ( in('create'); new h; new k; event NewKey(h,k); + insert <'key',h>,k; insert <'att',h>, 'init'; out(h) ) || ( in(<'set_wrap',h>); lookup <'att',h> as a in - if a='init' then delete <'att',h>; - insert <'att',h>, 'wrap'; + if a='init' then delete <'att',h>; + insert <'att',h>, 'wrap'; event WrapHandle(h) ) || @@ -39,21 +40,21 @@ builtins: symmetric-encryption if a='init' then delete <'att',h>; insert <'att',h>, 'dec' ) || //Dec - ( in(); lookup <'att',h> as a in - if a='dec' then + ( in(); lookup <'att',h> as a in + if a='dec' then lookup <'key',h> as kp in if kp=k then - event DecUsing(k,m); out(m) + event DecUsing(k,m); out(m) ) || //Enc - ( in(); lookup <'att',h> as a in + ( in(); lookup <'att',h> as a in if a='dec' then lookup <'key',h> as k in - event EncUsing(k,m); out(senc(m,k)) + event EncUsing(k,m); out(senc(m,k)) else 0 else 0 else 0 ) || //Wrap - ( in(); lookup <'att',h1> as a1 in + ( in(); lookup <'att',h1> as a1 in if a1='wrap' then lookup <'key',h1> as k1 in lookup <'key',h2> as k2 in event Wrap(k1,k2); @@ -63,7 +64,7 @@ builtins: symmetric-encryption else 0 else 0 ) || //Unwrap - ( in(); lookup <'att',h1> as a1 in + ( in(); lookup <'att',h1> as a1 in if a1='wrap' then lookup <'key',h1> as k1 in if k1=k then new h2; diff --git a/examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy b/examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy index d77374a7b..0a72decdc 100644 --- a/examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy +++ b/examples/sapic/slow/encWrapDecUnwrap/encwrapdecunwrap.spthy @@ -1,11 +1,11 @@ theory EncWrapDecUnwrap /* - * Protocol: Enc/Wrap/Dec/Unwrap - * Modelaler: Robert Kunnemann + * Protocol: Enc/Wrap/Dec/Unwrap + * Modelaler: Robert Kunnemann * Date: November 2014 * - * Status: working + * Status: working */ /* Some more comments: This is supposed to model typical problems that @@ -13,7 +13,7 @@ theory EncWrapDecUnwrap * four commands, besides the creation of a key: Encryption of userdata, * Decryption of arbitrary Cyphertexts, Key-wrapping and Unwrapping, that * is: re-importing of keys. The configuration allows to move from 'init' - * to 'wrap', or to move from 'init' to 'dec'. + * to 'wrap', or to move from 'init' to 'dec'. * * 'dec' allows to encrypt/decrypt * 'wrap' allows to wrap/unwrap @@ -27,21 +27,21 @@ begin builtins: symmetric-encryption -functions: key/1,att/1,sencSucc/2, true/0 +functions: key/1,attC/1,sencSucc/2, true/0 equations: key () = k - , att () = a + , attC () = a , sencSucc(senc(m,k),k)=true() - +process: !( - ( in('create'); - new L_h; + ( in('create'); + new L_h; lock L_h; - new k; - event NewKey(L_h,k); - insert L_h,; + new k; + event NewKey(L_h,k); + insert L_h,; out(L_h); unlock L_h ) @@ -49,26 +49,26 @@ equations: ( in(<'set_wrap',L_h>); lock L_h; lookup L_h as v in - if att(v)='init' then - event WrapKey(L_h,key(v)); - insert L_h, ; - event WrapHandle(L_h); + if attC(v)='init' then + event WrapKey(L_h,key(v)); + insert L_h, ; + event WrapHandle(L_h); unlock L_h ) || ( in(<'set_dec',L_h>); lock L_h; lookup L_h as v in - if att(v)='init' then - event DecKey(L_h,key(v)); - insert L_h, ; + if attC(v)='init' then + event DecKey(L_h,key(v)); + insert L_h, ; unlock L_h ) || //Dec ( in(); lock L_h; - lookup L_h as v in - if att(v)='dec' then + lookup L_h as v in + if attC(v)='dec' then if sencSucc(c,key(v)) = true() then let m = sdec(c,key(v)) in event DecUsing(key(v),m); @@ -76,30 +76,30 @@ equations: unlock L_h ) || //Enc - ( in(); + ( in(); lock L_h; - lookup L_h as v in - if att(v)='dec' then - event EncUsing(key(v),m); + lookup L_h as v in + if attC(v)='dec' then + event EncUsing(key(v),m); out(senc(m,key(v))) ; unlock L_h ) || //Wrap - ( in(); + ( in(); lock L_h1; - lookup L_h1 as v1 in - if att(v1)='wrap' then - lookup L_h2 as v2 in - if att(v2)='wrap' then + lookup L_h1 as v1 in + if attC(v1)='wrap' then + lookup L_h2 as v2 in + if attC(v2)='wrap' then event Wrap(key(v1),key(v2)); out(senc(key(v2),key(v1))); unlock L_h1 ) || //Unwrap - ( in(); + ( in(); lock L_h; - lookup L_h as v in - if att(v)='wrap' then + lookup L_h as v in + if attC(v)='wrap' then if key(v)=k then new L_h2; event Unwrapped(L_h2,m); @@ -128,55 +128,55 @@ equations: /* exists-trace */ /* "Ex #t h k.Unwrapped(h,k )@t" */ -lemma dec_limits[sources]: +lemma dec_limits[sources]: // a message that can be decrypted was either encrypted on the device, or some key leaked. // Also, every key that is unwrapped at some point was created earlier. - "( - All k m #t1. DecUsing(k,m)@t1 ==> + "( + All k m #t1. DecUsing(k,m)@t1 ==> ( Ex h2 k2 #t2 #t3. NewKey(h2, k2)@t2 & KU(k2)@t3 & t2 (Ex h1 #t1. NewKey (h1,k)@t1 & t1 #t0 < #t1 ) ) | ( Ex h k2 #t1 #t0. NewKey(h, k2)@t0 & KU(k2)@t1 & t1 - ( Ex h k2 #t1 #t0. NewKey(h, k2)@t0 & KU(k2)@t1 - & + ( Ex h k2 #t1 #t0. NewKey(h, k2)@t0 & KU(k2)@t1 + & ( ( t1 - ( Ex h k2 #t1 #t0. NewKey(h, k2)@t0 & KU(k2)@t1 - & + ( Ex h k2 #t1 #t0. NewKey(h, k2)@t0 & KU(k2)@t1 + & ( ( t1 not (y= 'l') @@ -17,7 +22,7 @@ let r = // The remote server who runs the (new sid; let r_sid = report (sid) in out(); - + !(lock state; lookup state as ipo in in(ip); new r; let o = prog(r,ip,ipo) in // computation of the new output let x = report () in // report call of the IEE @@ -30,24 +35,25 @@ let r = // The remote server who runs the let v = // The verifier in(); if sid = check_rep(r_sid,'l') then - + !(lock state; lookup state as ipo in in(ip); in(); - if = check_rep(signedios,'l') then // verification of the validity of the report + if = check_rep(signedios,'l') then // verification of the validity of the report (event Voutput(); insert state,; unlock state) - else + else event Fail()) +process: new init; ( !(new state; insert state,init; !r) || !(new state; insert state,init; !v) ) /* -lemma can_run_v: //for sanity - exists-trace - "Ex #t h .Voutput(h)@t" +lemma can_run_v: //for sanity + exists-trace + "Ex #t h .Voutput(h)@t" */ // Attested computation theorem diff --git a/examples/sapic/super-slow/fairexchange-asw/asw-mod-weak-locks.spthy b/examples/sapic/super-slow/fairexchange-asw/asw-mod-weak-locks.spthy index 4068e271a..557238751 100644 --- a/examples/sapic/super-slow/fairexchange-asw/asw-mod-weak-locks.spthy +++ b/examples/sapic/super-slow/fairexchange-asw/asw-mod-weak-locks.spthy @@ -8,11 +8,11 @@ section{* The ASW contract signing protocol *} * Date: Aug 2016 * Modeler: Robert Kunnemann * Status: working - * + * * ASW protocol with the following modifications: * - The third and fourth message are modified according to [1], in particular: - * m3 = sign {}sk($A) - * m4 = sign {}sk($B) + * m3 = sign {}sk($A) + * m4 = sign {}sk($B) * - The response from the TTP to a resolving responder, in case the initiator * has already requested abortion contains h(nb) within the signature, * so as to uniquely identify the responder's current session, i.e. @@ -23,8 +23,8 @@ section{* The ASW contract signing protocol *} * a contract only imply a different contract, if the contract text t is * different. * - * [1] V. Shmatikov, J.C. Mitchell. Analysis of a Fair Exchange Protocol. NDSS 2000. - * + * [1] V. Shmatikov, J.C. Mitchell. Analysis of a Fair Exchange Protocol. NDSS 2000. + * * This version models the contract state in the TTP via the locking mechanism. */ @@ -47,7 +47,7 @@ equations: let A = in ('c',$TEXT); new na; - let m1 = sign {<$A, $B, TTPID, $TEXT, h(na)>}sk($A) in + let m1 = sign {<$A, $B, TTPID, $TEXT, h(na)>}sk($A) in let pat_m2 = sign {}sk($B) in let m3 = sign {}sk($A) in let pat_m4 = sign {}sk($B) in @@ -57,11 +57,11 @@ let A = in ('c',$TEXT); out('c', m1); ( ( - in('c', pat_m2); + in('c', =pat_m2); out('c', m3); ( ( - in('c', pat_m4); + in('c', =pat_m4); event ContractA($A,$B,$TEXT,na); event EndA1($A,$B,$TEXT,na) ) + @@ -70,7 +70,7 @@ let A = in ('c',$TEXT); out('r',<'originator',$A,TTPID,>); /* simplification: original protocol specification * contained case where originator receives abort token at - * this point. + * this point. */ /* ( */ /* in('r',<'originator',sign{<'Aborted', a1>}sk(TTPID)>); */ @@ -82,10 +82,10 @@ let A = in ('c',$TEXT); * because of the nonce na, this message should never * arrive. Since if the TTP sends this message after * A sent resolve, A must have had sent an abort, but m1 - * is fresh. + * is fresh. */ ( - in('r',<'originator',TTPID,$A,sign{}sk(TTPID)>); + in('r',<'originator',=TTPID,=$A,sign{<=m1, =pat_m2>}sk(=TTPID)>); event ContractA($A,$B,$TEXT,na); event EndA2($A,$B,$TEXT,na) ) ) @@ -97,12 +97,12 @@ let A = in ('c',$TEXT); out('r',<'originator',$A,TTPID,a1>); ( ( - in('r',<'originator',TTPID,$A,sign{<'Aborted', a1>}sk(TTPID)>); + in('r',<'originator',=TTPID,=$A,sign{<'Aborted', =a1>}sk(=TTPID)>); event AbortA($A,$B,$TEXT,na); event EndA3($A,$B,$TEXT,na) ) + ( - in ('r',<'originator',TTPID,$A,sign{}sk(TTPID)>); + in ('r',<'originator',=TTPID,=$A,sign{<=m1, =pat_m2>}sk(=TTPID)>); event ContractA($A,$B,$TEXT,na); event EndA4($A,$B,$TEXT,na) ) ) @@ -112,18 +112,18 @@ let A = in ('c',$TEXT); /* Role of Bob */ let B = ( - let pat_m1 = sign {<$A, $B, TTPID, $TEXT, h(na)>} sk($A) in + let pat_m1 = sign {<$A, $B, TTPID, $TEXT, h(na)>} sk($A) in let m2 = sign {}sk($B) in let pat_m3 = sign {}sk($A) in let m4 = sign {}sk($B) in let a1 = sign {<'Abort', pat_m1>}sk($A) in - in ('c', pat_m1 ); + in ('c', =pat_m1 ); new nb; event StartB($A,$B,$TEXT,nb); out ('c', m2); ( ( - in ('c', pat_m3); + in ('c', =pat_m3); event ContractB($A,$B,$TEXT,nb); event EndB1($A,$B,$TEXT,na); out ('c',m4) ) @@ -133,14 +133,14 @@ let B = ( out('r',<'responder',$B,TTPID,>); ( ( - in('r',<'responder',TTPID,$B,sign{<'Aborted', a1, h(nb)>}sk(TTPID)>); - /* modified -- aborted message contains h(nb) to link + in('r',<'responder',=TTPID,=$B,sign{<'Aborted', =a1, h(=nb)>}sk(=TTPID)>); + /* modified -- aborted message contains h(nb) to link * response to right responder session */ event AbortB($A,$B, $TEXT, nb); event EndB2($A,$B,$TEXT,na) ) + ( - in ('r',<'responder',TTPID,$B,sign{}sk(TTPID)>); + in ('r',<'responder',=TTPID,=$B,sign{<=pat_m1, =m2>}sk(=TTPID)>); event ContractB($A,$B,$TEXT,nb); event EndB3($A,$B,$TEXT,na) ) ) @@ -149,73 +149,74 @@ let B = ( ) let TTP = - let m1 = sign {<$A, $B, TTPID, $TEXT, h(na)>}sk($A) in + let m1 = sign {<$A, $B, TTPID, $TEXT, h(na)>}sk($A) in let m2 = sign {}sk($B) in let a1 = sign{<'Abort', m1>}sk($A) in ( ( /*Abort */ - in('r', <'originator',$A,TTPID,a1>); + in('r', <'originator',=$A,=TTPID,=a1>); lock m1; event TTPAbort(TTPID,$A,$B,$TEXT,na); out('r',<'originator',TTPID,$A,sign{<'Aborted', a1>}sk(TTPID)>); - in('r',<'responder',$B,TTPID,>); + in('r',<'responder',=$B,=TTPID,<=m1,=m2>>); out('r',<'responder',TTPID,$B,sign{<'Aborted', a1, h(nb)>}sk(TTPID)>) /* no unlock */ ) || ( /* Resolve A */ - in('r',<'originator',$A,TTPID,>); + in('r',<'originator',=$A,=TTPID,<=m1,=m2>>); lock m1; event TTPResolvesA($A,$B,$TEXT,na); out ('r',<'originator',TTPID,$A,sign{}sk(TTPID)>); - in('r',<'responder',$B,TTPID,>); + in('r',<'responder',=$B,=TTPID,<=m1,=m2>>); out ('r',<'responder',TTPID,$B,sign{}sk(TTPID)>) /* no unlock */ ) || ( /* Resolve B */ - in('r',<'responder',$B,TTPID,>); + in('r',<'responder',=$B,=TTPID,<=m1,=m2>>); lock m1; event ResponderResolved(TTPID, $A,$B,$TEXT,na); out ('r',<'responder',TTPID,$B,sign{}sk(TTPID)>); - in('r', <'originator',$A,TTPID,a1>); + in('r', <'originator',=$A,=TTPID,=a1>); out ('r', <'originator',TTPID,$A,sign{}sk(TTPID)>) /* no unlock */ ) ) -let Judge = - let m1 = sign {<$A, $B, TTPID, $TEXT, h(na)>}sk($A) in +let Judge = + let m1 = sign {<$A, $B, TTPID, $TEXT, h(na)>}sk($A) in let m2 = sign {}sk($B) in let pat_m3 = sign {}sk($A) in let m4 = sign {}sk($B) in ( - (in('c',); event ContractJudge($A,$B,$TEXT)) - || (in('c',sign{}sk(TTPID)); event ContractJudge($A,$B,$TEXT)) + (in('c',<=pat_m3,=m1,=m2,=m4>); event ContractJudge($A,$B,$TEXT)) + || (in('c',sign{<=m1,=m2>}sk(=TTPID)); event ContractJudge($A,$B,$TEXT)) ) +process: let TTPID=<'TTP',$TTP> in !( -in('c',<$A,$B,TTPID>); +in('c',<$A,$B,=TTPID>); (A || B || TTP || Judge) ) -|| !( in('c',<'corrupt',$x>); +|| !( in('c',<'corrupt',$x>); event Corrupt($x); out('c',sk($x)); - ( !(in('r',<'responder',$x,TTPID,m>);0) - || !(in('r',<'originator',$x,TTPID,m>);0) - || !(in('r',<'responder',TTPID,$x,m>);0) - || !(in('r',<'originator',TTPID,$x,m>);0) + ( !(in('r',<'responder',=$x,=TTPID,m>);0) + || !(in('r',<'originator',=$x,=TTPID,m>);0) + || !(in('r',<'responder',=TTPID,=$x,m>);0) + || !(in('r',<'originator',=TTPID,=$x,m>);0) ) ) /* auto */ lemma sanity_a1b1: exists-trace - "Ex #i #j a b t na. - EndA1(a,b,t,na)@i - & EndB1(a,b,t,na)@j + "Ex #i #j a b t na. + EndA1(a,b,t,na)@i + & EndB1(a,b,t,na)@j & not (Ex #k. Corrupt(a)@k) & not (Ex #k. Corrupt(b)@k) " @@ -223,9 +224,9 @@ exists-trace /* new sanity, manual */ /* lemma sanity_a2b1: */ /* exists-trace */ -/* "Ex #i #j a b t na. */ -/* EndA2(a,b,t,na)@i */ -/* & EndB1(a,b,t,na)@j */ +/* "Ex #i #j a b t na. */ +/* EndA2(a,b,t,na)@i */ +/* & EndB1(a,b,t,na)@j */ /* & not (Ex #k. Corrupt(a)@k) */ /* & not (Ex #k. Corrupt(b)@k) */ /* " */ @@ -233,9 +234,9 @@ exists-trace /* new sanity, manual */ /* lemma sanity_a2b3: */ /* exists-trace */ -/* "Ex #i #j a b t na. */ -/* EndA2(a,b,t,na)@i */ -/* & EndB3(a,b,t,na)@j */ +/* "Ex #i #j a b t na. */ +/* EndA2(a,b,t,na)@i */ +/* & EndB3(a,b,t,na)@j */ /* & not (Ex #k. Corrupt(a)@k) */ /* & not (Ex #k. Corrupt(b)@k) */ /* " */ @@ -243,8 +244,8 @@ exists-trace /* new sanity, manual */ /* lemma sanity_a3b2: */ /* exists-trace */ -/* "Ex #i #j a b t na. */ -/* EndA3(a,b,t,na)@i */ +/* "Ex #i #j a b t na. */ +/* EndA3(a,b,t,na)@i */ /* & EndB2(a,b,t,na)@j */ /* & not (Ex #k. Corrupt(a)@k) */ /* & not (Ex #k. Corrupt(b)@k) */ @@ -258,15 +259,15 @@ exists-trace /* lemma helper [reuse]: */ /* "not (Ex #i #j ttp a b t na. */ /* TTPAbort(ttp, a, b, t, na)@i & */ -/* ResponderResolved(ttp, a, b, t, na)@j */ +/* ResponderResolved(ttp, a, b, t, na)@j */ /* )" */ /* manual */ /* lemma sanity_a4b3: */ /* exists-trace */ -/* "Ex #i #j a b t na. */ -/* EndA4(a,b,t,na)@i */ -/* & EndB3(a,b,t,na)@j */ +/* "Ex #i #j a b t na. */ +/* EndA4(a,b,t,na)@i */ +/* & EndB3(a,b,t,na)@j */ /* & not (Ex #k. Corrupt(a)@k) */ /* & not (Ex #k. Corrupt(b)@k) */ /* " */ @@ -291,14 +292,14 @@ lemma timelinessB [reuse]: /* depends on timelinessA */ lemma fullfairnessA: "All #i a b t . ContractJudge(a,b,t)@i - ==> (Ex #j na . ContractA(a,b,t, na)@j) + ==> (Ex #j na . ContractA(a,b,t, na)@j) | (Ex #k. Corrupt(a)@k) " /* auto (very slow) */ lemma fullfairnessB: "All #i a b t . ContractJudge(a,b,t)@i - ==> (Ex #j nb . ContractB(a,b,t, nb)@j) + ==> (Ex #j nb . ContractB(a,b,t, nb)@j) | (Ex #k. Corrupt(b)@k) " diff --git a/examples/sapic/super-slow/fairexchange-asw/aswAB-mod.spthy b/examples/sapic/super-slow/fairexchange-asw/aswAB-mod.spthy index c3d1cf9e2..d47226fc7 100644 --- a/examples/sapic/super-slow/fairexchange-asw/aswAB-mod.spthy +++ b/examples/sapic/super-slow/fairexchange-asw/aswAB-mod.spthy @@ -7,11 +7,11 @@ section{* The ASW contract signing protocol *} * Protocol: ASW * Date: Jan 2016 * Status: working - * + * * ASW protocol with the following modifications: * - The third and fourth message are modified according to [1], in particular: - * m3 = sign {}sk($A) - * m4 = sign {}sk($B) + * m3 = sign {}sk($A) + * m4 = sign {}sk($B) * - The response from the TTP to a resolving responder, in case the initiator * has already requested abortion contains h(nb) within the signature, * so as to uniquely identify the responder's current session, i.e. @@ -19,8 +19,8 @@ section{* The ASW contract signing protocol *} * Note that the Abort-Protocol remains otherwise unmodified, in * particular the messages to the initiator. * - * [1] V. Shmatikov, J.C. Mitchell. Analysis of a Fair Exchange Protocol. NDSS 2000. - * + * [1] V. Shmatikov, J.C. Mitchell. Analysis of a Fair Exchange Protocol. NDSS 2000. + * */ builtins: hashing @@ -41,7 +41,7 @@ options: translation-progress let A = in ('c',t); new na; - let m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in + let m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in let pat_m2 = sign {}sk($B) in let m3 = sign {}sk($A) in let pat_m4 = sign {}sk($B) in @@ -50,11 +50,11 @@ let A = in ('c',t); out('c', m1); ( ( - in('c', pat_m2); + in('c',=pat_m2); out('c', m3); ( ( - in('c', pat_m4); + in('c', =pat_m4); event ContractA($A,$B,m1,pat_m2,na,nb) ) + @@ -63,7 +63,7 @@ let A = in ('c',t); out('r', <'originator',$A,TTPID,>); /* simplification: original protocol specification * contained case where originator receives abort token at - * this point. + * this point. */ /* ( */ /* in('r',<'originator',sign{<'Aborted', a1>}sk(TTPID)>); */ @@ -75,10 +75,10 @@ let A = in ('c',t); * because of the nonce na, this message should never * arrive. Since if the TTP sends this message after * A sent resolve, A must have had sent an abort, but m1 - * is fresh. + * is fresh. */ ( - in ('r',<'originator',$A,TTPID,sign{}sk(TTPID)>); + in ('r',<'originator',=$A,=TTPID,sign{<=m1, =pat_m2>}sk(=TTPID)>); event ContractA($A,$B,m1,pat_m2,na,nb) ) ) @@ -90,12 +90,12 @@ let A = in ('c',t); out('r', <'originator',$A,TTPID,a1>); ( ( - in('r',<'originator',$A,TTPID,sign{<'Aborted', a1>}sk(TTPID)>); + in('r',<'originator',=$A,=TTPID,sign{<'Aborted', =a1>}sk(=TTPID)>); event AbortA($A,m1,na) ) + ( - in ('r',<'originator',$A,TTPID,sign{}sk(TTPID)>); + in ('r',<'originator',=$A,=TTPID,sign{<=m1, =pat_m2>}sk(=TTPID)>); event ContractA($A,$B,m1,pat_m2,na,nb) ) ) @@ -105,19 +105,19 @@ let A = in ('c',t); /* Role of Bob */ let B = ( - let pat_m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in + let pat_m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in let m2 = sign {}sk($B) in let pat_m3 = sign {}sk($A) in let m4 = sign {}sk($B) in let a1 = sign {<'Abort', pat_m1>}sk($A) in - in ('c', pat_m1 ); + in ('c', =pat_m1 ); new nb; event StartB($A,$B,pat_m1,m2,na,nb); out ('c', m2); ( ( - in ('c', pat_m3); - event ContractB($A,$B,pat_m1,m2,na,nb); + in ('c', =pat_m3); + event ContractB($A,$B,pat_m1,m2,na,nb); out ('c',m4) ) + @@ -125,14 +125,14 @@ let B = ( /* Resolve */ out('r', <'responder',$B,TTPID,>); ( - in('r',<'responder',$B,TTPID,sign{<'Aborted', a1, h(nb)>}sk(TTPID)>); - /* modified -- aborted message contains h(nb) to link + in('r',<'responder',=$B,=TTPID,sign{<'Aborted', =a1, h(=nb)>}sk(=TTPID)>); + /* modified -- aborted message contains h(nb) to link * response to right responder session */ event AbortB($A,$B, pat_m1, m2, na, nb) ) + ( - in ('r',<'responder',$B,TTPID,sign{}sk(TTPID)>); + in ('r',<'responder',=$B,=TTPID,sign{<=pat_m1, =m2>}sk(=TTPID)>); event ContractB($A,$B,pat_m1,m2,na,nb) ) ) @@ -140,11 +140,11 @@ let B = ( ) let TTP = - let m1 = sign {<$A, $B, TTPID, xt, h(xna)>}sk($A) in + let m1 = sign {<$A, $B, TTPID, xt, h(xna)>}sk($A) in let m2 = sign {}sk($B) in let a1 = sign{<'Abort', m1>}sk($A) in ( /*Abort */ - in('r', <'originator',$A,TTPID,a1>); + in('r', <'originator',=$A,=TTPID,=a1>); lock m1; lookup <'F_Resolved',TTPID,m1> as y in out ('r', <'originator',$A,TTPID,sign{}sk(TTPID)>); @@ -155,7 +155,7 @@ let TTP = ) || ( /* Resolve A */ - in('r',<'originator',$A,>); + in('r',<'originator',=$A,<=m1,=m2>>); lock m1; lookup <'Aborted',TTPID,m1> as x in out('r',<'originator',$A,TTPID,sign{<'Aborted', a1>}sk(TTPID)>); @@ -169,7 +169,7 @@ let TTP = ) || ( /* Resolve B */ - in('r',<'responder',$B,TTPID,>); + in('r',<'responder',=$B,=TTPID,<=m1,=m2>>); lock m1; lookup <'Aborted',TTPID,m1> as x in out('r',<'responder',$B,TTPID,sign{<'Aborted', a1, h(xnb)>}sk(TTPID)>); @@ -180,30 +180,31 @@ let TTP = ) -let Judge = - let m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in +let Judge = + let m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in let m2 = sign {}sk($B) in let pat_m3 = sign {}sk($A) in let m4 = sign {}sk($B) in - (in('c',); event ContractJudge($A,$B,m1,m2,na,nb)) - || (in('c', sign{}sk(TTPID)); event ContractJudge($A,$B,m1,m2,na,nb)) + (in('c',<=m1,=m2,=pat_m3,=m4>); event ContractJudge($A,$B,m1,m2,na,nb)) + || (in('c', sign{<=m1,=m2>}sk(=TTPID)); event ContractJudge($A,$B,m1,m2,na,nb)) +process: let TTPID=<'TTP',$TTP> in !( -in('c',<$A,$B,TTPID>); +in('c',<$A,$B,=TTPID>); (A || B || TTP || Judge) ) -|| !( in('c',<'corrupt',$x>); +|| !( in('c',<'corrupt',=$x>); event Corrupt($x); out('c',sk($x)); - (!(in('r',<'responder',$x,m>);0) || !(in('r',<'originator',$x,m>);0)) + (!(in('r',<'responder',=$x,m>);0) || !(in('r',<'originator',=$x,m>);0)) ) /* auto */ lemma sanity_optimistic_AB: exists-trace - "Ex #i #j a b m1 m2 na nb. - ContractA(a,b,m1,m2,na,nb)@i + "Ex #i #j a b m1 m2 na nb. + ContractA(a,b,m1,m2,na,nb)@i & ContractB(a,b,m1,m2,na,nb)@j & not (Ex #k. Corrupt(a)@k) & not (Ex #k. Corrupt(b)@k) @@ -236,13 +237,13 @@ lemma timelinessB: /* auto */ lemma partialfairnessA: - "All #i a m1 na. AbortA(a, m1, na)@i ==> + "All #i a m1 na. AbortA(a, m1, na)@i ==> ((Ex #j. K(na)@j ) ==> (Ex #k. Corrupt(a)@k)) " /* auto */ lemma partialfairnessB: - "All #i a b m1 m2 na nb. AbortB(a, b, m1, m2, na, nb)@i ==> + "All #i a b m1 m2 na nb. AbortB(a, b, m1, m2, na, nb)@i ==> ((Ex #j. K(nb)@j ) ==> (Ex #k. Corrupt(b)@k)) " @@ -250,7 +251,7 @@ lemma partialfairnessB: lemma fullfairnessAattack: exists-trace "not (All #i #l a b m1 m2 na nb . ContractJudge(a,b,m1,m2,na,nb)@i & Corrupt(b)@l - ==> (Ex #j. ContractA(a,b,m1,m2,na,nb)@j) | (Ex #k. Corrupt(a)@k) + ==> (Ex #j. ContractA(a,b,m1,m2,na,nb)@j) | (Ex #k. Corrupt(a)@k) ) " diff --git a/examples/sapic/super-slow/fairexchange-asw/aswAB.spthy b/examples/sapic/super-slow/fairexchange-asw/aswAB.spthy index 4f30be83d..12f4d8bc7 100644 --- a/examples/sapic/super-slow/fairexchange-asw/aswAB.spthy +++ b/examples/sapic/super-slow/fairexchange-asw/aswAB.spthy @@ -7,7 +7,7 @@ section{* The ASW contract signing protocol *} * Protocol: ASW * Date: Dec 2015 * Status: working - * + * * Unmodified variant of the ASW protocol with strict interpretation * of the meaning of a contract (see Definition of Judge). */ @@ -26,7 +26,7 @@ equations: let A = in ('c',t); new na; - let m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in + let m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in let pat_m2 = sign {}sk($B) in let a1 = sign {<'Abort', m1>}sk($A) in ( @@ -36,25 +36,25 @@ let A = in ('c',t); /* Abort */ out('r', <'originator',$A,TTPID,a1>); ( - in('r',<'originator',$A,TTPID,sign{<'Aborted', a1>}sk(TTPID)>); + in('r',<'originator',=$A,=TTPID,sign{<'Aborted', =a1>}sk(=TTPID)>); event AbortA($A,m1,na) ) + ( - in ('r',<'originator',$A,TTPID,sign{}sk(TTPID)>); + in ('r',<'originator',=$A,=TTPID,sign{<=m1, =pat_m2>}sk(=TTPID)>); event ContractA($A,$B,m1,pat_m2,na,nb) ) ) + ( - in('c', pat_m2); + in('c', =pat_m2); out('c', na); ( /* Resolve */ out('r', <'originator',$A,TTPID,>); /* simplification: original protocol specification * contained case where originator receives abort token at - * this point. + * this point. */ /* ( */ /* in('r',<'originator',sign{<'Aborted', a1>}sk(TTPID)>); */ @@ -66,10 +66,10 @@ let A = in ('c',t); * because of the nonce na, this message should never * arrive. Since if the TTP sends this message after * A sent resolve, A must have had sent an abort, but m1 - * is fresh. + * is fresh. */ ( - in ('r',<'originator',$A,TTPID,sign{}sk(TTPID)>); + in ('r',<'originator',=$A,=TTPID,sign{<=m1, =pat_m2>}sk(=TTPID)>); event ContractA($A,$B,m1,pat_m2,na,nb) ) ) @@ -82,10 +82,10 @@ let A = in ('c',t); /* Role of Bob */ let B = ( - let pat_m1 = sign {<$A, $B, TTPID, t, h(na)>} sk($A) in + let pat_m1 = sign {<$A, $B, TTPID, t, h(na)>} sk($A) in let m2 = sign {}sk($B) in let a1 = sign {<'Abort', pat_m1>}sk($A) in - in ('c', pat_m1 ); + in ('c', =pat_m1 ); new nb; event StartB($A,$B,pat_m1,m2,na,nb); out ('c', m2); @@ -94,30 +94,30 @@ let B = ( /* Resolve */ out('r', <'responder',$B,TTPID,>); ( - in('r',<'responder',$B,TTPID,sign{<'Aborted', a1>}sk(TTPID)>); + in('r',<'responder',=$B,=TTPID,sign{<'Aborted', =a1>}sk(=TTPID)>); event AbortB($A,$B, pat_m1, m2, na, nb) ) + ( - in ('r',<'responder',$B,TTPID,sign{}sk(TTPID)>); + in ('r',<'responder',=$B,=TTPID,sign{<=pat_m1, =m2>}sk(=TTPID)>); event ContractB($A,$B,pat_m1,m2,na,nb) ) ) + ( in ('c', na); - event ContractB($A,$B,pat_m1,m2,na,nb); + event ContractB($A,$B,pat_m1,m2,na,nb); out ('c',nb) ) ) ) let TTP = - let m1 = sign {<$A, $B, TTPID, xt, h(xna)>}sk($A) in + let m1 = sign {<$A, $B, TTPID, xt, h(xna)>}sk($A) in let m2 = sign {}sk($B) in let a1 = sign{<'Abort', m1>}sk($A) in ( /*Abort */ - in('r', <'originator',$A,TTPID,a1>); + in('r', <'originator',=$A,=TTPID,=a1>); lock m1; lookup <'F_Resolved',TTPID,m1> as y in out ('r', <'originator',$A,TTPID,sign{}sk(TTPID)>); @@ -128,10 +128,10 @@ let TTP = ) || ( /* Resolve A */ - in('r',<'originator',$A,>); + in('r',<'originator',=$A,<=m1,=m2>>); lock m1; lookup <'Aborted',TTPID,m1> as x in - /* if x = 'Aborted' then */ + /* if x = 'Aborted' then */ out('r',<'originator',$A,TTPID,sign{<'Aborted', a1>}sk(TTPID)>); /* Could also output nothing in this case, as an honest originator * should never send out a resolve after she *herself* requested an abort. @@ -143,10 +143,10 @@ let TTP = ) || ( /* Resolve B */ - in('r',<'responder',$B,TTPID,>); + in('r',<'responder',=$B,=TTPID,<=m1,=m2>>); lock m1; lookup <'Aborted',TTPID,m1> as x in - /* if x = 'Aborted' then */ + /* if x = 'Aborted' then */ out('r',<'responder',$B,TTPID,sign{<'Aborted', a1>}sk(TTPID)>); unlock m1 else insert <'F_Resolved',TTPID,m1>, m2; @@ -155,32 +155,33 @@ let TTP = ) -let Judge = - let m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in +let Judge = + let m1 = sign {<$A, $B, TTPID, t, h(na)>}sk($A) in let m2 = sign {}sk($B) in - (in('c',); event ContractJudge($A,$B,m1,m2,na,nb)) - || (in ('c', sign{}sk(TTPID)); event ContractJudge($A,$B,m1,m2,na,nb)) + (in('c',<=m1,=m2,na,nb>); event ContractJudge($A,$B,m1,m2,na,nb)) + || (in ('c', sign{<=m1,=m2>}sk(=TTPID)); event ContractJudge($A,$B,m1,m2,na,nb)) +process: let TTPID=<'TTP',$TTP> in !( -in('c',<$A,$B,TTPID>); +in('c',<$A,$B,=TTPID>); (A || B || TTP || Judge) ) -|| !( in('c',<'corrupt',$x>); +|| !( in('c',<'corrupt',$x>); event Corrupt($x); out('c',sk($x)); - (!(in('r',<'responder',$x,m>);0) || !(in('r',<'originator',$x,m>);0)) + (!(in('r',<'responder',=$x,m>);0) || !(in('r',<'originator',=$x,m>);0)) ) lemma sanity_optimistic_A: exists-trace - "Ex #i a b m1 m2 na nb. ContractA(a,b,m1,m2,na,nb)@i + "Ex #i a b m1 m2 na nb. ContractA(a,b,m1,m2,na,nb)@i & not (Ex #j. Corrupt(a)@j)" lemma sanity_optimistic_B: exists-trace - "Ex #i a b m1 m2 na nb. ContractB(a,b,m1,m2,na,nb)@i + "Ex #i a b m1 m2 na nb. ContractB(a,b,m1,m2,na,nb)@i & not (Ex #j. Corrupt(b)@j)" /* /1* could derive by hand *1/ */ @@ -220,32 +221,32 @@ lemma timelinessA: /* auto */ lemma partialfairnessA: - "All #i a m1 na. AbortA(a, m1, na)@i ==> + "All #i a m1 na. AbortA(a, m1, na)@i ==> ((Ex #j. K(na)@j ) ==> (Ex #k. Corrupt(a)@k)) " /* auto */ /* warning: takes a very long time, see below */ lemma partialfairnessB: - "All #i a b m1 m2 na nb. AbortB(a, b, m1, m2, na, nb)@i ==> + "All #i a b m1 m2 na nb. AbortB(a, b, m1, m2, na, nb)@i ==> ((Ex #j. K(nb)@j ) ==> (Ex #k. Corrupt(b)@k)) " /* auto */ lemma honestBfairnessA: exists-trace - " Ex #i a b m1 m2 na nb . + " Ex #i a b m1 m2 na nb . ContractB(a,b,m1,m2,na,nb)@i - & not (Ex #j. ContractA(a,b,m1,m2,na,nb)@j) - & not (Ex #k. Corrupt(a)@k) - & not (Ex #k. Corrupt(b)@k) + & not (Ex #j. ContractA(a,b,m1,m2,na,nb)@j) + & not (Ex #k. Corrupt(a)@k) + & not (Ex #k. Corrupt(b)@k) " /* auto */ lemma fullfairnessAattack: exists-trace "not (All #i #l a b m1 m2 na nb . ContractJudge(a,b,m1,m2,na,nb)@i & Corrupt(b)@l - ==> (Ex #j. ContractA(a,b,m1,m2,na,nb)@j) | (Ex #k. Corrupt(a)@k) + ==> (Ex #j. ContractA(a,b,m1,m2,na,nb)@j) | (Ex #k. Corrupt(a)@k) )" /* solved goal nr. 1806 (precomputed): State_( ~prog_ ) ▶₀ #t2.16 */ diff --git a/examples/sapic/super-slow/fairexchange-gjm/gjm-locks-fakepcsbranch.spthy b/examples/sapic/super-slow/fairexchange-gjm/gjm-locks-fakepcsbranch.spthy index 6df997c59..6fc1f0322 100644 --- a/examples/sapic/super-slow/fairexchange-gjm/gjm-locks-fakepcsbranch.spthy +++ b/examples/sapic/super-slow/fairexchange-gjm/gjm-locks-fakepcsbranch.spthy @@ -4,11 +4,12 @@ begin section{* Garay-Jakobsson-MacKenzie contract signing protocol *} /* - * Protocol: GJM contract signing - * Modeler: Robert Kunnemann + * Protocol: GJM contract signing + * Modeler: Robert Kunnemann * Date: Jul 2016 * - * Status: open + * Status: open // TODO need to adapt to new syntax + * * * Juan A. Garay, Markus Jakobsson, and Philip D. MacKenzie. Abuse-free * optimistic contract signing. In Advances in Cryptology—Crypto’99, volume @@ -24,7 +25,7 @@ section{* Garay-Jakobsson-MacKenzie contract signing protocol *} * originator. */ -functions: +functions: pk/1,sk/1[private], aenc/2, adec/2, sign/2, verify/2, @@ -32,7 +33,7 @@ functions: true/0, pcs/3, checkpcs/5, convertpcs/2, verify/2, fakepcs/4 -equations: +equations: adec(aenc(m,pk(i)),sk(i))=m, verify(sign(m, sk(i)), pk(i)) = m, /* extrmsg(sign(m,x))=m, */ @@ -94,14 +95,14 @@ let A = new sida; event StartA($A,$B,text,sida); out('c',m1); ( ( in('c',pat_m2a); - let m2=pat_m2a in + let m2=pat_m2a in let r1= in - AA ) + AA ) + ( in('c',pat_m2b); let m2=pat_m2b in let r1= in - AA ) + AA ) + ( /* Abort */ out('r',); @@ -114,7 +115,7 @@ let A = new sida; event StartA($A,$B,text,sida); + ( in('r',<$A,sida,pat_m4>); event ContractA($A,$B,text,sida); - event EndA2($A,$B,text,sida) + event EndA2($A,$B,text,sida) ) ) /* SIMPLIFICATION: Protocol description forsees a third alternative: @@ -125,7 +126,7 @@ let A = new sida; event StartA($A,$B,text,sida); ) ) -let BB = +let BB = let m2 = pcs(sign(,sk($B)),pk($A),pk(TTPID)) in let pat_m3 = sign(,sk($A)) in let m4 = sign(,sk($B)) in @@ -157,23 +158,23 @@ let BB = ) ) -let B = +let B = let pat_m1a = pcs(sign(,sk($A)),pk($B),pk(TTPID)) in let pat_m1b = fakepcs(pk($A),sk($B),pk(TTPID),) in ( ( - in('c',pat_m1a); - let m1=pat_m1a in BB - ) + in('c',pat_m1a); + let m1=pat_m1a in BB + ) + ( in('c',pat_m1b); - let m1=pat_m1b in BB - ) + let m1=pat_m1b in BB + ) ) -let TTP = +let TTP = let m1 = pcs(sign(,sk($A)),pk($B),pk(TTPID)) in let m2 = pcs(sign(,sk($B)),pk($A),pk(TTPID)) in let m3 = sign(,sk($A)) in @@ -225,7 +226,7 @@ let r2 = in ) ) -let Judge = +let Judge = let m1 = pcs(sign(,sk($A)),pk($B),pk(TTPID)) in let m2 = pcs(sign(,sk($B)),pk($A),pk(TTPID)) in let m3 = sign(,sk($A)) in @@ -236,6 +237,7 @@ let Judge = (in('c',); event ContractJudge($A,$B,text)) || (in('c',pat_a2); event AbortJudge($A,$B,text)) +process: let TTPID=<'TTP',$TTP> in let text=<$A,$B,$TEXT,TTPID> in !( @@ -243,10 +245,10 @@ in('c',<$A,$B,<'TTP',$TTP>,$TEXT>); event TTP(TTPID); ( A || B || TTP || Judge) ) -|| !( in('c',<'corrupt',$x>); +|| !( in('c',<'corrupt',$x>); event Corrupt($x); out('c',sk($x)); - ( !(in('r',<$x,sid,m>);0) + ( !(in('r',<$x,sid,m>);0) ) ) @@ -255,15 +257,15 @@ event TTP(TTPID); /* lemma cleanup [reuse]: */ /* all-traces */ /* "All x1 x2 x sid m #i #j . */ -/* Receive(x1,)@i & */ +/* Receive(x1,)@i & */ /* Receive(x2,)@j */ /* ==> #i=#j | Ex #k. Corrupt(x)@k" */ /* auto */ lemma sanity_a4b3: /* optimistic execution */ exists-trace - "Ex #i #j a b t sida sidb. - EndA4(a,b,t,sida)@i + "Ex #i #j a b t sida sidb. + EndA4(a,b,t,sida)@i & EndB3(a,b,t,sidb)@j & not (Ex #k. Corrupt(a)@k) & not (Ex #k. Corrupt(b)@k) @@ -272,8 +274,8 @@ exists-trace /* manual inspection */ /* lemma sanity_a1b1: */ /* exists-trace */ -/* "Ex #i #j a b t sida sidb. */ -/* EndA1(a,b,t,sida)@i */ +/* "Ex #i #j a b t sida sidb. */ +/* EndA1(a,b,t,sida)@i */ /* & EndB1(a,b,t,sidb)@j */ /* & not (Ex #k. Corrupt(a)@k) */ /* & not (Ex #k. Corrupt(b)@k) */ @@ -282,8 +284,8 @@ exists-trace /* manual */ /* lemma sanity_a2b2: */ /* exists-trace */ -/* "Ex #i #j a b t sida sidb. */ -/* EndA2(a,b,t,sida)@i */ +/* "Ex #i #j a b t sida sidb. */ +/* EndA2(a,b,t,sida)@i */ /* & EndB2(a,b,t,sidb)@j */ /* & not (Ex #k. Corrupt(a)@k) */ /* & not (Ex #k. Corrupt(b)@k) */ @@ -292,8 +294,8 @@ exists-trace /* lemma sanity_a3b3: */ /* exists-trace */ -/* "Ex #i #j a b t sida sidb. */ -/* EndA3(a,b,t,sida)@i */ +/* "Ex #i #j a b t sida sidb. */ +/* EndA3(a,b,t,sida)@i */ /* & EndB3(a,b,t,sidb)@j */ /* & not (Ex #k. Corrupt(a)@k) */ /* & not (Ex #k. Corrupt(b)@k) */ @@ -321,21 +323,21 @@ lemma timelinessB [reuse]: /* auto confirmed */ lemma fullfairnessA: "All #i a b t . ContractJudge(a,b,t)@i - ==> (Ex #j sida . ContractA(a,b,t, sida)@j) + ==> (Ex #j sida . ContractA(a,b,t, sida)@j) | (Ex #k. Corrupt(a)@k)" /* auto 2:51h */ /* helperB1 (all-traces): verified (2235 steps) */ lemma helperB1 [reuse,hide_lemma=timelinessA]: "All #i a b t . BtriesResolve(a,b,t)@i - ==> (Ex #j sidb . ContractB(a,b,t, sidb)@j) + ==> (Ex #j sidb . ContractB(a,b,t, sidb)@j) | (Ex #k . Corrupt(b)@k)" /* auto 50:06h with helperB1 */ /* fullfairnessB (all-traces): verified (849161 steps) */ lemma fullfairnessB: "All #i a b t . ContractJudge(a,b,t)@i - ==> (Ex #j nb . ContractB(a,b,t, nb)@j) + ==> (Ex #j nb . ContractB(a,b,t, nb)@j) | (Ex #k. Corrupt(b)@k)" end diff --git a/examples/sapic/super-slow/fairexchange-gjm/gjm-locks-unfairness-A.spthy b/examples/sapic/super-slow/fairexchange-gjm/gjm-locks-unfairness-A.spthy index a16fd3d0f..30d1f204e 100644 --- a/examples/sapic/super-slow/fairexchange-gjm/gjm-locks-unfairness-A.spthy +++ b/examples/sapic/super-slow/fairexchange-gjm/gjm-locks-unfairness-A.spthy @@ -8,7 +8,7 @@ section{* Garay-Jakobsson-MacKenzie contract signing protocol *} * Modeler: Robert Kunnemann * Date: Jul 2016 * - * Status: wip + * Status: wip // TODO need to adapt to new syntax * * Juan A. Garay, Markus Jakobsson, and Philip D. MacKenzie. Abuse-free * optimistic contract signing. In Advances in Cryptology—Crypto’99, volume diff --git a/examples/sapic/super-slow/fairexchange-km/km.spthy b/examples/sapic/super-slow/fairexchange-km/km.spthy index 09c95af9c..3e89a90b8 100644 --- a/examples/sapic/super-slow/fairexchange-km/km.spthy +++ b/examples/sapic/super-slow/fairexchange-km/km.spthy @@ -126,9 +126,9 @@ let Judge = || (in ('c', ); event OriginJudge($A,$B,t)) || (in ('c', ); event OriginJudge($A,$B,t)) -let TTPID=<'TTP',$TTP> in +process: !( -in('c',<$A,$B,TTPID>); +in('c',<$A,$B,<'TTP',$TTP>>); (A || B || TTP || Judge) ) || !( in('c',<'corrupt',$x>); diff --git a/lib/export/LICENSE b/lib/export/LICENSE new file mode 100644 index 000000000..94a045322 --- /dev/null +++ b/lib/export/LICENSE @@ -0,0 +1,621 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS diff --git a/lib/export/src/Export.hs b/lib/export/src/Export.hs new file mode 100644 index 000000000..85e9ecda3 --- /dev/null +++ b/lib/export/src/Export.hs @@ -0,0 +1,1179 @@ +{-# LANGUAGE DeriveDataTypeable #-} +{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE StandaloneDeriving #-} +{-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE PatternGuards #-} +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE ViewPatterns #-} +-- | +-- Copyright : (c) 2019 Charlie Jacomme and Robert Künnemann +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- +-- Translation from Sapic processes to Proverif + +module Export ( + prettyProVerifTheory, + prettyProVerifEquivTheory, + prettyDeepSecTheory + +) where + +import Term.Builtin.Rules +import Term.SubtermRule + +import Theory +import Theory.Sapic +import Theory.Module +import Text.PrettyPrint.Class +import Theory.Text.Pretty + +import Sapic.Annotation +import Sapic.States +import Sapic.Report +import Sapic.Typing + +import Control.Monad.Fresh +import qualified Control.Monad.Trans.PreciseFresh as Precise + +import qualified Data.Set as S +import qualified Data.Label as L +import qualified Data.Map as M +import Data.List as List + +import qualified Data.ByteString.Char8 as BC +import qualified Data.Functor.Identity +import Data.Char +import Data.Data + +data Translation = + ProVerif + | DeepSec + deriving( Ord, Eq, Typeable, Data ) + +exportModule :: Translation -> ModuleType +exportModule ProVerif = ModuleProVerif +exportModule DeepSec = ModuleDeepSec + +data TranslationContext = TranslationContext + { trans :: Translation, + attackerChannel :: Maybe LVar, + hasBoundStates :: Bool, + hasUnboundStates :: Bool, + predicates :: [Predicate] + } + deriving (Eq, Ord) +emptyTC :: TranslationContext +emptyTC = + TranslationContext + { trans = ProVerif, + attackerChannel = Nothing, + hasBoundStates = False, + hasUnboundStates = False, + predicates = [] + } +------------------------------------------------------------------------------ +-- Core Proverif Export +------------------------------------------------------------------------------ + +proverifTemplate :: Document d => [d] -> [d] -> d -> [d] -> [d] -> d +proverifTemplate headers queries process macroproc lemmas = + vcat headers + $$ vcat queries + $$ vcat lemmas + $$ vcat macroproc + $$ text "process" + $$ nest 4 process + +prettyProVerifTheory :: (ProtoLemma LNFormula ProofSkeleton -> Bool) -> (OpenTheory, TypingEnvironment) -> IO (Doc) +prettyProVerifTheory lemSel (thy, typEnv) = do + headers <- loadHeaders tc thy typEnv + headers2 <- checkDuplicates . S.toList . filterHeaders $ base_headers `S.union` headers `S.union` prochd `S.union` macroprochd + let hd = attribHeaders tc headers2 + return $ proverifTemplate hd queries proc macroproc lemmas + where + tc = emptyTC {predicates = theoryPredicates thy} + (proc, prochd, hasBoundState, hasUnboundState) = loadProc tc thy + base_headers = if hasUnboundState then state_headers else S.empty + queries = loadQueries thy + lemmas = loadLemmas lemSel tc typEnv thy + (macroproc, macroprochd) = + -- if stateM is not empty, we have inlined the process calls, so we don't reoutput them + if hasBoundState then ([text ""], S.empty) else loadMacroProc tc thy + +-- ProVerif Headers need to be ordered, and declared only once. We order them by type, and will update a set of headers. +data ProVerifHeader + = Type String -- type declaration + | Sym String String String [String] -- symbol declaration, (symkind,name,type,attr) + | Fun String String Int String [String] -- symbol declaration, (symkind,name,arity,types,attr) + | HEvent String String + | Table String String + | Eq String String String -- eqtype, quantif, equation + deriving (Ord, Show, Eq) + +state_headers :: S.Set ProVerifHeader +state_headers = + S.fromList + [ Table "tbl_states_handle" "(bitstring,channel)", --the table for linking states identifiers and channels + Table "tbl_locks_handle" "(bitstring,channel)" --the table for linking locks identifiers and channels + ] + +-- We provide a dedicated DDH builtin. +builtins :: [(String, S.Set ProVerifHeader)] +builtins = + map + (\(x, y) -> (x, S.fromList y)) + [ ( "diffie-hellman", + [ Sym "const" "g" ":bitstring" [], + Fun "fun" "exp" 2 "(bitstring,bitstring):bitstring" [], + Eq "equation" "forall a:bitstring,b:bitstring;" "exp( exp(g,a),b) = exp(exp(g,b),a)" + ] + ), + ( "locations-report", + [ Fun "fun" "rep" 2 "(bitstring,bitstring):bitstring" ["private"] + ] + ), + ( "xor", + [ Fun "fun" "xor" 2 "(bitstring,bitstring):bitstring" [] + ] + ) + ] + +-- We filter out some predefined headers that we don't want to redefine. +filterHeaders :: S.Set ProVerifHeader -> S.Set ProVerifHeader +filterHeaders s = S.filter (not . isForbidden) s + where + isForbidden (Fun "fun" "true" _ _ _) = True + isForbidden (Type "bitstring") = True + isForbidden (Type "channel") = True + isForbidden _ = False + +-- We cannot define a a constant and a function with the same name in proverif +checkDuplicates :: MonadFail m => [ProVerifHeader] -> m ([ProVerifHeader]) +checkDuplicates hd = do + let names = + foldl + ( \acc x -> case x of + Fun _ n _ _ _ -> n : acc + Sym _ n _ _ -> n : acc + HEvent n _ -> n : acc + Table n _ -> n : acc + _ -> acc + ) + [] + hd + in let conflicts = filter ((> 1) . length) . group $ sort names + in if null conflicts + then return hd + else fail ("The string " <> (head $ head conflicts) <> " is used for distinct constructs (function name, constant or events). You should rename the constructs.") + +ppPubName :: NameId -> Doc +ppPubName (NameId "zero") = text "0" +ppPubName (NameId "one") = text "1" +ppPubName (NameId t) = text t +-- Loader of the export functions +------------------------------------------------------------------------------ +loadQueries :: Theory sig c b p TranslationElement -> [Doc] +loadQueries thy = [text $ get_text (lookupExportInfo "queries" thy)] + where + get_text Nothing = "" + get_text (Just m) = L.get eText m + +------------------------------------------------------------------------------ +-- Core Proverif Equivalence Export +------------------------------------------------------------------------------ + +proverifEquivTemplate :: Document d => [d] -> [d] -> [d] -> [d] -> d +proverifEquivTemplate headers queries equivlemmas macroproc = + vcat headers + $$ vcat queries + $$ vcat macroproc + $$ vcat equivlemmas + +prettyProVerifEquivTheory :: (OpenTheory, TypingEnvironment) -> IO (Doc) +prettyProVerifEquivTheory (thy, typEnv) = do + headers <- loadHeaders tc thy typEnv + headers2 <- checkDuplicates . S.toList . filterHeaders $ base_headers `S.union` headers `S.union` equivhd `S.union` diffEquivhd `S.union` macroprochd + let hd = attribHeaders tc headers2 + return $ proverifEquivTemplate hd queries finalproc macroproc + where + tc = emptyTC {predicates = theoryPredicates thy} + (equivlemmas, equivhd, hasBoundState, hasUnboundState) = loadEquivProc tc thy + (diffEquivlemmas, diffEquivhd, _, diffHasUnboundState) = loadDiffProc tc thy + base_headers = if hasUnboundState || diffHasUnboundState then state_headers else S.empty + finalproc = + if length equivlemmas + length diffEquivlemmas > 1 + then [text "Error: Proverif can only support at most one equivalence or diff equivalence query."] + else equivlemmas ++ diffEquivlemmas + queries = loadQueries thy + (macroproc, macroprochd) = + -- if stateM is not empty, we have inlined the process calls, so we don't reoutput them + if hasBoundState then ([text ""], S.empty) else loadMacroProc tc thy + +------------------------------------------------------------------------------ +-- Core DeepSec Export +------------------------------------------------------------------------------ + +deepsecTemplate :: Document d => [d] -> [d] -> [d] -> [d] -> d +deepsecTemplate headers macroproc requests equivlemmas = + vcat headers + $$ vcat macroproc + $$ vcat requests + $$ vcat equivlemmas + +emptyTypeEnv :: TypingEnvironment +emptyTypeEnv = TypingEnvironment {vars = M.empty, events = M.empty, funs = M.empty} + +prettyDeepSecTheory :: OpenTheory -> IO (Doc) +prettyDeepSecTheory thy = do + headers <- loadHeaders tc thy emptyTypeEnv + let hd = + attribHeaders tc $ + S.toList + ( headers + `S.union` macroprochd + `S.union` equivhd + ) + return $ deepsecTemplate hd macroproc requests equivlemmas + where + tc = emptyTC {trans = DeepSec} + requests = loadRequests thy + (macroproc, macroprochd) = loadMacroProc tc thy + (equivlemmas, equivhd, _, _) = loadEquivProc tc thy + +-- Loader of the export functions +------------------------------------------------------------------------------ +loadRequests :: Theory sig c b p TranslationElement -> [Doc] +loadRequests thy = + [text $ get_text (lookupExportInfo "requests" thy)] + where + get_text Nothing = "" + get_text (Just m) = L.get eText m + +------------------------------------------------------------------------------ +-- Term Printers +------------------------------------------------------------------------------ + +ppLVar :: LVar -> Doc +ppLVar (LVar n _ 0) = text n +ppLVar (LVar n _ i) = text $ n <> "_" <> (show i) + +ppUnTypeVar :: SapicLVar -> Doc +ppUnTypeVar (SapicLVar lvar _) = ppLVar lvar + +ppType :: Maybe String -> String +ppType Nothing = "bitstring" +ppType (Just s) = s + +ppTypeVar :: TranslationContext -> SapicLVar -> Doc +ppTypeVar tc v@(SapicLVar lvar ty) = case trans tc of + ProVerif -> ppLVar lvar <> text ":" <> text (ppType ty) + DeepSec -> ppUnTypeVar v + +ppTypeLit :: (Show c) => TranslationContext -> Lit c SapicLVar -> Doc +ppTypeLit tc (Var v) = ppTypeVar tc v +ppTypeLit _ (Con c) = text $ show c + +auxppTerm :: Show v => (Lit Name v -> Doc) -> VTerm Name v -> (Doc, S.Set ProVerifHeader) +auxppTerm ppLit t = (ppTerm t, getHdTerm t) + where + ppTerm tm = case viewTerm tm of + Lit v -> ppLit v + FApp (AC Xor) ts -> ppXor ts + FApp (AC o) ts -> ppTerms (ppACOp o) 1 "(" ")" ts + FApp (NoEq s) [t1, t2] | s == expSym -> text "exp(" <> ppTerm t1 <> text ", " <> ppTerm t2 <> text ")" + FApp (NoEq s) [t1, t2] | s == diffSym -> text "choice" <> text "[" <> ppTerm t1 <> text ", " <> ppTerm t2 <> text "]" + FApp (NoEq _) [t1, t2] | isPair tm -> text "(" <> ppTerm t1 <> text ", " <> ppTerm t2 <> text ")" + FApp (NoEq (f, _)) [] -> text (BC.unpack f) + FApp (NoEq (f, _)) ts -> ppFun f ts + FApp (C EMap) ts -> ppFun emapSymString ts + FApp List ts -> ppFun (BC.pack "LIST") ts + + ppACOp Mult = "*" + ppACOp Union = "+" + ppACOp Xor = "⊕" + + ppXor [] = text "one" + ppXor [t1, t2] = text "xor(" <> ppTerm t1 <> text ", " <> ppTerm t2 <> text ")" + ppXor (t1 : ts) = text "xor(" <> ppTerm t1 <> text ", " <> ppXor ts <> text ")" + ppTerms sepa n lead finish ts = + fcat . (text lead :) . (++ [text finish]) + . map (nest n) + . punctuate (text sepa) + . map ppTerm + $ ts + ppFun f ts = + text (BC.unpack f ++ "(") <> fsep (punctuate comma (map ppTerm ts)) <> text ")" + getHdTerm tm = case viewTerm tm of + Lit (Con (Name PubName n)) -> + if List.elem (show n) ["g", "one", "zero"] + then S.empty + else S.singleton (Sym "free" (show n) ":bitstring" []) + Lit (_) -> S.empty + FApp _ ts -> foldl (\x y -> x `S.union` (getHdTerm y)) S.empty ts + +-- pretty print a SapicTerm, collecting the constant that need to be declared +-- matchVars is the set of vars that correspond to pattern matching +-- isPattern enables the pattern match printing, which adds types to variables, and = to constants. +auxppSapicTerm :: TranslationContext -> S.Set LVar -> Bool -> SapicTerm -> (Doc, S.Set ProVerifHeader) +auxppSapicTerm tc mVars isPattern t = auxppTerm ppLit t + where + ppLit v = case v of + Con (Name FreshName n) -> (text $ show n) + Con (Name PubName n) | isPattern -> text "=" <> (text $ show n) + Con (Name PubName n) -> ppPubName n + Var (SapicLVar (lvar) _) + | S.member lvar mVars -> text "=" <> ppLVar lvar + l | isPattern -> ppTypeLit tc l + Var (SapicLVar (lvar) _) -> ppLVar lvar + l -> (text $ show l) + +ppSapicTerm :: TranslationContext -> SapicTerm -> (Doc, S.Set ProVerifHeader) +ppSapicTerm tc = auxppSapicTerm tc S.empty False + +-- pretty print an LNTerm, collecting the constant that need to be declared +-- the boolean b enables types printout +pppLNTerm :: TranslationContext -> Bool -> LNTerm -> (Doc, S.Set ProVerifHeader) +pppLNTerm _ b t = auxppTerm ppLit t + where + ppLit v = case v of + Con (Name FreshName n) -> text $ show n + Con (Name PubName n) -> ppPubName n + tm2 | b -> text $ show tm2 <> ":bitstring" + Var (lvar) -> ppLVar lvar + tm2 -> text $ show tm2 + +ppLNTerm :: TranslationContext -> LNTerm -> (Doc, S.Set ProVerifHeader) +ppLNTerm tc = pppLNTerm tc False + +-- pretty print a Fact, collecting the constant that need to be declared +ppFact :: TranslationContext -> Fact SapicTerm -> (Doc, S.Set ProVerifHeader) +ppFact tc (Fact tag _ ts) + | factTagArity tag /= length ts = sppFact ("MALFORMED-" ++ show tag) ts + | otherwise = sppFact (showFactTag tag) ts + where + sppFact name ts2 = + (nestShort' (name ++ "(") ")" . fsep . punctuate comma $ pts, sh) + where + (pts, shs) = unzip $ map (ppSapicTerm tc) ts2 + sh = foldl S.union S.empty shs + +-- pretty print an Action, collecting the constant and events that need to be declared. It also returns a boolean, specifying if the printout can serve as the end of a process or not. +ppAction :: ProcessAnnotation LVar -> TranslationContext -> LSapicAction -> (Doc, S.Set ProVerifHeader, Bool) +ppAction ProcessAnnotation {isStateChannel = Nothing} tc (New v) = + (text "new " <> (ppTypeVar tc v), S.empty, True) +ppAction ProcessAnnotation {pureState = False, isStateChannel = Just t} tc (New v@(SapicLVar lvar _)) = + ( extras $ + text "new " <> channel <> text "[assumeCell];" + $$ text "new lock_" <> channel <> text "[assumeCell];" + -- we also declare the corresponding lock channel, and initialize it + $$ text "out(lock_" <> ppLVar lvar <> text ",0) |", + if hasUnboundStates tc then sht else S.empty, + False + ) + where + channel = ppTypeVar tc v + (pt, sht) = ppSapicTerm tc t + extras x = + if hasUnboundStates tc + then + x + $$ text "insert tbl_states_handle(" <> pt <> text ", " <> ppLVar lvar <> text ");" + $$ text "insert tbl_locks_handle(" <> pt <> text ", lock_" <> ppLVar lvar <> text ");" + else x +ppAction ProcessAnnotation {pureState = True, isStateChannel = Just _} tc (New v) = + ( text "new " <> (ppTypeVar tc v) <> text "[assumeCell]", + S.empty, + True + ) +ppAction _ TranslationContext {trans = ProVerif} Rep = (text "!", S.empty, False) +ppAction _ TranslationContext {trans = DeepSec} Rep = (text "", S.empty, False) +ppAction _ tc@TranslationContext {trans = ProVerif} (ChIn t1 t2 mvars) = + ( text "in(" <> pt1 <> text "," <> pt2 <> text ")", + sh1 `S.union` sh2, + True + ) + where + (pt1, sh1) = getAttackerChannel tc t1 + (pt2, sh2) = auxppSapicTerm tc (S.map toLVar mvars) True t2 +ppAction _ tc@TranslationContext {trans = DeepSec} (ChIn t1 t2@(LIT (Var (SapicLVar _ _))) mvars) = + ( text "in(" <> pt1 <> text "," <> pt2 <> text ")", + sh1 `S.union` sh2, + True + ) + where + (pt1, sh1) = getAttackerChannel tc t1 + (pt2, sh2) = auxppSapicTerm tc (S.map toLVar mvars) True t2 + +-- pattern matching on input for deepsec is not supported +ppAction _ tc@TranslationContext {trans = DeepSec} (ChIn t1 t2 mvars) = + ( text "in(" <> pt1 <> text "," <> text pt2var <> text ");" + $$ text "let (" <> pt2 <> text ")=" <> text pt2var <> text " in", + sh1 `S.union` sh2, + False + ) + where + (pt1, sh1) = getAttackerChannel tc t1 + (pt2, sh2) = auxppSapicTerm tc (S.map toLVar mvars) True t2 + pt2var = "fresh" ++ stripNonAlphanumerical (render pt2) +ppAction _ tc (ChOut t1 t2) = (text "out(" <> pt1 <> text "," <> pt2 <> text ")", sh1 `S.union` sh2, True) + where + (pt1, sh1) = getAttackerChannel tc t1 + (pt2, sh2) = ppSapicTerm tc t2 +ppAction _ tc@TranslationContext {trans = ProVerif} (Event (Fact tag m ts)) = (text "event " <> pa, sh, True) -- event Headers are definde globally inside loadHeaders + where + (pa, sh) = ppFact tc (Fact tag m ts) +ppAction _ TranslationContext {trans = DeepSec} (Event _) = (text "", S.empty, False) +-- For pure states, we do not put locks and unlocks +ppAction ProcessAnnotation {pureState = True} TranslationContext {trans = ProVerif} (Lock _) = + (text "", S.empty, False) +-- If there is a state channel, we simply use it +ppAction ProcessAnnotation {stateChannel = Just (AnVar lvar), pureState = False} TranslationContext {trans = ProVerif} (Lock _) = + ( text "in(lock_" <> ppLVar lvar <> text "," <> text "counterlock" <> ppLVar lvar <> text ":nat)", + S.empty, + True + ) +-- If there is no state channel, we must use the table +ppAction ProcessAnnotation {stateChannel = Nothing, pureState = False} tc@TranslationContext {trans = ProVerif} (Lock t) = + ( text "get tbl_locks_handle(" <> pt <> text "," <> text ptvar <> text ") in" + $$ text "in(" <> text ptvar <> text " , counter" <> text ptvar <> text ":nat)", + sh, + True + ) + where + freevars = S.fromList $ map (\(SapicLVar lvar _) -> lvar) $ freesSapicTerm t + (pt, sh) = auxppSapicTerm tc freevars True t + ptvar = "lock_" ++ stripNonAlphanumerical (render pt) +ppAction ProcessAnnotation {pureState = True} TranslationContext {trans = ProVerif} (Unlock _) = + (text "", S.empty, False) +ppAction ProcessAnnotation {stateChannel = Just (AnVar lvar), pureState = False} TranslationContext {trans = ProVerif} (Unlock _) = + ( text "out(lock_" <> ppLVar lvar <> text "," <> text "counterlock" <> ppLVar lvar <> text "+1" <> text ") | ", + S.empty, + False + ) +ppAction ProcessAnnotation {stateChannel = Nothing, pureState = False} tc@TranslationContext {trans = ProVerif} (Unlock t) = + (text "out(" <> text ptvar <> text " , counter" <> text ptvar <> text "+1) | ", sh, False) + where + (pt, sh) = ppSapicTerm tc t + ptvar = "lock_" ++ stripNonAlphanumerical (render pt) +ppAction ProcessAnnotation {stateChannel = Just (AnVar lvar), pureState = _} tc@TranslationContext {trans = ProVerif} (Insert _ c) = + ( text "out(" <> ppLVar lvar <> text ", " <> pc <> text ") |", + shc, + False + ) + where + (pc, shc) = ppSapicTerm tc c + +-- Should never happen +ppAction ProcessAnnotation {stateChannel = Nothing, pureState = True} TranslationContext {trans = ProVerif} (Insert _ _) = + (text "TRANSLATIONERROR", S.empty, True) +-- ppAction ProcessAnnotation{stateChannel = Just (AnVar lvar), pureState=False} tc@TranslationContext{trans=ProVerif} (Insert _ c) = +-- (text "in(" <> pt <> text ", " <> pt <> text "_dump:bitstring);" +-- $$ text "out(" <> pt <> text ", " <> pc <> text ") |" +-- , shc, False) +-- where +-- pt = ppLVar lvar +-- (pc, shc) = ppSapicTerm tc c + +-- must rely on the table +ppAction ProcessAnnotation {stateChannel = Nothing, pureState = False} tc@TranslationContext {trans = ProVerif} (Insert t t2) = + ( text "in(" <> text ptvar <> text ", " <> text dumpvar <> text ":bitstring);" + $$ text "out(" <> text ptvar <> text " , " <> pt2 <> text ") | ", + S.insert hd $ sh `S.union` sh2, + False + ) + where + (pt, sh) = ppSapicTerm tc t + (pt2, sh2) = ppSapicTerm tc t2 + ptvar = "stateChannel" ++ stripNonAlphanumerical (render pt) + dumpvar = "dumpvar" ++ stripNonAlphanumerical (render pt) + hd = Sym "free" ptvar ":channel" [] +ppAction _ _ _ = (text "Action not supported for translation", S.empty, True) + +ppSapic :: TranslationContext -> LProcess (ProcessAnnotation LVar) -> (Doc, S.Set ProVerifHeader) +ppSapic _ (ProcessNull _) = (text "0", S.empty) -- remove zeros when not needed +ppSapic tc (ProcessComb Parallel _ pl pr) = (parens $ (nest 2 (parens ppl)) $$ text "|" $$ (nest 2 (parens ppr)), pshl `S.union` pshr) + where + (ppl, pshl) = ppSapic tc pl + (ppr, pshr) = ppSapic tc pr +ppSapic tc (ProcessComb NDC _ pl pr) = ((nest 4 (parens ppl)) $$ text "+" <> (nest 4 (parens ppr)), pshl `S.union` pshr) + where + (ppl, pshl) = ppSapic tc pl + (ppr, pshr) = ppSapic tc pr +ppSapic tc (ProcessComb (Let t1 t2 mvars) _ pl (ProcessNull _)) = + ( text "let " <> pt1 <> text "=" <> pt2 <> text " in" + $$ ppl, + sh1 `S.union` sh2 `S.union` pshl + ) + where + (ppl, pshl) = ppSapic tc pl + (pt1, sh1) = auxppSapicTerm tc (S.map toLVar mvars) True t1 + (pt2, sh2) = ppSapicTerm tc t2 +ppSapic tc (ProcessComb (Let t1 t2 mvars) _ pl pr) = + ( text "let " <> pt1 <> text "=" <> pt2 <> text " in" + $$ ppl + $$ text "else " <> ppr, + sh1 `S.union` sh2 `S.union` pshl `S.union` pshr + ) + where + (ppl, pshl) = ppSapic tc pl + (ppr, pshr) = ppSapic tc pr + (pt1, sh1) = auxppSapicTerm tc (S.map toLVar mvars) True t1 + (pt2, sh2) = ppSapicTerm tc t2 + +-- if the process call does not have any argument, we just inline +ppSapic tc (ProcessComb (ProcessCall _ []) _ pl _) = (ppl, pshl) + where + (ppl, pshl) = ppSapic tc pl + +-- if there are state or lock channels created by addStateChannels, we must inline +ppSapic tc@TranslationContext {hasBoundStates = True} (ProcessComb (ProcessCall {}) _ pl _) = + (ppl, pshl) + where + (ppl, pshl) = ppSapic tc pl +ppSapic tc (ProcessComb (ProcessCall name ts) _ _ _) = + ( text name + <> parens (fsep (punctuate comma ppts)), + foldl S.union S.empty shs + ) + where + pts = map (ppSapicTerm tc) ts + (ppts, shs) = unzip pts +ppSapic tc (ProcessComb (Cond a) _ pl pr) = + addElseBranch (text "if " <> pa <> text " then" $$ (nest 4 (parens ppl)), sh `S.union` pshl) + where + (ppl, pshl) = ppSapic tc pl + (pa, sh) = ppFact' a + ppFact' (Ato (Syntactic (Pred (Fact (ProtoFact _ "Smaller" _) _ [v1, v2])))) + | Lit (Var (Free vn1)) <- viewTerm v1, + Lit (Var (Free vn2)) <- viewTerm v2 = + (ppUnTypeVar vn1 <> text "<" <> ppUnTypeVar vn2, S.empty) + ppFact' p = + case expandFormula (predicates tc) (toLFormula p) of + Left _ -> (text "undefined predicate in condition ", S.empty) + Right form -> (fst . snd $ Precise.evalFresh (ppLFormula emptyTypeEnv ppNAtom form) (avoidPrecise form), S.empty) + addElseBranch (d, s) = case pr of + ProcessNull _ -> (d, s) + _ -> + let (ppr, pshr) = ppSapic tc pr + in (d $$ text "else" $$ (nest 4 (parens ppr)), s `S.union` pshr) +ppSapic tc (ProcessComb (CondEq t1 t2) _ pl (ProcessNull _)) = (text "let (=" <> pt1 <> text ")=" <> pt2 <> text " in " $$ (nest 4 (parens ppl)), sh1 `S.union` sh2 `S.union` pshl) + where + (ppl, pshl) = ppSapic tc pl + (pt1, sh1) = ppSapicTerm tc t1 + (pt2, sh2) = ppSapicTerm tc t2 +ppSapic tc (ProcessComb (CondEq t1 t2) _ pl pr) = (text "let (=" <> pt1 <> text ")=" <> pt2 <> text " in " $$ (nest 4 (parens ppl)) $$ text "else" <> (nest 4 (parens ppr)), sh1 `S.union` sh2 `S.union` pshl `S.union` pshr) + where + (ppl, pshl) = ppSapic tc pl + (ppr, pshr) = ppSapic tc pr + (pt1, sh1) = ppSapicTerm tc t1 + (pt2, sh2) = ppSapicTerm tc t2 +ppSapic tc (ProcessComb (Lookup _ c) ProcessAnnotation {stateChannel = Just (AnVar lvar), pureState = True} pl (ProcessNull _)) = + ( text "in(" <> pt <> text ", " <> pc <> text ");" $$ ppl, + pshl + ) + where + pt = ppLVar lvar + pc = ppTypeVar tc c + (ppl, pshl) = ppSapic tc pl + +-- Should never happen +ppSapic _ (ProcessComb (Lookup _ _) ProcessAnnotation {stateChannel = Nothing, pureState = True} _ (ProcessNull _)) = + (text "TRANSLATIONERROR", S.empty) +ppSapic tc (ProcessComb (Lookup _ c) ProcessAnnotation {stateChannel = Just (AnVar lvar), pureState = False} pl (ProcessNull _)) = + ( text "in(" <> pt <> text ", " <> pc <> text ");" + $$ text "out(" <> pt <> text ", " <> pc2 <> text ") |" + $$ ppl, + pshl + ) + where + pt = ppLVar lvar + pc = ppTypeVar tc c + pc2 = ppUnTypeVar c + (ppl, pshl) = ppSapic tc pl +ppSapic tc (ProcessComb (Lookup t c) ProcessAnnotation {stateChannel = Nothing, pureState = False} pl (ProcessNull _)) = + ( text "get tbl_states_handle(" <> pt <> text "," <> text ptvar <> text ") in" + $$ text "in(" <> text ptvar <> text " , " <> pc <> text ");" + $$ text "out(" <> text ptvar <> text " , " <> pc2 <> text ") |" + $$ ppl, + sh `S.union` pshl + ) + where + pc = ppTypeVar tc c + pc2 = ppUnTypeVar c + freevars = S.fromList $ map (\(SapicLVar lvar _) -> lvar) $ freesSapicTerm t + (pt, sh) = auxppSapicTerm tc freevars True t + ptvar = "stateChannel" ++ stripNonAlphanumerical (render pt) + (ppl, pshl) = ppSapic tc pl +ppSapic tc (ProcessComb (Lookup t c) ProcessAnnotation {stateChannel = Nothing, pureState = False} pl pr) = + ( text "get tbl_states_handle(" <> pt <> text "," <> text ptvar <> text ") in" + $$ ( nest + 4 + ( parens + ( text "in(" <> text ptvar <> text " , " <> pc <> text ");" + $$ text "out(" <> text ptvar <> text " , " <> pc2 <> text ") | " + $$ ppl + ) + ) + ) + $$ text "else" + $$ ( nest + 4 + ( parens + ( text "new " <> text ptvar <> text ":channel [assumeCell];" --the cell did not exists, we create it ! + $$ text "insert tbl_states_handle(" <> pt' <> text ", " <> text ptvar <> text ");" + $$ text "out(" <> text ptvar <> text ",0) |" + $$ ppr + ) + ) + ), + sh `S.union` pshl `S.union` pshr + ) + where + pc = ppTypeVar tc c + pc2 = ppUnTypeVar c + freevars = S.fromList $ map (\(SapicLVar lvar _) -> lvar) $ freesSapicTerm t + (pt, sh) = auxppSapicTerm tc freevars True t + (pt', _) = ppSapicTerm tc t + ptvar = "stateChannel" ++ stripNonAlphanumerical (render pt) + (ppl, pshl) = ppSapic tc pl + (ppr, pshr) = ppSapic tc pr +ppSapic _ (ProcessComb (Lookup _ _) _ _ _) = + (text "TRANSLATION ERROR, lookup with else branch unsupported", S.empty) +ppSapic tc@TranslationContext {trans = ProVerif} (ProcessAction Rep _ p) = (text "!" $$ parens pp, psh) + where + (pp, psh) = ppSapic tc p + +-- TODO: have some parameter in the tc for replication numbers +ppSapic tc@TranslationContext {trans = DeepSec} (ProcessAction Rep _ p) = (text "!^3" <> parens pp, psh) + where + (pp, psh) = ppSapic tc p +ppSapic tc (ProcessAction a an (ProcessNull _)) = + if unNeedZero + then (pa, sh) + else (pa <> text "0", sh) + where + (pa, sh, unNeedZero) = ppAction an tc a +ppSapic tc (ProcessAction a an p) = + if needSep + then (pa <> text ";" $$ pp, sh `S.union` psh) + else (pa $$ pp, sh `S.union` psh) + where + (pa, sh, needSep) = ppAction an tc a + (pp, psh) = ppSapic tc p + +addAttackerReportProc :: TranslationContext -> OpenTheory -> Doc -> Doc +addAttackerReportProc tc thy p = + text "(" $$ p $$ text ")| in(" <> att <> text ",(x:bitstring,y:bitstring)); if " <> formula <> text " then out(" <> att <> text ", rep(x,y))" + where + att = fst $ getAttackerChannel tc Nothing + reportPreds = + List.find (\(Predicate (Fact tag _ _) _) -> showFactTag tag == "Report") $ + theoryPredicates thy + (_, (formula, _)) = case reportPreds of + Nothing -> ([], (text "Translation Error, no Report predicate provided", M.empty)) + Just (Predicate _ form) -> Precise.evalFresh (ppLFormula emptyTypeEnv ppNAtom form) (avoidPrecise form) + +------------------------------------------------------------------------------ +-- Main printer for processes +------------------------------------------------------------------------------ + +loadProc :: TranslationContext -> OpenTheory -> (Doc, S.Set ProVerifHeader, Bool, Bool) +loadProc tc thy = case theoryProcesses thy of + [] -> (text "", S.empty, False, False) + [pr] -> + let (d, headers) = ppSapic tc2 p + in let finald = + if (List.find (\x -> x == "locations-report") $ theoryBuiltins thy) == Nothing + then d + else addAttackerReportProc tc2 thy d + in (finald, S.union hd headers, fst hasStates, snd hasStates) + where + p = makeAnnotations thy pr + hasStates = hasBoundUnboundStates p + (tc2, hd) = mkAttackerContext tc {hasBoundStates = fst hasStates, hasUnboundStates = snd hasStates} p + _ -> (text "Multiple sapic processes detected, error", S.empty, False, False) + +loadMacroProc :: TranslationContext -> OpenTheory -> ([Doc], S.Set ProVerifHeader) +loadMacroProc tc thy = loadMacroProcs tc thy (theoryProcessDefs thy) + +loadMacroProcs :: TranslationContext -> OpenTheory -> [ProcessDef] -> ([Doc], S.Set ProVerifHeader) +loadMacroProcs _ _ [] = ([text ""], S.empty) +loadMacroProcs tc thy (p : q) = + let (docs, heads) = loadMacroProcs tc3 thy q + in case L.get pVars p of + -- TODO bugfix, this is probably wrong when the macro does not have any parameter + [] -> (docs, hd `S.union` heads) + pvars -> + let (new_text, new_heads) = ppSapic tc3 mainProc + in let vrs = text "(" <> (fsep (punctuate comma (map (ppTypeVar tc3) pvars))) <> text ")" + in let headers = headersOfType $ map extractType pvars + in let macro_def = + text "let " <> (text $ L.get pName p) <> vrs <> text "=" + $$ (nest 4 new_text) <> text "." + in (macro_def : docs, hd `S.union` new_heads `S.union` heads `S.union` headers) + where + mainProc = makeAnnotations thy $ L.get pBody p + extractType (SapicLVar _ ty) = ty + hasStates = hasBoundUnboundStates mainProc + (tc2, hd) = case attackerChannel tc of + -- we set up the attacker channel if it does not already exists + Nothing -> mkAttackerContext tc mainProc + Just _ -> (tc, S.empty) + tc3 = tc2 {hasBoundStates = fst hasStates, hasUnboundStates = snd hasStates} + +loadDiffProc :: TranslationContext -> OpenTheory -> ([Doc], S.Set ProVerifHeader, Bool, Bool) +loadDiffProc tc thy = case theoryDiffEquivLemmas thy of + [] -> ([], S.empty, False, False) + [pr] -> + let (d, headers) = ppSapic tc2 p + in ([text "process" $$ (nest 4 d)], S.union hd headers, fst hasStates, snd hasStates) + where + p = makeAnnotations thy pr + hasStates = hasBoundUnboundStates p + (tc2, hd) = mkAttackerContext tc {hasBoundStates = fst hasStates, hasUnboundStates = snd hasStates} p + _ -> ([text "Multiple sapic processes detected, error"], S.empty, False, False) + +loadEquivProc :: TranslationContext -> OpenTheory -> ([Doc], S.Set ProVerifHeader, Bool, Bool) +loadEquivProc tc thy = loadEquivProcs tc thy (theoryEquivLemmas thy) + +loadEquivProcs :: TranslationContext -> OpenTheory -> [(PlainProcess, PlainProcess)] -> ([Doc], S.Set ProVerifHeader, Bool, Bool) +loadEquivProcs _ _ [] = ([], S.empty, False, False) +loadEquivProcs tc thy ((p1, p2) : q) = + let (docs, heads, hadBoundStates, hadUnboundStates) = loadEquivProcs tc3 thy q + in let (new_text1, new_heads1) = ppSapic tc3 mainProc1 + in let (new_text2, new_heads2) = ppSapic tc3 mainProc2 + in let macro_def = + case trans tc of + ProVerif -> + text "equivalence" + $$ (nest 4 new_text1) + $$ (nest 4 new_text2) + DeepSec -> + text "query session_equiv(" + $$ (nest 4 new_text1) <> text "," + $$ (nest 4 new_text2) <> text ")." + in (macro_def : docs, hd `S.union` new_heads1 `S.union` new_heads2 `S.union` heads, hasBoundSt || hadBoundStates, hasUnboundSt || hadUnboundStates) + where + mainProc1 = makeAnnotations thy p1 + mainProc2 = makeAnnotations thy p2 + hasStates1 = hasBoundUnboundStates mainProc1 + hasStates2 = hasBoundUnboundStates mainProc2 + hasBoundSt = fst hasStates1 || fst hasStates2 + hasUnboundSt = snd hasStates1 || snd hasStates2 + (tc2, hd) = case attackerChannel tc of + -- we set up the attacker channel if it does not already exists + Nothing -> mkAttackerContext tc mainProc2 + Just _ -> (tc, S.empty) + tc3 = tc2 {hasBoundStates = hasBoundSt, hasUnboundStates = snd hasStates1 || snd hasStates2} + +------------------------------------------------------------------------------ +-- Printer for Lemmas +------------------------------------------------------------------------------ + +-- | Smaller-or-equal / More-or-equally-specific relation on types. +mergeType :: Eq a => Maybe a -> Maybe a -> Maybe a +mergeType t Nothing = t +mergeType Nothing t = t +mergeType _ t = t + +mergeEnv :: M.Map LVar SapicType -> M.Map LVar SapicType -> M.Map LVar SapicType +mergeEnv vs1 vs2 = M.mergeWithKey (\_ t1 t2 -> Just $ mergeType t1 t2) id id vs1 vs2 + +typeVarsEvent :: Ord k => TypingEnvironment -> FactTag -> [Term (Lit c k)] -> M.Map k SapicType +typeVarsEvent TypingEnvironment {events = ev} tag ts = + case M.lookup tag ev of + Just t -> + foldl + ( \mp (term, ty) -> + case viewTerm term of + Lit (Var (lvar)) -> M.insert lvar ty mp + _ -> mp + ) + M.empty + (zip ts t) + Nothing -> M.empty + +ppProtoAtom :: (HighlightDocument d, Ord k, Show k, Show c) => TypingEnvironment -> Bool -> (s (Term (Lit c k)) -> d) -> (Term (Lit c k) -> d) -> ProtoAtom s (Term (Lit c k)) -> (d, M.Map k SapicType) +ppProtoAtom te _ _ ppT (Action v (Fact tag _ ts)) + | factTagArity tag /= length ts = (ppFactL ("MALFORMED-" ++ show tag) ts, M.empty) + | tag == KUFact = (ppFactL ("attacker") ts <> opAction <> ppT v, M.empty) + | otherwise = + ( text "event(" <> ppFactL (showFactTag tag) ts <> text ")" <> opAction <> ppT v, + typeVarsEvent te tag ts + ) + where + ppFactL n t = nestShort' (n ++ "(") ")" . fsep . punctuate comma $ map ppT t +ppProtoAtom _ _ ppS _ (Syntactic s) = (ppS s, M.empty) +ppProtoAtom _ False _ ppT (EqE l r) = + (sep [ppT l <-> opEqual, ppT r], M.empty) +ppProtoAtom _ True _ ppT (EqE l r) = + (sep [ppT l <-> text "<>", ppT r], M.empty) +-- sep [ppNTerm l <-> text "≈", ppNTerm r] +ppProtoAtom _ _ _ ppT (Less u v) = (ppT u <-> opLess <-> ppT v, M.empty) +ppProtoAtom _ _ _ _ (Last i) = (operator_ "last" <> parens (text (show i)), M.empty) + +ppAtom :: TypingEnvironment -> Bool -> (LNTerm -> Doc) -> ProtoAtom s LNTerm -> (Doc, M.Map LVar SapicType) +ppAtom te b = ppProtoAtom te b (const emptyDoc) + +-- only used for ProVerif queries display +-- the Bool is set to False when we must negate the atom +ppNAtom :: TypingEnvironment -> Bool -> ProtoAtom s LNTerm -> (Doc, M.Map LVar SapicType) +ppNAtom te b = ppAtom te b (fst . (ppLNTerm emptyTC)) + +mapLits :: (Ord a, Ord b) => (a -> b) -> Term a -> Term b +mapLits f t = case viewTerm t of + Lit l -> lit . f $ l + FApp o as -> fApp o (map (mapLits f) as) + +extractFree :: BVar p -> p +extractFree (Free v) = v +extractFree (Bound i) = error $ "prettyFormula: illegal bound variable '" ++ show i ++ "'" + +toLAt :: (Ord (f1 b), Ord (f1 (BVar b)), Functor f2, Functor f1) => f2 (Term (f1 (BVar b))) -> f2 (Term (f1 b)) +toLAt a = fmap (mapLits (fmap extractFree)) a + +ppLFormula :: (MonadFresh m, Ord c, HighlightDocument b, Functor syn) => TypingEnvironment -> (TypingEnvironment -> Bool -> ProtoAtom syn (Term (Lit c LVar)) -> (b, M.Map LVar SapicType)) -> ProtoFormula syn (String, LSort) c LVar -> m ([LVar], (b, M.Map LVar SapicType)) +ppLFormula te ppAt = + pp + where + pp (Ato a) = return ([], ppAt te False (toLAt a)) + pp (TF True) = return ([], (operator_ "true", M.empty)) -- "T" + pp (TF False) = return ([], (operator_ "false", M.empty)) -- "F" + pp (Not (Ato a@(EqE _ _))) = return ([], ppAt te True (toLAt a)) + pp (Not p) = do + (vs, (p', envp)) <- pp p + return (vs, (operator_ "not" <> opParens p', envp)) -- text "¬" <> parens (pp a) + -- return $ operator_ "not" <> opParens p' -- text "¬" <> parens (pp a) + pp (Conn op p q) = do + (vsp, (p', envp)) <- pp p + (vsq, (q', envq)) <- pp q + return (vsp ++ vsq, (sep [opParens p' <-> ppOp op, opParens q'], mergeEnv envp envq)) + where + ppOp And = text "&&" + ppOp Or = text "||" + ppOp Imp = text "==>" + ppOp Iff = opIff + pp fm@(Qua _ _ _) = + scopeFreshness $ do + (vs, _, fm') <- openFormulaPrefix fm + (vsp, d') <- pp fm' + return (vs ++ vsp, d') + +isPropFormula :: LNFormula -> Bool +isPropFormula (Qua _ _ _) = False +isPropFormula (Ato _) = True +isPropFormula (TF _) = True +isPropFormula (Not (Ato (EqE _ _))) = True +isPropFormula (Not _) = True +isPropFormula (Conn _ p q) = isPropFormula p && isPropFormula q + +ppQueryFormula :: (MonadFresh m, Functor s) => TypingEnvironment -> ProtoFormula s (String, LSort) Name LVar -> [LVar] -> m Doc +ppQueryFormula te fm extravs = do + (vs, (p, typeVars)) <- ppLFormula te ppNAtom fm + return $ + sep + [ text "query " <> fsep (punctuate comma (map (ppTimeTypeVar typeVars) (S.toList . S.fromList $ extravs ++ vs))) <> text ";", + nest 1 p, + text "." + ] + +ppTimeTypeVar :: M.Map LVar SapicType -> LVar -> Doc +ppTimeTypeVar _ lvar@(LVar _ LSortNode _) = ppLVar lvar <> text ":time" +ppTimeTypeVar te lvar = + case M.lookup lvar te of + Nothing -> ppLVar lvar <> text ":bitstring" + Just t -> ppLVar lvar <> text ":" <> text (ppType t) + +ppQueryFormulaEx :: TypingEnvironment -> LNFormula -> [LVar] -> Doc +ppQueryFormulaEx te fm vs = + Precise.evalFresh (ppQueryFormula te fm vs) (avoidPrecise fm) + +ppRestrictFormula :: TypingEnvironment -> ProtoFormula Unit2 (String, LSort) Name LVar -> Precise.FreshT Data.Functor.Identity.Identity Doc +ppRestrictFormula te = + pp + where + pp (Not fm@(Qua Ex _ _)) = do + (vs, _, fm') <- openFormulaPrefix fm + return $ + ( if isPropFormula fm' + then ppOk fm' vs + else ppFail fm + ) + pp (fm@(Qua Ex _ _)) = do + (vs, _, fm') <- openFormulaPrefix fm + return $ + ( if isPropFormula fm' + then ppOk fm' vs + else ppFail fm + ) + pp fm@(Qua All _ _) = do + (_, _, fm') <- openFormulaPrefix fm + pp2 fm fm' + pp fm = return $ ppFail fm + ppOk = ppQueryFormulaEx te + ppFail fm = text "(*" <> prettyLNFormula fm <> text "*)" + + pp2 fm_original fm | isPropFormula fm = return $ ppOk fm_original [] + pp2 fm_original (Conn Imp p fm) | isPropFormula p = do + isExDisj <- disjunct_ex fm + return $ + ( if isExDisj + then ppOk fm_original [] + else ppFail fm_original + ) + + -- pp2 fm_original (Conn Imp p fm@(Qua Ex _ _)) | isPropFormula p = do + -- (_,_,fm') <- openFormulaPrefix fm + -- return $ (if isPropFormula fm' then + -- ppOk fm_original [] + -- else + -- ppFail fm_original) + -- pp2 fm_original (Conn Imp p (Conn Or fm@(Qua Ex _ _) fm2@(Qua Ex _ _))) | isPropFormula p = do + -- (_,_,fm') <- openFormulaPrefix fm + -- (_,_,fm2') <- openFormulaPrefix fm2 + -- return $ (if isPropFormula fm' && isPropFormula fm2' then + -- ppOk fm_original [] + -- else + -- ppFail fm_original) + + pp2 fm_original _ = return $ ppFail fm_original + + disjunct_ex fm@(Qua Ex _ _) = do + (_, _, fm') <- openFormulaPrefix fm + return $ isPropFormula fm' + disjunct_ex (Conn Or fm@(Qua Ex _ _) fm2) = do + (_, _, fm') <- openFormulaPrefix fm + b <- disjunct_ex fm2 + return $ b && isPropFormula fm' + disjunct_ex (Conn Or fm2 fm@(Qua Ex _ _)) = do + (_, _, fm') <- openFormulaPrefix fm + b <- disjunct_ex fm2 + return $ b && isPropFormula fm' + disjunct_ex _ = return False + +ppLemma :: TypingEnvironment -> Lemma ProofSkeleton -> Doc +ppLemma te p = + text "(*" <> text (L.get lName p) <> text "*)" + $$ Precise.evalFresh (ppRestrictFormula te fm) (avoidPrecise fm) + where + fm = L.get lFormula p + +loadLemmas :: (ProtoLemma LNFormula ProofSkeleton -> Bool) -> TranslationContext -> TypingEnvironment -> OpenTheory -> [Doc] +loadLemmas lemSel tc te thy = map (ppLemma te) proverifLemmas + where + thyLemmas = (theoryLemmas thy) + proverifLemmas = + filter + ( \lem -> + lemSel lem && case concat [ls | LemmaModule ls <- L.get lAttributes lem] of + [] -> True + ls -> (exportModule $ trans tc) `elem` ls + ) + thyLemmas + +------------------------------------------------------------------------------ +-- Header Generation +------------------------------------------------------------------------------ + +headersOfType :: [SapicType] -> S.Set ProVerifHeader +headersOfType types = + S.fromList $ + foldl + ( \y x -> case x of + Nothing -> y + Just s -> Type s : y + ) + [] + types + +headerOfFunSym :: SapicFunSym -> S.Set ProVerifHeader +headerOfFunSym ((f, (k, pub, Constructor)), inTypes, outType) = + Fun "fun" (BC.unpack f) k ("(" ++ (make_argtypes inTypes) ++ "):" ++ ppType outType) (priv_or_pub pub) `S.insert` headersOfType (outType : inTypes) + where + priv_or_pub Public = [] + priv_or_pub Private = ["private"] +headerOfFunSym _ = S.empty + +-- Load the proverif headers from the OpenTheory +loadHeaders :: TranslationContext -> OpenTheory -> TypingEnvironment -> IO (S.Set ProVerifHeader) +loadHeaders tc thy typeEnv = do + eqHeaders <- mapM (headersOfRule tc typeEnv) (S.toList sigRules) + return $ typedHeaderOfFunSym `S.union` headerBuiltins `S.union` (foldl (\acc x -> x `S.union` acc) S.empty eqHeaders) `S.union` eventHeaders + where + sig = (L.get sigpMaudeSig (L.get thySignature thy)) + -- all builtins are contained in Sapic Element + thyBuiltins = theoryBuiltins thy + headerBuiltins = + foldl + ( \y x -> case List.lookup x builtins of + Nothing -> y + Just t -> y `S.union` t + ) + S.empty + thyBuiltins + + -- all user declared function symbols have typinginfos + userDeclaredFunctions = theoryFunctionTypingInfos thy + typedHeaderOfFunSym = foldl (\y x -> headerOfFunSym x `S.union` y) S.empty userDeclaredFunctions + + -- events headers + eventHeaders = M.foldrWithKey (\tag types acc -> HEvent (showFactTag tag) ("(" ++ make_argtypes types ++ ")") `S.insert` acc) S.empty (events typeEnv) + -- generating headers for equations + sigRules = stRules sig + +toSapicLVar :: LVar -> SapicLVar +toSapicLVar v = SapicLVar v Nothing + +toSapicTerm :: LNTerm -> SapicTerm +toSapicTerm = fmap f + where + f (Con c) = Con c + f (Var v) = Var $ toSapicLVar v + +headersOfRule :: TranslationContext -> TypingEnvironment -> CtxtStRule -> IO (S.Set ProVerifHeader) +headersOfRule tc typeEnv r | (lhs `RRule` rhs) <- ctxtStRuleToRRule r = do + tye <- typeTermsWithEnv typeEnv (map toSapicTerm [lhs, rhs]) + let (plhs, lsh) = ppLNTerm tc lhs + (prhs, rsh) = ppLNTerm tc rhs + prefix = case viewTerm lhs of + FApp (NoEq (_, (_, _, Destructor))) _ -> "reduc" + _ -> "equation" + freesr = List.union (frees lhs) (frees rhs) + freesrTyped = map (\v -> (v, M.lookup v $ vars tye)) freesr + hrule = + Eq + prefix + ( "forall " + ++ render (fsep (punctuate comma (map ppFreeTyped freesrTyped))) + ++ ";" + ) + ( render $ + sep + [ nest 2 $ plhs, + text "=" <-> prhs + ] + ) + + return $ (S.singleton hrule) `S.union` lsh `S.union` rsh + where + ppFreeTyped (v, Nothing) = ppLVar v <> text ":bitstring" + ppFreeTyped (v, Just s) = ppLVar v <> text ":" <> text (ppType s) + +prettyProVerifHeader :: ProVerifHeader -> Doc +prettyProVerifHeader (Type s) = text "type " <> text s <> text "." +prettyProVerifHeader (HEvent s ty) = text "event " <> text s <> text ty <> text "." +prettyProVerifHeader (Table s ty) = text "table " <> text s <> text ty <> text "." +prettyProVerifHeader (Eq eqtype quant eq) = text eqtype <> text " " <> text quant <> text " " <> text eq <> text "." +prettyProVerifHeader (Sym symkind name symtype []) = text symkind <> text " " <> text name <> text symtype <> text "." +prettyProVerifHeader (Sym symkind name symtype attr) = text symkind <> text " " <> text name <> text symtype <> text "[" <> fsep (punctuate comma (map text attr)) <> text "]" <> text "." +prettyProVerifHeader (Fun "" _ _ _ _) = text "" +prettyProVerifHeader (Fun fkind name _ symtype []) = text fkind <> text " " <> text name <> text symtype <> text "." +prettyProVerifHeader (Fun fkind name _ symtype attr) = + text fkind <> text " " <> text name <> text symtype <> text "[" <> fsep (punctuate comma (map text attr)) <> text "]" <> text "." + +prettyDeepSecHeader :: ProVerifHeader -> Doc +prettyDeepSecHeader (Type _) = text "" -- no types in deepsec +prettyDeepSecHeader (Eq eqtype _ eq) = text eqtype <> text " " <> text eq <> text "." +prettyDeepSecHeader (HEvent _ _) = text "" +prettyDeepSecHeader (Table _ _) = text "" +-- drop symtypes in symbol declarations +prettyDeepSecHeader (Sym symkind name _ []) = text symkind <> text " " <> text name <> text "." +prettyDeepSecHeader (Sym symkind name _ attr) = + if List.elem "private" attr + then text symkind <> text " " <> text name <> text "[private]" <> text "." + else text symkind <> text " " <> text name <> text "." +-- only keep arity for fun declarations +prettyDeepSecHeader (Fun "" _ _ _ _) = text "" +prettyDeepSecHeader (Fun fkind name arity _ []) = + text fkind <> text " " <> text name + <> text "/" + <> text (show arity) + <> text "." +prettyDeepSecHeader (Fun fkind name arity _ attr) = + if List.elem "private" attr + then + text fkind <> text " " <> text name + <> text "/" + <> text (show arity) + <> text "[private]" + <> text "." + else text fkind <> text " " <> text name <> text "/" <> text (show arity) <> text "." + +attribHeaders :: TranslationContext -> [ProVerifHeader] -> [Doc] +attribHeaders tc hd = + sym ++ fun ++ eq + where + (eq, fun, sym) = splitHeaders hd + pph = case trans tc of + ProVerif -> prettyProVerifHeader + DeepSec -> prettyDeepSecHeader + splitHeaders [] = ([], [], []) + splitHeaders (x : xs) + | Sym _ _ _ _ <- x = (e1, f1, (pph x) : s1) + | Fun _ _ _ _ _ <- x = (e1, (pph x) : f1, s1) + | Eq _ _ _ <- x = ((pph x) : e1, f1, s1) + | HEvent _ _ <- x = ((pph x) : e1, f1, s1) + | Table _ _ <- x = ((pph x) : e1, f1, s1) + | Type _ <- x = (e1, f1, (pph x) : s1) + where + (e1, f1, s1) = splitHeaders xs + +attChanName :: String +attChanName = "att" + +mkAttackerChannel :: + ( -- MonadThrow m,PlainProcess + MonadFresh m + -- , Monoid (m (AnProcess ProcessAnnotation)) + -- ,Foldable (AnProcess ProcessAnnotation) + ) => + LProcess (ProcessAnnotation LVar) -> + m LVar +mkAttackerChannel _ = (freshLVar attChanName LSortMsg) + +mkAttackerContext :: TranslationContext -> LProcess (ProcessAnnotation LVar) -> (TranslationContext, S.Set ProVerifHeader) +mkAttackerContext tc p = + (tc {attackerChannel = Just attackerVar}, S.singleton hd) + where + attackerVar@(LVar n _ _) = (evalFresh (mkAttackerChannel p) (initStateAtt)) + initState = avoidPreciseVars . map (\(SapicLVar lvar _) -> lvar) $ S.toList $ varsProc p + initStateAtt = case M.lookup attChanName initState of + Nothing -> 0 + Just i -> i + hd = (Sym "free" n ":channel" []) + +-- given an optional channel name and a translation context, returns the corresponding printer +getAttackerChannel :: + TranslationContext -> + Maybe SapicTerm -> + (Doc, S.Set ProVerifHeader) +getAttackerChannel tc t1 = case (t1, attackerChannel tc) of + (Just tt1, _) -> ppSapicTerm tc tt1 + (Nothing, Just (LVar n _ _)) -> (text n, S.empty) + _ -> (text "TRANSLATION ERROR", S.empty) + +------------------------------------------------------------------------------ +-- Some utility functions +------------------------------------------------------------------------------ + +make_argtypes :: [SapicType] -> String +make_argtypes [] = "" +make_argtypes [x] = ppType x +make_argtypes (x : t) = ppType x ++ "," ++ (make_argtypes t) + +stripNonAlphanumerical :: [Char] -> [Char] +stripNonAlphanumerical = filter (\x -> isAlpha x) + +-- return the annotated process +makeAnnotations :: OpenTheory -> PlainProcess -> LProcess (ProcessAnnotation LVar) +makeAnnotations thy p = res + where + p' = report $ toAnProcess p + res = annotatePureStates p' + report pr = + if (List.find (\x -> x == "locations-report") $ theoryBuiltins thy) == Nothing + then pr + else translateTermsReport pr diff --git a/lib/export/tamarin-prover-export.cabal b/lib/export/tamarin-prover-export.cabal new file mode 100644 index 000000000..74ad640f9 --- /dev/null +++ b/lib/export/tamarin-prover-export.cabal @@ -0,0 +1,66 @@ +name: tamarin-prover-export + +cabal-version: >= 1.8 +build-type: Simple +version: 1.7.1 +license: GPL +license-file: LICENSE +category: Theorem Provers +author: Robert Künnemann , + Charlie Jacomme +maintainer: Robert Künnemann +copyright: Robert Künnemann, CISPA-Helmholtz-Centre Saarbrücken, 2019 + Charlie Jacomme, LSV, 2019 + +synopsis: Library for export of processes in the Sapic calculus to the Proverif calculus + +description: This is an internal library of the Tamarin prover for + security protocol verification + (). + . +homepage: https://tamarin-prover.github.io/ + + +source-repository head + type: git + location: https://github.com/tamarin-prover/tamarin-prover.git + +---------------------- +-- library stanzas +---------------------- + +library + ghc-options: -Wall -fwarn-tabs + + ghc-prof-options: -auto-all + + build-depends: + aeson + , aeson-pretty + , base + , binary + , bytestring + , containers + , deepseq + , dlist + , fclabels + , HStringTemplate + , mtl + , parallel + , parsec + , process + , safe + , text + , transformers + , uniplate + , exceptions + , raw-strings-qq + , tamarin-prover-utils + , tamarin-prover-term + , tamarin-prover-theory + , tamarin-prover-sapic + + hs-source-dirs: src + + exposed-modules: + Export diff --git a/lib/sapic/src/Sapic.hs b/lib/sapic/src/Sapic.hs index ddbde73c1..538224649 100644 --- a/lib/sapic/src/Sapic.hs +++ b/lib/sapic/src/Sapic.hs @@ -1,8 +1,7 @@ -{-# LANGUAGE DeriveDataTypeable #-} -{-# LANGUAGE TemplateHaskell #-} -{-# LANGUAGE StandaloneDeriving #-} -{-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE ScopedTypeVariables #-} {-# LANGUAGE PatternGuards #-} +{-# LANGUAGE DoAndIfThenElse #-} -- | -- Copyright : (c) 2019 Robert Künnemann and Alexander Dax -- License : GPL v3 (see LICENSE) @@ -13,30 +12,36 @@ -- Translation from Theories with Processes to multiset rewrite rules module Sapic ( - translate -) where +translate +, module Sapic.Typing +, module Sapic.Warnings +, ) where import Control.Exception hiding (catch) import Control.Monad.Fresh import Control.Monad.Catch -import Sapic.Exceptions import Theory import Theory.Sapic import Data.Typeable import Data.Maybe import qualified Data.Set as S -import qualified Data.List as List import qualified Extension.Data.Label as L import Control.Monad.Trans.FastFresh () +import Sapic.Exceptions import Sapic.Annotation import Sapic.SecretChannels +import Sapic.Compression import Sapic.Report import Sapic.Facts import Sapic.Locks import Sapic.ProcessUtils +import Sapic.LetDestructors +import Sapic.Typing +import Sapic.States import qualified Sapic.Basetranslation as BT import qualified Sapic.ProgressTranslation as PT import qualified Sapic.ReliableChannelTranslation as RCT import Theory.Text.Parser +import Sapic.Warnings -- | Translates the process (singular) into a set of rules and adds them to the theory translate :: (Monad m, MonadThrow m, MonadCatch m) => @@ -47,43 +52,54 @@ translate th = case theoryProcesses th of throwM (ReliableTransmissionButNoProcess :: SapicException AnnotatedProcess) else return th - [p] -> if all allUnique (bindings p) then do + [p] -> do -- annotate - an_proc <- evalFreshT (annotateLocks $ translateReport $ annotateSecretChannels (propagateNames $ toAnProcess p)) 0 + an_proc_pre <- translateLetDestr sigRules + $ translateReport + $ optimizeStateChannel + $ annotateSecretChannels + $ propagateNames + $ toAnProcess p + an_proc <- evalFreshT (annotateLocks an_proc_pre) 0 -- compute initial rules (initRules,initTx) <- initialRules an_proc -- generate protocol rules, starting from variables in initial tilde x protoRule <- gen (trans an_proc) an_proc [] initTx + -- apply path compression + eProtoRule <- pathComp $ map toRule (initRules ++ protoRule) -- add these rules - th1 <- foldM liftedAddProtoRule th $ map (\x -> (OpenProtoRule (toRule x) [])) $ initRules ++ protoRule + th1 <- foldM liftedAddProtoRule th $ map (`OpenProtoRule` []) eProtoRule -- add restrictions rest<- restrictions an_proc th2 <- foldM liftedAddRestriction th1 rest -- add heuristic, if not already defined: - let th4 = fromMaybe th2 (addHeuristic heuristics th2) -- does not overwrite user defined heuristic - return th4 - else - throw ( ProcessNotWellformed ( WFBoundTwice $ head $ map repeater $ bindings p) - :: SapicException AnnotatedProcess) + let th3 = setPureStateInjective $ fromMaybe th2 (addHeuristic heuristics th2) -- does not overwrite user defined heuristic + return th3 _ -> throw (MoreThanOneProcess :: SapicException AnnotatedProcess) where - bindings (ProcessComb c _ pl pr) = fmap (++ bindingsComb c) (bindings pl ++ bindings pr) - bindings (ProcessAction ac _ p) = fmap (++ bindingsAct ac) (bindings p) - bindings (ProcessNull _) = [[]] - bindingsComb (Lookup _ v) = [v] - bindingsComb _ = [] - bindingsAct (New v) = [v] - bindingsAct _ = [] - - allUnique = all ( (==) 1 . length) . List.group . List.sort - repeater = head . head . filter ((/=) 1 . length) . List.group . List.sort - ops = L.get thyOptions th translateReport anp = if L.get transReport ops then translateTermsReport anp else anp + pathComp p = + if L.get transProgress ops then + return p + else + pathCompression (L.get compressEvents ops) p + optimizeStateChannel anp = + if L.get stateChannelOpt ops then + annotatePureStates anp + else + anp + setPureStateInjective thy = + if L.get stateChannelOpt ops then + setforcedInjectiveFacts (S.fromList [pureStateFactTag, pureStateLockFactTag] ) thy +-- L.set (forcedInjectiveFacts . thyOptions) S.empty thy + else + thy + sigRules = stRules (L.get sigpMaudeSig (L.get thySignature th)) checkOps lens x | L.get lens ops = Just x | otherwise = Nothing @@ -93,12 +109,12 @@ translate th = case theoryProcesses th of , checkOps transReliable (RCT.reliableChannelInit anP) , checkOps transReport (reportInit anP) ] - trans anP = foldr ($) (BT.baseTrans needsInEvRes) --- fold from right to left, not that foldr applies ($) the other way around compared to foldM + trans anP = foldr ($) (BT.baseTrans (L.get asynchronousChannels ops) needsInEvRes) --- fold from right to left, not that foldr applies ($) the other way around compared to foldM $ mapMaybe (uncurry checkOps) [ --- remove if fst element does not point to option that is set (transProgress, PT.progressTrans anP) , (transReliable, RCT.reliableChannelTrans ) ] - restrictions:: (MonadThrow m1, MonadCatch m1) => AnProcess ProcessAnnotation -> m1 [SyntacticRestriction] + restrictions:: (MonadThrow m1, MonadCatch m1) => LProcess (ProcessAnnotation LVar) -> m1 [SyntacticRestriction] restrictions anP = foldM (flip ($)) [] --- fold from left to right --- TODO once accountability is supported, substitute True -- with predicate saying whether we need single_session lemma @@ -115,10 +131,10 @@ translate th = case theoryProcesses th of mapMaybe (uncurry checkOps) [ (transProgress, PT.progressRestr anP) , (transReliable, RCT.reliableChannelRestr anP) +-- , (stateChannelOpt, BT.resLockingPure) ] heuristics = [SapicRanking] needsInEvRes = any lemmaNeedsInEvRes (theoryLemmas th) - -- TODO This function is not yet complete. This is what the ocaml code -- was doing: -- NOTE: Kevin Morio is working on accountability @@ -147,7 +163,7 @@ gen :: (MonadCatch m) => (BT.TransFNull (m BT.TranslationResultNull), BT.TransFAct (m BT.TranslationResultAct), BT.TransFComb (m BT.TranslationResultComb)) - -> AnProcess ProcessAnnotation -> ProcessPosition -> S.Set LVar -> m [AnnotatedRule ProcessAnnotation] + -> LProcess (ProcessAnnotation LVar) -> ProcessPosition -> S.Set LVar -> m [AnnotatedRule (ProcessAnnotation LVar)] gen (trans_null, trans_action, trans_comb) anP p tildex = do proc' <- processAt anP p @@ -185,7 +201,7 @@ gen (trans_null, trans_action, trans_comb) anP p tildex = toAnnotatedRule proc (l,a,r,res) = AnnotatedRule Nothing proc (Left p) l a r res mapToAnnotatedRule proc l = -- distinguishes rules by adding the index of each element to it snd $ foldl (\(i,l') r -> (i+1,l' ++ [toAnnotatedRule proc r i] )) (0,[]) l - handler:: (Typeable ann, Show ann) => AnProcess ann -> SapicException ann -> a + handler:: (Typeable ann, Show ann) => LProcess ann -> SapicException ann -> a handler anp (ProcessNotWellformed (WFUnboundProto vs)) = throw $ ProcessNotWellformed $ WFUnbound vs anp handler _ e = throw e diff --git a/lib/sapic/src/Sapic/Annotation.hs b/lib/sapic/src/Sapic/Annotation.hs index 5c4f0fd79..63b421d40 100644 --- a/lib/sapic/src/Sapic/Annotation.hs +++ b/lib/sapic/src/Sapic/Annotation.hs @@ -1,10 +1,10 @@ {-# LANGUAGE DeriveDataTypeable #-} -{-# LANGUAGE StandaloneDeriving #-} {-# LANGUAGE DeriveGeneric #-} -{-# LANGUAGE DeriveDataTypeable #-} -{-# LANGUAGE TypeSynonymInstances #-} --- {-# LANGUAGE DeriveAnyClass #-} {-# LANGUAGE GeneralizedNewtypeDeriving #-} +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE UndecidableInstances #-} -- Copyright : (c) 2019 Robert Künnemann -- License : GPL v3 (see LICENSE) -- @@ -18,16 +18,18 @@ module Sapic.Annotation ( , AnnotatedProcess , annLock , annSecretChannel + , annDestructorEquation , annUnlock , toAnProcess , toProcess - , AnLVar (..) - , GoodAnnotation + , AnVar (..) + , AnProcess (..) + , unAnProcess , getProcessNames , setProcessNames -) where + ,annElse) where import Data.Data --- import Data.Maybe +-- import Data.List -- import Data.Foldable -- import Control.Exception -- import Control.Monad.Fresh @@ -43,80 +45,112 @@ import Data.Binary -- import Control.Monad.Trans.FastFresh -- import Control.Monad.Trans.FastFresh import Term.LTerm +import Term.Substitution -- | Variables used to annotate locks. Encapsulated in newtype because of -- Semigroup instance below -newtype AnLVar = AnLVar LVar +newtype AnVar v = AnVar v deriving( Typeable, Data, Generic, Binary, Show ) -- original definition: deriving( Typeable, Data, Generic, NFData, Binary ) -instance Semigroup AnLVar where -- override annotations if necessary +instance Semigroup (AnVar v) where -- override annotations if necessary (<>) _ b = b -- | Annotations used in the translation -data ProcessAnnotation = ProcessAnnotation { - processnames :: [String] -- processes identifiers recovered from "let P = " bindings - , lock :: Maybe AnLVar -- Fresh variables annotating locking action and unlocking actions. - , unlock :: Maybe AnLVar -- Matching actions should have the same variables. - , secretChannel :: Maybe AnLVar -- If a channel is secret, we can perform a silent transition. - , location :: Maybe SapicTerm -- The location of a process, for the IEE extention. +-- Reuses ProcessParsedAnnotation +data ProcessAnnotation v = ProcessAnnotation { + parsingAnn :: ProcessParsedAnnotation -- annotations recovered during parsing, includes + -- processes identifiers recovered from "let P = " bindings + , lock :: Maybe (AnVar v) -- Fresh variables annotating locking action and unlocking actions. + , unlock :: Maybe (AnVar v) -- Matching actions should have the same variables. + , secretChannel :: Maybe (AnVar v) -- If a channel is secret, we can perform a silent transition. + , destructorEquation :: Maybe (LNTerm, LNTerm) -- the two terms that can be matched to model a let binding with a destructor on the right hand side. + , elseBranch :: Bool --- do we have a non-zero else branch? Used for let translation + , pureState :: Bool -- anotates locks, inserts and lookup that correspond to a Pure state, so that they are optimized. + -- A pure state corresponds to a process of form `insert k,v` or `lock k; lookup k; .. ; insert k,v; unlock k` or similar (see States.hs) + , stateChannel :: Maybe (AnVar v) -- anotates state operations with the corresponding name identifier when possible. + , isStateChannel :: Maybe SapicTerm -- annotates binding of channels that corresponds to state channels with their corresponding identifier. } deriving (Show, Typeable) - --- | Any annotation that is good enough to be converted back into a Process --- can at least recover the names of the processes used to bind --- subprocesses --- annotate the multiset rewrite rules with: --- - the Name or Names of the process (e.g., [A, B] in let B = 0 let A = B | 0) -class GoodAnnotation a where - getProcessNames :: a -> [String] - setProcessNames :: [String] -> a -> a - -instance GoodAnnotation ProcessAnnotation +instance GoodAnnotation (ProcessAnnotation v) where - getProcessNames = processnames - setProcessNames pn an = an { processnames = pn } + getProcessParsedAnnotation = parsingAnn + setProcessParsedAnnotation pn an = an { parsingAnn = pn } + defaultAnnotation = mempty + +mayMerge :: Maybe a -> Maybe a -> Maybe a +mayMerge t@(Just _) _ = t +mayMerge _ t@(Just _) = t +mayMerge Nothing Nothing = Nothing -instance Monoid ProcessAnnotation where - mempty = ProcessAnnotation [] Nothing Nothing Nothing Nothing +instance Monoid (ProcessAnnotation v) where + mempty = ProcessAnnotation mempty mempty mempty mempty Nothing True False mempty Nothing mappend p1 p2 = ProcessAnnotation - (processnames p1 `mappend` processnames p2) + (parsingAnn p1 `mappend` parsingAnn p2) (lock p1 `mappend` lock p2) (unlock p1 `mappend` unlock p2) (secretChannel p1 `mappend` secretChannel p2) - (location p2) + (mayMerge (destructorEquation p1) (destructorEquation p2)) + (elseBranch p2) + (pureState p1 || pureState p2) + (stateChannel p1 `mappend` stateChannel p2) + (mayMerge (isStateChannel p1) (isStateChannel p2)) + +getProcessNames :: GoodAnnotation ann => ann -> [String] +getProcessNames = processnames . getProcessParsedAnnotation + +setProcessNames :: GoodAnnotation a => [String] -> a -> a +setProcessNames pn = mappendProcessParsedAnnotation (mempty {processnames = pn}) -instance Semigroup ProcessAnnotation where - (<>) p1 p2 = ProcessAnnotation - (processnames p1 `mappend` processnames p2) - (lock p1 <> lock p2) - (unlock p1 <> unlock p2) - (secretChannel p1 <> secretChannel p2) - (location p2) -newtype AnnotatedProcess = AnProcess ProcessAnnotation +instance Semigroup (ProcessAnnotation v) where + (<>) = mappend + +instance (Apply s SapicTerm) => (Apply s (ProcessAnnotation v)) where + apply = applyAnn + +newtype AnnotatedProcess = LProcess (ProcessAnnotation LVar) deriving (Typeable, Monoid,Semigroup,Show) +data AnProcess ann = AnProcess (LProcess ann) + deriving (Typeable, Show) + +-- This instance is useful for modifying annotations, but not for much more. +instance Functor AnProcess where + fmap f (AnProcess process) = AnProcess (f' process) + where + f' (ProcessNull an) = ProcessNull (f an) + f' (ProcessAction a an p) = ProcessAction a (f an) (f' p) + f' (ProcessComb c an pl pr) = ProcessComb c (f an) (f' pl) (f' pr) + +unAnProcess :: AnProcess ann -> LProcess ann +unAnProcess (AnProcess p) = p + -- | quickly create Annotations from variable names for locking and -- unlocking -annLock :: AnLVar -> ProcessAnnotation -annLock v = ProcessAnnotation { processnames = [], lock = Just v, unlock = Nothing, secretChannel = Nothing, location = Nothing } -annUnlock :: AnLVar -> ProcessAnnotation -annUnlock v = ProcessAnnotation { processnames = [], lock = Nothing, unlock = Just v , secretChannel = Nothing, location = Nothing} -annSecretChannel :: AnLVar -> ProcessAnnotation -annSecretChannel v = ProcessAnnotation { processnames = [], lock = Nothing, unlock = Nothing, secretChannel = Just v, location = Nothing} --- | Convert to and from Process, i.e., AnProcess with processnames only. -toAnProcess :: Process -> AnProcess ProcessAnnotation -toAnProcess = fmap f - where - f l = - let (names, loc) = getNamesLoc l in - ProcessAnnotation { processnames = names, lock = Nothing, unlock = Nothing, secretChannel = Nothing, location = loc} - getNamesLoc [] = ([], Nothing) - getNamesLoc ((ProcessLoc x):xs) = let (names,_) = getNamesLoc xs in (names,Just x) - getNamesLoc ((ProcessName x):xs) = let (names,loc) = getNamesLoc xs in (x:names,loc) - -toProcess :: GoodAnnotation an => AnProcess an -> Process -toProcess = fmap f +annLock :: AnVar v -> ProcessAnnotation v +annLock v = mempty {lock = Just v} + +annUnlock :: AnVar v -> ProcessAnnotation v +annUnlock v = mempty {unlock = Just v} + +annSecretChannel :: AnVar v -> ProcessAnnotation v +annSecretChannel v = mempty { secretChannel = Just v} + +annDestructorEquation :: LNTerm -> LNTerm -> Bool -> ProcessAnnotation v +annDestructorEquation v1 v2 b = mempty { destructorEquation = Just (v1, v2), elseBranch = b } + +annElse :: Bool -> ProcessAnnotation v +annElse b = mempty {elseBranch = b} + +-- | Convert to and from Process, i.e., LProcess with processnames only. +toAnProcess :: GoodAnnotation an => PlainProcess -> LProcess an +toAnProcess = unAnProcess . fmap f . AnProcess + where + -- f :: ProcessParsedAnnotation -> an + f l = setProcessParsedAnnotation l defaultAnnotation + +toProcess :: GoodAnnotation an => LProcess an -> PlainProcess +toProcess = unAnProcess . fmap f . AnProcess where - f l = map ProcessName $ getProcessNames l + f l = getProcessParsedAnnotation l diff --git a/lib/sapic/src/Sapic/Basetranslation.hs b/lib/sapic/src/Sapic/Basetranslation.hs index 9c31c2185..2bedd2673 100644 --- a/lib/sapic/src/Sapic/Basetranslation.hs +++ b/lib/sapic/src/Sapic/Basetranslation.hs @@ -8,13 +8,19 @@ -- -- Translation rules common for different translation types in SAPIC module Sapic.Basetranslation ( + -- translation baseTransNull , baseTransComb , baseTransAction , baseTrans , baseInit - , toEx , baseRestr + , resLockingPure + -- helper + , toEx + , toLVar + , toLNTerm + , toLNFact -- types , TransFact , TranslationResultNull @@ -24,10 +30,12 @@ module Sapic.Basetranslation ( , TransFAct , TransFComb ) where + import Control.Exception import Control.Monad.Catch import Data.Set hiding (map, (\\)) -import Data.List (nub, (\\)) +import Data.Maybe +import qualified Data.List as List import qualified Extension.Data.Label as L import Sapic.Annotation import Sapic.Exceptions @@ -38,36 +46,35 @@ import Theory import Theory.Sapic import Theory.Sapic.Print import Theory.Text.Parser --- import Debug.Trace -type TranslationResultNull = ([([TransFact], [TransAction], [TransFact], [SyntacticLNFormula])]) +type TranslationResultNull = [([TransFact], [TransAction], [TransFact], [SyntacticLNFormula])] type TranslationResultAct = ([([TransFact], [TransAction], [TransFact], [SyntacticLNFormula])], Set LVar) type TranslationResultComb = ([([TransFact], [TransAction], [TransFact], [SyntacticLNFormula])], Set LVar, Set LVar) -type TransFNull t = ProcessAnnotation +type TransFNull t = ProcessAnnotation LVar -> ProcessPosition -> Set LVar -> t -type TransFAct t = SapicAction - -> ProcessAnnotation +type TransFAct t = SapicAction SapicLVar + -> ProcessAnnotation LVar -> ProcessPosition -> Set LVar -> t -type TransFComb t = ProcessCombinator - -> ProcessAnnotation +type TransFComb t = ProcessCombinator SapicLVar + -> ProcessAnnotation LVar -> ProcessPosition -> Set LVar -> t -- | The basetranslation has three functions, one for translating the Null -- Process, one for actions (i.e. constructs with only one child process) and -- one for combinators (i.e., constructs with two child processes). -baseTrans :: MonadThrow m => Bool -> +baseTrans :: MonadThrow m => Bool -> Bool -> (TransFNull (m TranslationResultNull), TransFAct (m TranslationResultAct), TransFComb (m TranslationResultComb)) -baseTrans needsInEvRes = (\ a p tx -> return $ baseTransNull a p tx, - \ ac an p tx -> return $ baseTransAction needsInEvRes ac an p tx, +baseTrans asyncChannels needsInEvRes = (\ a p tx -> return $ baseTransNull a p tx, + \ ac an p tx -> return $ baseTransAction asyncChannels needsInEvRes ac an p tx, \ comb an p tx -> return $ baseTransComb comb an p tx) -- I am sure there is nice notation for that. -- | Each part of the translation outputs a set of multiset rewrite rules, @@ -75,65 +82,131 @@ baseTrans needsInEvRes = (\ a p tx -> return $ baseTransNull a p tx, baseTransNull :: TransFNull TranslationResultNull baseTransNull _ p tildex = [([State LState p tildex ], [], [], [])] -baseTransAction :: Bool -> TransFAct TranslationResultAct -baseTransAction needsInEvRes ac an p tildex +mergeWithStateRule' :: ([TransFact], [a1], [a2]) -> ([TransFact], [a1], [a2], d) -> ([TransFact], [a1], [a2], d) +mergeWithStateRule' (l',a',r') (l,a,r,f) + | (Just _) <- List.find isState l + = (l ++ l', a ++ a', r++r', f) + | otherwise + = (l,a,r,f) + +mergeWithStateRule :: ([TransFact], [a1], [a2]) -> [([TransFact], [a1], [a2], d)] -> [([TransFact], [a1], [a2], d)] +mergeWithStateRule r' = map (mergeWithStateRule' r') + +baseTransAction :: Bool -> Bool -> TransFAct TranslationResultAct +baseTransAction + asyncChannels -- true if private channels ought to be asnchronous + needsAssImmediate -- produce actions that axiom AssImmediate requires + ac an p tildex -- current action, its annotation, position in the process tree, and variables bound so far | Rep <- ac = ([ ([def_state], [], [State PSemiState (p++[1]) tildex ], []), ([State PSemiState (p++[1]) tildex], [], [def_state' tildex], []) ], tildex) - | (New v) <- ac = let tx' = v `insert` tildex in - ([ ([def_state, Fr v], [], [def_state' tx'], []) ], tx') - | (ChIn (Just tc) t) <- ac, (Just (AnLVar _)) <- secretChannel an = - let tx' = freeset tc `union` freeset t `union` tildex in - ([ - ([def_state, Message tc t], [], [Ack tc t, def_state' tx'], [])], tx') - | (ChIn (Just tc) t) <- ac, Nothing <- secretChannel an = - let tx' = freeset tc `union` freeset t `union` tildex in - let ts = fAppPair (tc,t) in + | (New v) <- ac = let tx' = toLVar v `insert` tildex in + ([ ([def_state, Fr $ toLVar v], [], [def_state' tx'], []) ], tx') + | (ChIn channel t' matchVar) <- ac, t <- toLNTerm t' = -- handle channel input in(c,pat);P like in(c,x); let pat = x in P + let x = evalFreshAvoiding (freshLVar "x" LSortMsg) tildex in + let xt = varTerm x in + let xTerm = varTerm (SapicLVar { slvar = x, stype = Nothing}) in + let (rules,tx',_) = baseTransComb (Let t' xTerm matchVar) (an {elseBranch = False }) p tildex + -- tx' does not include fresh x because it is on the right hand side + -- that's ok because follow up process does not use x anyway, since + -- the process was ground before introducing x freshly + in + case channel of + Nothing -> if needsAssImmediate then -- delay matching, as in(pat) behaves like in(x); let pat = x in .. + (mergeWithStateRule ([In (varTerm x)], channelIn (varTerm x), []) rules, tx') + else + let tx2' = freeset t `union` tildex in + ([ ([def_state, In t], [ ], [def_state' tx2'], []) ], tx2') + Just tc' -> let tc = toLNTerm tc' in + let ts = fAppPair (tc,varTerm x) in + let ack = [Ack tc xt | not asyncChannels] in + (mergeWithStateRule ([Message tc xt], [], ack) rules + ++ (if isNothing (secretChannel an) -- only add adversary rule if channel is not guaranteed secret + then mergeWithStateRule ([In ts], channelIn ts, []) rules + else [] + ), tx') + | (ChOut (Just tc') t') <- ac, (Just (AnVar _)) <- secretChannel an + , tc <- toLNTerm tc', t <- toLNTerm t' = + if asyncChannels then + ([ + ([def_state], [], [Message tc t, def_state' tildex], [])], tildex) + else + let semistate = State LSemiState (p++[1]) tildex in + ([ + ([def_state], [], [Message tc t,semistate], []), + ([semistate, Ack tc t], [], [def_state' tildex], [])], tildex) + | (ChOut (Just tc') t') <- ac, Nothing <- secretChannel an + , tc <- toLNTerm tc', t <- toLNTerm t' = + if asyncChannels then + ([ + ([def_state, In tc], channelIn tc, [Out t, def_state' tildex], []), + ([def_state], [], [Message tc t,def_state' tildex], [])], tildex) + else + let semistate = State LSemiState (p++[1]) tildex in + ([ + ([def_state, In tc], channelIn tc, [Out t, def_state' tildex], []), + ([def_state], [], [Message tc t,semistate], []), + ([semistate, Ack tc t], [], [def_state' tildex], [])], tildex) + | (ChOut Nothing t') <- ac + , t <- toLNTerm t' = ([ - ([def_state, In ts], [ChannelIn ts | needsInEvRes], [def_state' tx'], []), - ([def_state, Message tc t], [], [Ack tc t, def_state' tx'], [])], tx') - | (ChIn Nothing t) <- ac = - let tx' = freeset t `union` tildex in - ([ ([def_state, In t ], [ChannelIn t | needsInEvRes], [def_state' tx'], []) ], tx') - | (ChOut (Just tc) t) <- ac, (Just (AnLVar _)) <- secretChannel an = - let semistate = State LSemiState (p++[1]) tildex in - ([ - ([def_state], [], [Message tc t,semistate], []), - ([semistate, Ack tc t], [], [def_state' tildex], [])], tildex) - | (ChOut (Just tc) t) <- ac, Nothing <- secretChannel an = - let semistate = State LSemiState (p++[1]) tildex in + ([def_state], [], [def_state' tildex, Out t], [])], tildex) + + -- Pure cell translation + | (Insert t1' t2' ) <- ac, True <- pureState an, (Just (AnVar v)) <- unlock an, + t1 <- toLNTerm t1' , t2 <- toLNTerm t2' = + let tx' = v `insert` tildex in ([ - ([def_state, In tc], [ChannelIn tc | needsInEvRes], [Out t, def_state' tildex], []), - ([def_state], [], [Message tc t,semistate], []), - ([semistate, Ack tc t], [], [def_state' tildex], [])], tildex) - | (ChOut Nothing t) <- ac = + ([def_state, CellLocked t1 (varTerm v)], [ + --UnlockUnnamed t1 v + ], [def_state' tx', PureCell t1 t2], [])], tx') + | (Insert t1' t2' ) <- ac, True <- pureState an, + t1 <- toLNTerm t1' , t2 <- toLNTerm t2' = ([ - ([def_state], [], [def_state' tildex, Out t], [])], tildex) - | (Insert t1 t2 ) <- ac = + ([def_state], [ + --UnlockUnnamed t1 v + ], [def_state' tildex, PureCell t1 t2], [])], tildex) + + | (Lock _) <- ac, True <- pureState an = + ([ + ([def_state], [], [def_state' tildex], [])], tildex) + | (Unlock _) <- ac, True <- pureState an = + ([([def_state], [], [def_state' tildex], [])], tildex) + + -- Classical state translation + | (Insert t1' t2' ) <- ac + , t1 <- toLNTerm t1' , t2 <- toLNTerm t2' = ([ ([def_state], [InsertA t1 t2], [def_state' tildex], [])], tildex) - | (Delete t ) <- ac = + | (Delete t') <- ac + , t <- toLNTerm t' = ([ ([def_state], [DeleteA t ], [def_state' tildex], [])], tildex) - | (Lock t ) <- ac, (Just (AnLVar v)) <- lock an = + | (Lock t') <- ac, (Just (AnVar v)) <- lock an + , t <- toLNTerm t' = let tx' = v `insert` tildex in ([ ([def_state, Fr v], [LockNamed t v, LockUnnamed t v ], [def_state' tx'], [])], tx') | (Lock _ ) <- ac, Nothing <- lock an = throw (NotImplementedError "Unannotated lock" :: SapicException AnnotatedProcess) - - | (Unlock t ) <- ac, (Just (AnLVar v)) <- unlock an = + | (Unlock t') <- ac, (Just (AnVar v)) <- unlock an + , t <- toLNTerm t' = ([([def_state], [UnlockNamed t v, UnlockUnnamed t v ], [def_state' tildex], [])], tildex) | (Unlock _ ) <- ac, Nothing <- lock an = throw ( NotImplementedError "Unannotated unlock" :: SapicException AnnotatedProcess) - | (Event f ) <- ac = - ([([def_state], TamarinAct f : [EventEmpty | needsInEvRes], [def_state' tildex], [])], tildex) - | (MSR (l,a,r,res)) <- ac = + +-- CHARLIE : still add locks and unlocks in the pure state thing, but with weaker formula only used to contradict injectivity, e.g Lock(x,s)@i & Unlock(x,s)@j ==> not(Ex k s2. Lock(x,s2)@k & i (t1or, toLNTerm t2', freeset t1or) + Just (tl1,tl2) -> (tl1, tl2, freeset tl1 `difference` tildex) + in + let fa = Conn Imp (Ato (EqE (fmapTerm (fmap Free) t1) (fmapTerm (fmap Free) t2))) (TF False) in + let tildexl = freeset t1or `union` tildex in + let faN = fold (hinted forall) fa freevars in + let pos = p++[1] in + if elsBranch then + ([ + ([def_state], [], [FLet pos t2 tildex], []), + ([FLet pos t1 tildex], [], [def_state1 tildexl], []), + ([FLet pos t2 tildex], [] , [def_state2 tildex], [faN]) + ], + tildexl, tildex) + else + ([ + ([def_state], [], [FLet pos t2 tildex], []), + ([FLet pos t1 tildex], [], [def_state1 tildexl], []) + ], + tildexl, tildex) + + -- Pure cell translation + | Lookup t' v' <- c, True <- pureState an, (Just (AnVar vs)) <- unlock an, + t <- toLNTerm t', v <- toLVar v' = + let tx' = vs `insert ` (v `insert` tildex) in + ( + [ ([def_state, PureCell t (varTerm v), Fr vs], [ + --LockUnnamed t vs + ], [def_state1 tx', CellLocked t (varTerm vs) ], []) +-- , ([def_state], [IsNotSet t], [def_state2 tildex], []) + ] + , tx', tildex ) + + + -- Classical state translation + | Lookup t' v' <- c + , t <- toLNTerm t', v <- toLVar v' = let tx' = v `insert` tildex in ( [ ([def_state], [IsIn t v], [def_state1 tx' ], []), ([def_state], [IsNotSet t], [def_state2 tildex], [])] , tx', tildex ) - | otherwise = throw (NotImplementedError "baseTransComb":: SapicException AnnotatedProcess) +-- Process Calls are currently made by a simple inlining of the process, where the parameters have already been substituded by the value of the caller inside the parser. Variants could be defined to optimize this behaviour. + | ProcessCall {} <- c = + ([ ([def_state], [], [def_state1 tildex ], [])], + tildex,tildex) + + -- | otherwise = throw (NotImplementedError "baseTransComb":: SapicException AnnotatedProcess) where def_state = State LState p tildex def_state1 tx = State LState (p++[1]) tx def_state2 tx = State LState (p++[2]) tx + freeset = fromList . frees + -- | @baseInit@ provides the initial rule that is used to create the first -- linear statefact. An additional restriction on InitEmpty makes sure it can -- only be used once. -baseInit :: AnProcess ann -> ([AnnotatedRule ann], Set a) +baseInit :: LProcess ann -> ([AnnotatedRule ann], Set a) baseInit anP = ([AnnotatedRule (Just "Init") anP (Right InitPosition) l a r [] 0],empty) where l = [] @@ -210,7 +332,7 @@ toEx s | (Left err) <- parseRestriction s = throwM ( ImplementationError ( "Error parsing hard-coded restriction: " ++ s ++ show err )::SapicException AnnotatedProcess) | (Right res) <- parseRestriction s = return res - | otherwise = throwM ( ImplementationError "toEx, otherwise case to satisfy compiler"::SapicException AnnotatedProcess) + -- | otherwise = throwM ( ImplementationError "toEx, otherwise case to satisfy compiler"::SapicException AnnotatedProcess) resSetIn :: String resSetIn = [QQ.r|restriction set_in: @@ -266,6 +388,23 @@ resLockingPOSNoUnlock = [QQ.r|restriction locking: |] + +-- | Restrictions for Locking and Unlocking in the pureState case. +resLockingPure :: MonadThrow m => [SyntacticRestriction] -> m [SyntacticRestriction] +resLockingPure prev = do + news <- mapM toEx [ + [QQ.r|restriction locking1: + "All p l x #t1 pp lp #t2 #t3 . Lock(p,l,x)@t1 & Lock(pp,lp,x)@t2 + & Unlock(p,l,x)@t3 & not(#t1=#t2) + ==> (t2 < t1) | (t3 < t2)" + |] , + [QQ.r|restriction locking2: + "All p l x #t1 pp lp #t2 #t3 . Lock(p,l,x)@t1 & Unlock(pp,lp,x)@t2 + & Unlock(p,l,x)@t3 & not(#t2=#t3) + ==> (t3 < t2) | (t2 < t1)" + |] + ] + return $ news ++ prev -- | Produce locking lemma for variable v by instantiating resLockingL -- with (Un)Lock_pos instead of (Un)LockPOS, where pos is the variable id -- of v. @@ -312,7 +451,7 @@ resInEv = [QQ.r|restriction in_event: -- | generate restrictions depending on options set (op) and the structure -- of the process (anP) -baseRestr :: (MonadThrow m, MonadCatch m) => AnProcess ProcessAnnotation -> Bool -> Bool -> [SyntacticRestriction] -> m [SyntacticRestriction] +baseRestr :: MonadThrow m => Process (ProcessAnnotation LVar) v -> Bool -> Bool -> [SyntacticRestriction] -> m [SyntacticRestriction] baseRestr anP needsInEvRes hasAccountabilityLemmaWithControl prevRestr = let hardcoded_l = (if contains isLookup then @@ -326,22 +465,20 @@ baseRestr anP needsInEvRes hasAccountabilityLemmaWithControl prevRestr = ++ addIf needsInEvRes [resInEv] in do hardcoded <- mapM toEx hardcoded_l - lockingWithUnlock <- mapM (resLocking True) (nub $ getUnlockPositions anP) - lockingOnlyLock <- mapM (resLocking False) ((getLockPositions anP) \\ (getUnlockPositions anP)) - + lockingWithUnlock <- mapM (resLocking True) (List.nub $ getUnlockPositions anP) + lockingOnlyLock <- mapM (resLocking False) (getLockPositions anP List.\\ getUnlockPositions anP) return $ prevRestr ++ hardcoded ++ lockingWithUnlock ++ lockingOnlyLock - where addIf phi list = if phi then list else [] contains = processContains anP getLock p - | (ProcessAction (Lock _) an _) <- p, (Just (AnLVar v)) <- lock an = [v] -- annotation is Maybe type + | (ProcessAction (Lock _) an@ProcessAnnotation{pureState=False} _) <- p, (Just (AnVar v)) <- lock an = [v] -- annotation is Maybe type | otherwise = [] getUnlock p - | (ProcessAction (Unlock _) an _) <- p, (Just (AnLVar v)) <- unlock an = [v] -- annotation is Maybe type + | (ProcessAction (Unlock _) an@ProcessAnnotation{pureState=False} _) <- p, (Just (AnVar v)) <- unlock an = [v] -- annotation is Maybe type | otherwise = [] getLockPositions = pfoldMap getLock getUnlockPositions = pfoldMap getUnlock diff --git a/lib/sapic/src/Sapic/Bindings.hs b/lib/sapic/src/Sapic/Bindings.hs new file mode 100644 index 000000000..5dd1b9156 --- /dev/null +++ b/lib/sapic/src/Sapic/Bindings.hs @@ -0,0 +1,47 @@ +{-# LANGUAGE PatternGuards #-} +module Sapic.Bindings( + bindings +, bindingsAct +, bindingsComb +, accBindings +, capturedVariables) where + +import Theory.Sapic +import Data.List +import qualified Data.Set as S + +-- | bindings returns the variables bound precisely at this point. Guarantees that no duplicates are in the list. +-- we need the annotations to handle patterns correctly +bindings :: GoodAnnotation a => Process a SapicLVar -> [SapicLVar] +bindings (ProcessComb c ann _ _) = bindingsComb ann c +bindings (ProcessAction ac ann _) = bindingsAct ann ac +bindings (ProcessNull _) = [] + +-- | bindings for actions without duplicates +bindingsAct :: GoodAnnotation a => a -> SapicAction SapicLVar -> [SapicLVar] +bindingsAct _ ac + | (New v) <- ac = [v] + | (ChIn _ t vs) <- ac = nub (freesSapicTerm t) \\ S.toList vs + | (MSR l _ _ _ mv) <- ac = nub (foldMap freesSapicFact l) \\ S.toList mv + | otherwise = [] + +-- | bindings for process combinators without duplicates +bindingsComb :: GoodAnnotation a => a -> ProcessCombinator SapicLVar -> [SapicLVar] +bindingsComb _ c + | (Lookup _ v) <- c = [v] + | (Let t1 _ mv) <- c = nub (freesSapicTerm t1) \\ S.toList mv + | otherwise = [] + +-- | accumulate all bound variables in a list +accBindings :: GoodAnnotation a => Process a SapicLVar -> [SapicLVar] +accBindings = pfoldMap bindings + +-- | Find out which variables or names bound in the subprocess are captured *by the current process* +capturedVariablesAt :: GoodAnnotation a => Process a SapicLVar -> [SapicLVar] +capturedVariablesAt (ProcessAction ac ann p) = bindingsAct ann ac `intersect` accBindings p +capturedVariablesAt (ProcessComb c ann pl pr) = bindingsComb ann c `intersect` (accBindings pl `union` accBindings pr) +capturedVariablesAt (ProcessNull _) = [] + +-- | List all variables or names captured somewhere in theprocess +capturedVariables :: GoodAnnotation a => Process a SapicLVar -> [SapicLVar] +capturedVariables = pfoldMap capturedVariablesAt \ No newline at end of file diff --git a/lib/sapic/src/Sapic/Compression.hs b/lib/sapic/src/Sapic/Compression.hs new file mode 100644 index 000000000..7f5c377a1 --- /dev/null +++ b/lib/sapic/src/Sapic/Compression.hs @@ -0,0 +1,144 @@ +-- | +-- Copyright : (c) 2019 Charlie Jacomme +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- +-- We try to compress as much as possible the MSR rules +-- +-- + +-- Two rules can be merged if they do not merge obaservable actions. +-- + +module Sapic.Compression ( + pathCompression +) where +import Control.Monad.Catch +import qualified Data.Set as S + +import qualified Data.List as List +import qualified Extension.Data.Label as L +import Theory + +import Sapic.Facts + +-- We compress as much as possible silent actions + + +noCompressSapicKeyWords :: [String] +noCompressSapicKeyWords = ["IsIn", "IsNotSet", "Insert", "Delete", "Lock", "Unlock", "Progress" ] + +isSapicNoCompress :: Fact LNTerm -> Bool +isSapicNoCompress (Fact (ProtoFact _ name _) _ _) = + any (`List.isPrefixOf` name) noCompressSapicKeyWords +isSapicNoCompress _ = False + +isStateProcessFact :: Fact LNTerm -> Bool +isStateProcessFact f = isStateFact f || isLetFact f + +sameName :: Fact LNTerm -> Fact LNTerm -> Bool +sameName (Fact (ProtoFact _ name _) _ _) (Fact (ProtoFact _ name2 _) _ _) = name==name2 +sameName _ _ = False + +-- get all rules with premice the given fact +getPremRules:: Fact LNTerm -> [Rule ProtoRuleEInfo] -> ([Rule ProtoRuleEInfo],[Rule ProtoRuleEInfo]) +getPremRules fact = List.partition (List.any (sameName fact) . L.get rPrems) + +-- get all rules producing the given fact +getConcsRules:: Fact LNTerm -> [Rule ProtoRuleEInfo] -> ([Rule ProtoRuleEInfo],[Rule ProtoRuleEInfo]) +getConcsRules fact = List.partition (List.any (sameName fact) . L.get rConcs) + +-- Get the list of all state facts produced by a rule +getProducedFacts :: [Rule ProtoRuleEInfo] -> S.Set (Fact LNTerm) +getProducedFacts rules = + facts + where + facts = List.foldl (\acc (Rule _ _ rconc _ _) -> + List.foldl (flip S.insert) acc (List.filter isStateProcessFact rconc) + ) S.empty rules + +mergeInfo :: ProtoRuleEInfo -> ProtoRuleEInfo -> ProtoRuleEInfo +mergeInfo info info2 = + ProtoRuleEInfo (StandRule (mergeStand name name2)) (mergeAttr attr attr2) (res ++ res2) + where ProtoRuleEInfo (StandRule name ) attr res = info + ProtoRuleEInfo (StandRule name2) attr2 res2 = info2 + mergeStand n _ = n -- ++ "_" ++ n' + -- NOTE: concatenating makes veryyyy big name rules, that completely make the the graphs unreadble + -- NOTE: if we reintroduce Yavor's Dot output, recall 9e7e99fe070776172bd09cb977e8d3a83da3ed51 + mergeAttr a a' = let completeList = a ++ a' in + take 1 [i | i@(RuleColor _) <- completeList] + ++ take 1 [i | i@(Process _) <- completeList] + + +canMerge :: Bool -> Rule ProtoRuleEInfo -> Rule ProtoRuleEInfo -> Bool +canMerge compEvents r1 r2 + | (any isSapicNoCompress ract) && (any isSapicNoCompress ract2) = False -- we cannot merge rules if it makes events be simulataneous + + | not(compEvents) && (ract /= []) && (ract2 /= []) = False -- we cannot merge rules if it makes events be simulataneous + | (List.length rprem2' > 1) && (List.length rconc >1) = False -- we cannot merge rules if we are breaking asynchronous behavior (i.e u->v,w and w,r->t cannot be compress, as r might be produced byi + | (List.length rconc > 1) && (ract2 /= []) = False -- we cannot merge rules if we are breaking asynchronous behavior (i.e u->v,w, and v-E->t cannot be compressed, else an event that could have happened with w before E cannot do so anymore. + | List.any isOutFact rconc && List.any isOutFact rconc2 = False -- we cannot merge rules if two Out become simultaneous (might break the fact that the attacker can know smth and not smth else at a timepoint + | List.any isLetFact rconc || List.any isLetFact rprem = False -- we cannot merge rules when we are performing a let pattern matching + | List.any isOutFact rconc && (ract2 /= []) = False -- we cannot merge rules if a Out and an event become simultaneous (might break the fact that the attacker can know smth and not smth else at a timepoint + |otherwise = True + where Rule _ rprem rconc ract _ = r1 + Rule _ rprem2 rconc2 ract2 _ = r2 + rprem2' = List.filter (not . isLockFact) rprem2 + +-- We try to merge two rules together, and add the result or themselves in case of failure to a set +merge:: Bool -> Rule ProtoRuleEInfo -> Rule ProtoRuleEInfo -> S.Set (Rule ProtoRuleEInfo) ->S.Set (Rule ProtoRuleEInfo) +merge compEvents rule1 rule2 ruleset = + if canMerge compEvents rule1 rule2 then + Rule (mergeInfo rinfo rinfo2) newprem newrconc (List.union ract ract2) (rnew++rnew2) `S.insert` ruleset + else + rule1 `S.insert` (rule2 `S.insert` ruleset) + where Rule rinfo rprem rconc ract rnew = rule1 + Rule rinfo2 rprem2 rconc2 ract2 rnew2 = rule2 + newprem = rprem ++ List.filter (`notElem` rconc) rprem2 + newrconc = rconc2 ++ List.filter (`notElem` rprem2) rconc + +-- Given two set of rules, such that the leftrules all produce a state (the same) consumed by the right rules, try to compress rules for each possible pairing between rules in leftrules and rightrules +mergeRules:: Bool -> [Rule ProtoRuleEInfo] -> [Rule ProtoRuleEInfo] -> [Rule ProtoRuleEInfo] +mergeRules compEvents leftrules rightrules = + if List.length leftrules == 1 && List.length rightrules == 1 then + S.toList rulesset + else + leftrules ++ rightrules + where rulesset = List.foldl (\set l -> List.foldl (flip (merge compEvents l)) set rightrules) S.empty leftrules + + +-- simpR ( Rule (ProtoRuleEInfo (StandRule name) _ _) rprem rconc ract rnew) = ( Rule (ProtoRuleEInfo (StandRule name) [] []) rprem rconc ract rnew) + + -- Given a fact and an msr, compress the msr with respect to this fact, and return the new msr, and the new facts (facts reachable in one step from the fact) that we may try to compress +compressOne :: Bool -> Fact LNTerm -> [Rule ProtoRuleEInfo] -> ([Rule ProtoRuleEInfo], S.Set (Fact LNTerm)) +compressOne compEvents fact msr + | isPersistentFact fact = (msr, new_facts) + | otherwise = (msr3 ++ new_rules, new_facts) + where (prem_rules,msr2) = getPremRules fact msr + (concs_rules,msr3) = getConcsRules fact msr2 + new_rules = mergeRules compEvents concs_rules prem_rules + new_facts = getProducedFacts new_rules + +-- Compress one by one the facts inside the given list, maintaining a set of already compressed facts to avoid loops, and adding the new facts to explore progressively. +compress :: Bool -> [Fact LNTerm] -> S.Set (Fact LNTerm) -> [Rule ProtoRuleEInfo] -> [Rule ProtoRuleEInfo] +compress _ [] _ msr = msr +compress compEvents (fact:remainder) compressed_facts msr = + compress compEvents new_facts_remainder new_compressed_facts new_msr + where (new_msr,new_facts) = compressOne compEvents fact msr + new_compressed_facts = fact `S.insert` compressed_facts + new_facts_no_compress = new_facts S.\\ new_compressed_facts + new_facts_no_remainder = new_facts_no_compress S.\\ S.fromList remainder + new_facts_remainder = S.toList new_facts_no_remainder++remainder -- we avoid duplicates between remainder and newfactsnocompress + + +-- Start the compression by the init fact introduced by the translation +pathCompression:: MonadCatch m => + Bool -> [Rule ProtoRuleEInfo] -> m [Rule ProtoRuleEInfo] +pathCompression compEvents msr = + return $ filterDeadend $ compress compEvents [initfact] S.empty msr + where initfact = Sapic.Facts.factToFact (State LState [] S.empty) + -- in the end, we remove the useless dangling rules + filterDeadend rs = List.filter (\ (Rule _ _ rconc ract _) -> + not(null ract && null rconc) ) rs diff --git a/lib/sapic/src/Sapic/Exceptions.hs b/lib/sapic/src/Sapic/Exceptions.hs index 523714633..429e279ef 100644 --- a/lib/sapic/src/Sapic/Exceptions.hs +++ b/lib/sapic/src/Sapic/Exceptions.hs @@ -1,6 +1,4 @@ {-# LANGUAGE DeriveDataTypeable #-} -{-# LANGUAGE DeriveAnyClass #-} -{-# LANGUAGE TemplateHaskell #-} -- | -- Copyright : (c) 2019 Robert Künnemann -- License : GPL v3 (see LICENSE) @@ -12,16 +10,17 @@ module Sapic.Exceptions ( WFLockTag(..), - WFerrror(..), + WFerror(..), SapicException(..) ) where -import Control.Exception import Data.Typeable import Data.Set as S import qualified Data.List as List +import Control.Exception import Theory import Theory.Sapic import Data.Label +import qualified Data.Maybe -- two different kind of locking erros data WFLockTag = WFRep | WFPar deriving (Show) @@ -31,11 +30,16 @@ prettyWFLockTag WFRep = "replication" prettyWFLockTag WFPar = "a parallel" -- | Wellformedness errors, see instance of show below for explanation. -data WFerrror a = WFLock WFLockTag (AnProcess a) - | WFUnboundProto (S.Set LVar) - | WFUnbound (S.Set LVar) (AnProcess a) +data WFerror p = WFLock WFLockTag p + | WFUnboundProto (Set LVar) + | WFUnbound (Set LVar) p | WFReliable - | WFBoundTwice LVar + | WFBoundTwice SapicLVar + | TypingErrorArgument SapicTerm [SapicType] + | TypingError SapicTerm SapicType SapicType + | TypingErrorFunctionMerge NoEqSym SapicFunType SapicFunType + | FunctionNotDefined NoEqSym + deriving (Typeable) -- | SapicExceptions see instance of show below for explanation. @@ -44,7 +48,7 @@ data SapicException p = NotImplementedError String -- | VerdictNotWellFormed String -- | InternalRepresentationError String -- | UnAnnotatedLock String - | ProcessNotWellformed (WFerrror p) + | ProcessNotWellformed (WFerror p) | InvalidPosition ProcessPosition | ImplementationError String | MoreThanOneProcess @@ -53,7 +57,6 @@ data SapicException p = NotImplementedError String | RestrictionNameExists String | ReliableTransmissionButNoProcess | CannotExpandPredicate FactTag SyntacticRestriction - -- deriving (Typeable, Show) deriving (Typeable) prettyVarSet :: S.Set LVar -> String @@ -77,8 +80,7 @@ instance (Show p) => Show (SapicException p) where ++ get rstrName rstr ++ "." - -instance (Show p) => Show (WFerrror p) where +instance (Show p) => Show (WFerror p) where show (WFUnboundProto varset) = "The variable or variables " ++ @@ -96,9 +98,31 @@ instance (Show p) => Show (WFerrror p) where show WFReliable = "If reliable channels are activated, processes should only contain in('r',m), out('r',m), in('c',m) or out('c',m) for communication." show (WFLock tag pr) = - "Process " ++ show pr ++ " contains lock that extends over " + "Process " ++ show pr ++ " contains lock that extends over " ++ prettyWFLockTag tag ++ " which is not allowed." show (WFBoundTwice v) = "Variable bound twice: " ++ show v ++ "." + show (TypingErrorArgument t types) = "Typing error: subterm " + ++ show t + ++ " should have input types " + ++ List.intercalate ", " (List.map (Data.Maybe.fromMaybe defaultSapicTypeS) types) + ++ "." + show (TypingError t at tt) = "Typing error: expected term " + ++ show t + ++ " to have " + ++ show tt + ++ " but actual type is " + ++ show at + ++ "." + show (TypingErrorFunctionMerge fs t1 t2) = "Typing error: function types for function" + ++ show fs + ++ " are compatible. Expected type " + ++ prettySapicFunType t1 + ++ " but actual type is " + ++ prettySapicFunType t2 + ++ "." + show (FunctionNotDefined sym ) = "Function not defined " ++ show sym + +instance (Typeable a, Show a) => Exception (WFerror a) instance (Typeable a, Show a) => Exception (SapicException a) diff --git a/lib/sapic/src/Sapic/Facts.hs b/lib/sapic/src/Sapic/Facts.hs index 715775e57..c629bf022 100644 --- a/lib/sapic/src/Sapic/Facts.hs +++ b/lib/sapic/src/Sapic/Facts.hs @@ -15,11 +15,17 @@ module Sapic.Facts ( , StateKind(..) , isSemiState , isState + , isOutFact + , isStateFact + , isLetFact + , isLockFact , isNonSemiState , addVarToState , factToFact , actionToFact , actionToFactFormula + , pureStateFactTag + , pureStateLockFactTag , toRule , varMID , varProgress @@ -45,24 +51,25 @@ import Data.Char import Data.Bits import qualified Data.Set as S import Data.Color +import qualified Data.List as List -- import Control.Monad.Trans.FastFresh -- | Facts that are used as actions data TransAction = -- base translation InitEmpty - -- storage - | IsIn SapicTerm LVar - | IsNotSet SapicTerm - | InsertA SapicTerm SapicTerm - | DeleteA SapicTerm + -- storage + | IsIn LNTerm LVar + | IsNotSet LNTerm + | InsertA LNTerm LNTerm + | DeleteA LNTerm -- locks - | LockUnnamed SapicTerm LVar - | LockNamed SapicTerm LVar - | UnlockUnnamed SapicTerm LVar - | UnlockNamed SapicTerm LVar + | LockUnnamed LNTerm LVar + | LockNamed LNTerm LVar + | UnlockUnnamed LNTerm LVar + | UnlockNamed LNTerm LVar -- in_event restriction - | ChannelIn SapicTerm + | ChannelIn LNTerm | EventEmpty -- support for msrs | TamarinAct LNFact @@ -73,8 +80,8 @@ data TransAction = | ProgressFrom ProcessPosition | ProgressTo ProcessPosition ProcessPosition -- reliable channels - | Send ProcessPosition SapicTerm - | Receive ProcessPosition SapicTerm + | Send ProcessPosition LNTerm + | Receive ProcessPosition LNTerm -- to implement with accountability extension --- | InitId --- | StopId @@ -87,14 +94,18 @@ data TransAction = -- than one MSR step, i.e., messages over private channels. data StateKind = LState | PState | LSemiState | PSemiState deriving Eq -data TransFact = Fr LVar | In SapicTerm - | Out SapicTerm - | Message SapicTerm SapicTerm - | Ack SapicTerm SapicTerm +data TransFact = Fr LVar | In LNTerm + | Out LNTerm + | FLet ProcessPosition LNTerm (S.Set LVar) + | Message LNTerm LNTerm + | Ack LNTerm LNTerm | State StateKind ProcessPosition (S.Set LVar) | MessageIDSender ProcessPosition | MessageIDReceiver ProcessPosition | TamarinFact LNFact + -- pure storage + | PureCell LNTerm LNTerm + | CellLocked LNTerm LNTerm data SpecialPosition = InitPosition -- initial position, is logically the predecessor of [] | NoPosition -- no real position, e.g., message id rule @@ -102,7 +113,7 @@ data SpecialPosition = InitPosition -- initial position, is logically the predec -- | annotated rules know: data AnnotatedRule ann = AnnotatedRule { processName :: Maybe String -- optional name for rules that are not bound to a process, e.g., Init - , process :: AnProcess ann -- process this rules was generated for + , process :: LProcess ann -- process this rules was generated for , position :: Either ProcessPosition SpecialPosition -- position of this process in top-level process , prems :: [TransFact] -- Facts/actions to be translated , acts :: [TransAction] @@ -181,14 +192,12 @@ varMsgId p = LVar n s i s = LSortFresh i = 0 --- actionToFact :: TransAction -> Fact t -actionToFact :: TransAction -> Fact (VTerm Name LVar) +actionToFact :: TransAction -> Fact LNTerm actionToFact InitEmpty = protoFact Linear "Init" [] - --- | Not implemented yet: progress - --- | StopId - --- | EventEmpty - --- | EventId -actionToFact (Send p t) = protoFact Linear "Send" [varTerm $ varMsgId p ,t] + -- | StopId + -- | EventEmpty + -- | EventId +actionToFact (Send p t) = protoFact Linear "Send" [varTerm $ varMsgId p, t] actionToFact (Receive p t) = protoFact Linear "Receive" [varTerm $ varMsgId p ,t] actionToFact (IsIn t v) = protoFact Linear "IsIn" [t,varTerm v] actionToFact (IsNotSet t ) = protoFact Linear "IsNotSet" [t] @@ -222,10 +231,13 @@ varMID p = LVar n s i -- We could also compute it from the position as before, -- but I don't see an advantage (yet) -factToFact :: TransFact -> Fact SapicTerm +factToFact :: TransFact -> Fact LNTerm factToFact (Fr v) = freshFact $ varTerm (v) factToFact (In t) = inFact t factToFact (Out t) = outFact t +factToFact (FLet p t vars) = protoFact Linear ("Let"++ "_" ++ prettyPosition p) (t:ts) + where + ts = map varTerm (S.toList vars) factToFact (Message t t') = protoFact Linear "Message" [t, t'] factToFact (Ack t t') = protoFact Linear "Ack" [t, t'] factToFact (MessageIDSender p) = protoFact Linear "MID_Sender" [ varTerm $ varMID p ] @@ -235,18 +247,52 @@ factToFact (State kind p vars) = protoFact (multiplicity kind) (name kind ++ "_" name k = if isSemiState k then "Semistate" else "State" ts = map varTerm (S.toList vars) factToFact (TamarinFact f) = f +factToFact (PureCell t1 t2) = protoFact Linear ("L_PureState") [t1, t2] +factToFact (CellLocked t1 t2) = protoFact Linear ("L_CellLocked") [t1, t2] + + +pureStateFactTag :: FactTag +pureStateFactTag = ProtoFact Linear ("L_PureState") 2 + +pureStateLockFactTag :: FactTag +pureStateLockFactTag = ProtoFact Linear ("L_CellLocked") 2 + + +isOutFact :: Fact t -> Bool +isOutFact (Fact OutFact _ _) = True +isOutFact _ = False + + +isLetFact :: Fact LNTerm -> Bool +isLetFact (Fact (ProtoFact _ name _) _ _) = + "Let" `List.isPrefixOf` name +isLetFact _ = False + + +isStateFact :: Fact LNTerm -> Bool +isStateFact (Fact (ProtoFact _ name _) _ _) = + "State" `List.isPrefixOf` name + || + "Semistate" `List.isPrefixOf` name +isStateFact _ = False + +isLockFact :: Fact LNTerm -> Bool +isLockFact (Fact (ProtoFact _ name _) _ _) = + "L_CellLocked" `List.isPrefixOf` name +isLockFact _ = False + prettyEitherPositionOrSpecial:: Either ProcessPosition SpecialPosition -> String prettyEitherPositionOrSpecial (Left pos) = prettyPosition pos prettyEitherPositionOrSpecial (Right InitPosition) = "Init" prettyEitherPositionOrSpecial (Right NoPosition) = "" -getTopLevelName :: (GoodAnnotation an) => AnProcess an -> [String] +getTopLevelName :: (GoodAnnotation an) => Process an v -> [String] getTopLevelName (ProcessNull ann) = getProcessNames ann getTopLevelName (ProcessComb _ ann _ _) = getProcessNames ann getTopLevelName (ProcessAction _ ann _) = getProcessNames ann -propagateNames :: (GoodAnnotation ann) => AnProcess ann -> AnProcess ann +propagateNames :: (GoodAnnotation an) => Process an v-> Process an v propagateNames = propagate' [] where propagate' n (ProcessComb c an pl pr) = ProcessComb c @@ -293,11 +339,11 @@ colorForProcessName names = hsvToRGB $ normalize $ fst $ foldl f (head palette, toRule :: GoodAnnotation ann => AnnotatedRule ann -> Rule ProtoRuleEInfo toRule AnnotatedRule{..} = -- this is a Record Wildcard - Rule (ProtoRuleEInfo (StandRule name ) attr restr) l r a (newVariables l r) + Rule (ProtoRuleEInfo (StandRule name) attr restr) l r a (newVariables l r) where name = case processName of Just s -> s - Nothing -> + Nothing -> unNull (stripNonAlphanumerical (prettySapicTopLevel process)) ++ "_" ++ show index ++ "_" ++ prettyEitherPositionOrSpecial position @@ -308,4 +354,3 @@ toRule AnnotatedRule{..} = -- this is a Record Wildcard r = map factToFact concs stripNonAlphanumerical = filter isAlpha unNull s = if null s then "p" else s - diff --git a/lib/sapic/src/Sapic/LetDestructors.hs b/lib/sapic/src/Sapic/LetDestructors.hs new file mode 100644 index 000000000..1110856f5 --- /dev/null +++ b/lib/sapic/src/Sapic/LetDestructors.hs @@ -0,0 +1,102 @@ +{-# LANGUAGE PatternGuards #-} +-- | +-- Copyright : (c) 2019 Charlie Jacomme +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- +-- Compute annotations for let destructors + +module Sapic.LetDestructors ( + translateLetDestr +) where + +import Data.Set as S +import Data.List as L + +import Sapic.Annotation + +import Theory +import Theory.Sapic + +import Term.SubtermRule + +import Control.Monad.Catch + +mapProc :: ( MonadThrow m) + => Set CtxtStRule -> LProcess (ProcessAnnotation LVar) -> m (LProcess (ProcessAnnotation LVar)) +mapProc _ (ProcessNull ann) = return $ ProcessNull ann +mapProc rules (ProcessAction ac ann p') = do + pr <- mapProc rules p' + return $ ProcessAction (ac) ann pr + +mapProc rules (ProcessComb c@(Let t1 t2 mv) _ pl pr) = + case (t1, viewTerm t1', viewTerm t2') of + ( (LIT (Var _)) ,(Lit (Var _)), FApp funsym@(NoEq (_, (_,_,Destructor))) rightterms) -> + -- we are in the case where the let binding is of the form let invar = dest(rightTerms) in + (case L.foldl (findRule funsym) Nothing rules of + -- if the desrtructor does not have any associated rule, it never succeed, and we thus always go in the else branch we simply substitute in the process, to optimize + Nothing -> mapProc rules pr + Just (leftterms, outvar) -> do + -- TODO we should handle fresh vars here + -- We extract the equation of the dest, in the case where it is of the + -- form dest(lefTerms) = outvar. + + -- in this case, we are going to transform the let binding into a + -- binding of the form let leftterms Sigma = rightterms, where Sigma is the substitution outvar -> invar + + -- e.g in the case of symmetric decryption, we turn "let x = + -- sdec(m,sk) in" with the equation "sdec(senc(v,key),key) = v" into + -- the binding "let senc(x,key),key = m,sk in" + + npl <- mapProc rules pl + npr <- mapProc rules pr + return $ ProcessComb c new_an npl npr + where leftermssubst = apply subst $ toPairs leftterms + subst = substFromList [(outvar, t1')] + new_an = annDestructorEquation leftermssubst (toPairs rightterms) elsebranch + ) + ( (LIT (Var svar)) , _ , _ ) | not(svar `S.member` mv) -> do + res <- applyM (substFromList (L.map (\x -> (x,t2)) (make_untyped_variant svar))) pl + npl <- mapProc rules res + return npl + _ -> do + npl <- mapProc rules pl + npr <- mapProc rules pr + return $ ProcessComb c (annElse elsebranch) npl npr + + + where t1'= toLNTerm t1 + t2'= toLNTerm t2 + -- toPairs produce a pattern match over a list. We do not use fAppList, because List is reducible and cannot be used to pattern match. + toPairs [] = fAppOne + toPairs [s] = s + toPairs (p:q) = fAppPair (p, toPairs q) + elsebranch = case pr of + ProcessNull _ -> False + _ -> True + -- essentially, with let sk:skey in P, if with subsitute variable sk:skey inside P, it will not substitute untyped occurences of sk, which is bad. + make_untyped_variant svar@(SapicLVar sl_var (Just _)) = + [svar, (SapicLVar sl_var Nothing)] + make_untyped_variant svar = [svar] + +mapProc rules (ProcessComb c ann pl pr) = do + npl <- mapProc rules pl + npr <- mapProc rules pr + return $ ProcessComb c ann npl npr + +findRule :: FunSym + -> Maybe ([Term (Lit Name LVar)], LVar) + -> CtxtStRule + -> Maybe ([Term (Lit Name LVar)], LVar) +findRule funsym acc rule = + case ctxtStRuleToRRule rule of + (fhs `RRule` rhs) -> + case (viewTerm fhs, viewTerm rhs) of + (FApp fs y, (Lit (Var v))) | fs == funsym -> Just (y, v) + _ -> acc + +translateLetDestr :: ( MonadThrow m) + => Set CtxtStRule -> LProcess (ProcessAnnotation LVar) -> m (LProcess (ProcessAnnotation LVar)) +translateLetDestr rules anp = mapProc rules anp diff --git a/lib/sapic/src/Sapic/Locks.hs b/lib/sapic/src/Sapic/Locks.hs index 82e48da23..3566c2106 100644 --- a/lib/sapic/src/Sapic/Locks.hs +++ b/lib/sapic/src/Sapic/Locks.hs @@ -18,7 +18,7 @@ import Sapic.Exceptions import Theory import Theory.Sapic --- This exceptions is thrown im annotateEachClosestUnlock finds +-- This exceptions is thrown im annotateEachClosestUnlock finds -- a parallel or replications below the locks. The calling function -- annotate_locks catches it and outputs the proper exception with the -- complete process. @@ -27,22 +27,30 @@ instance Exception LocalException -- | Annotate the closes occurence of unlock that has term t with the -- variable v output the exception above if we encounter rep or parallel -annotateEachClosestUnlock :: MonadThrow m => - Theory.Sapic.SapicTerm - -> AnLVar - -> AnProcess ProcessAnnotation - -> m( AnProcess ProcessAnnotation) +annotateEachClosestUnlock :: (Eq v1, MonadThrow m) => + SapicNTerm v1 + -> AnVar v2 + -> Process (ProcessAnnotation v2) v1 + -> m (Process (ProcessAnnotation v2) v1) annotateEachClosestUnlock _ _ (ProcessNull a') = return $ ProcessNull a' -annotateEachClosestUnlock t v (ProcessAction (Unlock t') a' p) = - if t == t' then - return $ ProcessAction (Unlock t') (a' `mappend` annUnlock v) p +annotateEachClosestUnlock t v (ProcessAction (Unlock t') a' p) = + if t == t' then + return $ ProcessAction (Unlock t') (a' <> annUnlock v) p else do p' <- annotateEachClosestUnlock t v p return $ProcessAction (Unlock t') a' p' +annotateEachClosestUnlock t v (ProcessAction (Insert t1 t2) a' p) | t1==t = + do + p' <- annotateEachClosestUnlock t v p + return $ProcessAction (Insert t1 t2) (a' <> annUnlock v) p' annotateEachClosestUnlock _ _ (ProcessAction Rep _ _) = throwM $ LocalException WFRep annotateEachClosestUnlock _ _ (ProcessComb Parallel _ _ _) = throwM $ LocalException WFPar annotateEachClosestUnlock t v (ProcessAction ac a' p) = do p' <- annotateEachClosestUnlock t v p return $ ProcessAction ac a' p' +annotateEachClosestUnlock t v (ProcessComb (Lookup st vt) a' pl pr ) | st==t = + do pl' <- annotateEachClosestUnlock t v pl + pr' <- annotateEachClosestUnlock t v pr + return $ ProcessComb (Lookup st vt) (a' <> annUnlock v) pl' pr' annotateEachClosestUnlock t v (ProcessComb c a' pl pr ) = do pl' <- annotateEachClosestUnlock t v pl pr' <- annotateEachClosestUnlock t v pr return $ ProcessComb c a' pl' pr' @@ -51,20 +59,18 @@ annotateEachClosestUnlock t v (ProcessComb c a' pl pr ) = do pl' <- annotateEach -- annotateEachClosestUnlock. annotateLocks :: ( MonadThrow m, MonadFresh m - -- , Monoid (m (AnProcess ProcessAnnotation)) - -- ,Foldable (AnProcess ProcessAnnotation) ) - => AnProcess ProcessAnnotation -> m (AnProcess ProcessAnnotation) -annotateLocks (ProcessAction (Lock t) a p) = do + => LProcess (ProcessAnnotation LVar) -> m (LProcess (ProcessAnnotation LVar)) +annotateLocks (ProcessAction (Lock t) a p) = do v <- freshLVar "lock" LSortMsg - p' <- annotateEachClosestUnlock t (AnLVar v) p + p' <- annotateEachClosestUnlock t (AnVar v) p p'' <- annotateLocks p' - return (ProcessAction (Lock t) (a `mappend` annLock (AnLVar v)) p'') + return (ProcessAction (Lock t) (a `mappend` annLock (AnVar v)) p'') -- return (ProcessAction (Lock t) (annLock (AnLVar v)) p'') annotateLocks (ProcessAction ac an p) = do p' <- annotateLocks p return (ProcessAction ac an p') -annotateLocks (ProcessNull an ) = +annotateLocks (ProcessNull an ) = return (ProcessNull an) annotateLocks (ProcessComb comb an pl pr ) = do pl' <- annotateLocks pl diff --git a/lib/sapic/src/Sapic/ProcessUtils.hs b/lib/sapic/src/Sapic/ProcessUtils.hs index e61d9bc64..00293cfa1 100644 --- a/lib/sapic/src/Sapic/ProcessUtils.hs +++ b/lib/sapic/src/Sapic/ProcessUtils.hs @@ -1,6 +1,6 @@ {-# LANGUAGE ScopedTypeVariables #-} {-# LANGUAGE PatternGuards #-} --- Copyright : (c) 2019 Robert Künnemann +-- Copyright : (c) 2019 Robert Künnemann -- License : GPL v3 (see LICENSE) -- -- Maintainer : Robert Künnemann @@ -8,7 +8,7 @@ -- -- Utilities for processes module Sapic.ProcessUtils ( - processAt + processAt , processContains , isLookup , isEq @@ -28,54 +28,57 @@ import qualified Data.Monoid as M -- import Sapic.Exceptions -- import Theory import Theory.Sapic +import Theory import Sapic.Exceptions +import Sapic.Annotation + -- import Theory.Model.Rule -- import Data.Typeable -- import qualified Data.Set as S -- import Control.Monad.Trans.FastFresh -- | Return subprocess at position p. Throw exceptions if p is an invalid --- positions. -processAt :: forall m ann. (Show ann, MonadThrow m, MonadCatch m, Typeable ann) => AnProcess ann -> ProcessPosition -> m (AnProcess ann) +-- positions. +processAt :: forall ann m v. (Show ann, MonadThrow m, MonadCatch m, Typeable ann, Typeable v, Show v) => Process ann v -> ProcessPosition -> m (Process ann v) processAt p [] = return p -processAt (ProcessNull _) (x:xs) = throwM (InvalidPosition (x:xs) :: SapicException (AnProcess ann)) -processAt pro pos +processAt (ProcessNull _) (x:xs) = throwM (InvalidPosition (x:xs) :: SapicException (Process ann v)) +processAt pro pos | (ProcessAction _ _ p ) <- pro, 1:xl <- pos = catch (processAt p xl) (h pos) | (ProcessComb _ _ pl _) <- pro, 1:xl <- pos = catch (processAt pl xl) (h pos) | (ProcessComb _ _ _ pr) <- pro, 2:xl <- pos = catch (processAt pr xl) (h pos) where --- report original position by catching exception at each level in error case. - h:: ProcessPosition -> SapicException (AnProcess ann) -> m (AnProcess ann) - h p (InvalidPosition _) = throwM ( InvalidPosition p :: SapicException (AnProcess ann)) + h:: ProcessPosition -> SapicException (Process ann v) -> m (Process ann v) + h p (InvalidPosition _) = throwM ( InvalidPosition p :: SapicException (Process ann v)) h _ e = throwM e -processAt _ p = throwM (InvalidPosition p :: SapicException (AnProcess ann)) +processAt _ p = throwM (InvalidPosition p :: SapicException (Process ann v)) -processContains :: AnProcess ann -> (AnProcess ann -> Bool) -> Bool +processContains :: Process ann v -> (Process ann v -> Bool) -> Bool processContains anP f = M.getAny $ pfoldMap (M.Any . f) anP -isLookup :: AnProcess ann -> Bool -isLookup (ProcessComb (Lookup _ _) _ _ _) = True +isLookup :: Process (ProcessAnnotation LVar) v -> Bool +isLookup (ProcessComb (Lookup _ _) ProcessAnnotation{pureState=False} _ _) = True isLookup _ = False -isDelete :: AnProcess ann -> Bool -isDelete (ProcessAction (Delete _) _ _) = True +isDelete :: Process (ProcessAnnotation LVar) v -> Bool +isDelete (ProcessAction (Delete _) ProcessAnnotation{pureState=False} _) = True isDelete _ = False -isLock :: AnProcess ann -> Bool +isLock :: Process ann v -> Bool isLock (ProcessAction (Lock _) _ _) = True isLock _ = False -isUnlock :: AnProcess ann -> Bool +isUnlock :: Process ann v -> Bool isUnlock (ProcessAction (Unlock _) _ _) = True isUnlock _ = False -isChIn :: AnProcess ann -> Bool -isChIn (ProcessAction (ChIn _ _) _ _) = True +isChIn :: Process ann v -> Bool +isChIn (ProcessAction (ChIn _ _ _) _ _) = True isChIn _ = False -isChOut :: AnProcess ann -> Bool +isChOut :: Process ann v -> Bool isChOut (ProcessAction (ChOut _ _) _ _) = True isChOut _ = False -isEq :: AnProcess ann -> Bool +isEq :: Process ann v -> Bool isEq (ProcessComb (CondEq _ _) _ _ _) = True isEq _ = False diff --git a/lib/sapic/src/Sapic/ProgressFunction.hs b/lib/sapic/src/Sapic/ProgressFunction.hs index 86035183a..5657164a2 100644 --- a/lib/sapic/src/Sapic/ProgressFunction.hs +++ b/lib/sapic/src/Sapic/ProgressFunction.hs @@ -1,15 +1,14 @@ {-# LANGUAGE ScopedTypeVariables #-} {-# LANGUAGE PatternGuards #-} {-# LANGUAGE TupleSections #-} -{-# LANGUAGE TupleSections #-} --- Copyright : (c) 2019 Robert Künnemann +-- Copyright : (c) 2019-2021 Robert Künnemann -- License : GPL v3 (see LICENSE) -- -- Maintainer : Robert Künnemann -- Portability : GHC only -- -- Compute a functiont hat maps positions in a process to where they will need --- to move to ensure local progress whereever possible +-- to move to ensure local progress whereever possible module Sapic.ProgressFunction ( pfFrom ,pf @@ -26,6 +25,7 @@ import qualified Data.Set as S import qualified Data.List as L import qualified Data.Map.Strict as M + type ProgressFunction = M.Map ProcessPosition (S.Set (S.Set ProcessPosition)) --- | suffix list p to each element of set *) @@ -43,20 +43,21 @@ type ProgressFunction = M.Map ProcessPosition (S.Set (S.Set ProcessPosition)) -- isExclusive _ = False -- | Actions that are blocking -isBlockingAct :: SapicAction -> Bool +isBlockingAct :: LSapicAction -> Bool isBlockingAct Rep = True -isBlockingAct (ChIn _ _) = True +isBlockingAct (ChIn _ _ _) = True isBlockingAct _ = False --- | determine whether process is blocking -blocking :: AnProcess ann -> Bool +-- | determine whether process is blocking +blocking :: LProcess ann -> Bool blocking (ProcessNull _) = True blocking (ProcessAction ac _ _ ) = isBlockingAct ac blocking (ProcessComb NDC _ pl pr) = blocking pl && blocking pr +-- blocking (ProcessComb (Let _ _) _ _ _) = True blocking _ = False -- | next position to jump to -next :: (Num a, Ord a) => AnProcess ann -> S.Set [a] +next :: (Num a, Ord a) => LProcess ann -> S.Set [a] next ProcessNull {} = S.empty next ProcessAction {} = S.singleton [1] next (ProcessComb NDC _ pl pr) = nextOrChild pl [1] `S.union` nextOrChild pr [2] @@ -65,17 +66,18 @@ next (ProcessComb NDC _ pl pr) = nextOrChild pl [1] `S.union` nextOrChild pr [2] else S.singleton pos next ProcessComb{} = S.fromList $ [[1],[2]] --- | next position to jump but consider empty position for null process, used in pi -next0 :: (Num a, Ord a) => AnProcess ann -> S.Set [a] +-- | next position to jump but consider empty position for null process, used in pi +next0 :: (Num a, Ord a) => LProcess ann -> S.Set [a] next0 ProcessNull {} = S.singleton [] next0 ProcessAction {} = S.singleton [1] +next0 (ProcessComb ProcessCall{} _ _ _) = S.singleton [1] next0 (ProcessComb NDC _ pl pr) = next0OrChild pl [1] `S.union` next0OrChild pr [2] where next0OrChild p' pos = if blocking p' then pos <.> next0 p' else S.singleton pos next0 ProcessComb{} = S.fromList [[1],[2]] -pfFrom :: (MonadCatch m, Show ann, Typeable ann) => AnProcess ann -> m (S.Set ProcessPosition) +pfFrom :: (MonadCatch m, Show ann, Typeable ann) => LProcess ann -> m (S.Set ProcessPosition) pfFrom process = from' process True where from' proc b @@ -104,7 +106,7 @@ combineWith y x_i set1 = S.foldr (\y_i set2 -> (x_i `S.union` y_i) `S.insert` se -- normal form of the positions that we need to go to. -- For example: {{p1},{p2,p3}} means we need to go to p1 AND to either p2 or p3. -- Correspond to f in Def. 15 -f :: (Show ann, MonadCatch m, Typeable ann) => AnProcess ann -> m (S.Set (S.Set ProcessPosition)) +f :: (Show ann, MonadCatch m, Typeable ann) => LProcess ann -> m (S.Set (S.Set ProcessPosition)) f p -- corresponds to f within generate progressfunction.ml | blocking p = return $ ss [] | (ProcessComb Parallel _ pl pr) <- p = do @@ -124,7 +126,7 @@ f p -- corresponds to f within generate progressfunction.ml return $ combine (pos <..> lpos) acc -- | Compute progress function of proc -pf :: (Show ann, MonadCatch m, Typeable ann) => AnProcess ann -> ProcessPosition -> m (S.Set (S.Set ProcessPosition)) +pf :: (Show ann, MonadCatch m, Typeable ann) => LProcess ann -> ProcessPosition -> m (S.Set (S.Set ProcessPosition)) pf proc pos = do proc' <- processAt proc pos res <- f proc' return $ pos <..> res @@ -132,7 +134,7 @@ pf proc pos = do proc' <- processAt proc pos flatten :: Ord a => S.Set (S.Set a) -> S.Set a flatten = S.foldr S.union S.empty -pfRange' :: (Show ann, Typeable ann, MonadCatch m) => AnProcess ann -> m (S.Set (ProcessPosition, ProcessPosition)) +pfRange' :: (Show ann, Typeable ann, MonadCatch m) => LProcess ann -> m (S.Set (ProcessPosition, ProcessPosition)) pfRange' proc = do froms <- pfFrom proc foldM mapFlat S.empty froms @@ -140,12 +142,12 @@ pfRange' proc = do mapFlat acc pos = do res <- flatten <$> pf proc pos return (acc `S.union` S.map (,pos) res) -pfRange :: (Show ann, Typeable ann, MonadCatch m) => AnProcess ann -> m (S.Set ProcessPosition) +pfRange :: (Show ann, Typeable ann, MonadCatch m) => LProcess ann -> m (S.Set ProcessPosition) pfRange proc = do set <- pfRange' proc return $ S.map fst set -pfInv :: (Show ann, Typeable ann, MonadCatch m) => AnProcess ann -> m (ProcessPosition -> Maybe ProcessPosition) +pfInv :: (Show ann, Typeable ann, MonadCatch m) => LProcess ann -> m (ProcessPosition -> Maybe ProcessPosition) pfInv proc = do set <- pfRange' proc return $ \x -> snd <$> L.find (\(to,_) -> to == x ) (S.toList set) diff --git a/lib/sapic/src/Sapic/ProgressTranslation.hs b/lib/sapic/src/Sapic/ProgressTranslation.hs index 1969e01fe..61ca46c0e 100644 --- a/lib/sapic/src/Sapic/ProgressTranslation.hs +++ b/lib/sapic/src/Sapic/ProgressTranslation.hs @@ -12,7 +12,7 @@ -- -- Michael Backes, Jannik Dreier, Steve Kremer and Robert Künnemann. "A Novel -- Approach for Reasoning about Liveness in Cryptographic Protocols and its --- Application to Fair Exchange". EuroS&P 2017 +-- Application to Fair Exchange". EuroS&P 2017 -- module Sapic.ProgressTranslation ( progressTrans @@ -52,7 +52,7 @@ addProgressFrom domPF child (l,a,r,res) -- init rules, if [] in @domPF@, the domain of the progress function. Updates -- the initial ~x accordingly. progressInit :: (MonadCatch m, Show ann1, Typeable ann1) - => AnProcess ann1 -> ([AnnotatedRule ann2], Set LVar) -> m ([AnnotatedRule ann2], Set LVar) + => LProcess ann1 -> ([AnnotatedRule ann2], Set LVar) -> m ([AnnotatedRule ann2], Set LVar) progressInit anP (initrules,initTx) = do domPF <- pfFrom anP -- invPF <- pfInv anP @@ -109,18 +109,18 @@ progressTransNull _ tNull = tNull -- | Add ProgressTo or -From to rules generated on an action. progressTransAct :: (MonadCatch m, Show ann, Typeable ann) => - AnProcess ann + LProcess ann -> TransFAct (m TranslationResultAct) -> TransFAct (m TranslationResultAct) -progressTransAct anP tAct ac an pos tx = do - (rs0,tx1) <- tAct ac an pos tx +progressTransAct anP tAct ac an pos tx = do + (rs0,tx1) <- tAct ac an pos tx domPF <- pfFrom anP invPF <- pfInv anP return (map (addProgressItems domPF invPF pos) rs0,extendVars domPF pos tx1) -- | Add ProgressTo or -From to rules generated on a combinator. progressTransComb :: (MonadCatch m, Show ann, Typeable ann) => - AnProcess ann + LProcess ann -> TransFComb (m TranslationResultComb) -> TransFComb (m TranslationResultComb) progressTransComb anP tComb comb an pos tx = do @@ -134,12 +134,12 @@ progressTransComb anP tComb comb an pos tx = do -- | Overall translation is a triple of the other translations. progressTrans :: (Show ann, Typeable ann, MonadCatch m2, MonadCatch m3) => - AnProcess ann - -> + LProcess ann + -> (TransFNull (m1 TranslationResultNull), TransFAct (m2 TranslationResultAct), TransFComb (m3 TranslationResultComb)) - -> + -> (TransFNull (m1 TranslationResultNull), TransFAct (m2 TranslationResultAct), TransFComb (m3 TranslationResultComb)) @@ -148,18 +148,18 @@ progressTrans anP (tN,tA,tC) = ( progressTransNull anP tN , progressTransComb anP tC) resProgressInit :: String -resProgressInit = [QQ.r|restriction progressInit: +resProgressInit = [QQ.r|restriction progressInit: "Ex #t . Init()@t" |] -- | Add restrictions for all transitions that have to take place according to the progress function. -progressRestr :: (MonadThrow m, MonadCatch m, Show ann, Typeable ann) => AnProcess ann -> [SyntacticRestriction] -> m [SyntacticRestriction] +progressRestr :: (MonadThrow m, MonadCatch m, Show ann, Typeable ann) => LProcess ann -> [SyntacticRestriction] -> m [SyntacticRestriction] progressRestr anP restrictions = do domPF <- pfFrom anP -- set of "from" positions initL <- toEx resProgressInit lss_to <- mapM restriction (toList domPF) -- list of set of sets of "to" positions return $ restrictions ++ concat lss_to ++ [initL] - where + where restriction pos = do -- produce restriction to go to one of the tos once pos is reached toss <- pf anP pos mapM (\tos -> return $ Restriction (name tos) (formula tos)) (toList toss) @@ -172,6 +172,6 @@ progressRestr anP restrictions = do antecedent = Ato $ Action (varTerm $ Free t1var) $ actionToFactFormula (ProgressFrom pos) conclusion tos = bigOr $ map progressTo $ toList tos bigOr [to] = to - bigOr (to:tos) = to .||. bigOr tos + bigOr (to:tos) = to .||. bigOr tos bigOr [] = TF False -- This case should never occur progressTo to = hinted exists t2var $ Ato $ Action (varTerm $ Free t2var) $ actionToFactFormula $ ProgressTo to pos diff --git a/lib/sapic/src/Sapic/ReliableChannelTranslation.hs b/lib/sapic/src/Sapic/ReliableChannelTranslation.hs index 77b50da39..639ce20cf 100644 --- a/lib/sapic/src/Sapic/ReliableChannelTranslation.hs +++ b/lib/sapic/src/Sapic/ReliableChannelTranslation.hs @@ -23,9 +23,9 @@ import qualified Text.RawString.QQ as QQ import Theory import Theory.Sapic --- | Init-rule that allows generating MessageIDSender and MessageIDReceiver facts, +-- | Init-rule that allows generating MessageIDSender and MessageIDReceiver facts, -- | for later consumption. -reliableChannelInit :: Monad m => AnProcess ann -> ([AnnotatedRule ann], Set LVar) -> m ([AnnotatedRule ann], Set LVar) +reliableChannelInit :: Monad m => LProcess ann -> ([AnnotatedRule ann], Set LVar) -> m ([AnnotatedRule ann], Set LVar) reliableChannelInit anP (initrules,initTx) = return (messageidrule : initrules, initTx) where messageidrule = AnnotatedRule (Just "MessageIDRule") anP (Right NoPosition) @@ -39,36 +39,44 @@ reliableChannelInit anP (initrules,initTx) = return (messageidrule : initrules, reliableChannelTransAct :: MonadThrow m => TransFAct (m TranslationResultAct) -> TransFAct (m TranslationResultAct) -reliableChannelTransAct tAct ac an p tx - | (ChIn (Just v) t) <- ac +reliableChannelTransAct tAct ac an p tx + | (ChIn (Just v') t' _) <- ac -- match vars are ignored in the translation, as they are bound in the def_state + , v <- toLNTerm v' + , t <- toLNTerm t' ,Lit (Con name) <- viewTerm v , sortOfName name == LSortPub , getNameId (nId name) == "c" = let tx' = (freeset v) `union` (freeset t) `union` tx in let ts = fAppPair (v,t) in return $ ([ ([def_state, (In ts) ], [ChannelIn ts], [def_state1 tx'],[]) ],tx') - | (ChOut (Just v) t) <- ac + | (ChOut (Just v') t') <- ac + , v <- toLNTerm v' + , t <- toLNTerm t' ,Lit (Con name) <- viewTerm v , sortOfName name == LSortPub , getNameId (nId name) == "c" = let tx' = (freeset v) `union` (freeset t) `union` tx in return $ ([ ([def_state, (In v) ], [ChannelIn v], [def_state1 tx', Out t],[]) ],tx') - | (ChIn (Just r) t) <- ac + | (ChIn (Just r') t' _) <- ac -- match vars are ignored in the translation, as they are bound in the def_state + , r <- toLNTerm r' + , t <- toLNTerm t' ,Lit (Con name) <- viewTerm r , sortOfName name == LSortPub , getNameId (nId name) == "r" = let tx' = (freeset r) `union` (freeset t) `union` tx in return $ ([ ([def_state, In t, MessageIDReceiver p ], [Receive p t], [def_state1 tx'],[]) ],tx') - | (ChOut (Just r) t) <- ac + | (ChOut (Just r') t') <- ac + , r <- toLNTerm r' + , t <- toLNTerm t' ,Lit (Con name) <- viewTerm r , sortOfName name == LSortPub , getNameId (nId name) == "r" = let tx' = (freeset r) `union` (freeset t) `union` tx in return $ ([ ([MessageIDSender p, def_state], [Send p t], [Out t, def_state1 tx'], []) ],tx') | (ChOut (Just _) _) <- ac = throwM ( ProcessNotWellformed WFReliable :: SapicException AnnotatedProcess) - | (ChIn (Just _) _) <- ac = throwM ( ProcessNotWellformed WFReliable :: SapicException AnnotatedProcess) + | (ChIn (Just _) _ _) <- ac = throwM ( ProcessNotWellformed WFReliable :: SapicException AnnotatedProcess) | (ChOut Nothing _) <- ac = throwM ( ProcessNotWellformed WFReliable :: SapicException AnnotatedProcess) - | (ChIn Nothing _) <- ac = throwM ( ProcessNotWellformed WFReliable :: SapicException AnnotatedProcess) + | (ChIn Nothing _ _) <- ac = throwM ( ProcessNotWellformed WFReliable :: SapicException AnnotatedProcess) -- raising exceptions is done with throwM. Add exceptions to Exceptions.hs | otherwise = tAct ac an p tx -- otherwise case: call tAct where @@ -81,28 +89,28 @@ reliableChannelTrans :: MonadThrow m => (a, TransFAct (m TranslationResultAct), c) - -> + -> (a, TransFAct (m TranslationResultAct), c) reliableChannelTrans (tNull,tAct,tComb) = (tNull, reliableChannelTransAct tAct,tComb) resReliable :: String -resReliable = [QQ.r|restriction reliable: +resReliable = [QQ.r|restriction reliable: "All #i x y. Send(x,y)@i ==> Ex #j. Receive(x,y)@j & #i<#j" |] -- | Add restrictions that enforces Send-events to have Receive-events -reliableChannelRestr :: (MonadThrow m, MonadCatch m, Show ann) => AnProcess ann -> [SyntacticRestriction] -> m [SyntacticRestriction] +reliableChannelRestr :: (MonadThrow m, MonadCatch m, Show ann) => LProcess ann -> [SyntacticRestriction] -> m [SyntacticRestriction] reliableChannelRestr anP restrictions = do res <- toEx resReliable return $ restrictions ++ addIf (processContains anP isReliableTrans) [res] - where + where addIf phi list = if phi then list else [] - isReliableTrans (ProcessAction ac _ _) + isReliableTrans (ProcessAction ac _ _) | (ChOut (Just tr) _) <- ac -- If there are only receives on the reliable channel, we do not need the restriction ,Lit (Con name) <- viewTerm tr , sortOfName name == LSortPub , getNameId (nId name) == "r" = True | otherwise = False - isReliableTrans _ = False + isReliableTrans _ = False diff --git a/lib/sapic/src/Sapic/Report.hs b/lib/sapic/src/Sapic/Report.hs index 788b093ed..86fe1b2b0 100644 --- a/lib/sapic/src/Sapic/Report.hs +++ b/lib/sapic/src/Sapic/Report.hs @@ -29,7 +29,7 @@ import Theory import Theory.Sapic import Term.Builtin.Signature -reportInit :: Monad m => AnProcess ann -> ([AnnotatedRule ann], Set LVar) -> m ([AnnotatedRule ann], Set LVar) +reportInit :: Monad m => LProcess ann -> ([AnnotatedRule ann], Set LVar) -> m ([AnnotatedRule ann], Set LVar) reportInit anP (initrules,initTx) = return (reportrule : initrules, initTx) where reportrule = AnnotatedRule (Just "ReportRule") anP (Right NoPosition) @@ -41,51 +41,53 @@ reportInit anP (initrules,initTx) = return (reportrule : initrules, initTx) var s = LVar s LSortMsg 0 x = var "x" loc = var "loc" + -- protFact = Syntactic . Pred $ (protoFact Linear "Report" [varTerm x, varTerm loc]) protFact = Syntactic . Pred $ (protoFact Linear "Report" [varTerm (Free x), varTerm (Free loc)]) --- This rules use the builtin restriction system to bind the Report predicate (which must be defined by the user), to this rule. -opt_loc :: Maybe SapicTerm -> ProcessAnnotation -> Maybe SapicTerm +-- | This rules use the builtin restriction system to bind the Report predicate (which must be defined by the user), to this rule. +opt_loc :: Maybe SapicTerm -> ProcessAnnotation v -> Maybe SapicTerm opt_loc loc ann = - case (location ann) of + case (location $ parsingAnn ann) of Nothing -> loc Just x -> Just x -mapTerms :: (Maybe SapicTerm -> SapicTerm -> SapicTerm) +reportMapTerms :: (Maybe SapicTerm -> SapicTerm -> SapicTerm) -> Maybe SapicTerm - -> AnProcess ProcessAnnotation - -> AnProcess ProcessAnnotation -mapTerms _ _ (ProcessNull ann) = ProcessNull ann -mapTerms f loc (ProcessAction ac ann p') = ProcessAction (mapTermsAction f (opt_loc loc ann) ac) ann - $ mapTerms f (opt_loc loc ann) p' -mapTerms f loc (ProcessComb c ann pl pr) = ProcessComb (mapTermsComb f (opt_loc loc ann) c) ann - (mapTerms f (opt_loc loc ann) pl) - (mapTerms f (opt_loc loc ann) pr) -mapTermsAction :: (Maybe SapicTerm -> SapicTerm -> SapicTerm) + -> LProcess (ProcessAnnotation LVar) + -> LProcess (ProcessAnnotation LVar) +reportMapTerms _ _ (ProcessNull ann) = ProcessNull ann +reportMapTerms f loc (ProcessAction ac ann p') = ProcessAction (reportMapTermsAction f (opt_loc loc ann) ac) ann + $ reportMapTerms f (opt_loc loc ann) p' +reportMapTerms f loc (ProcessComb c ann pl pr) = ProcessComb (reportMapTermsComb f (opt_loc loc ann) c) ann + (reportMapTerms f (opt_loc loc ann) pl) + (reportMapTerms f (opt_loc loc ann) pr) +reportMapTermsAction :: (Maybe SapicTerm -> SapicTerm -> SapicTerm) -> Maybe SapicTerm - -> SapicAction - -> SapicAction -mapTermsAction f loc ac - | (New v) <- ac, v' <- termVar' (f loc (varTerm v)) = New v' - | (ChIn mt t) <- ac = ChIn (fmap (f loc) mt) (f loc t) + -> LSapicAction + -> LSapicAction +reportMapTermsAction f loc ac + | (New v) <- ac = New v -- (f loc) is always the identity over variables + | (ChIn mt t vs) <- ac = ChIn (fmap (f loc) mt) (f loc t) vs | (ChOut mt t) <- ac = ChOut (fmap (f loc) mt) (f loc t) | (Insert t1 t2) <- ac = Insert (f loc t1) (f loc t2) | (Delete t) <- ac = Delete (f loc t) | (Lock t) <- ac = Lock (f loc t) | (Unlock t) <- ac = Unlock (f loc t) | (Event fa) <- ac = Event (fmap (f loc) fa) - | (MSR (l,a,r,rest)) <- ac = MSR $ (f2mapf l, f2mapf a, f2mapf r, fmap formulaMap rest) + | (MSR l a r rest vs) <- ac = MSR (f2mapf l) (f2mapf a) (f2mapf r) (fmap formulaMap rest) vs | Rep <- ac = Rep where f2mapf = fmap $ fmap (f loc) -- something like -- formulaMap = mapAtoms $ const $ fmap $ fmap f formulaMap = undefined -mapTermsComb:: (Maybe SapicTerm -> SapicTerm -> SapicTerm) +reportMapTermsComb:: (Maybe SapicTerm -> SapicTerm -> SapicTerm) -> Maybe SapicTerm - -> ProcessCombinator - -> ProcessCombinator -mapTermsComb f loc c + -> ProcessCombinator SapicLVar + -> ProcessCombinator SapicLVar +reportMapTermsComb f loc c | (Cond _) <- c = Cond $ undefined -- same problem as above | (CondEq t1 t2) <- c = CondEq (f loc t1) (f loc t2) + | (Let t1 t2 vs) <- c = Let (f loc t1) (f loc t2) vs | (Lookup t v) <- c = Lookup (f loc t) v | otherwise = c @@ -98,5 +100,5 @@ subst (Just loc) t = case viewTerm t of else t FApp k as -> termViewToTerm $ FApp k (L.map (subst (Just loc)) as) -translateTermsReport :: AnProcess ProcessAnnotation -> AnProcess ProcessAnnotation -translateTermsReport = mapTerms subst Nothing +translateTermsReport :: LProcess (ProcessAnnotation LVar) -> LProcess (ProcessAnnotation LVar) +translateTermsReport = reportMapTerms subst Nothing diff --git a/lib/sapic/src/Sapic/SecretChannels.hs b/lib/sapic/src/Sapic/SecretChannels.hs index 01ccffbd3..1300dec13 100644 --- a/lib/sapic/src/Sapic/SecretChannels.hs +++ b/lib/sapic/src/Sapic/SecretChannels.hs @@ -9,33 +9,33 @@ -- Compute annotations for always-secret channels -- -- A channel is defined always-secret iff it correspond to a fresh variable --- only use as a channel identifier. For these channels, we can use a more +-- only used as a channel identifier. For these channels, we can use a more -- efficient translation, as the adversary can never deduce then, and thus only -- a silent transition is possible. module Sapic.SecretChannels ( annotateSecretChannels ) where --- import Control.Exception --- import Control.Monad.Catch --- import Control.Monad.Fresh + import Data.Set as S import Data.List as L + import Sapic.Annotation --- import Sapic.Exceptions +import Sapic.Basetranslation + import Theory import Theory.Sapic -- | Get all variables inside a term -getTermVariables :: LNTerm -> S.Set LVar +getTermVariables :: SapicTerm -> S.Set LVar getTermVariables ts = - S.fromList $ L.map fst $ varOccurences ts + S.fromList $ L.map fst $ varOccurences $ toLNTerm ts --- | Get all variables never outputed -getSecretChannels :: AnProcess ProcessAnnotation -> S.Set LVar -> S.Set LVar +-- | Get all variables that were never output +getSecretChannels :: LProcess (ProcessAnnotation LVar) -> S.Set LVar -> S.Set LVar getSecretChannels (ProcessAction (New v) _ p) candidates = - let c = S.insert v candidates in + let c = S.insert (toLVar v) candidates in getSecretChannels p c getSecretChannels (ProcessAction (ChOut _ t2) _ p) candidates = let c = S.difference candidates (getTermVariables t2) in @@ -43,7 +43,7 @@ getSecretChannels (ProcessAction (ChOut _ t2) _ p) candidates = getSecretChannels (ProcessAction (Insert _ t2) _ p) candidates = let c = S.difference candidates (getTermVariables t2) in getSecretChannels p c -getSecretChannels (ProcessAction (_) _ p) candidates = +getSecretChannels (ProcessAction _ _ p) candidates = getSecretChannels p candidates getSecretChannels (ProcessNull _) candidates = candidates getSecretChannels (ProcessComb _ _ pl pr ) candidates = @@ -51,32 +51,33 @@ getSecretChannels (ProcessComb _ _ pl pr ) candidates = where c1 = getSecretChannels pl candidates c2 = getSecretChannels pr candidates - --- | For each input or output, if the variable is secret, we annotate the process -annotateEachSecretChannels :: AnProcess ProcessAnnotation -> S.Set LVar -> AnProcess ProcessAnnotation -annotateEachSecretChannels (ProcessNull an) _ = (ProcessNull an) + +-- | For each input or output, if the variable is secret, we annotate the process +annotateEachSecretChannels :: LProcess (ProcessAnnotation LVar) -> S.Set LVar -> LProcess (ProcessAnnotation LVar) +annotateEachSecretChannels (ProcessNull an) _ = ProcessNull an annotateEachSecretChannels (ProcessComb comb an pl pr ) svars = - (ProcessComb comb an pl' pr') + ProcessComb comb an pl' pr' where pl' = annotateEachSecretChannels pl svars pr' = annotateEachSecretChannels pr svars annotateEachSecretChannels (ProcessAction ac an p) svars - | (ChIn (Just t1) _) <- ac, Lit (Var v) <- viewTerm t1 = + | (ChIn (Just t1) _ _) <- ac, Lit (Var v') <- viewTerm t1 + , v <- toLVar v' = if S.member v svars then - (ProcessAction ac (an `mappend` annSecretChannel (AnLVar v)) p') + ProcessAction ac (an `mappend` annSecretChannel (AnVar v)) p' else - (ProcessAction ac an p') - | (ChOut (Just t1) _) <- ac, Lit (Var v) <- viewTerm t1 = + ProcessAction ac an p' + | (ChOut (Just t1) _) <- ac, Lit (Var v') <- viewTerm t1 + , v <- toLVar v' = if S.member v svars then - (ProcessAction ac (an `mappend` annSecretChannel (AnLVar v)) p') + ProcessAction ac (an `mappend` annSecretChannel (AnVar v)) p' else - (ProcessAction ac an p') - | otherwise = (ProcessAction ac an p') + ProcessAction ac an p' + | otherwise = ProcessAction ac an p' where p'= annotateEachSecretChannels p svars -annotateSecretChannels :: AnProcess ProcessAnnotation -> (AnProcess ProcessAnnotation) -annotateSecretChannels anp = +annotateSecretChannels :: LProcess (ProcessAnnotation LVar) -> LProcess (ProcessAnnotation LVar) +annotateSecretChannels anp = annotateEachSecretChannels anp svars where svars = getSecretChannels anp S.empty - diff --git a/lib/sapic/src/Sapic/States.hs b/lib/sapic/src/Sapic/States.hs new file mode 100644 index 000000000..5fd15c729 --- /dev/null +++ b/lib/sapic/src/Sapic/States.hs @@ -0,0 +1,237 @@ +{-# LANGUAGE PatternGuards #-} +-- | +-- Copyright : (c) 2019 Charlie Jacomme and Robert Künnemann +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- + +module Sapic.States ( + annotatePureStates, + hasBoundUnboundStates +) where + +import Sapic.Annotation + +import Theory +import Theory.Sapic + +import qualified Data.Set as S +import qualified Data.Map as M +import qualified Data.List as L +import Control.Monad.Fresh + +-- Returns all states identifiers that are completely bound by names, when there is no states with a free identifier + +isBound :: S.Set LVar -> SapicTerm -> Bool +isBound boundNames t = S.fromList (frees $ toLNTerm t) `S.isSubsetOf` boundNames + +hasBoundUnboundStates :: LProcess (ProcessAnnotation LVar) -> (Bool, Bool) +hasBoundUnboundStates p = (bounds /= S.empty, unbounds /= S.empty) + where (bounds, unbounds) = getAllStates p S.empty + +getAllStates :: LProcess (ProcessAnnotation LVar) -> S.Set LVar-> (S.Set SapicTerm, S.Set SapicTerm) +getAllStates (ProcessAction (Insert t _) _ p) boundNames | isBound boundNames t = (S.insert t boundStates, freeStates) + where (boundStates,freeStates) = getAllStates p boundNames +getAllStates (ProcessAction (Insert t _) _ p) boundNames = (boundStates, S.insert t freeStates) + where (boundStates,freeStates) = getAllStates p boundNames +getAllStates (ProcessAction (Lock t) _ p) boundNames | isBound boundNames t = (S.insert t boundStates, freeStates) + where (boundStates,freeStates) = getAllStates p boundNames +getAllStates (ProcessAction (Lock t) _ p) boundNames = (boundStates, S.insert t freeStates) + where (boundStates,freeStates) = getAllStates p boundNames +getAllStates (ProcessAction (Unlock t) _ p) boundNames | isBound boundNames t = (S.insert t boundStates, freeStates) + where (boundStates,freeStates) = getAllStates p boundNames +getAllStates (ProcessAction (Unlock t ) _ p) boundNames = (boundStates, S.insert t freeStates) + where (boundStates,freeStates) = getAllStates p boundNames + + +getAllStates (ProcessAction (New (SapicLVar v _)) _ p) boundNames = getAllStates p (v `S.insert` boundNames) +getAllStates (ProcessAction _ _ p) boundNames = getAllStates p boundNames +getAllStates (ProcessNull _) _ = (S.empty, S.empty) + +getAllStates (ProcessComb (Lookup t _) _ pl pr) boundNames | isBound boundNames t = + (t `S.insert` boundStatesL `S.union` boundStatesR, freeStatesL `S.union` freeStatesR) + where (boundStatesL,freeStatesL) = getAllStates pl boundNames + (boundStatesR,freeStatesR) = getAllStates pr boundNames +getAllStates (ProcessComb (Lookup t _) _ pl pr) boundNames = + (boundStatesL `S.union` boundStatesR, t `S.insert` freeStatesL `S.union` freeStatesR) + where (boundStatesL,freeStatesL) = getAllStates pl boundNames + (boundStatesR,freeStatesR) = getAllStates pr boundNames + + +getAllStates (ProcessComb _ _ pl pr) boundNames = + (boundStatesL `S.union` boundStatesR, freeStatesL `S.union` freeStatesR) + where (boundStatesL,freeStatesL) = getAllStates pl boundNames + (boundStatesR,freeStatesR) = getAllStates pr boundNames + + + +-- State channels declaration +-- We first go once into the process, to add where need the channel identifiers for each required state. + +type StateMap = M.Map SapicTerm (AnVar LVar) + +stateChannelName :: String +stateChannelName = "StateChannel" + +addStatesChannels :: LProcess (ProcessAnnotation LVar) -> LProcess (ProcessAnnotation LVar) +addStatesChannels p = evalFresh (declareStateChannel p (S.toList allBoundStates) S.empty M.empty) initStateChan + where + allBoundStates = fst $ getAllStates p S.empty + initState = avoidPreciseVars . map (\(SapicLVar lvar _) -> lvar) $ S.toList $ varsProc p + initStateChan = case M.lookup stateChannelName initState of + Nothing -> 0 + Just i -> i + +-- Descends into a process. Whenever all the names of a state term are declared, we declare a name corresponding to this state term, that will be used as the corresponding channel name. +declareStateChannel :: MonadFresh m => LProcess (ProcessAnnotation LVar) -> [SapicTerm] -> S.Set SapicLVar -> StateMap -> m (LProcess (ProcessAnnotation LVar)) +declareStateChannel p toDeclare boundNames stateMap = + let (declarables, undeclarables) = L.partition (\v -> S.fromList (freesSapicTerm v) `S.isSubsetOf` boundNames) toDeclare in + if null declarables then do + case p of + ProcessNull _ -> return p + ProcessComb a an pl pr -> do + pl' <- declareStateChannel pl toDeclare boundNames stateMap + pr' <- declareStateChannel pr toDeclare boundNames stateMap + case a of + Lookup t _ -> return $ ProcessComb a an{ stateChannel = M.lookup t stateMap} pl' pr' + _ -> return $ ProcessComb a an pl' pr' + ProcessAction (New var) an pr -> do + pr' <- declareStateChannel pr toDeclare (var `S.insert` boundNames) stateMap + return $ ProcessAction (New var) an pr' + + ProcessAction act an pr -> do + pr' <- declareStateChannel pr toDeclare boundNames stateMap + case act of + Insert t _ -> return $ ProcessAction act an{ stateChannel = M.lookup t stateMap} pr' + Lock t -> return $ ProcessAction act an{ stateChannel = M.lookup t stateMap} pr' + Unlock t -> return $ ProcessAction act an{ stateChannel = M.lookup t stateMap} pr' + _ -> return $ ProcessAction act an pr' + else do + (newvars, newMap) <- newStates p declarables [] stateMap + p' <- declareStateChannel p undeclarables boundNames newMap + return $ addNews p' newvars + where addNews pr [] = pr + addNews pr ((var, term):d) = ProcessAction (New (SapicLVar var (Just "channel"))) mempty{ isStateChannel = Just term } (addNews pr d) + +newStates :: MonadFresh m => LProcess (ProcessAnnotation LVar) -> [SapicTerm] -> [(LVar, SapicTerm)] + -> StateMap -> m ([(LVar, SapicTerm)], StateMap) +newStates _ [] declared stateMap = return (declared, stateMap) +newStates p (v:declarables) declared stateMap = do + newvar <- freshLVar stateChannelName LSortMsg +-- let newslvar = SapicLVar newvar (Just "channel") + let newMap = M.insert v (AnVar newvar) stateMap + newStates p declarables ((newvar, v):declared) newMap + + + +-- We now have a process with defined states channels. We want to optimize on pure states, that is +-- a state channel such that, 1) there is a single insert outside of a lock (this is the state initialisation); 2) every occurence of the state channel is either lock t; lookup t or insert t; unlock t. + +-- Remark that if there is a state identifier based on an input variable accessed not in a pure fashion, no state is considered pure +existsAttackerUnpure :: LProcess (ProcessAnnotation LVar) -> S.Set LVar -> Bool +existsAttackerUnpure p boundNames = + case p of + ProcessAction (New (SapicLVar v _)) _ pl + -> existsAttackerUnpure pl (v `S.insert` boundNames) + ProcessAction (Insert t _) _ (ProcessAction (Unlock t2) _ pl) | t == t2 + -> existsAttackerUnpure pl boundNames + ProcessAction (Lock t) _ (ProcessComb (Lookup t2 _ ) _ pl (ProcessNull _)) | t == t2 + -> existsAttackerUnpure pl boundNames + -- any lone action on unbound identifier raises the warning + ProcessAction (Insert t _) _ _ | not (isBound boundNames t) + -> True + ProcessAction (Lock t) _ _ | not (isBound boundNames t) + -> True + ProcessAction (Unlock t) _ _ | not (isBound boundNames t) + -> True + ProcessComb (Lookup t _ ) _ _ (ProcessNull _) | not (isBound boundNames t) + -> True + ProcessAction _ _ pl + -> existsAttackerUnpure pl boundNames + ProcessComb _ _ pl pr -> + let bl = existsAttackerUnpure pl boundNames in + let br = existsAttackerUnpure pr boundNames in + bl || br + ProcessNull _ -> False + +-- isPureState decides if a state is pure. It returns (isPure, loneInsert), where loneInsert describes that there is at least one lone insert for this state. +isPureState :: LProcess (ProcessAnnotation LVar) -> SapicTerm -> Bool -> (Bool, Bool) +isPureState p target loneInsert = + case p of + (ProcessAction (Insert t _) _ (ProcessAction (Unlock t2) _ pl)) | t == t2 + -> isPureState pl target loneInsert + (ProcessAction (Lock t) _ (ProcessComb (Lookup t2 _ ) _ pl (ProcessNull _)) ) | t == t2 + -> isPureState pl target loneInsert + (ProcessAction (Insert t _) _ pl) | t == target + -> + -- when we see a lone insert, if there is another lone insert somewhere else we return false + let (pure', lone) = isPureState pl target loneInsert in + if lone then + (False, lone) + else (pure', lone) + (ProcessAction (Lock t ) _ _) | t == target + -> (False, False) + (ProcessAction (Unlock t) _ _) | t == target + -> (False, False) + (ProcessAction _ _ pl) + -> isPureState pl target loneInsert + ProcessComb Parallel _ pl pr -> + -- in parallel, we sum the oneOutSide, and in all other cases, we just merge them (as the two branches can never be taken + let (pur, lone) = isPureState pl target loneInsert in + let (pure', lone') = isPureState pr target loneInsert in + ( pur && pure' && not(lone && lone'), lone || lone') + ProcessComb _ _ pl pr -> + let (pur, lone) = isPureState pl target loneInsert in + let (pure', lone') = isPureState pr target loneInsert in + ( pur && pure', lone || lone') + ProcessNull _ -> (True, False) + +-- getPureStates :: LProcess (ProcessAnnotation LVar) -> S.Set SapicTerm -> S.Set SapicTerm +-- getPureStates p currentPures = fst $ computePureStates p currentPures S.empty +-- where (pureStates, unPureStates) +annotatePureStates :: LProcess (ProcessAnnotation LVar) -> LProcess (ProcessAnnotation LVar) +annotatePureStates p + | existsAttackerUnpure p S.empty = addStatesChannels p + | fst (getAllStates p S.empty) == S.empty = p + | otherwise = annotateEachPureStates (addStatesChannels p) S.empty +-- where pureStates = getPureStates p (getAllBoundStates p) + + +-- | For each input or output, if the variable is secret, we annotate the process +annotateEachPureStates :: LProcess (ProcessAnnotation LVar) -> S.Set SapicTerm -> LProcess (ProcessAnnotation LVar) +annotateEachPureStates (ProcessNull an) _ = ProcessNull an +annotateEachPureStates (ProcessComb comb an pl pr ) pureStates + | Lookup t _ <- comb = + if t `S.member` pureStates then + ProcessComb comb an{pureState=True} pl' pr' + else + ProcessComb comb an pl' pr' + | otherwise = ProcessComb comb an pl' pr' + where + pl' = annotateEachPureStates pl pureStates + pr' = annotateEachPureStates pr pureStates +annotateEachPureStates (ProcessAction ac an p) pureStates + | New _ <- ac, Just cid <- isStateChannel an = + if fst $ isPureState p cid False then + ProcessAction ac an{pureState=True, isStateChannel = Just cid} (annotateEachPureStates p (cid `S.insert` pureStates)) + else + ProcessAction ac an p + | Unlock t <- ac = + if t `S.member` pureStates then + ProcessAction ac an{pureState=True} p' + else + ProcessAction ac an p' + | Lock t <- ac = + if t `S.member` pureStates then + ProcessAction ac an{pureState=True} p' + else + ProcessAction ac an p' + | Insert t _ <- ac = + if t `S.member` pureStates then + ProcessAction ac an{pureState=True} p' + else + ProcessAction ac an p' + | otherwise = ProcessAction ac an p' + where p'= annotateEachPureStates p pureStates diff --git a/lib/sapic/src/Sapic/Typing.hs b/lib/sapic/src/Sapic/Typing.hs new file mode 100644 index 000000000..28968fed3 --- /dev/null +++ b/lib/sapic/src/Sapic/Typing.hs @@ -0,0 +1,236 @@ +{-# LANGUAGE PatternGuards #-} +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE ViewPatterns #-} +module Sapic.Typing ( + typeTheory + , typeTheoryEnv + , typeTermsWithEnv + , typeProcess + , TypingEnvironment (..) +) where + +import qualified Data.Map.Strict as Map +import qualified Data.Foldable as F +import qualified Data.Set as S +import Data.Maybe +import Data.Tuple + +import qualified Extension.Data.Label as L + +import Control.Monad.Trans.State.Lazy +import Control.Monad.Catch +import Theory +import Theory.Sapic +import Sapic.Exceptions +import Sapic.Annotation +import Sapic.Bindings +import Control.Monad.Fresh +import qualified Control.Monad.Trans.PreciseFresh as Precise +import Data.Bifunctor ( Bifunctor(second) ) +import GHC.Stack (HasCallStack) + +-- | Smaller-or-equal / More-or-equally-specific relation on types. +smallerType :: Eq a => Maybe a -> Maybe a -> Bool +smallerType _ Nothing = True +smallerType (Just t) (Just t') = t == t' +smallerType Nothing (Just _) = False + +data TypingException = CannotMerge SapicType SapicType +instance Show TypingException + where + show (CannotMerge t1 t2) = "Cannot merge types" ++ show t1 ++ " and " ++ show t2 ++ "." +instance Exception TypingException + +-- | Largest lower bound on types. Give the more specific of two types, unless +-- they are contradicting. Can also be used as Either type. +sqcap :: MonadThrow m => Maybe String -> Maybe String -> m (Maybe String) +sqcap t1 t2 + | t1 `smallerType` t2 = return t1 + | t2 `smallerType` t1 = return t2 + | otherwise = throwM (CannotMerge t1 t2) + +-- | Default type for function with unspecified types or no type +defaultFunctionType :: Int -> ([Maybe a1], Maybe a2) +defaultFunctionType n = (replicate n Nothing ,Nothing) -- if no type defined, assume Nothing^n -> Nothing + +data TypingEnvironment = TypingEnvironment { + vars :: Map.Map LVar SapicType + , funs :: Map.Map NoEqSym ([SapicType],SapicType) + , events :: Map.Map FactTag [SapicType] +} + +-- | Try to type term `t` with a type more specific than `tt`. Returns typed +-- term and its type in a Throw-Monad that contains the TypingEnvironment state. +typeWith :: (MonadThrow m, MonadCatch m) => + Term (Lit Name SapicLVar) + -> Maybe String + -> StateT + TypingEnvironment m (Term (Lit Name SapicLVar), SapicType) +typeWith t tt + | Lit2 (Var v) <- viewTerm2 t , lvar' <- slvar v -- CASE: variable + = do + maybeType <- Map.lookup lvar' <$> gets vars + let stype' = fromMaybe Nothing maybeType + -- Note: we graciously ignore unbound variables. Wellformedness + -- checks on MSRs detect them for us. We might change that in + -- the future. + t' <- catch (sqcap stype' tt) (sqHandler t) + te <- get + modify' (\s -> s { vars = Map.insert (slvar v) t' (vars te)}) + return (termViewToTerm $ Lit (Var (SapicLVar lvar' t')), t') + | FAppNoEq fs@(_,(n,_,_)) ts <- viewTerm2 t -- CASE: standard function application + = do + -- First determine output type of function from target constraint and update FunctionTypingEnvironment + (intypes1,outtype1) <- getFun n fs + mintype1 <- catch (sqcap outtype1 tt) (sqHandler t) + insertFun fs (intypes1, mintype1) + -- Then try to type arguments + (_,ptypes) <- unzip <$> zipWithM typeWith ts intypes1 + -- From typing our arguments, we might have learned a more precise + -- output type, e.g., for t=h(h(x:lol)) we learn that h must have output + -- lol. + -- So we recompute the output type ... + (intypes2,outtype2) <- getFun n fs + mintype2 <- catch (sqcap outtype2 tt) (sqHandler t) + insertFun fs (ptypes, mintype2) + -- ... and now type the arguments for real. + (ts',ptypes') <- unzip <$> zipWithM typeWith ts intypes2 + insertFun fs (ptypes', outtype2) + return (termViewToTerm $ FApp (NoEq fs) ts', outtype2) + | FApp fs ts <- viewTerm t = do -- list, AC or C symbol: ignore, i.e., assume polymorphic + ts' <- mapM (\t' -> fst <$> typeWith t' Nothing) ts + return (termViewToTerm $ FApp fs ts', Nothing) + | otherwise = return (t, Nothing) -- This case should never occur. + where + insertFun fs newFunType = do + fte <- gets funs + case Map.lookup fs fte of + Nothing -> modify' (\s -> s {funs = Map.insert fs newFunType fte }) + Just oldFunType -> do + case mergeFunTypes newFunType oldFunType of + Right mergedFunType -> + modify' (\s -> s {funs = Map.insert fs mergedFunType fte }) + Left _ -> throwM (ProcessNotWellformed (TypingErrorFunctionMerge fs newFunType oldFunType) :: SapicException AnnotatedProcess) + getFun n fs = do + maybeFType <- Map.lookup fs <$> gets funs + return $ fromMaybe (defaultFunctionType n) maybeFType + mergeFunTypes (ins1,out1) (ins2,out2)= do + ins <- zipWithM sqcap ins1 ins2 + out <- sqcap out1 out2 + return (ins,out) + sqHandler term (CannotMerge outt tterm) = + throwM (ProcessNotWellformed (TypingError term outt tterm) :: SapicException AnnotatedProcess) + +-- | Types a term with a given environment +typeTermsWithEnv :: (MonadThrow m, MonadCatch m) => TypingEnvironment -> [Term (Lit Name SapicLVar)] -> m TypingEnvironment +typeTermsWithEnv typeEnv terms = execStateT (mapM typeWith' terms) typeEnv + where typeWith' t = typeWith t Nothing + +typeProcess :: (GoodAnnotation a, MonadThrow m, MonadCatch m) => + Process a SapicLVar -> StateT + TypingEnvironment m (Process a SapicLVar) +typeProcess = traverseProcess fNull fAct fComb gAct gComb + where + -- fNull/fAcc/fComb collect variables that are bound when going downwards + fNull ann = return (ProcessNull ann) + fAct ann ac = F.traverse_ insertVar (bindingsAct ann ac) + fComb ann c = F.traverse_ insertVar (bindingsComb ann c) + -- gAct/gComb reconstruct process tree assigning types to the terms + gAct ac@(Event (Fact tag _ ts)) ann r = do -- r is typed subprocess + ac' <- traverseTermsAction typeWith' typeWithFact typeWithVar ac + argTypes <- mapM (`typeWith` Nothing) ts + te <- get + _ <- modify' (\s -> s { events = Map.insert tag (map snd argTypes) (events te)}) + return (ProcessAction ac' ann r) + gAct ac ann r = do -- r is typed subprocess + ac' <- traverseTermsAction typeWith' typeWithFact typeWithVar ac + return (ProcessAction ac' ann r) + gComb c ann rl rr = do + c' <- traverseTermsComb typeWith' typeWithFact typeWithVar c + return $ ProcessComb c' ann rl rr + typeWith' t = fst <$> typeWith t Nothing + typeWithVar v -- variables are correctly typed, as we just inserted them + | Nothing <- stype v = return $ SapicLVar (slvar v) defaultSapicType + | otherwise = return v + typeWithFact = return -- typing facts is hard because of quantified variables. We skip for now. + insertVar v = do + te <- get + case Map.lookup (slvar v) (vars te) of + Just _ -> throwM (ProcessNotWellformed ( WFBoundTwice v ) :: SapicException AnnotatedProcess) + Nothing -> + modify' (\s -> s { vars = Map.insert (slvar v) (stype v) (vars te)}) + +typeTheoryEnv :: (MonadThrow m, MonadCatch m) => Theory sig c r p TranslationElement -> m (Theory sig c r p TranslationElement, TypingEnvironment) +-- typeTheory :: Theory sig c r p TranslationElement -> m (Theory sig c r p TranslationElement) +typeTheoryEnv th = do + (thaux, fteaux) <- runStateT (mapMProcesses typeAndRenameProcess th) initTE + (th', fte) <- runStateT (mapMProcessesDef typeAndRenameProcessDef thaux) fteaux + let th'' = Map.foldrWithKey addFunctionTypingInfo' (clearFunctionTypingInfos th') (funs fte) + return (th'', fte) + where + -- initial typing environment with functions as far as declared + initTE = TypingEnvironment{ + vars = Map.empty, + funs = foldMap (\(s,inp,out) -> Map.singleton s (inp,out)) (theoryFunctionTypingInfos th), + events = Map.empty + } + typeAndRenameProcess p = do + pUnique <- renameUnique p + modify' (\s -> s { vars = Map.empty}) + typeProcess pUnique + typeAndRenameProcessDef p = do + let pr = L.get pBody p + let pvars = L.get pVars p + let aux_pr = ProcessAction (ChIn Nothing (fAppList (map varTerm pvars)) S.empty) mempty pr + renamedP <- typeAndRenameProcess aux_pr + case renamedP of + ProcessAction (ChIn _ (viewTerm2 -> FList tVars) _) _ prf -> + return $ p { _pBody = prf, _pVars = map termVar' tVars} + _ -> return p -- should not be taken + addFunctionTypingInfo' sym (ins,out) = addFunctionTypingInfo (sym, ins,out) + +-- | Type the Sapic processes in a theory +typeTheory :: (MonadThrow m, MonadCatch m) => Theory sig c r p TranslationElement -> m (Theory sig c r p TranslationElement) +typeTheory th = fst <$> typeTheoryEnv th + +-- | Rename a process so that all its names are unique. Returns renamed process +-- p' and substitution such that: let (p',subst) = renameUnique p in apply subst +-- p' equals p +renameUnique :: (Monad m, Apply (Subst Name LVar) ann, GoodAnnotation ann, HasCallStack) => + Process ann SapicLVar -> m (Process ann SapicLVar) +renameUnique p = Precise.evalFreshT actualCall initState + where + actualCall = renameUnique' emptySubst p + initState = avoidPreciseVars . map (\(SapicLVar lvar _) -> lvar) $ S.toList $ varsProc p + +renameUnique' :: + (MonadFresh m, Apply (Subst Name LVar) ann, GoodAnnotation ann) => + Subst Name LVar -> Process ann SapicLVar -> m (Process ann SapicLVar) +renameUnique' initSubst p = do + let p' = apply initSubst p -- apply outstanding substitution subst, ignore capturing and hope for the best + case p' of + ProcessNull _ -> return p' + ProcessAction ac ann pl -> do + (subst,inv) <- mkSubst $ bindingsAct ann ac + let ann' = mappendProcessParsedAnnotation (mempty {backSubstitution = inv}) ann + let ac' = apply subst ac -- use apply instead of applyM because we want to ignore capturing, i.e., rename bound names... + pl' <- renameUnique' subst pl + return $ ProcessAction ac' ann' pl' + ProcessComb comb ann pl pr -> do + (subst,inv) <- mkSubst $ bindingsComb ann comb + let ann' = mappendProcessParsedAnnotation (mempty {backSubstitution = inv}) ann + let comb' = apply subst comb + pl' <- renameUnique' subst pl + pr' <- renameUnique' subst pr + return $ ProcessComb comb' ann' pl' pr' + where + substFromVarList = substFromList . map (second varTerm) + -- f v = do v' <- freshSapicLVarCopy v; return (v, v') + -- we rename based on LVars, not SapicLVars because variables we want to rename are not properly typed yet. + f v = do + let lv = toLVar v + v' <- freshLVar (lvarName lv) (lvarSort lv); + return (lv, v') + mkSubst bvars = do -- create substitution renaming all elements of bind' into a fresh variable + vmap <- mapM f bvars + return (substFromVarList vmap, substFromVarList $ map swap vmap) diff --git a/lib/sapic/src/Sapic/Warnings.hs b/lib/sapic/src/Sapic/Warnings.hs new file mode 100644 index 000000000..204516f25 --- /dev/null +++ b/lib/sapic/src/Sapic/Warnings.hs @@ -0,0 +1,34 @@ +module Sapic.Warnings( + module Sapic.Warnings +) where + +import Theory +import Theory.Sapic +import Sapic.Exceptions +import Sapic.Bindings +import Control.Monad.Catch +import Sapic.Annotation (AnnotatedProcess) +import Data.Foldable (traverse_) +import Theory.Tools.Wellformedness (WfErrorReport) +import Theory.Text.Pretty (text) + + +-- warnProcess :: [WFerror AnnotatedProcess] +warnProcess :: GoodAnnotation a => Process a SapicLVar -> [WFerror AnnotatedProcess] +warnProcess p = map WFBoundTwice (capturedVariables p) + +toWfErrorReport :: (Show p) => [WFerror p] -> WfErrorReport +toWfErrorReport = map f + where + f e = ("Wellformedness-error in Process", (text . show) e) + +throwWarningsProcess :: (GoodAnnotation a, MonadThrow m) => Process a SapicLVar -> m (Process a SapicLVar) +throwWarningsProcess p = traverse_ throwM capture_warnings >> return p -- search for warnings, then return process + where + capture_warnings = warnProcess p + +warnings :: (Monad m, MonadThrow m) => Theory sig c r p TranslationElement -> m (Theory sig c r p TranslationElement) +warnings = mapMProcesses throwWarningsProcess + +checkWellformednessSapic :: OpenTheory -> WfErrorReport +checkWellformednessSapic = concatMap (toWfErrorReport . warnProcess) . theoryProcesses diff --git a/lib/sapic/tamarin-prover-sapic.cabal b/lib/sapic/tamarin-prover-sapic.cabal index ce2eaa861..46686aed1 100644 --- a/lib/sapic/tamarin-prover-sapic.cabal +++ b/lib/sapic/tamarin-prover-sapic.cabal @@ -65,14 +65,20 @@ library Sapic.Annotation , Sapic.Exceptions , Sapic.ProcessUtils + , Sapic.Bindings , Sapic.Locks , Sapic.SecretChannels + , Sapic.Compression + , Sapic.LetDestructors , Sapic.Facts , Sapic.Basetranslation , Sapic.ProgressFunction , Sapic.ProgressTranslation , Sapic.ReliableChannelTranslation , Sapic.Report + , Sapic.States + , Sapic.Typing + , Sapic.Warnings , Sapic other-modules: diff --git a/lib/term/src/Term/Builtin/Rules.hs b/lib/term/src/Term/Builtin/Rules.hs index de0c11ebb..20e4f30da 100644 --- a/lib/term/src/Term/Builtin/Rules.hs +++ b/lib/term/src/Term/Builtin/Rules.hs @@ -89,7 +89,7 @@ xorRules = S.fromList zero = fAppZero -- | The rewriting rules for standard subterm operators that are builtin. -pairRules, symEncRules, asymEncRules, signatureRules, revealSignatureRules :: Set (CtxtStRule) +pairRules, symEncRules, asymEncRules, signatureRules, revealSignatureRules, locationReportRules :: Set (CtxtStRule) pairRules = S.fromList [ fAppFst (fAppPair (x1,x2)) `CtxtStRule` (StRhs [[0,0]] x1) , fAppSnd (fAppPair (x1,x2)) `CtxtStRule` (StRhs [[0,1]] x2) ] @@ -98,8 +98,6 @@ asymEncRules = S.fromList [ adec (aenc (x1, pk x2), x2) `CtxtStRule` (StRhs [[ signatureRules = S.fromList [ verify (sign (x1,x2), x1, pk x2) `CtxtStRule` (StRhs [[0,0]] trueC) ] revealSignatureRules = S.fromList [ revealVerify (revealSign (x1,x2), x1, pk x2) `CtxtStRule` (StRhs [[0,0]] trueC), extractMessage (revealSign (x1,x2)) `CtxtStRule` (StRhs [[0,0]] x1)] - -locationReportRules :: Set (CtxtStRule) locationReportRules = S.fromList [ check_rep (rep (x1,x2), x2) `CtxtStRule` (StRhs [[0,0]] x1), get_rep (rep (x1,x2)) `CtxtStRule` (StRhs [[0,0]] x1) ] diff --git a/lib/term/src/Term/Builtin/Signature.hs b/lib/term/src/Term/Builtin/Signature.hs index e19932bbc..ef9ff4632 100644 --- a/lib/term/src/Term/Builtin/Signature.hs +++ b/lib/term/src/Term/Builtin/Signature.hs @@ -17,31 +17,32 @@ import qualified Data.Set as S -- | Binary builtin function symbols. sdecSym, sencSym, adecSym, aencSym, signSym, revealSignSym, repSym, checkRepSym :: NoEqSym -sdecSym = ("sdec",(2, Public)) -sencSym = ("senc",(2, Public)) -adecSym = ("adec",(2, Public)) -aencSym = ("aenc",(2, Public)) -signSym = ("sign",(2, Public)) -revealSignSym = ("revealSign",(2, Public)) -repSym = ("rep",(2,Private)) -checkRepSym = ("check_rep",(2,Public)) +sdecSym = ("sdec",(2, Public, Destructor)) +sencSym = ("senc",(2, Public, Constructor)) +adecSym = ("adec",(2, Public, Destructor)) +aencSym = ("aenc",(2, Public, Constructor)) +signSym = ("sign",(2, Public, Constructor)) +revealSignSym = ("revealSign",(2, Public, Constructor)) +repSym = ("rep",(2,Private,Constructor)) +checkRepSym = ("check_rep",(2,Public,Destructor)) -- | Ternary builtin function symbols. verifySym, revealVerifySym :: NoEqSym -verifySym = ("verify",(3, Public)) -revealVerifySym = ("revealVerify",(3, Public)) +verifySym = ("verify",(3, Public, Destructor)) +revealVerifySym = ("revealVerify",(3, Public,Constructor)) -- | Unary builtin function symbols. + pkSym, hashSym, extractMessageSym, getRepSym, reportSym :: NoEqSym -pkSym = ("pk",(1, Public)) -hashSym = ("h",(1, Public)) -extractMessageSym = ("getMessage",(1, Public)) -getRepSym = ("get_rep",(1, Public)) -reportSym = ("report",(1, Public)) +pkSym = ("pk",(1, Public, Constructor)) +hashSym = ("h",(1, Public, Constructor)) +extractMessageSym = ("getMessage",(1, Public, Constructor)) +getRepSym = ("get_rep",(1, Public,Destructor)) +reportSym = ("report",(1, Public,Constructor)) -- | Nullary builtin function symbols. trueSym :: NoEqSym -trueSym = ("true",(0, Public)) +trueSym = ("true",(0, Public, Constructor)) ---------------------------------------------------------------------- -- Builtin signatures diff --git a/lib/term/src/Term/LTerm.hs b/lib/term/src/Term/LTerm.hs index 893d543c1..5382d4bb9 100644 --- a/lib/term/src/Term/LTerm.hs +++ b/lib/term/src/Term/LTerm.hs @@ -87,6 +87,7 @@ module Term.LTerm ( , evalFreshTAvoiding , renameAvoiding , renameAvoidingIgnoring + , avoidPreciseVars , avoidPrecise , renamePrecise , renameDropNamehint @@ -329,29 +330,29 @@ niFactors t = case viewTerm2 t of containsPrivate :: Term t -> Bool containsPrivate t = case viewTerm t of Lit _ -> False - FApp (NoEq (_,(_,Private))) _ -> True + FApp (NoEq (_,(_,Private,_))) _ -> True FApp _ as -> any containsPrivate as -- | containsNoPrivateExcept t t2@ returns @True@ if @t2@ contains private function symbols other than @t@. containsNoPrivateExcept :: [BC.ByteString] -> Term t -> Bool containsNoPrivateExcept funs t = case viewTerm t of Lit _ -> True - FApp (NoEq (f,(_,Private))) as -> (elem f funs) && (all (containsNoPrivateExcept funs) as) + FApp (NoEq (f,(_,Private,_))) as -> (elem f funs) && (all (containsNoPrivateExcept funs) as) FApp _ as -> all (containsNoPrivateExcept funs) as - + -- | A term is *simple* iff there is an instance of this term that can be -- constructed from public names only. i.e., the term does not contain any -- fresh names, fresh variables, or private function symbols. isSimpleTerm :: LNTerm -> Bool isSimpleTerm t = - not (containsPrivate t) && + not (containsPrivate t) && (getAll . foldMap (All . (LSortFresh /=) . sortOfLit) $ t) -- | 'True' iff no instance of this term contains fresh names or private function symbols. neverContainsFreshPriv :: LNTerm -> Bool neverContainsFreshPriv t = - not (containsPrivate t) && + not (containsPrivate t) && (getAll . foldMap (All . (`notElem` [LSortMsg, LSortFresh]) . sortOfLit) $ t) -- | Replaces all Fresh variables with constants using toConst. @@ -414,7 +415,6 @@ type BLVar = BVar LVar -- | Terms built over names and 'LVar's combined with quantified variables. type BLTerm = NTerm BLVar - -- | Fold a possibly bound variable. {-# INLINE foldBVar #-} foldBVar :: (Integer -> a) -> (v -> a) -> BVar v -> a @@ -464,6 +464,7 @@ bltermNodeId' t = instance Eq LVar where (LVar n1 s1 i1) == (LVar n2 s2 i2) = i1 == i2 && s1 == s2 && n1 == n2 + -- x == y = compare x y == EQ -- slower, but consistent with Ord. -- An ord instance that prefers the 'lvarIdx' over the 'lvarName'. instance Ord LVar where @@ -573,7 +574,7 @@ renameIgnoring vars x = case boundsVarIdx x of where incVar shift (LVar n so i) = pure $ if elem (LVar n so i) vars then (LVar n so i) else (LVar n so (i+shift)) - + -- | @eqModuloFreshness t1 t2@ checks whether @t1@ is equal to @t2@ modulo -- renaming of indices of free variables. Note that the normal form is not -- unique with respect to AC symbols. @@ -617,13 +618,15 @@ renameAvoidingIgnoring :: (HasFrees s, HasFrees t) => s -> t -> [LVar] -> s renameAvoidingIgnoring s t vars = renameIgnoring vars s `evalFreshAvoiding` t +avoidPreciseVars :: [LVar] -> Precise.FreshState +avoidPreciseVars = foldl' ins M.empty + where + ins m v = M'.insertWith max (lvarName v) (lvarIdx v + 1) m + -- | @avoidPrecise t@ computes a 'Precise.FreshState' that avoids generating -- variables occurring in @t@. avoidPrecise :: HasFrees t => t -> Precise.FreshState -avoidPrecise = - foldl' ins M.empty . frees - where - ins m v = M'.insertWith max (lvarName v) (lvarIdx v + 1) m +avoidPrecise = avoidPreciseVars . frees -- | @renamePrecise t@ replaces all variables in @t@ with fresh variables. -- If 'Control.Monad.PreciseFresh' is used with non-AC terms and identical @@ -812,4 +815,3 @@ showLitName (Var (LVar v s i)) = "Var_" ++ sortSuffix s ++ "_" ++ body body | null v = show i | i == 0 = v | otherwise = show i ++ "_" ++ v - diff --git a/lib/term/src/Term/Maude/Parser.hs b/lib/term/src/Term/Maude/Parser.hs index 6bc9185a8..2065e6514 100644 --- a/lib/term/src/Term/Maude/Parser.hs +++ b/lib/term/src/Term/Maude/Parser.hs @@ -68,11 +68,31 @@ parseLSortSym s = case s of -- | Used to prevent clashes with predefined Maude function symbols -- like @true@ funSymPrefix :: ByteString -funSymPrefix = "tamX" +funSymPrefix = "tam" --- | Prefix for private function symbols. -funSymPrefixPriv :: ByteString -funSymPrefixPriv = "tamP" +-- | Encode attributes in additional prefix +funSymEncodeAttr :: Privacy -> Constructability -> ByteString +funSymEncodeAttr priv constr = f priv <> g constr + where + f Private = "P" + f Public = "X" + g Constructor = "C" + g Destructor = "D" + +-- | Decode string @funSymPrefix || funSymEncodeAttr p c || ident@ into +-- @(ident,p,c)@ +funSymDecode :: ByteString -> (ByteString, Privacy, Constructability) +funSymDecode s = (ident,priv,constr) + where + prefixLen = BC.length funSymPrefix + (eAttr,ident) = BC.splitAt 2 (BC.drop prefixLen s) + (priv,constr) = case eAttr of + "PD" -> (Private,Destructor) + "PC" -> (Private,Constructor) + "XD" -> (Public,Destructor) + _ -> (Public,Constructor) + + -- | Replace underscores "_" with minus "-" for Maude. replaceUnderscore :: ByteString -> ByteString @@ -96,18 +116,18 @@ replaceMinus s = BC.map f s replaceMinusFun :: NoEqSym -> NoEqSym replaceMinusFun (s, p) = (replaceMinus s, p) + -- | Pretty print an AC symbol for Maude. ppMaudeACSym :: ACSym -> ByteString ppMaudeACSym o = funSymPrefix <> case o of - Mult -> "mult" - Union -> "mun" - Xor -> "xor" + Mult -> multSymString + Union -> munSymString + Xor -> xorSymString -- | Pretty print a non-AC symbol for Maude. ppMaudeNoEqSym :: NoEqSym -> ByteString -ppMaudeNoEqSym (o,(_,Private)) = funSymPrefixPriv <> replaceUnderscore o -ppMaudeNoEqSym (o,(_,Public)) = funSymPrefix <> replaceUnderscore o +ppMaudeNoEqSym (o,(_,prv,cnstr)) = funSymPrefix <> funSymEncodeAttr prv cnstr <> replaceUnderscore o -- | Pretty print a C symbol for Maude. ppMaudeCSym :: CSym -> ByteString @@ -158,28 +178,28 @@ ppTheory msig = BC.unlines $ ++ (if enableMSet msig then - [ theoryOp "mun : Msg Msg -> Msg [comm assoc]" ] + [ theoryOpAC "mun : Msg Msg -> Msg [comm assoc]" ] else []) ++ (if enableDH msig then - [ theoryOp "one : -> Msg" - , theoryOp "DH_neutral : -> Msg" - , theoryOp "exp : Msg Msg -> Msg" - , theoryOp "mult : Msg Msg -> Msg [comm assoc]" - , theoryOp "inv : Msg -> Msg" ] + [ theoryOpEq "one : -> Msg" + , theoryOpEq "DH_neutral : -> Msg" + , theoryOpEq "exp : Msg Msg -> Msg" + , theoryOpAC "mult : Msg Msg -> Msg [comm assoc]" + , theoryOpEq "inv : Msg -> Msg" ] else []) ++ (if enableBP msig then - [ theoryOp "pmult : Msg Msg -> Msg" - , theoryOp "em : Msg Msg -> Msg [comm]" ] + [ theoryOpEq "pmult : Msg Msg -> Msg" + , theoryOpC "em : Msg Msg -> Msg [comm]" ] else []) ++ (if enableXor msig then - [ theoryOp "zero : -> Msg" - , theoryOp "xor : Msg Msg -> Msg [comm assoc]" ] + [ theoryOpEq "zero : -> Msg" + , theoryOpAC "xor : Msg Msg -> Msg [comm assoc]" ] else []) ++ map theoryFunSym (S.toList $ stFunSyms msig) @@ -188,11 +208,15 @@ ppTheory msig = BC.unlines $ ++ [ "endfm" ] where - theoryOpNoEq priv fsort = - " op " <> (if (priv==Private) then funSymPrefixPriv else funSymPrefix) <> fsort <>" ." - theoryOp = theoryOpNoEq Public - theoryFunSym (s,(ar,priv)) = - theoryOpNoEq priv (replaceUnderscore s <> " : " <> (B.concat $ replicate ar "Msg ") <> " -> Msg") + maybeEncode (Just (priv,cnstr)) = funSymEncodeAttr priv cnstr + maybeEncode Nothing = "" + theoryOp attr fsort = + " op " <> funSymPrefix <> maybeEncode attr <> fsort <>" ." + theoryOpEq = theoryOp (Just (Public,Constructor)) + theoryOpAC = theoryOp Nothing + theoryOpC = theoryOp Nothing + theoryFunSym (s,(ar,priv,cnstr)) = + theoryOp (Just(priv,cnstr)) (replaceUnderscore s <> " : " <> (B.concat $ replicate ar "Msg ") <> " -> Msg") theoryRule (l `RRule` r) = " eq " <> ppMaude lm <> " = " <> ppMaude rm <> " [variant] ." where (lm,rm) = evalBindT ((,) <$> lTermToMTerm' l <*> lTermToMTerm' r) noBindings @@ -272,8 +296,8 @@ parseTerm msig = choice ] ] where - consSym = ("cons",(2,Public)) - nilSym = ("nil",(0,Public)) + consSym = ("cons",(2,Public,Constructor)) + nilSym = ("nil",(0,Public,Constructor)) parseFunSym ident args | op `elem` allowedfunSyms = replaceMinusFun op @@ -281,12 +305,12 @@ parseTerm msig = choice error $ "Maude.Parser.parseTerm: unknown function " ++ "symbol `"++ show op ++"', not in " ++ show allowedfunSyms - where prefixLen = BC.length funSymPrefix - special = ident `elem` ["list", "cons", "nil" ] - priv = if (not special) && BC.isPrefixOf funSymPrefixPriv ident - then Private else Public - op = (if special then ident else BC.drop prefixLen ident - , ( length args, priv)) + where + special = ident `elem` ["list", "cons", "nil" ] + (ident',priv,cnstr) = funSymDecode ident + op = if special then + (ident , (length args,Public,Constructor)) + else (ident', (length args, priv, cnstr)) allowedfunSyms = [consSym, nilSym] ++ (map replaceUnderscoreFun $ S.toList $ noEqFunSyms msig) diff --git a/lib/term/src/Term/Maude/Signature.hs b/lib/term/src/Term/Maude/Signature.hs index 49bbb5f1b..f76bbd93e 100644 --- a/lib/term/src/Term/Maude/Signature.hs +++ b/lib/term/src/Term/Maude/Signature.hs @@ -47,12 +47,12 @@ module Term.Maude.Signature ( -- * pretty printing , prettyMaudeSig + , prettyMaudeSigExcept ) where -import Term.Term -import Term.LTerm -import Term.Builtin.Rules -import Term.SubtermRule +import Term.Builtin.Rules +import Term.LTerm +import Term.SubtermRule import Control.Monad.Fresh -- import Control.Applicative @@ -183,10 +183,10 @@ enableDiffMaudeSig = maudeSig $ mempty {enableDiff=True} -- Pretty Printing ------------------------------------------------------------------------------ -prettyMaudeSig :: P.HighlightDocument d => MaudeSig -> d -prettyMaudeSig sig = P.vcat +prettyMaudeSigExcept :: P.HighlightDocument d => MaudeSig -> S.Set NoEqSym -> d +prettyMaudeSigExcept sig excl = P.vcat [ ppNonEmptyList' "builtins:" P.text builtIns - , ppNonEmptyList' "functions:" ppFunSymb $ S.toList (stFunSyms sig) + , ppNonEmptyList' "functions:" ppFunSymb $ S.toList (stFunSyms sig S.\\ excl) , ppNonEmptyList (\ds -> P.sep (P.keyword_ "equations:" : map (P.nest 2) ds)) prettyCtxtStRule $ S.toList (stRules sig) @@ -203,6 +203,13 @@ prettyMaudeSig sig = P.vcat , (enableXor, "xor") ] - ppFunSymb (f,(k,priv)) = P.text $ BC.unpack f ++ "/" ++ show k ++ showPriv priv - where showPriv Private = " [private]" - showPriv Public = "" + ppFunSymb (f,(k,priv,constr)) = P.text $ BC.unpack f ++ "/" ++ show k + ++ showAttr (priv,constr) + where + showAttr (Public,Destructor) = "[destructor]" + showAttr (Private,Destructor) = "[private,destructor]" + showAttr (Private,Constructor) = "[private,destructor]" + showAttr (Public,Constructor) = "" + +prettyMaudeSig :: P.HighlightDocument d => MaudeSig -> d +prettyMaudeSig sig = prettyMaudeSigExcept sig S.empty diff --git a/lib/term/src/Term/Substitution/SubstVFree.hs b/lib/term/src/Term/Substitution/SubstVFree.hs index 5885fcd8f..e97c78c40 100644 --- a/lib/term/src/Term/Substitution/SubstVFree.hs +++ b/lib/term/src/Term/Substitution/SubstVFree.hs @@ -3,6 +3,7 @@ {-# LANGUAGE FlexibleContexts #-} {-# LANGUAGE FlexibleInstances #-} {-# LANGUAGE TypeSynonymInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} -- | -- Copyright : (c) 2010-2012 Benedikt Schmidt & Simon Meier -- License : GPL v3 (see LICENSE) @@ -16,6 +17,7 @@ module Term.Substitution.SubstVFree ( -- * application of substitutions , applyVTerm + , applyVTermProj , applyLit -- * smart constructors for substitutions @@ -88,7 +90,6 @@ type LSubst c = Subst c LVar -- | A substitution with names and logical variables. type LNSubst = Subst Name LVar - -- Application ---------------------------------------------------------------------- @@ -97,16 +98,18 @@ applyLit :: IsVar v => Subst c v -> Lit c v -> VTerm c v applyLit subst v@(Var i) = fromMaybe (lit v) $ M.lookup i (sMap subst) applyLit _ c@(Con _) = lit c - - -- | @applyVTerm subst t@ applies the substitution @subst@ to the term @t@. applyVTerm :: (IsConst c, IsVar v) => Subst c v -> VTerm c v -> VTerm c v -applyVTerm subst t = case viewTerm t of - Lit l -> applyLit subst l - FApp (AC o) ts -> fAppAC o (map (applyVTerm subst) ts) - FApp (C o) ts -> fAppC o (map (applyVTerm subst) ts) - FApp (NoEq o) ts -> fAppNoEq o (map (applyVTerm subst) ts) - FApp List ts -> fAppList (map (applyVTerm subst) ts) +applyVTerm = applyVTermProj applyLit + +-- | Variant of @applyVTerm@ with custom function to apply literals +applyVTermProj :: Ord a => (t1 -> t2 -> Term a) -> t1 -> Term t2 -> Term a +applyVTermProj f subst t = case viewTerm t of + Lit l -> f subst l + FApp (AC o) ts -> fAppAC o (map (applyVTermProj f subst) ts) + FApp (C o) ts -> fAppC o (map (applyVTermProj f subst) ts) + FApp (NoEq o) ts -> fAppNoEq o (map (applyVTermProj f subst) ts) + FApp List ts -> fAppList (map (applyVTermProj f subst) ts) -- Construction @@ -218,11 +221,20 @@ instance Ord c => HasFrees (LSubst c) where foldFreesOcc = mempty -- we ignore occurences in substitutions for now mapFrees f = (substFromList <$>) . mapFrees f . substToList --- | Types that support the application of 'LSubst's. -class Apply t where - apply :: LNSubst -> t -> t +-- | Types that support the application of some type +class Apply t' t where + apply :: t' -> t -> t + +instance (Apply s v) => Apply s (Lit c v) where + apply subst (Var v) = Var (apply subst v) + apply _ l@(Con _) = l -instance Apply LVar where +-- the overlapping instance overwrites the overlappable instance it there is +-- only one overlapping instance. We use this to get a fast implementation for +-- substitutions that map the term, but also have the generality to define +-- substitutions that don't match the variables used in the term. + +instance {-# OVERLAPPING #-} (Show c, Show v, IsVar v) => Apply (Subst c v) v where apply subst x = maybe x extractVar $ imageOf subst x where extractVar (viewTerm -> Lit (Var x')) = x' @@ -230,72 +242,68 @@ instance Apply LVar where error $ "apply (LVar): variable '" ++ show x ++ "' substituted with term '" ++ show t ++ "'" -instance Apply LNTerm where +instance {-# OVERLAPPING #-} (IsConst c, IsVar v) => Apply (Subst c v) (VTerm c v) where apply subst = applyVTerm subst -instance Apply BLVar where +instance {-# OVERLAPPABLE #-} (Ord c, Ord v, Apply s (Lit c v)) => Apply s (Term (Lit c v)) where + apply subst t = applyVTermProj (\s' t' -> lit $ apply s' t') subst t + +instance {-# OVERLAPPABLE #-} (Apply s v) => Apply s (BVar v) where apply _ x@(Bound _) = x - apply subst x@(Free v) = maybe x extractVar $ imageOf subst v - where - extractVar (viewTerm -> Lit (Var v')) = Free v' - extractVar _t = - error $ "apply (BLVar): variable '" ++ show v ++ - "' substituted with term '" -- ++ show _t ++ "'" + apply subst (Free v) = Free (apply subst v) -instance Apply BLTerm where +instance {-# OVERLAPPING #-} (IsConst c, IsVar v) => Apply (Subst c v) (VTerm c (BVar v)) where apply subst = (`bindTerm` applyBLLit) where - applyBLLit :: Lit Name BLVar -> BLTerm applyBLLit l@(Var (Free v)) = maybe (lit l) (fmapTerm (fmap Free)) (imageOf subst v) applyBLLit l = lit l -instance Apply () where +instance Apply s () where apply _ = id -instance Apply Char where +instance Apply s Char where apply _ = id -instance Apply Int where +instance Apply s Int where apply _ = id -instance Apply Bool where +instance Apply s Bool where apply _ = id -instance (Apply a, Apply b) => Apply (a, b) where +instance (Apply s a, Apply s b) => Apply s (a, b) where apply subst (x,y) = (apply subst x, apply subst y) -instance (Apply a, Apply b, Apply c) => Apply (a, b, c) where +instance (Apply s a, Apply s b, Apply s c) => Apply s (a, b, c) where apply subst (x,y,z) = (apply subst x, apply subst y, apply subst z) -instance (Apply a, Apply b, Apply c, Apply d) => Apply (a, b, c, d) where +instance (Apply s a, Apply s b, Apply s c, Apply s d) => Apply s (a, b, c, d) where apply subst (x,y,z,t) = (apply subst x, apply subst y, apply subst z, apply subst t) -instance Apply a => Apply (Maybe a) where +instance Apply s a => Apply s (Maybe a) where apply subst = fmap (apply subst) -instance (Apply a, Apply b) => Apply (Either a b) where +instance (Apply s a, Apply s b) => Apply s (Either a b) where apply subst = either (Left . apply subst) (Right . apply subst) -instance Apply a => Apply [a] where +instance Apply s a => Apply s [a] where apply subst = fmap (apply subst) -instance Apply a => Apply (Map k a) where +instance Apply s a => Apply s (Map k a) where apply subst = fmap (apply subst) -instance Apply a => Apply (Conj a) where +instance Apply s a => Apply s (Conj a) where apply subst = fmap (apply subst) -instance Apply a => Apply (Disj a) where +instance Apply s a => Apply s (Disj a) where apply subst = fmap (apply subst) -instance (Ord a, Apply a) => Apply (S.Set a) where +instance (Ord a, Apply s a) => Apply s (S.Set a) where apply subst = S.map (apply subst) -instance Apply t => Apply (Equal t) where +instance Apply s t => Apply s (Equal t) where apply subst = fmap (apply subst) - ---------------------------------------------------------------------- -- Pretty Printing ---------------------------------------------------------------------- diff --git a/lib/term/src/Term/Term.hs b/lib/term/src/Term/Term.hs index 36aa5255a..45c378df7 100644 --- a/lib/term/src/Term/Term.hs +++ b/lib/term/src/Term/Term.hs @@ -24,6 +24,7 @@ module Term.Term ( , fAppInv , fAppPMult , fAppEMap + , fAppUnion , fAppPair , fAppFst , fAppSnd @@ -50,6 +51,7 @@ module Term.Term ( , ACSym(..) , CSym(..) , Privacy(..) + , Constructability(..) , NoEqSym -- ** Signatures @@ -58,6 +60,7 @@ module Term.Term ( -- ** concrete symbols strings , diffSymString + , munSymString , expSymString , invSymString , pmultSymString @@ -76,6 +79,7 @@ module Term.Term ( , oneSym , zeroSym , dhNeutralSym + -- ** concrete signatures , dhFunSig , bpFunSig @@ -89,7 +93,6 @@ module Term.Term ( , module Term.Term.Classes , module Term.Term.Raw - ) where -- import Data.Monoid @@ -124,8 +127,9 @@ fAppDiff (x,y) = fAppNoEq diffSym [x, y] fAppPair (x,y) = fAppNoEq pairSym [x, y] fAppExp (b,e) = fAppNoEq expSym [b, e] fAppPMult (s,p) = fAppNoEq pmultSym [s, p] -fAppEMap :: Ord a => (Term a, Term a) -> Term a +fAppEMap,fAppUnion :: Ord a => (Term a, Term a) -> Term a fAppEMap (x,y) = fAppC EMap [x, y] +fAppUnion (x,y) = fAppAC Union [x, y] -- | Smart constructors for inv, fst, and snd. fAppInv, fAppFst, fAppSnd :: Term a -> Term a @@ -178,11 +182,11 @@ isUnion _ = False -- | 'True' iff the term is a nullary, public function. isNullaryPublicFunction :: Term a -> Bool -isNullaryPublicFunction (viewTerm -> FApp (NoEq (_, (0, Public))) _) = True +isNullaryPublicFunction (viewTerm -> FApp (NoEq (_, (0, Public,_))) _) = True isNullaryPublicFunction _ = False isPrivateFunction :: Term a -> Bool -isPrivateFunction (viewTerm -> FApp (NoEq (_, (_,Private))) _) = True +isPrivateFunction (viewTerm -> FApp (NoEq (_, (_,Private,_))) _) = True isPrivateFunction _ = False -- | 'True' iff the term is an AC-operator. diff --git a/lib/term/src/Term/Term/FunctionSymbols.hs b/lib/term/src/Term/Term/FunctionSymbols.hs index a58b9e4b5..17caaedfd 100644 --- a/lib/term/src/Term/Term/FunctionSymbols.hs +++ b/lib/term/src/Term/Term/FunctionSymbols.hs @@ -17,6 +17,7 @@ module Term.Term.FunctionSymbols ( , ACSym(..) , CSym(..) , Privacy(..) + , Constructability(..) , NoEqSym -- ** Signatures @@ -25,6 +26,7 @@ module Term.Term.FunctionSymbols ( -- ** concrete symbols strings , diffSymString + , munSymString , expSymString , invSymString , dhNeutralSymString @@ -87,8 +89,13 @@ data ACSym = Union | Mult | Xor data Privacy = Private | Public deriving (Eq, Ord, Typeable, Data, Show, Generic, NFData, Binary) +-- | A function symbol can be either a constructor or a destructor in which +-- case it only applies if it reduces. +data Constructability = Constructor | Destructor + deriving (Eq, Ord, Typeable, Data, Show, Generic, NFData, Binary) + -- | NoEq function symbols (with respect to the background theory). -type NoEqSym = (ByteString, (Int, Privacy)) -- ^ operator name, arity, private +type NoEqSym = (ByteString, (Int, Privacy,Constructability)) -- ^ operator name, arity, private, destructor -- | C(ommutative) function symbols data CSym = EMap @@ -111,8 +118,9 @@ type NoEqFunSig = Set NoEqSym -- Fixed function symbols ---------------------------------------------------------------------- -diffSymString, expSymString, invSymString, dhNeutralSymString, oneSymString, multSymString, xorSymString, zeroSymString :: ByteString +diffSymString, munSymString, expSymString, invSymString, dhNeutralSymString, oneSymString, multSymString, xorSymString, zeroSymString :: ByteString diffSymString = "diff" +munSymString = "mun" expSymString = "exp" invSymString = "inv" oneSymString = "one" @@ -130,25 +138,25 @@ pmultSymString = "pmult" pairSym, diffSym, expSym, invSym, dhNeutralSym, oneSym, fstSym, sndSym, pmultSym, zeroSym :: NoEqSym -- | Pairing. -pairSym = ("pair",(2,Public)) +pairSym = ("pair",(2,Public,Constructor)) -- | Diff. -diffSym = (diffSymString,(2,Private)) +diffSym = (diffSymString,(2,Private,Constructor)) -- | Exponentiation. -expSym = (expSymString,(2,Public)) +expSym = (expSymString,(2,Public,Constructor)) -- | The inverse in the groups of exponents. -invSym = (invSymString,(1,Public)) +invSym = (invSymString,(1,Public,Constructor)) -- | The one in the group of exponents. -oneSym = (oneSymString,(0,Public)) +oneSym = (oneSymString,(0,Public,Constructor)) -- | The groupd identity -dhNeutralSym = (dhNeutralSymString,(0,Public)) +dhNeutralSym = (dhNeutralSymString,(0,Public, Constructor)) -- | Projection of first component of pair. -fstSym = ("fst",(1,Public)) +fstSym = ("fst",(1,Public,Destructor)) -- | Projection of second component of pair. -sndSym = ("snd",(1,Public)) +sndSym = ("snd",(1,Public,Destructor)) -- | Multiplication of points (in G1) on elliptic curve by scalars. -pmultSym = (pmultSymString,(2,Public)) +pmultSym = (pmultSymString,(2,Public,Constructor)) -- | The zero for XOR. -zeroSym = (zeroSymString,(0,Public)) +zeroSym = (zeroSymString,(0,Public,Constructor)) ---------------------------------------------------------------------- -- Fixed signatures diff --git a/lib/theory/src/Items/AccLemmaItem.hs b/lib/theory/src/Items/AccLemmaItem.hs index 4f2be0027..a50a6a1fb 100644 --- a/lib/theory/src/Items/AccLemmaItem.hs +++ b/lib/theory/src/Items/AccLemmaItem.hs @@ -14,11 +14,10 @@ import Data.Binary (Binary) import Data.Label as L import Text.PrettyPrint.Highlight import Theory.Text.Pretty -import Theory.Constraint.Solver import Theory.Model +import Lemma import Items.CaseTestItem -import Items.LemmaItem ------------------------------------------------------------------------------ -- Accountability Lemmas @@ -44,14 +43,6 @@ prettyAccLemmaName l = case L.get aAttributes l of [] -> text (L.get aName l) as -> text (L.get aName l) <-> (brackets $ fsep $ punctuate comma $ map prettyLemmaAttribute as) - where - prettyLemmaAttribute SourceLemma = text "sources" - prettyLemmaAttribute ReuseLemma = text "reuse" - prettyLemmaAttribute InvariantLemma = text "use_induction" - prettyLemmaAttribute (HideLemma s) = text ("hide_lemma=" ++ s) - prettyLemmaAttribute (LemmaHeuristic h) = text ("heuristic=" ++ (prettyGoalRankings h)) - prettyLemmaAttribute LHSLemma = text "left" - prettyLemmaAttribute RHSLemma = text "right" prettyAccLemma :: HighlightDocument d => AccLemma -> d prettyAccLemma alem = @@ -59,4 +50,4 @@ prettyAccLemma alem = (nest 2 $ sep [ doubleQuotes $ prettySyntacticLNFormula $ L.get aFormula alem ] - ) \ No newline at end of file + ) diff --git a/lib/theory/src/Items/CaseTestItem.hs b/lib/theory/src/Items/CaseTestItem.hs index 21c44e6bb..703656eb6 100644 --- a/lib/theory/src/Items/CaseTestItem.hs +++ b/lib/theory/src/Items/CaseTestItem.hs @@ -12,10 +12,8 @@ import GHC.Generics (Generic) import Control.DeepSeq (NFData) import Data.Binary (Binary) import Data.Label as L -import Theory.Constraint.Solver (GoalRanking) import Theory.Model - -import Items.PredicateItem +import Theory.Syntactic.Predicate ------------------------------------------------------------------------------ -- Case Tests @@ -36,4 +34,4 @@ caseTestToPredicate caseTest = fmap (Predicate fact) formula where fact = protoFact Linear name (frees formula) name = L.get cName caseTest - formula = toLNFormula (L.get cFormula caseTest) \ No newline at end of file + formula = toLNFormula (L.get cFormula caseTest) diff --git a/lib/theory/src/Items/ExportInfo.hs b/lib/theory/src/Items/ExportInfo.hs new file mode 100644 index 000000000..68151da64 --- /dev/null +++ b/lib/theory/src/Items/ExportInfo.hs @@ -0,0 +1,22 @@ +{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE DeriveGeneric #-} +{-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE StandaloneDeriving #-} +{-# LANGUAGE FlexibleInstances #-} + +module Items.ExportInfo ( + module Items.ExportInfo +) where + +import GHC.Generics (Generic) +import Control.DeepSeq (NFData) +import Data.Binary (Binary) +import Data.Label as L ( mkLabels ) + +data ExportInfo = ExportInfo + { _eTag :: String + , _eText :: String + } + deriving( Eq, Ord, Show, Generic, NFData, Binary ) + +$(mkLabels [''ExportInfo]) diff --git a/lib/theory/src/Items/LemmaItem.hs b/lib/theory/src/Items/LemmaItem.hs index 3c491cb39..0a6a7cfee 100644 --- a/lib/theory/src/Items/LemmaItem.hs +++ b/lib/theory/src/Items/LemmaItem.hs @@ -14,6 +14,7 @@ import Data.Binary (Binary) import Theory.Constraint.Solver (GoalRanking) import Theory.Model import Data.Label as L +import Theory.Module ------------------------------------------------------------------------------ -- Lemmas @@ -29,6 +30,7 @@ data LemmaAttribute = | LHSLemma | RHSLemma | LemmaHeuristic [GoalRanking] + | LemmaModule [ModuleType] -- | BothLemma deriving( Eq, Ord, Show, Generic, NFData, Binary ) diff --git a/lib/theory/src/Items/OptionItem.hs b/lib/theory/src/Items/OptionItem.hs index 5cbcc9d76..6f907fcbd 100644 --- a/lib/theory/src/Items/OptionItem.hs +++ b/lib/theory/src/Items/OptionItem.hs @@ -10,6 +10,8 @@ import GHC.Generics (Generic) import Control.DeepSeq (NFData) import Data.Binary (Binary) import Data.Label as L +import qualified Data.Set as S +import Theory.Model.Fact ------------------------------------------------------------------------------ -- Options @@ -22,6 +24,10 @@ data Option = Option , _transProgress :: Bool , _transReliable :: Bool , _transReport :: Bool + , _stateChannelOpt :: Bool + , _asynchronousChannels :: Bool + , _compressEvents :: Bool + , _forcedInjectiveFacts :: S.Set FactTag } deriving( Eq, Ord, Show, Generic, NFData, Binary ) $(mkLabels [''Option]) diff --git a/lib/theory/src/Items/PredicateItem.hs b/lib/theory/src/Items/PredicateItem.hs deleted file mode 100644 index 883ea57a8..000000000 --- a/lib/theory/src/Items/PredicateItem.hs +++ /dev/null @@ -1,32 +0,0 @@ - -{-# LANGUAGE TemplateHaskell #-} -{-# LANGUAGE DeriveAnyClass #-} -{-# LANGUAGE DeriveGeneric #-} -{-# LANGUAGE StandaloneDeriving #-} -{-# LANGUAGE FlexibleInstances #-} -{-# LANGUAGE DeriveFunctor #-} -module Items.PredicateItem ( - module Items.PredicateItem -) where - -import Control.DeepSeq -import Data.Binary (Binary) -import Data.Label as L -import GHC.Generics -import Term.LTerm -import Theory.Model -import Prelude hiding (id, (.)) - - ------------------------------------------------------------------------------- --- Predicates ------------------------------------------------------------------------------- - -data Predicate = Predicate - { _pFact :: Fact LVar - , _pFormula :: LNFormula - } - deriving( Eq, Ord, Show, Generic, NFData, Binary ) -$(mkLabels [''Predicate]) - --- generate accessors for Predicate data structure records \ No newline at end of file diff --git a/lib/theory/src/Items/ProcessItem.hs b/lib/theory/src/Items/ProcessItem.hs index 8dc03f49b..6bc63909f 100644 --- a/lib/theory/src/Items/ProcessItem.hs +++ b/lib/theory/src/Items/ProcessItem.hs @@ -23,7 +23,8 @@ import Prelude hiding (id, (.)) data ProcessDef = ProcessDef { _pName :: String - , _pBody :: Process + , _pBody :: PlainProcess + , _pVars :: [SapicLVar] } deriving( Eq, Ord, Show, Generic, NFData, Binary ) $(mkLabels [''ProcessDef]) diff --git a/lib/theory/src/Items/TheoryItem.hs b/lib/theory/src/Items/TheoryItem.hs index 6ee391ee4..ea8d5a3fc 100644 --- a/lib/theory/src/Items/TheoryItem.hs +++ b/lib/theory/src/Items/TheoryItem.hs @@ -17,13 +17,14 @@ import Theory.Model.Restriction import Theory.Constraint.Solver import Items.ProcessItem -import Items.PredicateItem +import Theory.Syntactic.Predicate import Items.CaseTestItem import Items.AccLemmaItem import Lemma import Prelude hiding (id, (.)) import Control.DeepSeq import Prelude hiding (id, (.)) +import Items.ExportInfo ------------------------------------------------------------------------------ -- Theories @@ -35,8 +36,13 @@ type FormalComment = (String, String) -- | TranslationItems can be processes, accountability lemmas, and case tests data TranslationElement = - ProcessItem Process + ProcessItem PlainProcess | ProcessDefItem ProcessDef + | SignatureBuiltin String + | FunctionTypingInfo SapicFunSym + | ExportInfoItem ExportInfo + | DiffEquivLemma PlainProcess + | EquivLemma PlainProcess PlainProcess | AccLemmaItem AccLemma | CaseTestItem CaseTest deriving( Show, Eq, Ord, Generic, NFData, Binary ) diff --git a/lib/theory/src/Lemma.hs b/lib/theory/src/Lemma.hs index d5bac6601..51459cd7c 100644 --- a/lib/theory/src/Lemma.hs +++ b/lib/theory/src/Lemma.hs @@ -10,9 +10,14 @@ module Lemma ( , isSourceLemma , isLeftLemma , isRightLemma - ,module Items.LemmaItem - , module Lemma -) where + , module Items.LemmaItem + , prettyLemma + , prettyLemmaName + , prettyLemmaAttribute + , prettyDiffLemmaName + , prettyTraceQuantifier + , prettyDiffLemma + , prettyEitherLemma) where import Data.Label as L import Theory.Constraint.System @@ -23,6 +28,7 @@ import Text.PrettyPrint.Highlight import Theory.Text.Pretty import Theory.Model import Theory.Constraint.Solver +import Data.List (intercalate) -- | The source kind allowed for a lemma. @@ -76,15 +82,17 @@ prettyLemmaName l = case L.get lAttributes l of [] -> text (L.get lName l) as -> text (L.get lName l) <-> (brackets $ fsep $ punctuate comma $ map prettyLemmaAttribute as) - where - prettyLemmaAttribute SourceLemma = text "sources" - prettyLemmaAttribute ReuseLemma = text "reuse" - prettyLemmaAttribute ReuseDiffLemma = text "diff_reuse" - prettyLemmaAttribute InvariantLemma = text "use_induction" - prettyLemmaAttribute (HideLemma s) = text ("hide_lemma=" ++ s) - prettyLemmaAttribute (LemmaHeuristic h) = text ("heuristic=" ++ (prettyGoalRankings h)) - prettyLemmaAttribute LHSLemma = text "left" - prettyLemmaAttribute RHSLemma = text "right" + +prettyLemmaAttribute :: Document d => LemmaAttribute -> d +prettyLemmaAttribute SourceLemma = text "sources" +prettyLemmaAttribute ReuseLemma = text "reuse" +prettyLemmaAttribute ReuseDiffLemma = text "diff_reuse" +prettyLemmaAttribute InvariantLemma = text "use_induction" +prettyLemmaAttribute (HideLemma s) = text ("hide_lemma=" ++ s) +prettyLemmaAttribute (LemmaHeuristic h) = text ("heuristic=" ++ (prettyGoalRankings h)) +prettyLemmaAttribute (LemmaModule h) = text ("output=[" ++ intercalate "," (map show h) ++ "]") +prettyLemmaAttribute LHSLemma = text "left" +prettyLemmaAttribute RHSLemma = text "right" -- prettyLemmaAttribute BothLemma = text "both" @@ -92,7 +100,7 @@ prettyLemmaName l = case L.get lAttributes l of prettyDiffLemmaName :: HighlightDocument d => DiffLemma p -> d prettyDiffLemmaName l = text ((L.get lDiffName l)) - -- | Pretty print a lemma. +-- | Pretty print a lemma. prettyLemma :: HighlightDocument d => (p -> d) -> Lemma p -> d prettyLemma ppPrf lem = kwLemma <-> prettyLemmaName lem <> colon $-$ @@ -156,4 +164,4 @@ prettyTraceQuantifier :: Document d => TraceQuantifier -> d prettyTraceQuantifier ExistsTrace = text "exists-trace" prettyTraceQuantifier AllTraces = text "all-traces" --- FIXME: Sort instances into the right files \ No newline at end of file +-- FIXME: Sort instances into the right files diff --git a/lib/theory/src/OpenTheory.hs b/lib/theory/src/OpenTheory.hs index 369d44ec8..64642b3e3 100644 --- a/lib/theory/src/OpenTheory.hs +++ b/lib/theory/src/OpenTheory.hs @@ -42,7 +42,7 @@ removeTranslationItems thy = ,_thyItems = newThyItems ,_thyOptions =(L.get thyOptions thy)} where - newThyItems = map removeTranslationElement (filter isNoTranslationItem (L.get thyItems thy)) + newThyItems = map removeTranslationElement (L.get thyItems thy) removeTranslationElement :: TheoryItem r p TranslationElement -> TheoryItem r p () removeTranslationElement (TranslationItem _) = TranslationItem () removeTranslationElement (RuleItem r) = RuleItem r @@ -50,9 +50,6 @@ removeTranslationItems thy = removeTranslationElement (RestrictionItem rl) = RestrictionItem rl removeTranslationElement (TextItem t) = TextItem t removeTranslationElement (PredicateItem predi) = PredicateItem predi - isNoTranslationItem (TranslationItem _) = False - isNoTranslationItem _ = True - --open translated theory again openTranslatedTheory :: OpenTranslatedTheory -> OpenTheory @@ -386,7 +383,8 @@ addAutoSourcesLemma hnd lemmaName (ClosedRuleCache _ raw _ _) items = -- Open theory construction / modification ------------------------------------------------------------------------------ defaultOption :: Option -defaultOption = Option False False False False +defaultOption = Option False False False False False False False S.empty + -- | Default theory defaultOpenTheory :: Bool -> OpenTheory @@ -702,10 +700,14 @@ prettyEitherRule (_, p) = prettyProtoRuleE $ L.get oprRuleE p -- | Pretty print an open theory. prettyOpenTheory :: HighlightDocument d => OpenTheory -> d -prettyOpenTheory = - prettyTheoryWithSapic prettySignaturePure - (const emptyDoc) prettyOpenProtoRule prettyProof prettyTranslationElement +prettyOpenTheory thy = + prettyTheory (prettySignaturePureExcept funsyms) + (const emptyDoc) prettyOpenProtoRule prettyProof prettyTranslationElement thy -- prettyIntrVariantsSection prettyOpenProtoRule prettyProof + where + funsyms = S.fromList $ map fst' $ theoryFunctionTypingInfos thy + -- function symbols that are printed by sapic printer already + fst' (a,_,_) = a -- | Pretty print an open theory. prettyOpenDiffTheory :: HighlightDocument d => OpenDiffTheory -> d diff --git a/lib/theory/src/Pretty.hs b/lib/theory/src/Pretty.hs index 560bd8544..a2f1dbe24 100644 --- a/lib/theory/src/Pretty.hs +++ b/lib/theory/src/Pretty.hs @@ -3,21 +3,9 @@ module Pretty ( ) where import Prelude hiding (id, (.)) - - --- import Data.Typeable -import Data.List - -import Control.Category - --- import qualified Data.Label.Total - - -import Theory.Model import Theory.Proof import Theory.Text.Pretty - ------------------------------------------------------------------------------ -- Pretty printing ------------------------------------------------------------------------------ @@ -34,7 +22,4 @@ prettyFormalComment header body = text $ header ++ "{*" ++ body ++ "*}" emptyString :: HighlightDocument d => () -> d -emptyString _ = text ("") - - - +emptyString _ = text "" \ No newline at end of file diff --git a/lib/theory/src/Prover.hs b/lib/theory/src/Prover.hs index d674daf56..005f250e9 100644 --- a/lib/theory/src/Prover.hs +++ b/lib/theory/src/Prover.hs @@ -73,10 +73,10 @@ closeDiffTheoryWithMaude sig thy0 autoSources = (DiffTheory (L.get diffThyName thy0) h sig (cacheLeft items) (cacheRight items) (diffCacheLeft items) (diffCacheRight items) items) where h = L.get diffThyHeuristic thy0 - diffCacheLeft its = closeRuleCache restrictionsLeft (typAsms its) sig (leftClosedRules its) (L.get diffThyDiffCacheLeft thy0) True - diffCacheRight its = closeRuleCache restrictionsRight (typAsms its) sig (rightClosedRules its) (L.get diffThyDiffCacheRight thy0) True - cacheLeft its = closeRuleCache restrictionsLeft (typAsms its) sig (leftClosedRules its) (L.get diffThyCacheLeft thy0) False - cacheRight its = closeRuleCache restrictionsRight (typAsms its) sig (rightClosedRules its) (L.get diffThyCacheRight thy0) False + diffCacheLeft its = closeRuleCache restrictionsLeft (typAsms its) S.empty sig (leftClosedRules its) (L.get diffThyDiffCacheLeft thy0) True + diffCacheRight its = closeRuleCache restrictionsRight (typAsms its) S.empty sig (rightClosedRules its) (L.get diffThyDiffCacheRight thy0) True + cacheLeft its = closeRuleCache restrictionsLeft (typAsms its) S.empty sig (leftClosedRules its) (L.get diffThyCacheLeft thy0) False + cacheRight its = closeRuleCache restrictionsRight (typAsms its) S.empty sig (rightClosedRules its) (L.get diffThyCacheRight thy0) False checkProof = checkAndExtendProver (sorryProver Nothing) checkDiffProof = checkAndExtendDiffProver (sorryDiffProver Nothing) @@ -168,7 +168,8 @@ closeTheoryWithMaude sig thy0 autoSources = $ Theory (L.get thyName thy0) h sig (cache items) items (L.get thyOptions thy0) where h = L.get thyHeuristic thy0 - cache its = closeRuleCache restrictions (typAsms its) sig (rules its) (L.get thyCache thy0) False + forcedInjFacts = L.get forcedInjectiveFacts $ L.get thyOptions thy0 + cache its = closeRuleCache restrictions (typAsms its) forcedInjFacts sig (rules its) (L.get thyCache thy0) False checkProof = checkAndExtendProver (sorryProver Nothing) -- Maude / Signature handle diff --git a/lib/theory/src/Rule.hs b/lib/theory/src/Rule.hs index c3aa5b26d..ae4baae2d 100644 --- a/lib/theory/src/Rule.hs +++ b/lib/theory/src/Rule.hs @@ -8,10 +8,6 @@ module Rule ( import Items.RuleItem -import GHC.Generics -import Control.DeepSeq -import Data.Binary - import Prelude hiding (id, (.)) import Data.List @@ -22,7 +18,6 @@ import Control.Basics import Control.Category import Control.Monad.Reader -import Extension.Data.Label hiding (get) import qualified Extension.Data.Label as L import Theory.Model @@ -120,12 +115,13 @@ closeIntrRule _ ir = [ir] -- requires case distinctions are not computed here. closeRuleCache :: [LNGuarded] -- ^ Restrictions to use. -> [LNGuarded] -- ^ Source lemmas to use. + -> S.Set FactTag -- ^ Fact tags forced to be injective -> SignatureWithMaude -- ^ Signature of theory. -> [ClosedProtoRule] -- ^ Protocol rules with variants. -> OpenRuleCache -- ^ Intruder rules modulo AC. -> Bool -- ^ Diff or not -> ClosedRuleCache -- ^ Cached rules and case distinctions. -closeRuleCache restrictions typAsms sig protoRules intrRules isdiff = -- trace ("closeRuleCache: " ++ show classifiedRules) $ +closeRuleCache restrictions typAsms forcedInjFacts sig protoRules intrRules isdiff = -- trace ("closeRuleCache: " ++ show classifiedRules) $ ClosedRuleCache classifiedRules rawSources refinedSources injFactInstances where @@ -136,8 +132,8 @@ closeRuleCache restrictions typAsms sig protoRules intrRules isdiff = -- trace ( (all isSubtermRule {-- $ trace (show destr ++ " - " ++ show (map isSubtermRule destr))-} destr) (any isConstantRule destr) -- inj fact instances - injFactInstances = - simpleInjectiveFactInstances $ L.get cprRuleE <$> protoRules + injFactInstances = forcedInjFacts `S.union` + simpleInjectiveFactInstances (L.get cprRuleE <$> protoRules) -- precomputing the case distinctions: we make sure to only add safety -- restrictions. Otherwise, it wouldn't be sound to use the precomputed case @@ -179,4 +175,4 @@ containsPartialDeconstructions (ClosedRuleCache _ _ cases _) = -- Note that we only add the action to the variants modulo AC, not the initial rule. addActionClosedProtoRule :: ClosedProtoRule -> LNFact -> ClosedProtoRule addActionClosedProtoRule (ClosedProtoRule e ac) f - = ClosedProtoRule e (addAction ac f) \ No newline at end of file + = ClosedProtoRule e (addAction ac f) diff --git a/lib/theory/src/Theory.hs b/lib/theory/src/Theory.hs index 42094a6b2..31abcbfc6 100644 --- a/lib/theory/src/Theory.hs +++ b/lib/theory/src/Theory.hs @@ -8,12 +8,8 @@ -- -- Theory datatype and transformations on it. module Theory ( - -- * Formulas - expandFormula - -- * Restrictions - , expandRestriction - + expandRestriction -- * Processes , ProcessDef(..) @@ -21,24 +17,41 @@ module Theory ( -- Datastructure added to Theory Items , addProcess , findProcess + , mapMProcesses + , mapMProcessesDef , addProcessDef , lookupProcessDef + , lookupFunctionTypingInfo , pName , pBody + , pVars + , addFunctionTypingInfo + , clearFunctionTypingInfos -- * Options , transAllowPatternMatchinginLookup , transProgress , transReliable , transReport + , stateChannelOpt + , asynchronousChannels + , compressEvents + , forcedInjectiveFacts + , setforcedInjectiveFacts , thyOptions , setOption - + , Option -- * Predicates - , Predicate(..) - , pFact + , module Theory.Syntactic.Predicate , addPredicate + -- * Export blocks + , ExportInfo(..) + , addExportInfo + , lookupExportInfo + , eTag + , eText + -- * Case Tests , CaseTest(..) , cName @@ -103,6 +116,12 @@ module Theory ( , theoryCaseTests , theoryRestrictions , theoryProcesses + , theoryProcessDefs + , theoryFunctionTypingInfos + , theoryBuiltins + , theoryEquivLemmas + , theoryDiffEquivLemmas + , theoryPredicates , theoryAccLemmas , diffTheoryRestrictions , diffTheorySideRestrictions @@ -117,6 +136,7 @@ module Theory ( , addDiffHeuristic , removeLemma , removeLemmaDiff + , filterLemma , removeDiffLemma , lookupLemma , lookupDiffLemma @@ -214,7 +234,6 @@ module Theory ( -- * Pretty printing , prettyTheory - , prettyFormalComment , prettyLemmaName , prettyRestriction , prettyLemma @@ -231,7 +250,6 @@ module Theory ( , prettyClosedSummary , prettyClosedDiffSummary - , prettyIntruderVariants , prettyTraceQuantifier , prettyProcess @@ -244,25 +262,13 @@ module Theory ( ) where --- import Debug.Trace - -import Prelude hiding (id, (.)) - - --- import Data.Typeable - - --- import qualified Data.Label.Total - - -import Theory.Model -import Theory.Proof - - - -import TheoryObject - -import OpenTheory import ClosedTheory -import Prover +import Items.ExportInfo +import OpenTheory import Pretty +import Prover +import Theory.Model +import Theory.Proof +import Theory.Syntactic.Predicate +import TheoryObject +import Prelude hiding (id, (.)) diff --git a/lib/theory/src/Theory/Constraint/Solver/Contradictions.hs b/lib/theory/src/Theory/Constraint/Solver/Contradictions.hs index 38456977d..dcfe973b0 100644 --- a/lib/theory/src/Theory/Constraint/Solver/Contradictions.hs +++ b/lib/theory/src/Theory/Constraint/Solver/Contradictions.hs @@ -2,6 +2,7 @@ {-# LANGUAGE ViewPatterns #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE FlexibleContexts#-} -- | -- Copyright : (c) 2010-2012 Benedikt Schmidt & Simon Meier -- License : GPL v3 (see LICENSE) @@ -167,13 +168,17 @@ substCreatesNonNormalTerms hnd sys fsubst = -- -- i < j < k -- --- and let there be an edge from (i,u) to (k,w) for some indices u and v +-- and let there be an edge from (i,u) to (k,w) for some indices u and v, +-- as well as an injectif fact `f(t,...)` in the conclusion (i,u). -- --- Then, we have a contradiction if both the premise (k,w) that requires a --- fact 'f(t,...)' and there is a premise (j,v) requiring a fact 'f(t,...)'. +-- Then, we have a contradiction either if: +-- 1) both the premises (k,w) and (j,v) requires a +-- fact 'f(t,...)'. +-- 2) both the conclusions (i,u) and (j,v) produce a fact `f(t,..)`. -- --- These two premises would have to be merged, but cannot due to the ordering --- constraint 'j < k'. +-- In the first case, (k,w) and (j,v) would have to be merged, and in the second +-- case (i,u) and (j,v) would have to be merged, but the merging contradicts the +-- temporal orderings. nonInjectiveFactInstances :: ProofContext -> System -> [(NodeId, NodeId, NodeId)] nonInjectiveFactInstances ctxt se = do Edge c@(i, _) (k, _) <- S.toList $ L.get sEdges se @@ -190,7 +195,7 @@ nonInjectiveFactInstances ctxt se = do -- FIXME: There should be a weaker version of the rule that just -- introduces the constraint 'k < j || k == j' here. - checkRule jRu = any conflictingFact (L.get rPrems jRu) && + checkRule jRu = any conflictingFact (L.get rPrems jRu ++ L.get rConcs jRu) && (k `S.member` D.reachableSet [j] less || isLast se k) @@ -286,9 +291,9 @@ hasForbiddenChain sys = -- and whether we do not have an equality rule instance at the end is_not_equality <- pure $ not $ isIEqualityRule $ nodeRule (fst p) sys -- get all KU-facts with the same msg var - ku_start <- pure $ filter (\x -> (fst x) == t_start) $ map (\(i, _, m) -> (m, i)) $ allKUActions sys + ku_start <- pure $ filter (\x -> (fst x) == t_start) $ map (\(i, _, m) -> (m, i)) $ allKUActions sys -- and check whether any of them happens before the KD-conclusion - ku_before <- pure $ any (\(_, x) -> alwaysBefore sys x (fst c)) ku_start + ku_before <- pure $ any (\(_, x) -> alwaysBefore sys x (fst c)) ku_start return (is_msg_var && is_not_equality && ku_before) -- Diffie-Hellman and Bilinear Pairing diff --git a/lib/theory/src/Theory/Constraint/Solver/Reduction.hs b/lib/theory/src/Theory/Constraint/Solver/Reduction.hs index 2cc6c58b9..961907cc3 100644 --- a/lib/theory/src/Theory/Constraint/Solver/Reduction.hs +++ b/lib/theory/src/Theory/Constraint/Solver/Reduction.hs @@ -1,6 +1,10 @@ {-# LANGUAGE TypeOperators #-} {-# LANGUAGE ScopedTypeVariables #-} {-# LANGUAGE ViewPatterns #-} +{-# LANGUAGE TypeSynonymInstances #-} +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE MultiParamTypeClasses #-} -- | -- Copyright : (c) 2010-2012 Benedikt Schmidt & Simon Meier -- License : GPL v3 (see LICENSE) @@ -569,7 +573,7 @@ substNextGoalNr = return () -- | Apply the current substitution of the equation store to a part of the -- sequent. This is an internal function. -substPart :: Apply a => (System :-> a) -> Reduction () +substPart :: Apply LNSubst a => (System :-> a) -> Reduction () substPart l = do subst <- getM sSubst modM l (apply subst) diff --git a/lib/theory/src/Theory/Constraint/Solver/Simplify.hs b/lib/theory/src/Theory/Constraint/Solver/Simplify.hs index dfeda4484..0635001d4 100644 --- a/lib/theory/src/Theory/Constraint/Solver/Simplify.hs +++ b/lib/theory/src/Theory/Constraint/Solver/Simplify.hs @@ -40,8 +40,9 @@ import Control.Category import Control.Monad.Disj -- import Control.Monad.Fresh import Control.Monad.Reader -import Control.Monad.State (gets, modify) +import Control.Monad.State (gets) +import Safe (headMay) import Extension.Data.Label hiding (modify) import Extension.Prelude @@ -67,8 +68,10 @@ simplifySystem = do else do -- Add all ordering constraint implied by CR-rule *N6*. exploitUniqueMsgOrder - -- Remove equation split goals that do not exist anymore - removeSolvedSplitGoals + -- Remove equation split goals that do not exist anymore + removeSolvedSplitGoals + -- Add ordering constraint from injective facts + addNonInjectiveFactInstances where go n changes0 -- We stop as soon as all simplification steps have been run without @@ -442,3 +445,68 @@ freshOrdering = do extractFreshNotBelowReducible _ t | isFreshVar t = [t] extractFreshNotBelowReducible _ _ = [] + + +-- | Compute all less relations implied by injective fact instances. +-- +-- Formally, they are computed as follows. Let 'f' be a fact symbol with +-- injective instances. Let i and k be temporal variables ordered +-- according to +-- +-- i < k +-- +-- and let there be an edge from (i,u) to (k,w) for some indices u and w +-- corresponding to fact f(t,...). +-- If: +-- - ji as in i f occurs in concs). +-- - i System -> [(NodeId, NodeId)] +nonInjectiveFactInstances ctxt se = do + Edge c@(i, _) (k, _) <- S.toList $ get sEdges se + let kFaPrem = nodeConcFact c se + kTag = factTag kFaPrem + kTerm = firstTerm kFaPrem + conflictingFact fa = factTag fa == kTag && firstTerm fa == kTerm + + guard (kTag `S.member` get pcInjectiveFactInsts ctxt) +-- j <- S.toList $ D.reachableSet [i] less + (j, _) <- M.toList $ get sNodes se + -- check that j NodeId -> Bool + nonUnifiableNodes i j = maybe False (not . runMaude) $ + (unifiableRuleACInsts) <$> M.lookup i (get sNodes se) + <*> M.lookup j (get sNodes se) + +addNonInjectiveFactInstances :: Reduction () +addNonInjectiveFactInstances = do + se <- gets id + ctxt <- ask + let list = nonInjectiveFactInstances ctxt se + mapM_ (uncurry insertLess) list diff --git a/lib/theory/src/Theory/Constraint/Solver/Sources.hs b/lib/theory/src/Theory/Constraint/Solver/Sources.hs index bdf6f8ed1..9c5e91b61 100644 --- a/lib/theory/src/Theory/Constraint/Solver/Sources.hs +++ b/lib/theory/src/Theory/Constraint/Solver/Sources.hs @@ -406,7 +406,7 @@ precomputeSources ctxt restrictions = [ return $ varTerm (LVar "t" LSortFresh 1) , if enableBP msig then return $ fAppC EMap $ nMsgVars (2::Int) else [] , [ fAppNoEq o $ nMsgVars k - | o@(_,(k,priv)) <- S.toList . noEqFunSyms $ msig + | o@(_,(k,priv,_)) <- S.toList . noEqFunSyms $ msig , NoEq o `S.notMember` implicitFunSig, k > 0 || priv==Private] ] diff --git a/lib/theory/src/Theory/Constraint/System.hs b/lib/theory/src/Theory/Constraint/System.hs index df93434fe..1cf27b4d7 100644 --- a/lib/theory/src/Theory/Constraint/System.hs +++ b/lib/theory/src/Theory/Constraint/System.hs @@ -4,6 +4,9 @@ {-# LANGUAGE ViewPatterns #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE TypeSynonymInstances #-} +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} -- | -- Copyright : (c) 2010-2012 Benedikt Schmidt & Simon Meier -- License : GPL v3 (see LICENSE) @@ -1408,10 +1411,10 @@ prettySource th = vcat $ deriving instance Show DiffSystem -instance Apply SourceKind where +instance Apply LNSubst SourceKind where apply = const id -instance Apply System where +instance Apply LNSubst System where apply subst (System a b c d e f g h i j k l) = System (apply subst a) -- we do not apply substitutions to node variables, so we do not apply them to the edges either diff --git a/lib/theory/src/Theory/Constraint/System/Constraints.hs b/lib/theory/src/Theory/Constraint/System/Constraints.hs index f58a6e141..8961de713 100644 --- a/lib/theory/src/Theory/Constraint/System/Constraints.hs +++ b/lib/theory/src/Theory/Constraint/System/Constraints.hs @@ -2,6 +2,9 @@ {-# LANGUAGE TemplateHaskell #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE TypeSynonymInstances #-} +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} -- | -- Copyright : (c) 2010-2012 Benedikt Schmidt & Simon Meier -- License : GPL v3 (see LICENSE) @@ -77,7 +80,7 @@ type Less = (NodeId, NodeId) -- Instances ------------ -instance Apply Edge where +instance Apply LNSubst Edge where apply subst (Edge from to) = Edge (apply subst from) (apply subst to) instance HasFrees Edge where @@ -158,7 +161,7 @@ instance HasFrees Goal where SplitG i -> SplitG <$> mapFrees f i DisjG x -> DisjG <$> mapFrees f x -instance Apply Goal where +instance Apply LNSubst Goal where apply subst goal = case goal of ActionG i fa -> ActionG (apply subst i) (apply subst fa) PremiseG p fa -> PremiseG (apply subst p) (apply subst fa) diff --git a/lib/theory/src/Theory/Constraint/System/Guarded.hs b/lib/theory/src/Theory/Constraint/System/Guarded.hs index 4fd46b656..38e5d1d6c 100644 --- a/lib/theory/src/Theory/Constraint/System/Guarded.hs +++ b/lib/theory/src/Theory/Constraint/System/Guarded.hs @@ -2,10 +2,11 @@ {-# LANGUAGE FlexibleInstances #-} {-# LANGUAGE FlexibleContexts #-} {-# LANGUAGE GeneralizedNewtypeDeriving #-} -{-# LANGUAGE TemplateHaskell #-} -{-# LANGUAGE TypeSynonymInstances #-} + + {-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE DeriveGeneric #-} +{-# LANGUAGE MultiParamTypeClasses #-} -- | -- Copyright : (c) 2011 Benedikt Schmidt & Simon Meier -- License : GPL v3 (see LICENSE) @@ -81,7 +82,6 @@ module Theory.Constraint.System.Guarded ( ) where -import Control.Applicative import Control.Arrow import Control.DeepSeq import Control.Monad.Except @@ -94,6 +94,7 @@ import GHC.Generics (Generic) import Data.Data import Data.Binary import Data.Either (partitionEithers) +import Data.Maybe -- import Data.Foldable (Foldable(..), foldMap) import Data.List import qualified Data.DList as D @@ -108,8 +109,8 @@ import Theory.Model import Data.Functor.Identity -instance MonadFail Identity where - fail = fail +-- Control.Monad.Fail import will become redundant in GHC 8.8+ +-- import qualified Control.Monad.Fail as Fail ------------------------------------------------------------------------------ -- Types @@ -261,9 +262,9 @@ instance Foldable (Guarded s c) where traverseGuarded :: (Applicative f, Ord c, Ord v, Ord a) => (a -> f v) -> Guarded s c a -> f (Guarded s c v) -traverseGuarded f = foldGuarded (liftA GAto . traverse (traverseTerm (traverse (traverse f)))) - (liftA GDisj . sequenceA) - (liftA GConj . sequenceA) +traverseGuarded f = foldGuarded (fmap GAto . traverse (traverseTerm (traverse (traverse f)))) + (fmap GDisj . sequenceA) + (fmap GConj . sequenceA) (\qua ss as gf -> GGuarded qua ss <$> traverse (traverse (traverseTerm (traverse (traverse f)))) as <*> gf) instance Ord c => HasFrees (Guarded (String, LSort) c LVar) where @@ -371,7 +372,7 @@ closeGuarded qua vs as gf = type LNGuarded = Guarded (String,LSort) Name LVar -instance Apply LNGuarded where +instance Apply LNSubst LNGuarded where apply subst = mapGuardedAtoms (const $ apply subst) @@ -825,7 +826,7 @@ prettyGuarded fm = pp gf0@(GGuarded _ _ _ _) = -- variable names invented here can be reused otherwise scopeFreshness $ do - Just (qua, vs, atoms, gf) <- openGuarded gf0 + (qua, vs, atoms, gf) <- fromJust <$> openGuarded gf0 let antecedent = (GAto . fmap (fmapTerm (fmap Free))) <$> atoms connective = operator_ (case qua of All -> "⇒"; Ex -> "∧") -- operator_ (case qua of All -> "==>"; Ex -> "&") diff --git a/lib/theory/src/Theory/Model/Atom.hs b/lib/theory/src/Theory/Model/Atom.hs index a4269479c..e5ecbfe48 100644 --- a/lib/theory/src/Theory/Model/Atom.hs +++ b/lib/theory/src/Theory/Model/Atom.hs @@ -1,9 +1,11 @@ -{-# LANGUAGE DeriveDataTypeable #-} +{-# LANGUAGE DeriveDataTypeable #-} -- {-# LANGUAGE FlexibleContexts #-} -{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE FlexibleInstances #-} -- {-# LANGUAGE StandaloneDeriving #-} -{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE TemplateHaskell #-} -- {-# LANGUAGE TupleSections #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE TypeSynonymInstances #-} {-# LANGUAGE TypeSynonymInstances #-} {-# LANGUAGE ViewPatterns #-} {-# LANGUAGE DeriveGeneric #-} @@ -90,7 +92,7 @@ data Unit2 t = Unit2 deriving( Eq, Ord, Show, Data, Typeable, Generic, NFData, Binary , Foldable, Traversable, Functor ) -instance Apply (Unit2 t) where apply _ _ = Unit2 +instance Apply t' (Unit2 t) where apply _ _ = Unit2 -- | @Atom@s are the atoms of trace formulas parametrized over arbitrary -- terms, excluding syntactic sugar @@ -109,9 +111,7 @@ type LNAtom = Atom LNTerm -- | Atoms built over 'BLTerm's. type BLAtom = Atom BLTerm -type SyntacticLNAtom = SyntacticAtom LNTerm type SyntacticNAtom v = SyntacticAtom (VTerm Name v) -type SyntacticBLAtom = SyntacticAtom BLTerm -- Instances @@ -140,10 +140,13 @@ instance (Traversable s) => Traversable (ProtoAtom s) where traverse f (Last i) = Last <$> f i traverse f (Syntactic s) = Syntactic <$> traverse f s -instance Apply (SyntacticSugar LNTerm) where +instance (IsConst c, IsVar v) + => Apply (Subst c v) (SyntacticSugar (VTerm c v)) + where apply subst (Pred fa) = Pred $ apply subst fa -instance Apply (SyntacticSugar BLTerm) where +instance (Apply s t) => Apply s (SyntacticSugar t) + where apply subst (Pred fa) = Pred $ apply subst fa instance HasFrees t => HasFrees (Atom t) where @@ -151,33 +154,13 @@ instance HasFrees t => HasFrees (Atom t) where foldFreesOcc _ _ = const mempty -- we ignore occurences in atoms for now mapFrees f = traverse (mapFrees f) -instance Apply LNAtom where +instance (Apply s t, Apply s (syn t)) => Apply s (ProtoAtom syn t) where apply subst (Action i fact) = Action (apply subst i) (apply subst fact) apply subst (EqE l r) = EqE (apply subst l) (apply subst r) apply subst (Less i j) = Less (apply subst i) (apply subst j) apply subst (Last i) = Last (apply subst i) apply subst (Syntactic fa) = Syntactic (apply subst fa) -instance Apply BLAtom where - apply subst (Action i fact) = Action (apply subst i) (apply subst fact) - apply subst (EqE l r) = EqE (apply subst l) (apply subst r) - apply subst (Less i j) = Less (apply subst i) (apply subst j) - apply subst (Last i) = Last (apply subst i) - apply subst (Syntactic fa) = Syntactic (apply subst fa) - -instance Apply SyntacticLNAtom where - apply subst (Action i fact) = Action (apply subst i) (apply subst fact) - apply subst (EqE l r) = EqE (apply subst l) (apply subst r) - apply subst (Less i j) = Less (apply subst i) (apply subst j) - apply subst (Last i) = Last (apply subst i) - apply subst (Syntactic fa) = Syntactic (apply subst fa) - -instance Apply SyntacticBLAtom where - apply subst (Action i fact) = Action (apply subst i) (apply subst fact) - apply subst (EqE l r) = EqE (apply subst l) (apply subst r) - apply subst (Less i j) = Less (apply subst i) (apply subst j) - apply subst (Last i) = Last (apply subst i) - apply subst (Syntactic fa) = Syntactic (apply subst fa) -- Queries diff --git a/lib/theory/src/Theory/Model/Fact.hs b/lib/theory/src/Theory/Model/Fact.hs index c715da003..c527114a2 100644 --- a/lib/theory/src/Theory/Model/Fact.hs +++ b/lib/theory/src/Theory/Model/Fact.hs @@ -1,3 +1,10 @@ +{-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE DeriveDataTypeable #-} +{-# LANGUAGE DeriveGeneric #-} +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE TemplateHaskell #-} {-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE FlexibleContexts #-} {-# LANGUAGE DeriveGeneric #-} @@ -181,7 +188,7 @@ instance HasFrees t => HasFrees (Fact t) where foldFreesOcc f c fa = foldFreesOcc f (show (factTag fa):c) (factTerms fa) mapFrees f = traverse (mapFrees f) -instance Apply t => Apply (Fact t) where +instance Apply s t => Apply s (Fact t) where apply subst = fmap (apply subst) diff --git a/lib/theory/src/Theory/Model/Formula.hs b/lib/theory/src/Theory/Model/Formula.hs index 4ba65c9a8..164706646 100644 --- a/lib/theory/src/Theory/Model/Formula.hs +++ b/lib/theory/src/Theory/Model/Formula.hs @@ -8,6 +8,7 @@ {-# LANGUAGE ViewPatterns #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE MultiParamTypeClasses#-} {-# LANGUAGE PatternGuards #-} -- | -- Copyright : (c) 2010-2012 Simon Meier & Benedikt Schmidt @@ -17,6 +18,8 @@ -- Portability : GHC only -- -- Types and operations for handling sorted first-order logic +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE UndecidableInstances #-} module Theory.Model.Formula ( -- * Formulas @@ -28,8 +31,12 @@ module Theory.Model.Formula ( , LNFormula , ProtoLNFormula , SyntacticLNFormula + , SyntacticNFormula , LFormula + -- * class + , Hinted(..) + , quantify , openFormula , openFormulaPrefix @@ -108,14 +115,21 @@ data ProtoFormula syn s c v = Ato (ProtoAtom syn (VTerm c (BVar v))) | Not (ProtoFormula syn s c v) | Conn !Connective (ProtoFormula syn s c v) (ProtoFormula syn s c v) | Qua !Quantifier s (ProtoFormula syn s c v) - deriving ( Generic) + deriving ( Generic ) -- | First-order formulas in locally nameless representation with hints for the -- names/sorts of quantified variables. type Formula s c v = ProtoFormula Unit2 s c v - type SyntacticFormula s c v = ProtoFormula SyntacticSugar s c v +-- Classes +---------- + +-- | Types that provide hints of type (String,LSort) to recover the type and +-- name of a bound variable. +class Hinted v where + hint :: v -> (String,LSort) + -- Folding ---------- @@ -126,7 +140,7 @@ foldFormula :: (ProtoAtom syn (VTerm c (BVar v)) -> b) -> (b -> b) -> (Connective -> b -> b -> b) -> (Quantifier -> s -> b -> b) - -> (ProtoFormula syn s c v) + -> ProtoFormula syn s c v -> b foldFormula fAto fTF fNot fConn fQua = go @@ -158,20 +172,32 @@ foldFormulaScope fAto fTF fNot fConn fQua = -- Instances ------------ -{- -instance Functor (Formula s c) where - fmap f = foldFormula (Ato . fmap (fmap (fmap (fmap f)))) TF Not Conn Qua --} +deriving instance (Show c, Show v, Show s) => Show (ProtoFormula SyntacticSugar s c v) +deriving instance (Show c, Show v, Show s) => Show (ProtoFormula Unit2 s c v) + +deriving instance (Eq c, Eq v, Eq s) => Eq (ProtoFormula SyntacticSugar s c v) +deriving instance (Eq c, Eq v, Eq s) => Eq (ProtoFormula Unit2 s c v) + +deriving instance (Ord c, Ord v, Ord s) => Ord (ProtoFormula SyntacticSugar s c v) +deriving instance (Ord c, Ord v, Ord s) => Ord (ProtoFormula Unit2 s c v) deriving instance (NFData c, NFData v, NFData s) => NFData (ProtoFormula SyntacticSugar s c v) -deriving instance (Binary c, Binary v, Binary s) => Binary (ProtoFormula SyntacticSugar s c v) deriving instance (NFData c, NFData v, NFData s) => NFData (ProtoFormula Unit2 s c v) + +deriving instance (Binary c, Binary v, Binary s) => Binary (ProtoFormula SyntacticSugar s c v) deriving instance (Binary c, Binary v, Binary s) => Binary (ProtoFormula Unit2 s c v) +deriving instance (Data c, Data v, Data s) => Data (ProtoFormula SyntacticSugar s c v) +deriving instance (Data c, Data v, Data s) => Data (ProtoFormula Unit2 s c v) + instance (Foldable syn) => Foldable (ProtoFormula syn s c) where foldMap f = foldFormula (foldMap (foldMap (foldMap (foldMap f)))) mempty id (const mappend) (const $ const id) +instance (Functor syn) => Functor (ProtoFormula syn s c) where + fmap f = foldFormula (Ato . fmap (fmap (fmap (fmap f)))) TF Not Conn Qua + + -- | traverse formula down to the term level traverseFormula :: (Ord v, Ord c, Ord v', Applicative f, Traversable syn) => (v -> f v') -> ProtoFormula syn s c v -> f (ProtoFormula syn s c v') @@ -194,6 +220,9 @@ instance Traversable (Formula a s) where (liftA2 . Conn) ((liftA .) . Qua) -} +instance Hinted LVar where + hint (LVar n s _) = (n,s) + -- Abbreviations ---------------- @@ -228,7 +257,7 @@ type ProtoLFormula syn c = ProtoFormula syn (String, LSort) c LVar type LNFormula = Formula (String, LSort) Name LVar type ProtoLNFormula syn = ProtoLFormula syn Name type SyntacticLNFormula = ProtoLNFormula SyntacticSugar - +type SyntacticNFormula v = ProtoFormula SyntacticSugar (String, LSort) Name v -- | Change the representation of atoms. mapAtoms :: (Integer -> ProtoAtom syn (VTerm c (BVar v)) @@ -279,15 +308,6 @@ openFormulaPrefix f0 = case openFormula f0 of -- Instances ------------ -deriving instance Eq LNFormula -deriving instance Show LNFormula -deriving instance Ord LNFormula - -deriving instance Eq SyntacticLNFormula -deriving instance Show SyntacticLNFormula -deriving instance Ord SyntacticLNFormula -deriving instance Data SyntacticLNFormula - instance HasFrees LNFormula where foldFrees f = foldMap (foldFrees f) foldFreesOcc _ _ = const mempty -- we ignore occurences in Formulas for now @@ -298,11 +318,12 @@ instance HasFrees SyntacticLNFormula where foldFreesOcc _ _ = const mempty -- we ignore occurences in Formulas for now mapFrees f = traverseFormula (mapFrees f) -instance Apply LNFormula where +instance Apply LNSubst LNFormula where apply subst = mapAtoms (const $ apply subst) -instance Apply SyntacticLNFormula where - apply subst = mapAtoms (const $ apply subst ) +instance {-# OVERLAPPABLE #-} (Apply s (VTerm c v), Apply s (VTerm c (BVar v)), Apply s (syn (Term (Lit c (BVar v))))) => Apply s (ProtoFormula syn h c v) + where + apply subst = mapAtoms (const $ apply subst) ------------------------------------------------------------------------------ -- Formulas modulo E and modulo AC @@ -318,15 +339,16 @@ quantify x = -- | Create a universal quantification with a sort hint for the bound variable. forall :: (Ord c, Ord v, Functor syn) => s -> v -> ProtoFormula syn s c v -> ProtoFormula syn s c v -forall hint x = Qua All hint . quantify x +forall hint' x = Qua All hint' . quantify x -- | Create a existential quantification with a sort hint for the bound variable. exists :: (Ord c, Ord v, Functor syn) => s -> v -> ProtoFormula syn s c v -> ProtoFormula syn s c v -exists hint x = Qua Ex hint . quantify x +exists hint' x = Qua Ex hint' . quantify x --- | Transform @forall@ and @exists@ into functions that operate on logical variables -hinted :: ((String, LSort) -> LVar -> a) -> LVar -> a -hinted f v@(LVar n s _) = f (n,s) v +-- | Transform @forall@ and @exists@ into functions that operate on logical variables or other variables +-- that have hasHint +hinted :: Hinted v => ((String, LSort) -> v -> a) -> v -> a +hinted f v = f (hint v) v -- | Convert to LNFormula, if possible. -- toLNFormula :: Formula s c0 (ProtoAtom s0 t0) -> Maybe (Formula s c0 (Atom t0)) diff --git a/lib/theory/src/Theory/Model/Rule.hs b/lib/theory/src/Theory/Model/Rule.hs index 1e2645c7b..533522f3b 100644 --- a/lib/theory/src/Theory/Model/Rule.hs +++ b/lib/theory/src/Theory/Model/Rule.hs @@ -7,6 +7,7 @@ {-# LANGUAGE TemplateHaskell #-} {-# LANGUAGE TypeOperators #-} {-# LANGUAGE TypeSynonymInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} -- | -- Copyright : (c) 2010-2012 Benedikt Schmidt & Simon Meier -- License : GPL v3 (see LICENSE) @@ -135,6 +136,7 @@ module Theory.Model.Rule ( , reservedRuleNames , showRuleCaseName , prettyRule + , prettyRuleRestrGen , prettyRuleRestr , prettyProtoRuleName , prettyRuleName @@ -283,7 +285,7 @@ instance (Show i, HasFrees i) => HasFrees (Rule i) where <*> mapFrees f ps <*> mapFrees f cs <*> mapFrees f as <*> mapFrees f nvs -instance Apply i => Apply (Rule i) where +instance Apply LNSubst i => Apply LNSubst (Rule i) where apply subst (Rule i ps cs as nvs) = Rule (apply subst i) (apply subst ps) (apply subst cs) (apply subst as) (apply subst nvs) @@ -331,7 +333,7 @@ instance (HasFrees p, HasFrees i) => HasFrees (RuleInfo p i) where mapFrees f = ruleInfo (fmap ProtoInfo . mapFrees f) (fmap IntrInfo . mapFrees f) -instance (Apply p, Apply i) => Apply (RuleInfo p i) where +instance (Apply s p, Apply s i) => Apply s (RuleInfo p i) where apply subst = ruleInfo (ProtoInfo . apply subst) (IntrInfo . apply subst) @@ -341,7 +343,7 @@ instance (Apply p, Apply i) => Apply (RuleInfo p i) where -- | An attribute for a Rule, which does not affect the semantics. data RuleAttribute = RuleColor (RGB Rational) -- Color for display - | Process (Process)-- Process: for display, but also to recognise + | Process (PlainProcess)-- Process: for display, but also to recognise -- lookup rule generated by SAPIC -- which needs relaxed treatment in wellformedness check -- TODO This type has no annotations, to avoid @@ -399,7 +401,7 @@ $(mkLabels [''ProtoRuleEInfo, ''ProtoRuleACInfo, ''ProtoRuleACInstInfo]) -- Instances ------------ -instance Apply RuleAttribute where +instance Apply s RuleAttribute where apply _ = id instance HasFrees RuleAttribute where @@ -407,7 +409,7 @@ instance HasFrees RuleAttribute where foldFreesOcc _ _ = const mempty mapFrees _ = pure -instance Apply ProtoRuleName where +instance Apply s ProtoRuleName where apply _ = id instance HasFrees ProtoRuleName where @@ -415,7 +417,7 @@ instance HasFrees ProtoRuleName where foldFreesOcc _ _ = const mempty mapFrees _ = pure -instance Apply PremIdx where +instance Apply s PremIdx where apply _ = id instance HasFrees PremIdx where @@ -423,7 +425,7 @@ instance HasFrees PremIdx where foldFreesOcc _ _ = const mempty mapFrees _ = pure -instance Apply ConcIdx where +instance Apply s ConcIdx where apply _ = id instance HasFrees ConcIdx where @@ -438,7 +440,7 @@ instance HasFrees ProtoRuleEInfo where mapFrees f (ProtoRuleEInfo na attr rstr) = ProtoRuleEInfo na <$> mapFrees f attr <*> mapFrees f rstr -instance Apply ProtoRuleEInfo where +instance Apply s ProtoRuleEInfo where apply _ = id instance HasFrees ProtoRuleACInfo where @@ -453,7 +455,7 @@ instance HasFrees ProtoRuleACInfo where <*> mapFrees f vari <*> mapFrees f breakers -instance Apply ProtoRuleACInstInfo where +instance Apply s ProtoRuleACInstInfo where apply subst (ProtoRuleACInstInfo na attr breakers) = ProtoRuleACInstInfo (apply subst na) attr breakers @@ -551,7 +553,7 @@ destrRuleToDestrRule _ = error "Not a destructor rule." -- Instances ------------ -instance Apply IntrRuleACInfo where +instance Apply s IntrRuleACInfo where apply _ = id instance HasFrees IntrRuleACInfo where @@ -1113,7 +1115,9 @@ prettyRuleAttribute :: (HighlightDocument d) => RuleAttribute -> d prettyRuleAttribute attr = case attr of RuleColor c -> text "color=" <> text (rgbToHex c) Process p -> text "process=" <> text ("\"" ++ prettySapicTopLevel' f p ++ "\"") - where f l a r rest = render $ prettyRuleRestr l a r rest + where f l a r rest _ = render $ prettyRuleRestr (g l) (g a) (g r) (h rest) + g = map toLNFact + h = map toLFormula -- | Pretty print the rule name such that it can be used as a case name showRuleCaseName :: HasRuleName (Rule i) => Rule i -> String @@ -1133,22 +1137,32 @@ prettyIntrRuleACInfo rn = text $ case rn of -- DestrRule name i -> prefixIfReserved ('d' : BC.unpack name ++ "_" ++ show i) -prettyRestr :: HighlightDocument d => F.SyntacticLNFormula -> d -prettyRestr fact = operator_ "_restrict(" <> F.prettySyntacticLNFormula fact <> operator_ ")" +-- TODO may be removed +-- prettyRestr :: HighlightDocument d => F.SyntacticLNFormula -> d +-- prettyRestr fact = operator_ "_restrict(" <> text (filter (/= '#') $ render $ F.prettySyntacticLNFormula fact) <> operator_ ")" -- | pretty-print rules with restrictions -prettyRuleRestr :: HighlightDocument d => [LNFact] -> [LNFact] -> [LNFact] -> [F.SyntacticLNFormula] -> d -prettyRuleRestr prems acts concls restr = +prettyRuleRestrGen :: (HighlightDocument d) => (f -> d) -> (r -> d) -> [f] -> [f] -> [f] -> [r] -> d +prettyRuleRestrGen ppFact ppRestr prems acts concls restr= sep [ nest 1 $ ppFactsList prems , if null acts && null restr then operator_ "-->" - else fsep [operator_ "--[", ppList (map prettyLNFact acts ++ map prettyRestr restr), operator_ "]->"] + else fsep [operator_ "--[" + , ppList (map ppFact acts + ++ map ppRestr' restr) + , operator_ "]->"] , nest 1 $ ppFactsList concls] -- Debug: -- (keyword_ "new variables: ") <> (ppList prettyLNTerm $ L.get rNewVars ru) where ppList = fsep . punctuate comma - ppFactsList list = fsep [operator_ "[", ppList $ map prettyLNFact list, operator_ "]"] + ppFacts' = ppList . map ppFact + ppFactsList list = fsep [operator_ "[", ppFacts' list, operator_ "]"] + ppRestr' fact = operator_ "_restrict(" <> ppRestr fact <> operator_ ")" + +-- | pretty-print rules with restrictions +prettyRuleRestr :: HighlightDocument d => [LNFact] -> [LNFact] -> [LNFact] -> [F.SyntacticLNFormula] -> d +prettyRuleRestr = prettyRuleRestrGen prettyLNFact F.prettySyntacticLNFormula -- | pretty-print rules without restrictions prettyRule :: HighlightDocument d => [LNFact] -> [LNFact] -> [LNFact] -> d @@ -1170,7 +1184,8 @@ prettyNamedRule prefix ppInfo ru = facts proj = L.get proj ru ppAttributes = case ruleAttributes ru of [] -> text "" - attrs -> hcat [text "[", fsep $ punctuate comma $ map prettyRuleAttribute attrs, text "]"] + attrs -> hcat [text "[", ppList $ map prettyRuleAttribute attrs, text "]"] + ppList = fsep . punctuate comma prettyProtoRuleACInfo :: HighlightDocument d => ProtoRuleACInfo -> d prettyProtoRuleACInfo i = diff --git a/lib/theory/src/Theory/Model/Signature.hs b/lib/theory/src/Theory/Model/Signature.hs index 89eabf526..8f1335e7d 100644 --- a/lib/theory/src/Theory/Model/Signature.hs +++ b/lib/theory/src/Theory/Model/Signature.hs @@ -32,12 +32,14 @@ module Theory.Model.Signature ( -- ** Pretty-printing , prettySignaturePure + , prettySignaturePureExcept , prettySignatureWithMaude ) where import Data.Binary import qualified Data.Label as L +import qualified Data.Set as S -- import Control.Applicative import Control.DeepSeq @@ -45,9 +47,11 @@ import Control.DeepSeq import System.IO.Unsafe (unsafePerformIO) import Term.Maude.Process (MaudeHandle, mhFilePath, mhMaudeSig, startMaude) -import Term.Maude.Signature (MaudeSig, minimalMaudeSig, prettyMaudeSig) +import Term.Maude.Signature (MaudeSig, minimalMaudeSig, prettyMaudeSig, prettyMaudeSigExcept) import Theory.Text.Pretty +import Term.LTerm + -- | A theory signature. data Signature a = Signature @@ -159,12 +163,19 @@ instance NFData SignatureWithMaude where -- Pretty-printing ------------------------------------------------------------------------------ --- | Pretty-print a signature with maude. +-- | Pretty-print a pure signature. prettySignaturePure :: HighlightDocument d => SignaturePure -> d prettySignaturePure sig = prettyMaudeSig $ L.get sigpMaudeSig sig + +-- | Pretty-print a pure signature, but omit given set of +-- NoEqSym function symbols. Used for pretty-printing OpenTheories +-- with typed function declarations +prettySignaturePureExcept :: HighlightDocument d => S.Set NoEqSym -> SignaturePure -> d +prettySignaturePureExcept exc sig = + prettyMaudeSigExcept (L.get sigpMaudeSig sig) exc --- | Pretty-print a pure signature. +-- | Pretty-print a signature with maude. prettySignatureWithMaude :: HighlightDocument d => SignatureWithMaude -> d prettySignatureWithMaude sig = prettyMaudeSig $ mhMaudeSig $ L.get sigmMaudeHandle sig diff --git a/lib/theory/src/Theory/Module.hs b/lib/theory/src/Theory/Module.hs new file mode 100644 index 000000000..0a82230a5 --- /dev/null +++ b/lib/theory/src/Theory/Module.hs @@ -0,0 +1,39 @@ +{-# LANGUAGE DeriveGeneric #-} +{-# LANGUAGE DeriveDataTypeable #-} +{-# LANGUAGE DeriveAnyClass #-} +module Theory.Module ( + ModuleType (..) + , description +) +where + +import GHC.Generics (Generic) +import Control.DeepSeq ( NFData ) +import Data.Binary ( Binary ) +import Data.Data ( Data ) + +data ModuleType = + -- Too generate a parser from the show() values, these need to be ordered + -- such that no preceding show value is a prefix of another one that comes + ModuleSpthyTyped + | ModuleSpthy + | ModuleMsr + | ModuleProVerifEquivalence + | ModuleProVerif + | ModuleDeepSec + deriving (Eq, Ord, Enum, Bounded, Generic, Data, NFData, Binary) +instance Show ModuleType where + show ModuleSpthyTyped ="spthytyped" + show ModuleSpthy = "spthy" + show ModuleMsr ="msr" + show ModuleProVerifEquivalence ="proverifequiv" + show ModuleProVerif ="proverif" + show ModuleDeepSec ="deepsec" + +description :: ModuleType -> String +description ModuleSpthy = "spthy (including Sapic Processes)" +description ModuleSpthyTyped ="spthy with explicit types inferred" +description ModuleMsr ="pure msrs (with Sapic translation)" +description ModuleProVerifEquivalence ="ProVerif export for the equivalence lemmas" +description ModuleProVerif ="ProVerif export for the reachability lemmas" +description ModuleDeepSec ="DeepSec export for the equivalences lemmas" diff --git a/lib/theory/src/Theory/ProofSkeleton.hs b/lib/theory/src/Theory/ProofSkeleton.hs index 52e985fd4..988acdcdd 100644 --- a/lib/theory/src/Theory/ProofSkeleton.hs +++ b/lib/theory/src/Theory/ProofSkeleton.hs @@ -9,8 +9,7 @@ module Theory.ProofSkeleton unprovenDiffLemma, skeletonDiffLemma, incrementalToSkeletonDiffProof, - module Theory.ProofSkeleton - ) + prettyIncrementalProof, prettyIncrementalDiffProof) where import Prelude hiding (id, (.)) @@ -18,7 +17,6 @@ import Prelude hiding (id, (.)) import Theory.Proof import Lemma import Theory.Model -import Pretty import Text.PrettyPrint.Highlight import Theory.Text.Pretty import Control.Category diff --git a/lib/theory/src/Theory/Sapic.hs b/lib/theory/src/Theory/Sapic.hs index 01e053b7b..724eb08d7 100644 --- a/lib/theory/src/Theory/Sapic.hs +++ b/lib/theory/src/Theory/Sapic.hs @@ -1,10 +1,5 @@ - -{-# LANGUAGE DeriveDataTypeable #-} -{-# LANGUAGE StandaloneDeriving #-} -{-# LANGUAGE DeriveGeneric #-} -{-# LANGUAGE DeriveTraversable #-} -{-# LANGUAGE DeriveAnyClass #-} -{-# LANGUAGE PatternGuards #-} +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} -- | -- Copyright : (c) 2019 Robert Künnemann -- License : GPL v3 (see LICENSE) @@ -13,265 +8,18 @@ -- Portability : GHC only -- -- Data types for SAPIC processes in theories -{-# LANGUAGE FlexibleInstances #-} module Theory.Sapic ( - Process - , ProcessCombinator(..) - , AnProcess(..) - , ProcessParsedAnnotation(..) - , SapicAction(..) - , SapicTerm - , paddAnn - , applyProcess - , pfoldMap - , ProcessPosition - , lhsP - , rhsP - , prettySapic' - , prettySapicAction' - , prettySapicComb - , prettySapicTopLevel' - , prettyPosition - , LetExceptions (..) - , prettyLetExceptions - , descendant + -- convenience exports + module Theory.Sapic.Term + , module Theory.Sapic.Process + , module Theory.Sapic.Annotation + , module Theory.Sapic.Position + , module Theory.Sapic.Substitution + , module Theory.Sapic.PlainProcess ) where - -import Data.Binary -import Data.Data -import Data.List -import GHC.Generics (Generic) -import Control.Parallel.Strategies -import Theory.Model.Fact -import Theory.Model.Formula -import Term.LTerm -import Term.Substitution -import Theory.Text.Pretty -import Control.Monad.Catch -import qualified Control.Monad.Fail as Fail - --- | A process data structure --- | In general, terms we use in the translation have logical veriables -type SapicTerm = LNTerm - --- | Actions are parts of the process that maybe connected with ";" -data SapicAction = - Rep - | New LVar - | ChIn (Maybe SapicTerm) SapicTerm - | ChOut (Maybe SapicTerm) SapicTerm - | Insert SapicTerm SapicTerm - | Delete SapicTerm - | Lock SapicTerm - | Unlock SapicTerm - | Event LNFact - | MSR ([LNFact], [LNFact], [LNFact], [SyntacticLNFormula]) - deriving( Show, Eq, Ord, Generic, NFData, Binary, Data ) - --- | When the process tree splits, it is connected with one of these connectives -data ProcessCombinator = Parallel | NDC | Cond SyntacticLNFormula - | CondEq SapicTerm SapicTerm | Lookup SapicTerm LVar - deriving (Generic, NFData, Binary, Show, Eq, Data, Ord ) - --- | The process tree is terminated with null processes, and either splits --- (parallel and other combinators) or describes a sequence of actions with --- only one daughter -data AnProcess ann = - ProcessNull ann - | ProcessComb ProcessCombinator ann (AnProcess ann) (AnProcess ann) - -- | ProcessIdentifier String ann - | ProcessAction SapicAction ann (AnProcess ann) - deriving(Generic, Data ) -deriving instance (Ord ann) => Ord (AnProcess ann) -deriving instance (NFData ann) => NFData (AnProcess ann) -deriving instance (Binary ann) => Binary (AnProcess ann) -deriving instance (Eq ann) => Eq (AnProcess ann) -deriving instance (Show ann) => Show (AnProcess ann) -deriving instance Foldable AnProcess -deriving instance Traversable AnProcess - --- This instance is useful for modifying annotations, but not for much more. -instance Functor AnProcess where - fmap f (ProcessNull an) = ProcessNull (f an) - fmap f (ProcessComb c an pl pr) = ProcessComb c (f an) (fmap f pl) (fmap f pr) - fmap f (ProcessAction a an p) = ProcessAction a (f an) (fmap f p) - -instance Apply ProcessCombinator where - apply subst c - | (Cond f) <- c = Cond $ apply subst f - | (CondEq t1 t2) <- c = CondEq (apply subst t1) (apply subst t2) - | (Lookup t v) <- c = Lookup (apply subst t) v - | otherwise = c - -data CapturedTag = CapturedIn | CapturedLookup | CapturedNew - deriving (Typeable, Show) -data LetExceptions = CapturedEx CapturedTag LVar - deriving (Typeable, Show, Exception) - -- deriving (Typeable) -instance Fail.MonadFail (Either LetExceptions) where - fail = Fail.fail - -prettyLetExceptions :: LetExceptions -> [Char] -prettyLetExceptions (CapturedEx tag v) = "Error: The variable "++ show v ++ " appears in a let-expression that is captured in " ++ pretty tag ++ ". This is likely unintend. To proceed nonetheless, please rename the variable to pat_" ++ show v ++ " throughout." - where pretty CapturedIn = "input" - pretty CapturedLookup = "lookup" - pretty CapturedNew = "new" - -applyProcessCombinatorError :: MonadThrow m => Subst Name LVar - -> ProcessCombinator -> m ProcessCombinator -applyProcessCombinatorError subst c - | (Lookup t v) <- c = if v `elem` dom subst then - throwM $ CapturedEx CapturedLookup v - else - return $ Lookup (apply subst t) v - | otherwise = return $ apply subst c - -instance Apply SapicAction where - apply subst ac - | (New v) <- ac = New v - | (ChIn mt t) <- ac = ChIn (apply subst mt) (apply subst t) - | (ChOut mt t) <- ac = ChOut (apply subst mt) (apply subst t) - | (Insert t1 t2) <- ac = Insert (apply subst t1) (apply subst t2) - | (Delete t) <- ac = Delete (apply subst t) - | (Lock t) <- ac = Lock (apply subst t) - | (Unlock t) <- ac = Unlock (apply subst t) - | (Event f) <- ac = Event (apply subst f) - | (MSR (l,a,r,rest)) <- ac = MSR (apply subst (l,a,r,rest)) - | Rep <- ac = Rep - -applySapicActionError :: MonadThrow m => - Subst Name LVar -> SapicAction -> m SapicAction -applySapicActionError subst ac - | (New v) <- ac = if v `elem` dom subst then - throwM $ CapturedEx CapturedNew v - else - return $ New v - | (ChIn mt t) <- ac, Lit (Var v) <- viewTerm t = - if v `elem` dom subst && not ( "pat_" `isPrefixOf` lvarName v) then - -- t is a single variable that is captured by the let. - -- This is likely unintended, so we warn, unless the variable starts with - -- pat_ - throwM $ CapturedEx CapturedIn v - else - return $ ChIn (apply subst mt) (apply subst t) - | otherwise = return $ apply subst ac - -instance Apply (AnProcess ann) where --- We are ignoring capturing here, use applyProcess below to get warnings. - apply _ (ProcessNull ann) = ProcessNull ann - apply subst (ProcessComb c ann pl pr) = - ProcessComb (apply subst c) ann (apply subst pl) (apply subst pr) - apply subst (ProcessAction ac ann p') = - ProcessAction (apply subst ac) ann (apply subst p') - -applyProcess :: MonadThrow m => Subst Name LVar -> AnProcess ann -> m (AnProcess ann) -applyProcess _ (ProcessNull ann) = return $ ProcessNull ann -applyProcess subst (ProcessComb c ann pl pr) = do - c' <- applyProcessCombinatorError subst c - pl' <- applyProcess subst pl - pr' <- applyProcess subst pr - return $ ProcessComb c' ann pl' pr' -applyProcess subst (ProcessAction ac ann p) = do - ac' <- applySapicActionError subst ac - p' <- applyProcess subst p - return $ ProcessAction ac' ann p' - --- | After parsing, the process is already annotated wth a list of process --- identifiers. Any identifier in this in this list was inlined to give this --- comment, e.g., --- let A = 0 --- let B = A | A --- !B --- has two Null-rules with annotation [A,B]. --- This will be helpful to recognise protocols roles and visualise them. - -data ProcessParsedAnnotation = - ProcessName String -- String used in annotation to identify processes - | ProcessLoc SapicTerm - deriving( Eq, Ord, Show, Data, Generic) -instance NFData ProcessParsedAnnotation -instance Binary ProcessParsedAnnotation -type ProcessAnnotations = [ProcessParsedAnnotation] -type Process = AnProcess ProcessAnnotations -type ProcessPosition = [Int] - --- | Positions are to be read left-to-right, 1 is left, 2 is right. -lhsP :: [Int] -> ProcessPosition -lhsP p = (p++[1]) :: ProcessPosition - -rhsP :: [Int] -> ProcessPosition -rhsP p = (p++[2]) :: ProcessPosition --- rhs :: ProcessPosition = 2 - -descendant :: Eq a => [a] -> [a] -> Bool -descendant child parent = parent `isPrefixOf` child - --- | Add another element to the existing annotations, e.g., yet another identifier. -paddAnn :: Process -> ProcessAnnotations -> Process -paddAnn (ProcessNull ann) ann' = ProcessNull $ ann `mappend` ann' -paddAnn (ProcessComb c ann pl pr ) ann' = ProcessComb c (ann `mappend` ann') pl pr -paddAnn (ProcessAction a ann p ) ann' = ProcessAction a (ann `mappend` ann') p - --- | folding on the process tree, used, e.g., for printing -pfoldMap :: Monoid a => (AnProcess ann -> a) -> AnProcess ann -> a -pfoldMap f (ProcessNull an) = f (ProcessNull an) -pfoldMap f (ProcessComb c an pl pr) = - pfoldMap f pl - `mappend` - f (ProcessComb c an pl pr) - `mappend` - pfoldMap f pr -pfoldMap f (ProcessAction a an p) = - f (ProcessAction a an p) - `mappend` - pfoldMap f p - -prettyPosition:: ProcessPosition -> String -prettyPosition = foldl (\ s n -> s ++ show n ) "" - --- | Printer for SAPIC actions. --- Note: Need to give the pretty printer for rules as a parameter as otherwise --- we would have circular dependencies. --- Instantiated in Theory.Sapic.Print later -prettySapicAction' :: - ( [LNFact] -> [LNFact] -> [LNFact] -> [SyntacticLNFormula] -> String) - -> SapicAction -> String -prettySapicAction' _ (New n) = "new "++ show n -prettySapicAction' _ Rep = "!" -prettySapicAction' _ (ChIn (Just t1) t2 ) = "in(" ++ render (prettyLNTerm t1) ++ "," ++ render ( prettyLNTerm t2) ++ ")" -prettySapicAction' _ (ChIn Nothing t2 ) = "in(" ++ render (prettyLNTerm t2) ++ ")" -prettySapicAction' _ (ChOut (Just t1) t2 ) = "out(" ++ render (prettyLNTerm t1) ++ "," ++ render (prettyLNTerm t2) ++ ")" -prettySapicAction' _ (ChOut Nothing t2 ) = "out(" ++ render (prettyLNTerm t2) ++ ")" -prettySapicAction' _ (Insert t1 t2) = "insert " ++ render (prettyLNTerm t1) ++ "," ++ render (prettyLNTerm t2) -prettySapicAction' _ (Delete t ) = "delete " ++ render (prettyLNTerm t) -prettySapicAction' _ (Lock t ) = "lock " ++ render (prettyLNTerm t) -prettySapicAction' _ (Unlock t ) = "unlock " ++ render (prettyLNTerm t) -prettySapicAction' _ (Event a ) = "event " ++ render (prettyLNFact a) -prettySapicAction' prettyRule' (MSR (p,a,c,r)) = prettyRule' p a c r - -prettySapicComb :: ProcessCombinator -> [Char] -prettySapicComb Parallel = "|" -prettySapicComb NDC = "+" -prettySapicComb (Cond a) = "if "++ render (prettySyntacticLNFormula a) -prettySapicComb (CondEq t t') = "if "++ p t ++ "=" ++ p t' - where p = render . prettyLNTerm -prettySapicComb (Lookup t v) = "lookup "++ p t ++ " as " ++ show v - where p = render . prettyLNTerm - --- | Printer for SAPIC processes.. --- TODO At the moment, the process structure is not used to properly print how --- elements are associated. --- Should do it, but then we cannot use pfoldMap anymore. -prettySapic' :: ([LNFact] -> [LNFact] -> [LNFact] -> [SyntacticLNFormula] -> String) -> AnProcess ann -> String -prettySapic' prettyRule = pfoldMap f - where f (ProcessNull _) = "0" - f (ProcessComb c _ _ _) = prettySapicComb c - f (ProcessAction Rep _ _) = prettySapicAction' prettyRule Rep - f (ProcessAction a _ _) = prettySapicAction' prettyRule a ++ ";" - --- | Printer for the top-level process, used, e.g., for rule names. -prettySapicTopLevel' :: ([LNFact] -> [LNFact] -> [LNFact] -> [SyntacticLNFormula] -> String) -> AnProcess ann -> String -prettySapicTopLevel' _ (ProcessNull _) = "0" -prettySapicTopLevel' _ (ProcessComb c _ _ _) = prettySapicComb c -prettySapicTopLevel' prettyRuleRestr (ProcessAction Rep _ _) = prettySapicAction' prettyRuleRestr Rep -prettySapicTopLevel' prettyRuleRestr (ProcessAction a _ _) = prettySapicAction' prettyRuleRestr a ++ ";" +import Theory.Sapic.Term +import Theory.Sapic.Process +import Theory.Sapic.Annotation +import Theory.Sapic.Position +import Theory.Sapic.Substitution +import Theory.Sapic.PlainProcess diff --git a/lib/theory/src/Theory/Sapic/Annotation.hs b/lib/theory/src/Theory/Sapic/Annotation.hs new file mode 100644 index 000000000..73916b420 --- /dev/null +++ b/lib/theory/src/Theory/Sapic/Annotation.hs @@ -0,0 +1,112 @@ +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE DeriveDataTypeable #-} +{-# LANGUAGE DeriveGeneric #-} +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE StandaloneDeriving #-} +-- | +-- Copyright : (c) 2021 Robert Künnemann +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- +-- Standard annotations for SAPIC processes after parsing +module Theory.Sapic.Annotation ( + -- types + ProcessParsedAnnotation(..) + -- utilities + , mapProcessParsedAnnotation + , mappendProcessParsedAnnotation + -- type classes + , GoodAnnotation(..) +,applyAnn) where + +import Data.Binary +import Data.Data +import GHC.Generics (Generic) +import Control.Parallel.Strategies +import Term.Substitution +import Theory.Sapic.Term + +-- | After parsing, the process is already annotated wth a list of process +-- identifiers. Any identifier in this in this list was inlined to give this +-- comment, e.g., +-- let A = 0 +-- let B = A | A +-- !B +-- has two Null-rules with annotation [A,B]. +-- This will be helpful to recognise protocols roles and visualise them. + +data ProcessParsedAnnotation = ProcessParsedAnnotation { + -- String used in annotation to identify processes. Always a singleton list + processnames :: [String] + -- additional information for Isolated Execution Environments feature + , location :: Maybe SapicTerm + -- substitution to rename variables in subprocess back to how the user input them. + -- 1. empty until process is renamed for uniqueness + -- 2. only applies to variables bound at this subprocess + -- 3. maps variables to variable terms + , backSubstitution :: Subst Name LVar + } + deriving (Eq, Ord, Show, Generic) +instance NFData ProcessParsedAnnotation +instance Binary ProcessParsedAnnotation + +-- deriving instance Data SapicSubst +deriving instance Data (Subst Name LVar) +deriving instance Data ProcessParsedAnnotation + +instance Monoid ProcessParsedAnnotation where + mempty = ProcessParsedAnnotation [] Nothing emptySubst + mappend p1 p2 = ProcessParsedAnnotation + (processnames p1 `mappend` processnames p2) + (case (location p1, location p2) of + (Nothing, l2) -> l2 + (l1, Nothing) -> l1 + (_, l2) -> l2) + (backSubstitution p1 `compose` backSubstitution p2) + +instance Semigroup ProcessParsedAnnotation where + (<>) p1 p2 = p1 `mappend` p2 + +-- | Any annotation that is good enough to be converted back into a Process +-- can at least recover the names of the processes used to bind +-- subprocesses +-- annotate the multiset rewrite rules with: +-- - the Name or Names of the process (e.g., [A, B] in let B = 0 let A = B | 0) +class GoodAnnotation a where + getProcessParsedAnnotation :: a -> ProcessParsedAnnotation + setProcessParsedAnnotation :: ProcessParsedAnnotation -> a -> a -- overwrites process annotation + defaultAnnotation :: a + +instance GoodAnnotation ProcessParsedAnnotation + where + getProcessParsedAnnotation = id + setProcessParsedAnnotation pn _ = pn + defaultAnnotation = mempty + +-- | apply @f to ProcessParsedAnnotation within @ann@ +mapProcessParsedAnnotation :: GoodAnnotation a => + (ProcessParsedAnnotation -> ProcessParsedAnnotation) -> a -> a +mapProcessParsedAnnotation f ann = + setProcessParsedAnnotation (f $ getProcessParsedAnnotation ann) ann + +-- | mappend (i.e., overwrite or add as needed) to processParsedAnnotation +mappendProcessParsedAnnotation :: GoodAnnotation a => ProcessParsedAnnotation -> a -> a +mappendProcessParsedAnnotation pn = mapProcessParsedAnnotation (`mappend` pn) + +applyProcessParsedAnnotation :: Apply s SapicTerm => s -> ProcessParsedAnnotation -> ProcessParsedAnnotation +applyProcessParsedAnnotation subst ann = + ann {location = fmap (apply subst) (location ann) + -- , backSubstitution = undefined + -- WARNING: we do not apply the substitution to the back + -- translation, as this is not always possible. If variables + -- are renamed, modify the backtranslation by hand. + } + +applyAnn :: (GoodAnnotation a, Apply t' SapicTerm) => t' -> a -> a +applyAnn subst = mapProcessParsedAnnotation (applyProcessParsedAnnotation subst) + +instance (Apply (Subst Name LVar) ProcessParsedAnnotation) where + apply = applyAnn diff --git a/lib/theory/src/Theory/Sapic/Pattern.hs b/lib/theory/src/Theory/Sapic/Pattern.hs new file mode 100644 index 000000000..e7d5ec9c5 --- /dev/null +++ b/lib/theory/src/Theory/Sapic/Pattern.hs @@ -0,0 +1,111 @@ +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE DeriveDataTypeable #-} + + +{-# LANGUAGE DeriveGeneric #-} + +{-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE PatternGuards #-} +-- | +-- Copyright : (c) 2019 Robert Künnemann +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- +-- Data types for SAPIC processes in theories +module Theory.Sapic.Pattern ( + -- types + PatternSapicLVar(..) + -- converters + , unpattern + , unpatternVar + -- utitlities + , validPattern + , validMSR + , extractMatchingVariables + , unextractMatchingVariables +) where + +import Data.Binary +import Data.Data +import qualified Data.Set as S +import Data.List ( group, sort ) +import GHC.Generics (Generic) +import Control.Parallel.Strategies +-- import Theory.Model.Fact +import Theory.Model.Formula +import Theory.Sapic.Term +import Term.LTerm + +-- | Pattern variables either bind new variables or match with existing +data PatternSapicLVar = PatternBind SapicLVar | PatternMatch SapicLVar + deriving( Ord, Eq, Typeable, Data, Generic, NFData, Binary, IsVar ) + +instance Show PatternSapicLVar where + show (PatternBind v) = show v + show (PatternMatch v) = "=" ++ show v + +instance Hinted PatternSapicLVar where + hint (PatternBind v) = hint v + hint (PatternMatch v) = hint v + +-- | Translate Pattern into term +unpattern :: SapicNTerm PatternSapicLVar -> SapicNTerm SapicLVar +unpattern = fmap (fmap unpatternVar) + +unpatternVar :: PatternSapicLVar -> SapicLVar +unpatternVar (PatternBind v) = v +unpatternVar (PatternMatch v) = v + +-- | Check a pattern for validity w.r.t. a set of variables or names that are +-- already bound, i.e., +-- 1. no variable that is already bound should occur as PatternBind +-- 2. no variable that already occurs as PatternMatch should occur as PatternBind +-- 3. a variable should not be bound twice. +validPattern :: S.Set SapicLVar -> Term (Lit n PatternSapicLVar) -> Bool +validPattern alreadyBound pt = (alreadyBound `S.union` matched) `S.disjoint` tobind && duplicate tobind' + where + (tobind',matched') = freesPatternSapicLVar pt + tobind = S.fromList tobind' + matched = S.fromList matched' + duplicate = not . any ((>1) . length) . group . sort + +-- | Check an MSR (l,a,r) with a pattern on the lhs for validity: +-- 1. a and r do not contain "=" +-- 2. variables in l are either matched or bound but not both +-- 3. l does not rebind variables +validMSR :: (Foldable t1, Foldable t2) => S.Set SapicLVar -> (t1 (t2 (VTerm n1 PatternSapicLVar)), t1 (t2 (VTerm n2 PatternSapicLVar)), t1 (t2 (VTerm n3 PatternSapicLVar))) -> Bool +validMSR alreadyBound (l,a,r) + | (tobind_l',matched_l') <- freesPatternFactList l + , (_,[]) <- freesPatternFactList a + , (_,[]) <- freesPatternFactList r + , matched_l <- S.fromList matched_l' + , tobind_l <- S.fromList tobind_l' + = (alreadyBound `S.union` matched_l) `S.disjoint` tobind_l + | otherwise = False + where + freesPatternFactList = foldMap (foldMap freesPatternSapicLVar) + + +extractMatchingVariables :: SapicNTerm PatternSapicLVar -> S.Set SapicLVar +extractMatchingVariables pt = S.fromList $ foldMap (foldMap isPatternMatch) pt + where + isPatternMatch (PatternMatch v) = [v] + isPatternMatch (PatternBind _) = [] + +-- | Transform term and list of variables to pattern term with those variables bound +unextractMatchingVariables :: S.Set SapicLVar -> SapicTerm -> SapicNTerm PatternSapicLVar +unextractMatchingVariables vs = fmap (fmap f) + where + f v = if v `elem` vs then PatternMatch v else PatternBind v + + +-- | list of variables that occur in pattern term. +-- guarantees to capture them from right to left, including duplicates. +freesPatternSapicLVar :: VTerm n PatternSapicLVar -> ([SapicLVar], [SapicLVar]) +freesPatternSapicLVar pt = foldr f ([],[]) (freesSapicTerm pt) + where + f (PatternBind v) (bs,ms) = (v:bs,ms) + f (PatternMatch v) (bs,ms) = (bs,v:ms) diff --git a/lib/theory/src/Theory/Sapic/PlainProcess.hs b/lib/theory/src/Theory/Sapic/PlainProcess.hs new file mode 100644 index 000000000..e6cb4b63c --- /dev/null +++ b/lib/theory/src/Theory/Sapic/PlainProcess.hs @@ -0,0 +1,8 @@ +module Theory.Sapic.PlainProcess + +where + +import Theory.Sapic.Process +import Theory.Sapic.Annotation + +type PlainProcess = LProcess ProcessParsedAnnotation diff --git a/lib/theory/src/Theory/Sapic/Position.hs b/lib/theory/src/Theory/Sapic/Position.hs new file mode 100644 index 000000000..0ac96ffbc --- /dev/null +++ b/lib/theory/src/Theory/Sapic/Position.hs @@ -0,0 +1,35 @@ +-- Copyright : (c) 2021 Robert Künnemann +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- +-- Positions within SAPIC processes +module Theory.Sapic.Position ( + -- types + ProcessPosition + -- utitlities + , lhsP + , rhsP + , descendant + -- pretty printing + , prettyPosition +) where + +import Data.List ( isPrefixOf ) + +type ProcessPosition = [Int] + +-- | Positions are to be read left-to-right, 1 is left, 2 is right. +lhsP :: [Int] -> ProcessPosition +lhsP p = (p++[1]) :: ProcessPosition + +rhsP :: [Int] -> ProcessPosition +rhsP p = (p++[2]) :: ProcessPosition +-- rhs :: ProcessPosition = 2 + +descendant :: Eq a => [a] -> [a] -> Bool +descendant child parent = parent `isPrefixOf` child + +prettyPosition:: ProcessPosition -> String +prettyPosition = foldl (\ s n -> s ++ show n ) "" \ No newline at end of file diff --git a/lib/theory/src/Theory/Sapic/Print.hs b/lib/theory/src/Theory/Sapic/Print.hs index 62603ff3a..c0529114b 100644 --- a/lib/theory/src/Theory/Sapic/Print.hs +++ b/lib/theory/src/Theory/Sapic/Print.hs @@ -9,10 +9,9 @@ module Theory.Sapic.Print ( Process , ProcessCombinator(..) - , AnProcess(..) , SapicAction(..) , SapicTerm - , paddAnn + , processAddAnnotation , pfoldMap , prettySapic , prettySapicAction @@ -22,27 +21,36 @@ module Theory.Sapic.Print ( , prettyPosition ) where --- import Data.Binary --- import GHC.Generics (Generic) --- import Control.Parallel.Strategies --- import Data.Foldable import Theory.Model.Fact import Theory.Model.Rule import Theory.Model.Formula import Theory.Sapic --- import Term.LTerm +import Term.LTerm import Theory.Text.Pretty +import Theory.Sapic.Pattern +import qualified Data.Set as S +import Theory.Model.Atom ( SyntacticSugar ) - -rulePrinter :: [LNFact] -> [LNFact] -> [LNFact] -> [SyntacticLNFormula] -> String -rulePrinter l a r res = render $ prettyRuleRestr l a r res +-- | pretty-print rules using a generic fact pretty-printer (based on show) +rulePrinter :: [Fact SapicTerm] + -> [Fact SapicTerm] + -> [Fact SapicTerm] + -> [ProtoFormula SyntacticSugar (String, LSort) Name SapicLVar] + -> S.Set SapicLVar + -> String +rulePrinter l a r res mv = render $ prettyRuleRestrGen ppFact ppRes l' (toPat a) (toPat r) res + where + ppFact = prettyFact $ prettyTerm $ text . show + ppRes = prettySyntacticLNFormula . toLFormula + l' = fmap (fmap (unextractMatchingVariables mv)) l + toPat = fmap (fmap (unextractMatchingVariables mempty)) -- | Instantiate printers with rulePrinter from Theory.Text.Pretty -prettySapicAction :: SapicAction -> String +prettySapicAction :: LSapicAction -> String prettySapicAction = prettySapicAction' rulePrinter -prettySapic :: AnProcess ann -> String +prettySapic :: (Document d) => LProcess ann -> d prettySapic = prettySapic' rulePrinter -prettySapicTopLevel :: AnProcess ann -> String +prettySapicTopLevel :: LProcess ann -> String prettySapicTopLevel = prettySapicTopLevel' rulePrinter diff --git a/lib/theory/src/Theory/Sapic/Process.hs b/lib/theory/src/Theory/Sapic/Process.hs new file mode 100644 index 000000000..ec407b4da --- /dev/null +++ b/lib/theory/src/Theory/Sapic/Process.hs @@ -0,0 +1,518 @@ +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE DeriveDataTypeable #-} +{-# LANGUAGE StandaloneDeriving #-} + +{-# LANGUAGE DeriveGeneric #-} +{-# LANGUAGE DeriveTraversable #-} +{-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE PatternGuards #-} +-- | +-- Copyright : (c) 2019 Robert Künnemann +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- +-- Data types for SAPIC processes in theories +{-# LANGUAGE FlexibleContexts #-} +{-# LANGUAGE UndecidableInstances #-} +module Theory.Sapic.Process ( + -- types + Process(..) + , ProcessCombinator(..) + , SapicAction(..) + , LSapicAction + , LProcessCombinator + , LProcess + -- utitlities + , foldProcess + , foldMProcess + , traverseTermsAction + , traverseTermsComb + , pfoldMap + , mapTerms + , mapTermsAction + , mapTermsComb + , applyM + , processAddAnnotation + , varsProc + -- pretty printing + , prettySapic' + , prettySapicAction' + , prettySapicComb + , prettySapicTopLevel' + -- exception type for lets + , LetExceptions (..) + , prettyLetExceptions + ,traverseProcess) where + +import Data.Binary +import Data.Data +import Data.Set hiding (map, union) +import qualified Data.Set as Set (map) +import GHC.Generics (Generic) +import Control.Parallel.Strategies +import Term.Substitution +import Theory.Text.Pretty +import Data.List +import Control.Monad.Catch +import Theory.Sapic.Term +import Theory.Sapic.Substitution +import Theory.Sapic.Annotation +import Theory.Sapic.Pattern ( unextractMatchingVariables ) + +-- | Actions are parts of the process that maybe connected with ";" +data SapicAction v = + Rep + | New v + | ChIn { inChan:: Maybe (SapicNTerm v), inMsg::SapicNTerm v, inMatch::Set v} + | ChOut (Maybe (SapicNTerm v)) (SapicNTerm v) + | Insert (SapicNTerm v) (SapicNTerm v) + | Delete (SapicNTerm v) + | Lock (SapicNTerm v) + | Unlock (SapicNTerm v) + | Event (SapicNFact v) + | MSR { iPrems :: [SapicNFact v] + , iActs :: [SapicNFact v] + , iConcs :: [SapicNFact v] + , iRest :: [SapicNFormula v] + , iMatch :: Set v} + deriving (Foldable) + +deriving instance (Show v) => Show (SapicAction v) +deriving instance (Eq v) => Eq (SapicAction v) +deriving instance (Ord v) => Ord (SapicAction v) +deriving instance (Generic v) => Generic (SapicAction v) +deriving instance (NFData v, Generic v) => NFData (SapicAction v) +deriving instance (Binary v, Generic v) => Binary (SapicAction v) +deriving instance (Data v, Generic v, Ord v) => Data (SapicAction v) + +-- | When the process tree splits, it is connected with one of these connectives +data ProcessCombinator v = Parallel | NDC | Cond (SapicNFormula v) + | CondEq (SapicNTerm v) (SapicNTerm v) | Lookup (SapicNTerm v) v + | Let { letLeft :: SapicNTerm v, letRight :: SapicNTerm v, letMatch :: Set v} + | ProcessCall String [SapicNTerm v] + deriving (Foldable) + +deriving instance (Show v) => Show (ProcessCombinator v) +deriving instance (Eq v) => Eq (ProcessCombinator v) +deriving instance (Ord v) => Ord (ProcessCombinator v) +deriving instance (Generic v) => Generic (ProcessCombinator v) +deriving instance (NFData v, Generic v) => NFData (ProcessCombinator v) +deriving instance (Binary v, Generic v) => Binary (ProcessCombinator v) +deriving instance (Data v, Generic v, Ord v) => Data (ProcessCombinator v) + +-- | The process tree is terminated with null processes, and either splits +-- (parallel and other combinators) or describes a sequence of actions with +-- only one daughter +data Process ann v = + ProcessNull ann + | ProcessComb (ProcessCombinator v) ann (Process ann v) (Process ann v) + | ProcessAction (SapicAction v) ann (Process ann v) + deriving(Generic, Data) + +type LSapicAction = SapicAction SapicLVar +type LProcessCombinator = ProcessCombinator SapicLVar +type LProcess ann = Process ann SapicLVar + +deriving instance (Eq ann, Eq v) => Eq (Process ann v) +deriving instance (Ord ann, Ord v) => Ord (Process ann v) +deriving instance (NFData ann) => NFData (LProcess ann) +deriving instance (Binary ann) => Binary (LProcess ann) +deriving instance (Show ann, Show v) => Show (Process ann v) +-- deriving instance Functor (Process ann) +deriving instance Foldable (Process ann) + +-- | map over a process: @mapTerms ft ff fv@ applies @ft@ to terms, @ff@ to formulas and @fv@ to variables +mapTerms :: (Ord v) => (SapicNTerm t -> SapicNTerm v) + -> (SapicNFormula t -> SapicNFormula v) + -> (t -> v) + -> Process ann t + -> Process ann v +mapTerms _ _ _ (ProcessNull ann) = ProcessNull ann +mapTerms f ff fv (ProcessAction ac ann p') = ProcessAction (mapTermsAction f ff fv ac) ann (mT p') + where mT = mapTerms f ff fv +mapTerms f ff fv (ProcessComb c ann pl pr) = ProcessComb (mapTermsComb f ff fv c) ann (mT pl) (mT pr) + where mT = mapTerms f ff fv + +mapTermsAction :: (Ord v) => (SapicNTerm t -> SapicNTerm v) + -> (SapicNFormula t -> SapicNFormula v) + -> (t -> v) + -> SapicAction t + -> SapicAction v +mapTermsAction f ff fv ac + | (New v) <- ac = New (fv v) + | (ChIn mt t mv) <- ac = ChIn (fmap f mt) (f t) (Set.map fv mv) + | (ChOut mt t) <- ac = ChOut (fmap f mt) (f t) + | (Insert t1 t2) <- ac = Insert (f t1) (f t2) + | (Delete t) <- ac = Delete (f t) + | (Lock t) <- ac = Lock (f t) + | (Unlock t) <- ac = Unlock (f t) + | (Event fa) <- ac = Event (fmap f fa) + | (MSR l a r rest mv) <- ac = MSR (f2mapf l) (f2mapf a) (f2mapf r) (fmap ff rest) (Set.map fv mv) + | Rep <- ac = Rep + where f2mapf = fmap $ fmap f + +mapTermsComb :: (Ord v) => (SapicNTerm t -> SapicNTerm v) + -> (SapicNFormula t -> SapicNFormula v) + -> (t -> v) + -> ProcessCombinator t + -> ProcessCombinator v +mapTermsComb f ff fv c + | (Cond fa) <- c = Cond $ ff fa + | (CondEq t1 t2) <- c = CondEq (f t1) (f t2) + | (Let t1 t2 vs) <- c = Let (f t1) (f t2) (Set.map fv vs) + | (Lookup t v) <- c = Lookup (f t) (fv v) + | Parallel <- c = Parallel + | NDC <- c = NDC + | ProcessCall s ts <- c = ProcessCall s (map f ts) + +-- | fold a process: apply @fNull@, @fAct@, @fComb@ on accumulator and action, +-- annotation and nothing/action/combinator to obtain new accumulator to apply +-- to subprocess. @gAct@ and @gComb@ reconstruct result, e.g., process from +-- accumulator and result of subprocess(es). @fNulL@ directly outputs result. +foldProcess :: (t1 -> t2 -> t3) + -> (t1 -> t2 -> SapicAction v -> t1) + -> (t1 -> t2 -> ProcessCombinator v -> t1) + -> (t1 -> t2 -> t3 -> SapicAction v -> t3) + -> (t1 -> t2 -> t3 -> t3 -> ProcessCombinator v -> t3) + -> t1 + -> Process t2 v + -> t3 +foldProcess fNull fAct fComb gAct gComb a p + | (ProcessNull ann) <- p = fNull a ann + | (ProcessAction ac ann p') <- p = + let a' = fAct a ann ac -- 1. update accumulator + r = foldProcess fNull fAct fComb gAct gComb a' p' -- 2. process subtree with updated acculator + in + gAct a' ann r ac -- 3. reconstruct result from accumulator and subtree's result + | (ProcessComb c ann pl pr) <- p = + let a' = fComb a ann c + rl = foldProcess fNull fAct fComb gAct gComb a' pl + rr = foldProcess fNull fAct fComb gAct gComb a' pr + in + gComb a' ann rl rr c + +foldMProcess :: Monad m => + (t1 -> t2 -> m t3) + -> (t1 -> t2 -> SapicAction v -> m t1) + -> (t1 -> t2 -> ProcessCombinator v -> m t1) + -> (t1 -> SapicAction v -> t2 -> t3 -> m t3) + -> (t1 -> ProcessCombinator v -> t2 -> t3 -> t3 -> m t3) + -> t1 + -> Process t2 v + -> m t3 +foldMProcess fNull fAct fComb gAct gComb a p + | (ProcessNull ann) <- p = fNull a ann + | (ProcessAction ac ann p') <- p = do + a' <- fAct a ann ac -- 1. update accumulator + p''<- foldMProcess fNull fAct fComb gAct gComb a' p' -- 2. process subtree with updated acculator + gAct a' ac ann p'' -- 3. reconstruct result from accumulator and subtree's result + | (ProcessComb c ann pl pr) <- p = do + a' <- fComb a ann c + rl <- foldMProcess fNull fAct fComb gAct gComb a' pl + rr <- foldMProcess fNull fAct fComb gAct gComb a' pr + gComb a' c ann rl rr + +-- | Traverses process. Simplified variant of @foldMProcces@ that avoids +-- accumulator (use state monad for that.) +traverseProcess :: Monad m => (t1 -> m t2) -> (t1 -> SapicAction v -> m ()) -> + (t1 -> ProcessCombinator v -> m ()) -> (SapicAction v -> t1 -> t2 -> m t2) -> + (ProcessCombinator v -> t1 -> t2 -> t2 -> m t2) -> Process t1 v -> m t2 +traverseProcess fNull fAct fComb gAct gComb p + | (ProcessNull ann) <- p = fNull ann + | (ProcessAction ac ann p') <- p = do + fAct ann ac -- 1. act on current process, potentially updating state + p''<- traverseProcess fNull fAct fComb gAct gComb p' -- 2. process subtree with updated trace + gAct ac ann p'' -- 3. reconstruct result from state and subtree's result + | (ProcessComb c ann pl pr) <- p = do + fComb ann c + rl <- traverseProcess fNull fAct fComb gAct gComb pl + rr <- traverseProcess fNull fAct fComb gAct gComb pr + gComb c ann rl rr + +-- | Traverse a set. We need this because the typeclass Traverse does not apply to sets, +-- because that would require Functor to apply, which is in contradiction to +-- Data.Set requiring it's elements to have Ord. +traverseSet :: (Eq a1, Applicative f) => (a2 -> f a1) -> Set a2 -> f (Set a1) +traverseSet f vs = fromAscList <$> traverse f (toAscList vs) + +traverseTermsAction :: (Eq v, Applicative f) => + (SapicNTerm t -> f (SapicNTerm v)) + -> (SapicNFormula t -> f (SapicNFormula v)) + -> (t -> f v) + -> SapicAction t + -> f (SapicAction v) +traverseTermsAction ft ff fv ac + -- | (New v) <- ac = (New . termVar') <$> ft (varTerm v) + | (New v) <- ac = New <$> fv v + | (ChIn mt t vs) <- ac = ChIn <$> traverse ft mt <*> ft t <*> traverseSet fv vs + | (ChOut mt t) <- ac = ChOut<$> traverse ft mt <*> ft t + | (Insert t1 t2) <- ac = Insert <$> ft t1 <*> ft t2 + | (Delete t) <- ac = Delete <$> ft t + | (Lock t) <- ac = Lock <$> ft t + | (Unlock t) <- ac = Unlock <$> ft t + | (Event fa) <- ac = Event <$> traverse ft fa + | (MSR l a r rest mv) <- ac = + MSR + <$> + t2f l + <*> t2f a + <*> t2f r + <*> traverse ff rest + <*> traverseSet fv mv + | Rep <- ac = pure Rep + where t2f = traverse (traverse ft) + +traverseTermsComb :: (Applicative f, Eq v) => + (SapicNTerm a2 -> f (SapicNTerm v)) + -> (SapicNFormula a2 -> f (SapicNFormula v)) + -> (a2 -> f v) + -> ProcessCombinator a2 + -> f (ProcessCombinator v) +traverseTermsComb ft ff fv c + | (Cond fa) <- c = Cond <$> ff fa + | (CondEq t1 t2) <- c = CondEq <$> ft t1 <*> ft t2 + | (Let t1 t2 vs) <- c = Let <$> ft t1 <*> ft t2 <*> traverseSet fv vs + | (Lookup t v) <- c = Lookup <$> ft t <*> fv v + | Parallel <- c = pure Parallel + | NDC <- c = pure NDC + | ProcessCall s ts <- c = ProcessCall s <$> traverse ft ts + +-- | folding on the process tree, used, e.g., for printing +pfoldMap :: Monoid a => (Process ann v -> a) -> Process ann v -> a +pfoldMap f (ProcessNull an) = f (ProcessNull an) +pfoldMap f (ProcessComb c an pl pr) = + pfoldMap f pl + `mappend` + f (ProcessComb c an pl pr) + `mappend` + pfoldMap f pr +pfoldMap f (ProcessAction a an p) = + f (ProcessAction a an p) + `mappend` + pfoldMap f p + +------------------------- +-- Applying substitutions ( no error messages ) +------------------------- + +-- | extracts the variables from all resulting terms. E.g., when we try to match +-- x and y, and substitute x-> and y->v3, we now match v1,v2 and v3. +applyMatchVars :: IsVar a => Subst c a -> Set a -> Set a +-- applyMatchVars = applyMatchVars' id +applyMatchVars subst = fromList . concatMap extractVars . toList + where + extractVars v = -- all variables that are bound by sigma(v), or [v] if undef + maybe [v] varsVTerm (imageOf subst v) + +-- | Same as applyMatchVars, but uses f to perform the substitution, for generality +-- f is intended to be `apply subst`, but we want to avoid having the type constraints here. +applyMatchVars' :: Ord v => (VTerm n v -> VTerm n v) -> Set v -> Set v +applyMatchVars' f = fromList . concatMap extractVars . toList + where + extractVars = varsVTerm . f . varTerm + + +instance Apply SapicSubst (SapicAction SapicLVar) where + apply subst (ChIn mt t vs) = ChIn (apply subst mt) (apply subst t) (applyMatchVars subst vs) + apply subst ac = mapTermsAction (apply subst) (apply subst) (apply subst) ac + +-- | Substitute for LVars, ignoring types +instance {-# OVERLAPPABLE #-} (Ord v, Apply s v) => Apply s (SapicAction v) where + apply subst (ChIn mt t vs) = ChIn (apply subst mt) (f t) (applyMatchVars' f vs) + where + f = apply subst -- to fix the type of the instance of apply that applyMatchVars' gets, use the same as for term t + apply subst ac = mapTermsAction (apply subst) (apply subst) (apply subst) ac + +instance Apply SapicSubst (ProcessCombinator SapicLVar) where + apply subst (Let t1 t2 vs) + = Let (apply subst t1) (apply subst t2) (applyMatchVars subst vs) + apply subst c + = mapTermsComb (apply subst) (apply subst) (apply subst) c + +-- | Substitute for LVars, ignoring types +instance {-# OVERLAPPABLE #-} (Ord v, Apply s v) => Apply s (ProcessCombinator v) where + apply subst (Let t1 t2 vs) + = Let (f t1) (f t2) (applyMatchVars' f vs) + where f = apply subst -- use same instance of Apply for t2 and applyMatchVars' + apply subst c + = mapTermsComb (apply subst) (apply subst) (apply subst) c + +instance (Apply SapicSubst ann) => Apply SapicSubst (LProcess ann) where +-- We are ignoring capturing here, use applyM below to get warnings. + apply _ (ProcessNull ann) = ProcessNull ann + apply subst (ProcessComb c ann pl pr) = + ProcessComb (apply subst c) (apply subst ann) (apply subst pl) (apply subst pr) + apply subst (ProcessAction ac ann p') = + ProcessAction (apply subst ac) (apply subst ann) (apply subst p') + +-- | Substitute for LVars, ignoring types +instance {-# OVERLAPPABLE #-} (Ord v, Apply s v, Apply s ann) => Apply s (Process ann v) where + apply _ (ProcessNull ann) = ProcessNull ann + apply subst (ProcessComb c ann pl pr) = + ProcessComb (apply subst c) (apply subst ann) (apply subst pl) (apply subst pr) + apply subst (ProcessAction ac ann p') = + ProcessAction (apply subst ac) (apply subst ann) (apply subst p') + +-- | Get all variables for a process +varsProc :: (Ord v, Show v) => Process ann v -> Set v +varsProc = foldMap Data.Set.singleton -- foldProcess fNull fAct fComb gAct gComb empty p + +------------------------- +-- Applying substitutions ( with error messages ) +------------------------- + +data CapturedTag = CapturedIn | CapturedLookup | CapturedNew + deriving (Typeable, Show) +data LetExceptions = CapturedEx CapturedTag SapicLVar + deriving (Typeable, Show, Exception) + -- deriving (Typeable) + +prettyLetExceptions :: LetExceptions -> String +prettyLetExceptions (CapturedEx tag v) = "Error: The variable "++ show v ++ " appears in a let-expression that is captured in " ++ pretty tag ++ ". This is likely unintend. To proceed nonetheless, please rename the variable to pat_" ++ show v ++ " throughout." + where pretty CapturedIn = "input" + pretty CapturedLookup = "lookup" + pretty CapturedNew = "new" + +-- | `applyMatchVars subst vs` applies the substitution to each v in vs and + +instance ApplyM SapicSubst (ProcessCombinator SapicLVar) + where + applyM subst c + | (Lookup t v) <- c = if v `elem` dom subst then + throwM $ CapturedEx CapturedLookup v + else + return $ Lookup (apply subst t) v + | otherwise = return $ apply subst c + + +instance ApplyM SapicSubst (SapicAction SapicLVar) + where + applyM subst ac + | (New v) <- ac = if v `elem` dom subst then + throwM $ CapturedEx CapturedNew v + else + return $ New v + | (ChIn mt t vs) <- ac, Lit (Var v) <- viewTerm t = + if v `elem` dom subst && not ( "pat_" `isPrefixOf` lvarName' v) then + -- t is a single variable that is captured by the let. + -- This is likely unintended, so we warn, unless the variable starts with + -- pat_ + throwM $ CapturedEx CapturedIn v + else + return $ ChIn (apply subst mt) (apply subst t) (applyMatchVars subst vs) + | otherwise = return $ apply subst ac + where lvarName' (SapicLVar v _ ) = lvarName v + + +instance (GoodAnnotation ann) => ApplyM SapicSubst (LProcess ann) + where + applyM _ (ProcessNull ann) = return $ ProcessNull ann + applyM subst (ProcessComb c ann pl pr) = do + c' <- applyM subst c + ann' <- applyM subst ann + pl' <- applyM subst pl + pr' <- applyM subst pr + return $ ProcessComb c' ann' pl' pr' + applyM subst (ProcessAction ac ann p) = do + ac' <- applyM subst ac + ann' <- applyM subst ann + p' <- applyM subst p + return $ ProcessAction ac' ann' p' + +-- | Add another element to the existing annotations, e.g., yet another identifier. +processAddAnnotation :: Monoid ann => Process ann v -> ann -> Process ann v +-- processAddAnnotation :: PlainProcess -> ProcessParsedAnnotation -> PlainProcess +processAddAnnotation (ProcessNull ann) ann' = ProcessNull $ ann `mappend` ann' +processAddAnnotation (ProcessComb c ann pl pr ) ann' = ProcessComb c (ann `mappend` ann') pl pr +processAddAnnotation (ProcessAction a ann p ) ann' = ProcessAction a (ann `mappend` ann') p + +------------------------- +-- Pretty-printing for exceptions etc. (see Theory.Sapic.Print for nicer printing) +------------------------- + + +prettyPattern' :: Document c => Set SapicLVar -> SapicTerm -> c +prettyPattern' vs = prettySapicTerm . unextractMatchingVariables vs + +-- | Printer for SAPIC actions. +-- Note: Need to give the pretty printer for rules as a parameter as otherwise +-- we would have circular dependencies. +-- Instantiated in Theory.Sapic.Print later +prettySapicAction' :: ([SapicNFact SapicLVar] + -> [SapicNFact SapicLVar] + -> [SapicNFact SapicLVar] + -> [SapicNFormula SapicLVar] + -> Set SapicLVar + -> [Char]) + -> SapicAction SapicLVar -> [Char] +prettySapicAction' _ (New n) = "new "++ show n +prettySapicAction' _ Rep = "!" +prettySapicAction' _ (ChIn (Just t1) t2 vs) = "in(" ++ render (prettySapicTerm t1) ++ "," ++ render (prettyPattern' vs t2) ++ ")" +prettySapicAction' _ (ChIn Nothing t2 vs ) = "in(" ++ render (prettyPattern' vs t2) ++ ")" +prettySapicAction' _ (ChOut (Just t1) t2 ) = "out(" ++ render (prettySapicTerm t1) ++ "," ++ render (prettySapicTerm t2) ++ ")" +prettySapicAction' _ (ChOut Nothing t2 ) = "out(" ++ render (prettySapicTerm t2) ++ ")" +prettySapicAction' _ (Insert t1 t2) = "insert " ++ render (prettySapicTerm t1) ++ "," ++ render (prettySapicTerm t2) +prettySapicAction' _ (Delete t ) = "delete " ++ render (prettySapicTerm t) +prettySapicAction' _ (Lock t ) = "lock " ++ render (prettySapicTerm t) +prettySapicAction' _ (Unlock t ) = "unlock " ++ render (prettySapicTerm t) +prettySapicAction' _ (Event a ) = "event " ++ render (prettySapicFact a) +prettySapicAction' prettyRule' (MSR p a c r mv) = prettyRule' p a c r mv + +prettySapicComb :: ProcessCombinator SapicLVar -> String +prettySapicComb Parallel = "|" +prettySapicComb NDC = "+" +prettySapicComb (Cond a) = "if "++ render (prettySyntacticSapicFormula a) +prettySapicComb (CondEq t t') = "if "++ p t ++ "=" ++ p t' + where p = render . prettySapicTerm +prettySapicComb (Let t t' vs) = "let "++ p' t ++ "=" ++ p t' + where p = render . prettySapicTerm + p'= render . prettyPattern' vs +prettySapicComb (Lookup t v) = "lookup "++ p t ++ " as " ++ show v + where p = render . prettySapicTerm +prettySapicComb (ProcessCall s ts) = s ++ "("++ p ts ++ ")" + where p pts = render $ + fsep (punctuate comma (map prettySapicTerm pts)) + +prettySapic' :: (Document d) => ([SapicNFact SapicLVar] + -> [SapicNFact SapicLVar] + -> [SapicNFact SapicLVar] + -> [SapicNFormula SapicLVar] + -> Set SapicLVar + -> String) + -> Process ann SapicLVar -> d +prettySapic' ppRR p + | (ProcessNull _) <- p = text "0" + | (ProcessComb c@ProcessCall {} _ _ _) <- p = text $ prettySapicComb c + | (ProcessComb c _ pl pr) <- p = r pl <-> text (prettySapicComb c) <-> r pr + | (ProcessAction Rep _ p') <- p = ppAct Rep <> parens (r p') + | (ProcessAction a _ (ProcessNull _)) <- p = ppAct a + | (ProcessAction a _ p'@ProcessComb {}) <- p = ppAct a <> semi $-$ nest 1 (parens (r p')) + | (ProcessAction a _ p') <- p = ppAct a <> semi $-$ r p' + where + r = prettySapic' ppRR -- recursion shortcut + ppAct a = text (prettySapicAction' ppRR a) + +--- >>> render $ prettySapic' undefined (ProcessNull ()) +-- "0" + +--- >>> render $ semi <> semi +-- ";;" + +--- >>> render $ semi $-$ semi +-- ";\n;" + +-- | Printer for the top-level process, used, e.g., for rule names. +prettySapicTopLevel' :: ([SapicNFact SapicLVar] + -> [SapicNFact SapicLVar] + -> [SapicNFact SapicLVar] + -> [SapicNFormula SapicLVar] + -> Set SapicLVar + -> [Char]) + -> Process ann SapicLVar -> [Char] +prettySapicTopLevel' _ (ProcessNull _) = "0" +prettySapicTopLevel' _ (ProcessComb c _ _ _) = prettySapicComb c +prettySapicTopLevel' prettyRuleRestr (ProcessAction Rep _ _) = prettySapicAction' prettyRuleRestr Rep +prettySapicTopLevel' prettyRuleRestr (ProcessAction a _ _) = prettySapicAction' prettyRuleRestr a ++ ";" diff --git a/lib/theory/src/Theory/Sapic/Substitution.hs b/lib/theory/src/Theory/Sapic/Substitution.hs new file mode 100644 index 000000000..fedaea7ca --- /dev/null +++ b/lib/theory/src/Theory/Sapic/Substitution.hs @@ -0,0 +1,84 @@ +{-# LANGUAGE ViewPatterns #-} +{-# LANGUAGE StandaloneDeriving #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE FlexibleContexts #-} +module Theory.Sapic.Substitution ( + SapicSubst -- convenience export: defined in Theory.Sapic.Term + -- classes + , ApplyM (..) +) +where +import Control.Monad.Catch +import Data.Data +import Term.Substitution +import Theory.Sapic.Annotation +import Theory.Sapic.Term + +-- | Apply a substitution, but raise an error if necessary +-- class like Apply but with possibility to raise exceptions... +-- note that we have an instance for Apply (without exceptions) automatically. +class ApplyM t' t where + applyM :: (MonadThrow m) => t' -> t -> m t + +data ApplyException v t = ExSubstituteWithTerm v t +instance (Show t, Show v) => Show (ApplyException v t) + where + show (ExSubstituteWithTerm v t) = + "apply (LVar): variable '" ++ show v + ++ "' substituted with term '" ++ show t ++ "'" + +instance (Typeable v, Typeable t, Show t, Show v) => Exception (ApplyException v t) + +instance (Show c, Typeable c, Show v, IsVar v, Typeable v) => ApplyM (Subst c v) v + where + applyM subst x = case imageOf subst x of + Nothing -> return x + Just y -> extractVar y + where + extractVar (viewTerm -> Lit (Var x')) = return x' + extractVar t = + throwM $ ExSubstituteWithTerm x t + +-- TODO remove! +-- NOTE: We avoid creating proper applyM instances for Lits, Terms and so, as we would +-- repeat much of the implementation for the typeclass Apply from SubstVFree.hs +-- Downside: we risk triggering errors in apply instead of getting proper exceptions +-- instance ApplyM SapicSubst SapicTerm where +-- applyM subst t = return $ apply subst t + +instance (ApplyM s v) => ApplyM s (Lit n v) where + applyM subst = mapM (applyM subst) +instance (Ord l,ApplyM s l) => ApplyM s (Term l) where + applyM subst = traverseTerm (applyM subst) +instance (ApplyM s v )=> ApplyM s (BVar v) where + applyM subst = mapM (applyM subst) + +instance {-# INCOHERENT #-} (GoodAnnotation a) => ApplyM SapicSubst a +-- INCOHERENT ensures that this instance is selected if other candidates remain (barring knowledge about the context +-- see https://ghc.readthedocs.io/en/8.0.1/glasgow_exts.html?highlight=incoherentinstances#instance-overlap) + where + applyM subst ann = do + ann' <- applyMProcessParsedAnnotation subst $ getProcessParsedAnnotation ann + return $ setProcessParsedAnnotation ann' ann + + + +-- applyMProcessParsedAnnotation :: (MonadThrow m, ApplyM t' SapicTerm, +-- ApplyM t' SapicLVar) => +-- t' -> ProcessParsedAnnotation -> m ProcessParsedAnnotation +applyMProcessParsedAnnotation :: + (MonadThrow m) => + SapicSubst -> ProcessParsedAnnotation -> m ProcessParsedAnnotation +-- applyMProcessParsedAnnotation :: (ApplyM (Map.Map SapicLVar (VTerm c SapicLVar)) SapicTerm, +-- MonadThrow m) => +-- Map.Map SapicLVar (VTerm c SapicLVar) +-- -> ProcessParsedAnnotation -> m ProcessParsedAnnotation +applyMProcessParsedAnnotation subst ann = do + loc <- mapM (applyM subst) (location ann) + return ann {location = loc + -- , backSubstitution = undefined + -- WARNING: we do not apply the substitution to the back + -- translation, as this is not always possible. If variables + -- are renamed, modify the backtranslation by hand. + } diff --git a/lib/theory/src/Theory/Sapic/Term.hs b/lib/theory/src/Theory/Sapic/Term.hs new file mode 100644 index 000000000..b09b6cc57 --- /dev/null +++ b/lib/theory/src/Theory/Sapic/Term.hs @@ -0,0 +1,176 @@ +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} +{-# LANGUAGE DeriveDataTypeable #-} +{-# LANGUAGE DeriveGeneric #-} +{-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE UndecidableInstances #-} +-- | +-- Copyright : (c) 2019 Robert Künnemann +-- License : GPL v3 (see LICENSE) +-- +-- Maintainer : Robert Künnemann +-- Portability : GHC only +-- +-- Data types for SAPIC processes in theories +{-# LANGUAGE StandaloneDeriving #-} +{-# LANGUAGE FlexibleContexts #-} +module Theory.Sapic.Term ( + -- types + SapicType + , defaultSapicTypeS + , defaultSapicType + , defaultSapicNodeType + , SapicFunType + , SapicLVar(..) + , SapicTerm + , SapicNTerm + , SapicLNFact + , SapicNFact + , SapicNFormula + , SapicFormula + , SapicFunSym + , SapicSubst + -- converters + , toLVar + , toLNTerm + , toLNFact + , toLFormula + -- utitlities + , freesSapicTerm + , freesSapicFact + , freshSapicLVarCopy + -- pretty printing + , prettySapicTerm + , prettySapicFact + , prettySyntacticSapicFormula + , prettySapicFunType +) where + +import Data.Binary +import Data.Data +import GHC.Generics (Generic) +import Control.Parallel.Strategies +import Theory.Model.Fact +import Theory.Model.Atom +import Theory.Model.Formula +import Term.Substitution +import Theory.Text.Pretty +import Data.List (intercalate) +import Control.Monad.Fresh + +-- | A process data structure + +-- | In general, terms we use in the translation have logical veriables +type SapicType = Maybe String +data SapicLVar = SapicLVar { slvar:: LVar, stype:: SapicType} + deriving( Ord, Eq, Typeable, Data, Generic, NFData, Binary, IsVar ) + +type LNTTerm = VTerm Name SapicLVar +type SapicNTerm v = VTerm Name v +type SapicTerm = LNTTerm +type SapicNFact v = Fact (SapicNTerm v) +type SapicLNFact = Fact SapicTerm +type SapicNFormula v = ProtoFormula SyntacticSugar (String, LSort) Name v +type SapicFormula = ProtoFormula SyntacticSugar (String, LSort) Name SapicLVar + +-- | Function symbol (f,l,r) with argument types l and return type r +-- define only on NoEqSyms, as we will assume the others to be polymorphic +type SapicFunSym = (NoEqSym, [SapicType], SapicType) +type SapicFunType = ([SapicType], SapicType) + +-- TODO alternative definition. +-- 1. If we need to extend, switch to this tyoe +-- 2. If we are done and merge into main and have not used it, +-- then delete this comment. +-- data SapicFunSym = SapicFunSym +-- { _sfSym :: NoEqSym +-- , _sfOutType :: SapicType +-- , _sfInType :: [SapicType] +-- } +-- deriving( Eq, Ord, Show, Generic, NFData, Binary ) + +-- $(mkLabels [''SapicFunSym]) + +defaultSapicTypeS :: String +defaultSapicTypeS = "Any" +defaultSapicType :: SapicType +defaultSapicType = Nothing + +defaultSapicNodeType :: SapicType +defaultSapicNodeType = Just "node" + +-- | A substitution with names and typed logical variables. +type SapicSubst = Subst Name SapicLVar + +deriving instance Data SapicSubst + + +instance Show SapicLVar where + show (SapicLVar v (Just t)) = show v ++ ":" ++ t + show (SapicLVar v Nothing ) = show v +instance Hinted SapicLVar where + hint (SapicLVar v _) = hint v + +-- | apply substitutions on LVars ignoring (and preserving) the type +instance Apply (Subst Name LVar) SapicLVar + where + apply s (SapicLVar v t) = SapicLVar (apply s v) t + +-- | apply substitutions on SapicTerms ignoring (and preserving) the type +instance Apply (Subst Name LVar) SapicTerm + where + apply = applyVTermProj applyLit' + where + applyLit' subst (Var v) = LIT (Var (apply subst v)) + applyLit' _ (Con v) = LIT (Con v) + +prettySapicFunType :: SapicFunType -> String +prettySapicFunType (ins,out) = intercalate " * " (map show ins) ++ " -> " ++ show out + +-- | return free variabes in SapicTerm (frees from HasFrees only returns LVars) +freesSapicTerm :: VTerm n v -> [v] +freesSapicTerm = foldMap $ foldMap (: []) + +-- | return free variabes in SapicFact +---- fold over terms in fact and use freesSapicTerm to get list monoid +freesSapicFact :: Fact (VTerm n v) -> [v] +freesSapicFact = foldMap freesSapicTerm + +-- conversion functions for sapic types +toLVar:: SapicLVar -> LVar +toLVar = slvar + +toLNTerm:: SapicTerm -> LNTerm +toLNTerm = fmap f + where + f (Con c) = Con c + f (Var v) = Var $ toLVar v + +toLNFact:: SapicLNFact -> LNFact +toLNFact = fmap toLNTerm + +toLFormula:: (Functor syn) => ProtoFormula syn (String, LSort) c SapicLVar -> ProtoFormula syn (String, LSort) c LVar +toLFormula = mapAtoms f + where f _ = fmap $ fmap $ fmap $ fmap toLVar + +-- | Create fresh copy of a sapic variable +freshSapicLVarCopy :: MonadFresh m => SapicLVar -> m SapicLVar +freshSapicLVarCopy sv = do + flv <- freshLVar name sort + return sv {slvar = flv} + where + lv = toLVar sv + name = lvarName lv + sort = lvarSort lv + +-- | Pretty print an @SapicTerm@. +-- prettySapicTerm :: Document d => SapicTerm -> d +prettySapicTerm :: (Document d, Show v) => SapicNTerm v -> d +prettySapicTerm = prettyTerm (text . show) + +prettySapicFact :: Document d => Fact SapicTerm -> d +prettySapicFact = prettyFact prettySapicTerm + +prettySyntacticSapicFormula :: HighlightDocument d => ProtoFormula SyntacticSugar (String, LSort) Name SapicLVar -> d +prettySyntacticSapicFormula = prettySyntacticLNFormula . toLFormula + diff --git a/lib/theory/src/Theory/Syntactic/Predicate.hs b/lib/theory/src/Theory/Syntactic/Predicate.hs new file mode 100644 index 000000000..81496dca0 --- /dev/null +++ b/lib/theory/src/Theory/Syntactic/Predicate.hs @@ -0,0 +1,97 @@ +{-# LANGUAGE TemplateHaskell #-} +{-# LANGUAGE DeriveGeneric #-} +{-# LANGUAGE DeriveAnyClass #-} +{-# LANGUAGE PatternGuards #-} +module Theory.Syntactic.Predicate + ( + Predicate(..) + , pFact + , pFormula + , smallerFact + , builtinPredicates + ,lookupPredicate,expandFormula) +where + +-- import qualified Data.Label.Point +-- import qualified Data.Label.Poly +import Extension.Data.Label hiding (get) +import qualified Extension.Data.Label as L +import Theory.Model +import qualified Data.Set as S +import GHC.Generics +import Control.DeepSeq +import Data.Binary +import Data.List + +------------------------------------------------------------------------------ +-- Predicates +------------------------------------------------------------------------------ + +data Predicate = Predicate + { _pFact :: Fact LVar + , _pFormula :: LNFormula + } + deriving( Eq, Ord, Show, Generic, NFData, Binary ) + + +-- generate accessors for Predicate data structure records + +$(mkLabels [''Predicate]) + + +smallerFact :: t -> t -> Fact t +smallerFact t1 t2 = + Fact + { factTag = ProtoFact Linear "Smaller" 2, + factAnnotations = S.empty, + factTerms = [t1, t2] + } + +builtinPredicates :: [Predicate] +builtinPredicates = [ + Predicate + (smallerFact x y) + (hinted exists z + (Ato $ + EqE (bvt y) ( + fAppUnion (fvt x, fvt z) + ) + )) + ] + where + x = LVar "x" LSortMsg 0 + y = LVar "y" LSortMsg 0 + z = LVar "z" LSortMsg 0 + bvt = varTerm . Free + fvt = varTerm . Free + +-- | Find the predicate with the fact name in a list +lookupPredicate :: Fact t -> [Predicate] -> Maybe Predicate +lookupPredicate fact = find (sameName fact . L.get pFact) . (++ builtinPredicates) + where + sameName (Fact tag _ _) (Fact tag' _ _) = tag == tag' + +expandFormula :: [Predicate] -> ProtoFormula SyntacticSugar (String, LSort) Name LVar -> Either FactTag (ProtoFormula Unit2 (String, LSort) Name LVar) +expandFormula plist = traverseFormulaAtom f + where + f:: SyntacticAtom (VTerm Name (BVar LVar)) -> Either FactTag LNFormula + f x | Syntactic (Pred fa) <- x + , Just pr <- lookupPredicate fa plist + = return $ apply' (compSubst (L.get pFact pr) fa) (L.get pFormula pr) + + | (Syntactic (Pred fa)) <- x + , Nothing <- lookupPredicate fa plist = Left $ factTag fa + + | otherwise = return $ Ato $ toAtom x + apply' :: (Integer -> Subst Name (BVar LVar)) -> LNFormula -> LNFormula + apply' subst = mapAtoms (\i a -> fmap (applyVTerm $ subst i) a) + compSubst (Fact _ _ ts1) (Fact _ _ ts2) i = substFromList $ zip ts1' ts2' + -- ts1 varTerms that are free in the predicate definition + -- ts2 terms used in reference, need to add the number of quantifiers we added + -- to correctly dereference. + where + ts1':: [BVar LVar] + ts1' = map Free ts1 + ts2' = map (fmap $ fmap up) ts2 + up (Free v) = Free v + up (Bound i') = Bound $ i' + i \ No newline at end of file diff --git a/lib/theory/src/Theory/Text/Parser.hs b/lib/theory/src/Theory/Text/Parser.hs index a51b18d7a..d3e111a48 100644 --- a/lib/theory/src/Theory/Text/Parser.hs +++ b/lib/theory/src/Theory/Text/Parser.hs @@ -85,10 +85,9 @@ parseLemma = parseString [] "" (lemma Nothing) -- Parsing Theories ------------------------------------------------------------------------------ - liftedExpandFormula :: Catch.MonadThrow m => Theory sig c r p s -> SyntacticLNFormula -> m LNFormula -liftedExpandFormula thy = liftEitherToEx UndefinedPredicate . expandFormula thy +liftedExpandFormula thy = liftEitherToEx UndefinedPredicate . expandFormula (theoryPredicates thy) liftedExpandLemma :: Catch.MonadThrow m => Theory sig c r p1 s -> ProtoLemma SyntacticLNFormula p2 -> m (ProtoLemma LNFormula p2) @@ -219,16 +218,17 @@ theory inFile = do msig <- sig <$> getState addItems inFile0 $ set (sigpMaudeSig . thySignature) msig thy' , do thy' <- options thy - addItems inFile0 thy' - , do functions + addItems inFile0 thy' + , do fs <- functions msig <- sig <$> getState - addItems inFile0 $ set (sigpMaudeSig . thySignature) msig thy + let thy' = foldl (flip addFunctionTypingInfo) thy fs in + addItems inFile0 $ set (sigpMaudeSig . thySignature) msig thy' , do equations msig <- sig <$> getState addItems inFile0 $ set (sigpMaudeSig . thySignature) msig thy -- , do thy' <- foldM liftedAddProtoRule thy =<< transferProto --- addItems inFile0 flags thy' - , do thy' <- liftedAddRestriction thy =<< restriction +-- addItems flags thy' + , do thy' <- liftedAddRestriction thy =<< restriction msgvar nodevar addItems inFile0 thy' , do thy' <- liftedAddRestriction thy =<< legacyAxiom addItems inFile0 thy' @@ -251,16 +251,24 @@ theory inFile = do , do r <- intrRule addItems inFile0 (addIntrRuleACs [r] thy) , do c <- formalComment - addItems inFile0 (addFormalComment c thy) - , do procc <- process thy -- try parsing a process - addItems inFile0 (addProcess procc thy) -- add process to theoryitems and proceed parsing (recursive addItems inFile0 call) + addItems inFile0 (addFormalComment c thy) + , do procc <- toplevelprocess thy -- try parsing a process + addItems inFile0 (addProcess procc thy) -- add process to theoryitems and proceed parsing (recursive addItems call) , do thy' <- ((liftedAddProcessDef thy) =<<) (processDef thy) -- similar to process parsing but in addition check that process with this name is only defined once (checked via liftedAddProcessDef) addItems inFile0 thy' + , do + lem <- equivLemma thy + addItems inFile0 (modify thyItems (++ [TranslationItem lem]) thy) + , do + lem <- diffEquivLemma thy + addItems inFile0 (modify thyItems (++ [TranslationItem lem]) thy) , do thy' <- preddeclaration thy addItems inFile0 (thy') + , do thy' <- export thy + addItems inFile0 (thy') , do ifdef inFile0 thy , do define inFile0 thy - , do include inFile0 thy + , do include inFile0 thy , do return thy ] where workDir = (takeDirectory <$> inFile0) @@ -349,8 +357,9 @@ diffTheory inFile = do , do diffbuiltins msig <- sig <$> getState - addItems inFile0 $ set (sigpMaudeSig . diffThySignature) msig thy - , do functions + addItems inFile0 $ set (sigpMaudeSig . diffThySignature) msig thy + , do _ <- functions -- typing affects only SAPIC translation, hence functions + -- are only added to maude signature, but not to theory. msig <- sig <$> getState addItems inFile0 $ set (sigpMaudeSig . diffThySignature) msig thy , do equations diff --git a/lib/theory/src/Theory/Text/Parser/Accountability.hs b/lib/theory/src/Theory/Text/Parser/Accountability.hs index eca3bc857..658c9dd81 100644 --- a/lib/theory/src/Theory/Text/Parser/Accountability.hs +++ b/lib/theory/src/Theory/Text/Parser/Accountability.hs @@ -23,7 +23,7 @@ import Data.Either (lefts) -- | Parse a case test which is used in an accountability lemma. caseTest :: Parser CaseTest caseTest = CaseTest <$> (symbol "test" *> identifier) - <*> (colon *> doubleQuoted standardFormula) + <*> (colon *> doubleQuoted (standardFormula msgvar nodevar)) -- | Parse an accountability lemma. lemmaAcc :: Maybe FilePath -> Parser AccLemma @@ -34,5 +34,5 @@ lemmaAcc workDir = try $ do _ <- colon identifiers <- commaSep1 $ identifier _ <- try (symbol "accounts for") <|> symbol "account for" - formula <- doubleQuoted standardFormula + formula <- doubleQuoted $ standardFormula msgvar nodevar return $ AccLemma name (lefts attributes) identifiers [] formula diff --git a/lib/theory/src/Theory/Text/Parser/Exceptions.hs b/lib/theory/src/Theory/Text/Parser/Exceptions.hs index 63c69e41b..188132e92 100644 --- a/lib/theory/src/Theory/Text/Parser/Exceptions.hs +++ b/lib/theory/src/Theory/Text/Parser/Exceptions.hs @@ -30,7 +30,7 @@ data ParsingException = UndefinedPredicate FactTag | DuplicateItem OpenTheoryItem | TryingToAddFreshRule -instance Show ParsingException where +instance Show (ParsingException) where show (UndefinedPredicate facttag) = "undefined predicate " ++ showFactTagArity facttag -- ++ " in lemma: " @@ -41,9 +41,14 @@ instance Show ParsingException where show (DuplicateItem (RestrictionItem rstr)) = "duplicate restriction: " ++ get rstrName rstr show (DuplicateItem (TextItem _)) = undefined show (DuplicateItem (PredicateItem pr)) = "duplicate predicate: " ++ render (prettyFact prettyLVar (get pFact pr)) - show (DuplicateItem (TranslationItem (ProcessItem _))) = undefined show (DuplicateItem (TranslationItem (ProcessDefItem pDef))) = "duplicate process: " ++ get pName pDef + show (DuplicateItem (TranslationItem (ProcessItem _))) = "duplicate process item" + show (DuplicateItem (TranslationItem (FunctionTypingInfo _))) = "duplicate function typing info item" + show (DuplicateItem (TranslationItem (ExportInfoItem _))) = "duplicate exportinfo item" + show (DuplicateItem (TranslationItem (SignatureBuiltin s))) = "duplicate BuiltIn signature: " ++ show s + show (DuplicateItem (TranslationItem (DiffEquivLemma _))) = "duplicate diff equiv lemma item" + show (DuplicateItem (TranslationItem (EquivLemma _ _))) = "duplicate equiv lemma item" show TryingToAddFreshRule = "The fresh rule is implicitely contained in the theory and does not need to be added." instance Catch.Exception ParsingException @@ -57,4 +62,4 @@ liftEitherToEx constr (Left l) = Catch.throwM $ constr l liftMaybeToEx :: (Catch.MonadThrow m, Catch.Exception e) => e -> Maybe a -> m a liftMaybeToEx _ (Just r) = return r -liftMaybeToEx constr Nothing = Catch.throwM constr \ No newline at end of file +liftMaybeToEx constr Nothing = Catch.throwM constr diff --git a/lib/theory/src/Theory/Text/Parser/Formula.hs b/lib/theory/src/Theory/Text/Parser/Formula.hs index f4fbb5dfd..867fdd6da 100644 --- a/lib/theory/src/Theory/Text/Parser/Formula.hs +++ b/lib/theory/src/Theory/Text/Parser/Formula.hs @@ -27,70 +27,92 @@ import Theory.Text.Parser.Token import Theory.Text.Parser.Fact import Theory.Text.Parser.Term +import Control.Basics +smallerp :: Ord v => Parser v -> Parser (ProtoAtom SyntacticSugar (Term (Lit Name v))) +smallerp varp = do + mset <- enableMSet . sig <$> getState + unless mset (fail "Need builtins: multiset to use multiset comparisson operator.") + a <- try (termp <* opLessTerm) + b <- termp + return $ (Syntactic . Pred) $ protoFact Linear "Smaller" [a,b] + where + termp = msetterm False (vlit varp) + +------------------------------------------------------------------------------ +-- Parsing Standard and Guarded Formulas +------------------------------------------------------------------------------ -- | Parse an atom with possibly bound logical variables. -blatom :: Parser (SyntacticAtom BLTerm) -blatom = fmap (fmapTerm (fmap Free)) <$> asum +blatom :: (Hinted v, Ord v) => Parser v -> Parser v -> Parser (SyntacticAtom (VTerm Name (BVar v))) +blatom varp nodep = fmap (fmapTerm (fmap Free)) <$> asum [ Last <$> try (symbol "last" *> parens nodevarTerm) "last atom" - , flip Action <$> try (fact llit <* opAt) <*> nodevarTerm "action atom" - , Syntactic . Pred <$> try (fact llitWithNode ) "predicate atom" - -- (Predicates can be called for timepoints in addition to other logical vars) + , flip Action <$> try (fact (vlit varp) <* opAt) <*> nodevarTerm "action atom" + , Syntactic . Pred <$> try (fact (vlit (try varp <|> nodep) )) "predicate atom" + -- Predicates can be called for timepoints in addition to other logical vars. + -- Note that lexemes that are ambigous (e.g., a variable without a sort) + -- will be interpreted by varp. , Less <$> try (nodevarTerm <* opLess) <*> nodevarTerm "less atom" - , EqE <$> try (msetterm False llit <* opEqual) <*> msetterm False llit "term equality" + , smallerp varp "multiset comparisson" + , EqE <$> try (termp <* opEqual) <*> termp "term equality" , EqE <$> (nodevarTerm <* opEqual) <*> nodevarTerm "node equality" ] where - nodevarTerm = lit . Var <$> nodevar + nodevarTerm = lit . Var <$> nodep + termp = msetterm False (vlit varp) + -- | Parse an atom of a formula. -fatom :: Parser SyntacticLNFormula -fatom = asum - [ pure lfalse <* opLFalse - , pure ltrue <* opLTrue - , Ato <$> try blatom +fatom :: (Hinted v, Ord v) => Parser v -> Parser v -> Parser (SyntacticNFormula v) +fatom varp nodep = asum + [ lfalse <$ opLFalse + , ltrue <$ opLTrue + , Ato <$> try (blatom varp nodep) , quantification - , parens iff + , parens (iff varp nodep) ] where quantification = do - q <- (pure forall <* opForall) <|> (pure exists <* opExists) - vs <- many1 lvar <* dot - f <- iff + q <- (forall <$ opForall) <|> (exists <$ opExists) + vs <- many1 (try varp <|> nodep) <* dot + f <- iff varp nodep return $ foldr (hinted q) f vs -- | Parse a negation. -negation :: Parser SyntacticLNFormula -negation = opLNot *> (Not <$> fatom) <|> fatom +negation :: (Hinted v, Ord v) => Parser v -> Parser v -> Parser (SyntacticNFormula v) +negation varp nodep = opLNot *> (Not <$> fatom varp nodep) <|> fatom varp nodep -- | Parse a left-associative sequence of conjunctions. -conjuncts :: Parser SyntacticLNFormula -conjuncts = chainl1 negation ((.&&.) <$ opLAnd) +conjuncts :: (Hinted v, Ord v) => Parser v -> Parser v -> Parser (SyntacticNFormula v) +conjuncts varp nodep = chainl1 (negation varp nodep) ((.&&.) <$ opLAnd) -- | Parse a left-associative sequence of disjunctions. -disjuncts :: Parser SyntacticLNFormula -disjuncts = chainl1 conjuncts ((.||.) <$ opLOr) +disjuncts :: (Hinted v, Ord v) => Parser v -> Parser v -> Parser (SyntacticNFormula v) +disjuncts varp nodep = chainl1 (conjuncts varp nodep) ((.||.) <$ opLOr) -- | An implication. -imp :: Parser SyntacticLNFormula -imp = do - lhs <- disjuncts - asum [ opImplies *> ((lhs .==>.) <$> imp) +imp :: (Hinted v, Ord v) => Parser v -> Parser v -> Parser (SyntacticNFormula v) +imp varp nodep = do + lhs <- disjuncts varp nodep + asum [ opImplies *> ((lhs .==>.) <$> imp varp nodep) , pure lhs ] -- | An logical equivalence. -iff :: Parser SyntacticLNFormula -iff = do - lhs <- imp - asum [opLEquiv *> ((lhs .<=>.) <$> imp), pure lhs ] +-- iff :: Parser SyntacticLNFormula +-- iff :: Parser (VTerm n v) -> Parser (SyntacticFormula (String, LSort) n v) +iff :: (Hinted v, Ord v) => Parser v -> Parser v -> Parser (SyntacticNFormula v) +iff varp nodep = do + lhs <- imp varp nodep + asum [opLEquiv *> ((lhs .<=>.) <$> imp varp nodep), pure lhs ] -- | Parse a standard formula. -standardFormula :: Parser (SyntacticLNFormula) +-- standardFormula :: Parser (SyntacticLNFormula) +standardFormula :: (Hinted v, Ord v) => Parser v -> Parser v -> Parser (SyntacticNFormula v) standardFormula = iff plainFormula :: Parser LNFormula plainFormula = try $ do - lnf <- toLNFormula <$> standardFormula + lnf <- toLNFormula <$> standardFormula msgvar nodevar case lnf of Nothing -> fail "Syntactic sugar is not allowed, guarded formula expected." Just lnf' -> return lnf' diff --git a/lib/theory/src/Theory/Text/Parser/Lemma.hs b/lib/theory/src/Theory/Text/Parser/Lemma.hs index fc7757208..03021b6e2 100644 --- a/lib/theory/src/Theory/Text/Parser/Lemma.hs +++ b/lib/theory/src/Theory/Text/Parser/Lemma.hs @@ -29,6 +29,14 @@ import Theory.Text.Parser.Rule import Theory.Text.Parser.Proof import Theory.Text.Parser.Signature +import Data.Functor (($>)) + +-- | Parse an arbitrary type consisting of simple constructors +constructorp :: (Show a, Enum a, Bounded a) => Parser a +constructorp = asum $ map (\x -> symbol_ (show x) $> x) constructorList + where + constructorList = enumFrom minBound + -- | Parse a 'LemmaAttribute'. lemmaAttribute :: Bool -> Maybe FilePath -> Parser LemmaAttribute lemmaAttribute diff workDir = asum @@ -38,8 +46,9 @@ lemmaAttribute diff workDir = asum , symbol "reuse" *> pure ReuseLemma , symbol "diff_reuse" *> pure ReuseDiffLemma , symbol "use_induction" *> pure InvariantLemma - , symbol "hide_lemma=" *> (HideLemma <$> identifier) - , symbol "heuristic=" *> (LemmaHeuristic <$> many1 (goalRanking diff workDir)) + , symbol "hide_lemma" *> opEqual *> (HideLemma <$> identifier) + , symbol "heuristic" *> opEqual *> (LemmaHeuristic <$> many1 (goalRanking diff workDir)) + , symbol "output" *> opEqual *> (LemmaModule <$> list constructorp) , symbol "left" *> pure LHSLemma , symbol "right" *> pure RHSLemma -- , symbol "both" *> pure BothLemma @@ -59,9 +68,10 @@ protoLemma parseFormula workDir = skeletonLemma <$> (symbol "lemma" *> optional <*> doubleQuoted parseFormula <*> (startProofSkeleton <|> pure (unproven ())) + -- | Parse a lemma. lemma :: Maybe FilePath -> Parser (SyntacticLemma ProofSkeleton) -lemma = protoLemma standardFormula +lemma = protoLemma $ standardFormula msgvar nodevar -- | Parse a lemma w/o syntactic sugar plainLemma :: Maybe FilePath -> Parser (Lemma ProofSkeleton) @@ -71,4 +81,4 @@ plainLemma = protoLemma plainFormula diffLemma :: Maybe FilePath -> Parser (DiffLemma DiffProofSkeleton) diffLemma workDir = skeletonDiffLemma <$> (symbol "diffLemma" *> identifier) <*> (option [] $ list (lemmaAttribute True workDir)) - <*> (colon *> (diffProofSkeleton <|> pure (diffUnproven ()))) \ No newline at end of file + <*> (colon *> (diffProofSkeleton <|> pure (diffUnproven ()))) diff --git a/lib/theory/src/Theory/Text/Parser/Let.hs b/lib/theory/src/Theory/Text/Parser/Let.hs index 6bcb186b3..fbe9f7f17 100644 --- a/lib/theory/src/Theory/Text/Parser/Let.hs +++ b/lib/theory/src/Theory/Text/Parser/Let.hs @@ -11,6 +11,7 @@ module Theory.Text.Parser.Let( letBlock + , genericletBlock ) where @@ -20,8 +21,16 @@ import Text.Parsec import Theory.Text.Parser.Term -- | Parse a let block with bottom-up application semantics. +genericletBlock :: Parser a1 -> Parser a2 -> Parser [(a1, a2)] +genericletBlock varp termp = many1 definition + where + definition = (,) <$> (varp <* equalSign) <*> termp + letBlock :: Parser LNSubst -letBlock = toSubst <$> (symbol "let" *> many1 definition <* symbol "in") +letBlock = do + _ <- letIdentifier + ls <-genericletBlock (sortedLVar [LSortMsg]) (msetterm False llit) + _ <- symbol "in" + return $ toSubst ls where toSubst = foldr1 compose . map (substFromList . return) - definition = (,) <$> (sortedLVar [LSortMsg] <* equalSign) <*> msetterm False llit \ No newline at end of file diff --git a/lib/theory/src/Theory/Text/Parser/Proof.hs b/lib/theory/src/Theory/Text/Parser/Proof.hs index 727e0d1a4..e0e7c0441 100644 --- a/lib/theory/src/Theory/Text/Parser/Proof.hs +++ b/lib/theory/src/Theory/Text/Parser/Proof.hs @@ -76,7 +76,7 @@ proofMethod = asum , symbol "induction" *> pure Induction ] --- | Start parsing a proof skeleton. +-- | Start parsing a proof skeleton. -- | If the first step of the proof is a SOLVED, mark it as an inavalid proof step. -- | If that is not the case, call proofSkeleton startProofSkeleton :: Parser ProofSkeleton @@ -91,7 +91,7 @@ proofSkeleton :: Parser ProofSkeleton proofSkeleton = solvedProof <|> finalProof <|> interProof where - solvedProof = + solvedProof = symbol "SOLVED" *> pure (LNode (ProofStep Solved ()) M.empty) finalProof = do @@ -134,4 +134,4 @@ diffProofSkeleton = ((return . (,) "") <$> diffProofSkeleton ) return (LNode (DiffProofStep method ()) (M.fromList cases)) - oneCase = (,) <$> (symbol "case" *> identifier) <*> diffProofSkeleton + oneCase = (,) <$> (symbol "case" *> identifier) <*> diffProofSkeleton \ No newline at end of file diff --git a/lib/theory/src/Theory/Text/Parser/Restriction.hs b/lib/theory/src/Theory/Text/Parser/Restriction.hs index b653c0382..5a2f89fb2 100644 --- a/lib/theory/src/Theory/Text/Parser/Restriction.hs +++ b/lib/theory/src/Theory/Text/Parser/Restriction.hs @@ -63,7 +63,7 @@ toRestriction rstr = Restriction (pRstrName rstr) (pRstrFormula rstr) -- | Parse a lemma for an open theory from a string. parseRestriction :: String -> Either ParseError SyntacticRestriction -parseRestriction = parseString [] "" restriction +parseRestriction = parseString [] "" (restriction msgvar nodevar) -- | Parse a 'RestrictionAttribute'. restrictionAttribute :: Parser RestrictionAttribute @@ -74,9 +74,11 @@ restrictionAttribute = asum ] -- | Parse a restriction. -restriction :: Parser SyntacticRestriction -restriction = Restriction <$> (symbol "restriction" *> identifier <* colon) - <*> doubleQuoted standardFormula +restriction :: (Hinted v, Ord v) => Parser v -> Parser v + -> Parser (ProtoRestriction (SyntacticNFormula v)) +restriction varp nodep = Restriction <$> (symbol "restriction" *> identifier <* colon) + <*> doubleQuoted (standardFormula varp nodep) + -- | Fail on parsing an old "axiom" keyword. --legacyAxiom :: Parser Restriction @@ -85,7 +87,7 @@ restriction = Restriction <$> (symbol "restriction" *> identifier <* colon) -- | Parse a legacy axiom, now called restriction. legacyAxiom :: Parser SyntacticRestriction legacyAxiom = trace ("Deprecation Warning: using 'axiom' is retired notation, replace all uses of 'axiom' by 'restriction'.") Restriction <$> (symbol "axiom" *> identifier <* colon) - <*> doubleQuoted standardFormula + <*> doubleQuoted (standardFormula msgvar nodevar) -- | Parse a diff restriction. diffRestriction :: Parser ParseRestriction diff --git a/lib/theory/src/Theory/Text/Parser/Rule.hs b/lib/theory/src/Theory/Text/Parser/Rule.hs index 1c94ca82a..079b52ae1 100644 --- a/lib/theory/src/Theory/Text/Parser/Rule.hs +++ b/lib/theory/src/Theory/Text/Parser/Rule.hs @@ -42,7 +42,6 @@ import Theory.Text.Parser.Term import Theory.Text.Parser.Formula - -- | Parse a "(modulo ..)" information. modulo :: String -> Parser () modulo thy = parens $ symbol_ "modulo" *> symbol_ thy @@ -106,7 +105,7 @@ diffRule = do when (name `elem` reservedRuleNames) $ fail $ "cannot use reserved rule name '" ++ name ++ "'" subst <- option emptySubst letBlock - (ps0,as0,cs0,rs0) <- genericRule + (ps0,as0,cs0,rs0) <- genericRule msgvar nodevar let (ps,as,cs,rs) = apply subst (ps0,as0,cs0,rs0) leftRight <- optionMaybe ( (,) <$> (symbol "left" *> protoRule) <*> (symbol "right" *> protoRule)) return $ DiffProtoRule (Rule (modify preRestriction (++ rs) ri) ps cs as (newVariables ps $ cs ++ as)) leftRight @@ -120,7 +119,7 @@ protoRule = do when (name `elem` reservedRuleNames) $ fail $ "cannot use reserved rule name '" ++ name ++ "'" subst <- option emptySubst letBlock - (ps0,as0,cs0,rs0) <- genericRule + (ps0,as0,cs0,rs0) <- genericRule msgvar nodevar let (ps,as,cs,rs) = apply subst (ps0,as0,cs0,rs0) variants <- option [] $ symbol "variants" *> commaSep1 protoRuleAC return $ OpenProtoRule (Rule (modify preRestriction (++ rs) ri) ps cs as (newVariables ps $ cs ++ as)) variants @@ -140,7 +139,7 @@ protoRuleAC = do when (name `elem` reservedRuleNames) $ fail $ "cannot use reserved rule name '" ++ name ++ "'" subst <- option emptySubst letBlock - (ps0,as0,cs0,rs0) <- genericRule + (ps0,as0,cs0,rs0) <- genericRule msgvar nodevar let (ps,as,cs,_) = apply subst (ps0,as0,cs0,rs0) return $ Rule ri ps cs as (newVariables ps $ cs ++ as) @@ -148,7 +147,7 @@ protoRuleAC = do intrRule :: Parser IntrRuleAC intrRule = do info <- try (symbol "rule" *> moduloAC *> intrInfo <* colon) - (ps,as,cs,[]) <- genericRule -- intruder rules should not introduce restrictions. + (ps,as,cs,[]) <- genericRule msgvar nodevar -- intruder rules should not introduce restrictions. return $ Rule info ps cs as (newVariables ps cs) where intrInfo = do @@ -164,18 +163,21 @@ intrRule = do embeddedRestriction :: Parser a -> Parser a embeddedRestriction factParser = symbol "_restrict" *> parens factParser "restriction" -factOrRestr :: Parser (Either SyntacticLNFormula LNFact) -factOrRestr = Right <$> fact llit - <|> Left <$> embeddedRestriction standardFormula +-- factOrRestr :: Parser (Either SyntacticLNFormula LNFact) +factOrRestr :: (Ord v, Hinted v) => Parser v -> Parser v + -> Parser (Either (SyntacticNFormula v) (NFact v)) +factOrRestr varp nodep = Right <$> fact (vlit varp) + <|> Left <$> embeddedRestriction (standardFormula varp nodep) + -genericRule :: Parser ([LNFact], [LNFact], [LNFact], [SyntacticLNFormula]) --- lhs, actions, rhs, restrictions -genericRule = do - lhs <- list (fact llit) +genericRule :: (Ord v, Hinted v) => Parser v -> Parser v -> Parser ([Fact (NTerm v)], [Fact (NTerm v)], [Fact (NTerm v)], [SyntacticFormula (String, LSort) Name v]) --- lhs, actions, rhs, restrictions +genericRule varp nodep = do + lhs <- list (fact (vlit varp)) actsAndRsts <- ( (pure [] <* symbol "-->") - <|> (symbol "--[" *> commaSep factOrRestr <* symbol "]->") + <|> (symbol "--[" *> commaSep (factOrRestr varp nodep) <* symbol "]->") ) - rhs <- list (fact llit) + rhs <- list (fact (vlit varp)) return (lhs, rights actsAndRsts, rhs, lefts actsAndRsts) {- diff --git a/lib/theory/src/Theory/Text/Parser/Sapic.hs b/lib/theory/src/Theory/Text/Parser/Sapic.hs index f2ddb0ec5..5047bbfc8 100644 --- a/lib/theory/src/Theory/Text/Parser/Sapic.hs +++ b/lib/theory/src/Theory/Text/Parser/Sapic.hs @@ -8,9 +8,13 @@ -- Parsing SAPIC processes. See the MANUAL for a high-level description of -- the syntax. +{-# LANGUAGE TupleSections #-} module Theory.Text.Parser.Sapic( process , processDef + , toplevelprocess + , equivLemma + , diffEquivLemma ) where @@ -18,8 +22,9 @@ import Prelude hiding (id, (.)) import qualified Data.ByteString.Char8 as BC import Data.Label -- import Data.Monoid hiding (Last) +import qualified Data.Set as S import Control.Applicative hiding (empty, many, optional) -import qualified Control.Monad.Catch as Catch +-- import qualified Control.Monad.Catch as Catch import Text.Parsec hiding ((<|>)) import Theory import Theory.Sapic @@ -30,90 +35,132 @@ import Theory.Text.Parser.Fact import Theory.Text.Parser.Rule import Theory.Text.Parser.Let import Theory.Text.Parser.Formula +import Theory.Sapic.Pattern +import qualified Data.Functor.Identity () -- used for debugging -- println :: String -> ParsecT String u Identity () -- println str = traceShowM str --- parse a process definition (let block) +-- | Parse a lit with logical typed variables for SAPIC +ltypedlit :: Parser SapicTerm +ltypedlit = vlit sapicvar + +-- | Parse a lit with logical typed variables and pattern matching for SAPIC +ltypedpatternlit :: Parser (SapicNTerm PatternSapicLVar) +ltypedpatternlit = vlit sapicpatternvar + +-- | Parse a variable in SAPIC that is typed +sapicterm :: Parser (Term (Lit Name SapicLVar)) +sapicterm = msetterm False ltypedlit + +-- | Parse a sapic pattern +sapicpatternterm :: Parser (Term (Lit Name PatternSapicLVar)) +sapicpatternterm = msetterm False ltypedpatternlit + +-- | parse a process definition (let P = .. ) or (let P (v1,...,vn) = ..) processDef :: OpenTheory -> Parser ProcessDef processDef thy= do - letIdentifier - i <- BC.pack <$> identifier + i <- try $ do + _ <- letIdentifier + i <- BC.pack <$> identifier + return i + vs <- option [] $ parens $ commaSep (sapicvar) equalSign p <- process thy - return (ProcessDef (BC.unpack i) p ) + return (ProcessDef (BC.unpack i) p vs) + +toplevelprocess :: OpenTheory -> Parser PlainProcess +toplevelprocess thy = do + _ <- try (symbol "process") + _ <- colon + p <- process thy + return p + "top-level process" -- | Parse a single sapic action, i.e., a thing that can appear before the ";" -- (This includes almost all items that are followed by one instead of two -- processes, the exception is replication) -sapicAction :: Parser SapicAction -sapicAction = try (do - _ <- symbol "new" - s <- msgvar - return (New s) - ) - <|> try (do - _ <- symbol "in" - _ <- symbol "(" - t <- msetterm False llit - _ <- symbol ")" - return (ChIn Nothing t) - ) - <|> try (do - _ <- symbol "in" - _ <- symbol "(" - t <- msetterm False llit +sapicAction :: Parser (LSapicAction, ProcessParsedAnnotation) +sapicAction = (do + _ <- try $ symbol "new" + s <- sapicvar + return (New s,mempty) + ) + <|> (do -- insert must appear before in to not confuse the parser + _ <- try $ symbol "insert" + t <- msetterm False ltypedlit _ <- comma - t' <- msetterm False llit - _ <- symbol ")" - return (ChIn (Just t) t') + t' <- msetterm False ltypedlit + return (Insert t t', mempty) ) - <|> try (do - _ <- symbol "out" + <|> (do + _ <- try $ symbol "in" _ <- symbol "(" - t <- msetterm False llit - _ <- symbol ")" - return (ChOut Nothing t) + (maybeChannel,pt) <- + try (do + pt <- msetterm False ltypedpatternlit + _ <- symbol ")" + return (Nothing,pt) + ) + <|>(do + c <- msetterm False ltypedlit + _ <- comma + pt<- msetterm False ltypedpatternlit + _ <- symbol ")" + return (Just c, pt) + ) + if validPattern S.empty pt -- only validate that freshly bound variables do not intersect with matches. + then return (ChIn maybeChannel (unpattern pt) (extractMatchingVariables pt), mempty) + else fail $ "Invalid pattern: " ++ show pt ) - <|> try (do - _ <- symbol "out" + <|> (do + _ <- try $ symbol "out" _ <- symbol "(" - t <- msetterm False llit - _ <- comma - t' <- msetterm False llit - _ <- symbol ")" - return (ChOut (Just t) t') + (maybeChannel,t) <- + try (do + t <- msetterm False ltypedlit + _ <- symbol ")" + return (Nothing,t)) + <|>(do + t <- msetterm False ltypedlit + _ <- comma + t' <- msetterm False ltypedlit + _ <- symbol ")" + return (Just t, t') + ) + return (ChOut maybeChannel t, mempty) ) - <|> try (do - _ <- symbol "insert" - t <- msetterm False llit - _ <- comma - t' <- msetterm False llit - return (Insert t t') + <|> (do + _ <- try $ symbol "delete" + t <- msetterm False ltypedlit + return (Delete t, mempty) ) - <|> try (do - _ <- symbol "delete" - t <- msetterm False llit - return (Delete t) + <|> (do + _ <- try $ symbol "lock" + t <- msetterm False ltypedlit + return (Lock t, mempty) ) - <|> try (do - _ <- symbol "lock" - t <- msetterm False llit - return (Lock t) + <|> (do + _ <- try $ symbol "unlock" + t <- msetterm False ltypedlit + return (Unlock t, mempty) ) - <|> try (do - _ <- symbol "unlock" - t <- msetterm False llit - return (Unlock t) + <|> (do + _ <- try $ symbol "event" + f <- fact ltypedlit + return (Event f, mempty) ) - <|> try (do - _ <- symbol "event" - f <- fact llit - return (Event f) + <|> (do + (l,a,r,phi) <- try $ genericRule sapicpatternvar (PatternBind <$> sapicnodevar) + let matchVars = foldMap (foldMap extractMatchingVariables) l + let f = fmap (fmap unpattern) + let g = fmap (fmap unpatternVar) + if validMSR S.empty (l,a,r) -- only validate that freshly bound variable do not intersect with matches. + then return (MSR (f l) (f a) (f r) (g phi) matchVars, mempty) + else fail $ "Invalid pattern in lhs of embedded MSR: " ++ show l ) - <|> try ( MSR <$> genericRule) -- | Parse a process. Process combinators like | are left-associative (not that -- it matters), so we had to split the grammar for processes in two, so that @@ -139,7 +186,7 @@ sapicAction = try (do -- | LET id_not_res EQ REPORT LP multterm RP IN process -- | IDENTIFIER -- | msr -process :: OpenTheory -> Parser Process +process :: OpenTheory -> Parser PlainProcess process thy= -- left-associative NDC and parallel using chainl1. -- Note: this roughly encodes the following grammar: @@ -148,141 +195,124 @@ process thy= -- opParallel -- p2 <- process thy -- return (ProcessParallel p1 p2)) - try (chainl1 (actionprocess thy) ( + chainl1 (actionprocess thy) ( do { _ <- try opNDC; return (ProcessComb NDC mempty)} <|> do { _ <- try opParallelDepr; return (ProcessComb Parallel mempty)} <|> do { _ <- opParallel; return (ProcessComb Parallel mempty)} - )) - <|> try (do -- parens parser + at multterm - _ <- symbol "(" - p <- process thy - _ <- symbol ")" - _ <- symbol "@" - m <- msetterm False llit - return $ paddAnn p [ProcessLoc m] - ) - -- TODO SAPIC parser: multterm return - -- This is what SAPIC did: | LP process RP AT multterm { substitute "_loc_" $5 $2 } - <|> try (do -- parens parser - _ <- symbol "(" - p <- process thy - _ <- symbol ")" - return p) - <|> try (do -- let expression parser - subst <- letBlock - p <- process thy - case Catch.catch (applyProcess subst p) (\ e -> error $ prettyLetExceptions e) of - (Left err) -> fail $ show err -- Should never occur, we handle everything above - (Right p') -> return p' - ) - <|> do -- action at top-level - p <- actionprocess thy - return p + ) + +equivLemma :: OpenTheory -> Parser TranslationElement +equivLemma thy = do + _ <- try $ symbol "equivLemma" + _ <- colon + p1 <- process thy + p2 <- process thy + return $ EquivLemma p1 p2 + +diffEquivLemma :: OpenTheory -> Parser TranslationElement +diffEquivLemma thy = do + _ <- try $ symbol "diffEquivLemma" + _ <- colon + modifyStateSig (`mappend` enableDiffMaudeSig) -- Add the diffEnabled flag into the MaudeSig when the diff flag is set on the command line. + p <- process thy + return $ DiffEquivLemma p + + +elseprocess :: OpenTheory + -> Parser PlainProcess +elseprocess thy = option (ProcessNull mempty) (symbol "else" *> process thy) -actionprocess :: OpenTheory -> Parser Process +actionprocess :: OpenTheory -> Parser PlainProcess actionprocess thy= - try (do -- replication parser - _ <- symbol "!" + (do -- replication parser + _ <- try $ symbol "!" p <- process thy - return (ProcessAction Rep mempty p)) - <|> try (do -- lookup / if with and w/o else branches - _ <- symbol "lookup" - t <- msetterm False llit + return (ProcessAction Rep mempty p) + "replication" + ) + <|> (do -- lookup / if with and w/o else branches + _ <- try $ symbol "lookup" + t <- sapicterm _ <- symbol "as" - v <- msgvar + v <- sapicvar _ <- symbol "in" p <- process thy - _ <- symbol "else" - q <- process thy + q <- elseprocess thy return (ProcessComb (Lookup t v) mempty p q) + "lookup process" ) - <|> try (do - _ <- symbol "lookup" - t <- msetterm False llit - _ <- symbol "as" - v <- msgvar - _ <- symbol "in" - p <- process thy - return (ProcessComb (Lookup t v) mempty p (ProcessNull mempty)) - ) - <|> try (do - _ <- symbol "if" - t1 <- msetterm False llit - _ <- opEqual - t2 <- msetterm False llit - _ <- symbol "then" - p <- process thy - q <- option (ProcessNull mempty) (symbol "else" *> process thy) - return (ProcessComb (CondEq t1 t2 ) mempty p q) - "conditional process (with equality)" - ) - <|> try (do - _ <- symbol "if" - frml <- standardFormula + <|> (do + _ <- try $ symbol "if" + cond <- try (do + t1 <- sapicterm + _ <- opEqual + t2 <- sapicterm + return (CondEq t1 t2) + "equality between two terms" + ) + <|> (do + frml <- standardFormula sapicvar sapicnodevar + return (Cond frml) + ) _ <- symbol "then" p <- process thy - q <- option (ProcessNull mempty) (symbol "else" *> process thy) - return (ProcessComb (Cond frml) mempty p q) - "conditional process (with predicate)" + q <- elseprocess thy + return (ProcessComb cond mempty p q) + "conditional process" ) - -- <|> try (do - -- _ <- symbol "if" - -- t1 <- msetterm llit - -- _ <- opEqual - -- t2 <- msetterm llit - -- _ <- symbol "then" - -- p <- process thy - -- return (ProcessComb (CondEq t1 t2 ) mempty p (ProcessNull mempty)) - -- ) - -- <|> try (do - -- _ <- symbol "if" - -- pr <- fact llit - -- _ <- symbol "then" - -- p <- process thy - -- return (ProcessComb (Cond pr) mempty p (ProcessNull mempty)) - -- ) - <|> try ( do -- sapic actions are constructs separated by ";" - s <- sapicAction - _ <- opSeq - p <- actionprocess thy - return (ProcessAction s mempty p)) - <|> try ( do -- allow trailing actions (syntactic sugar for action; 0) - s <- sapicAction - return (ProcessAction s mempty (ProcessNull mempty))) - <|> try (do -- null process: terminating element - _ <- opNull + <|> (do -- let expressions: + _ <- try $ letIdentifier + ls <-genericletBlock sapicpatternterm sapicterm + _ <- symbol "in" + p <- process thy + q <- elseprocess thy + let f (t1,t2) p' = + ProcessComb (Let (unpattern t1) t2 (extractMatchingVariables t1)) mempty p' q + return $ foldr f p ls + "let binding" + ) + <|> (do -- null process: terminating element + _ <- try opNull return (ProcessNull mempty) ) - <|> try (do -- parse identifier - -- println ("test process identifier parsing Start") - i <- BC.pack <$> identifier - a <- let p = checkProcess (BC.unpack i) thy in - (\x -> paddAnn x [ProcessName $ BC.unpack i]) <$> p - return a - ) - <|> try (do -- let expression parser - subst <- letBlock - p <- process thy - case Catch.catch (applyProcess subst p) (\ e -> error $ prettyLetExceptions e) of - (Left err) -> fail $ show err -- Should never occur, we handle everything above - (Right p') -> return p' - ) - <|> try (do -- parens parser + at multterm - _ <- symbol "(" + <|> ( do -- sapic actions are separated by ";" + -- but allow trailing actions (syntactic sugar for action; 0) + (s,ann) <- try sapicAction + p <- option (ProcessNull mempty) (try opSeq *> actionprocess thy) + return (ProcessAction s ann p)) + <|> (do -- combined parser for `(p)` and `(p)@t` + _ <- try $ symbol "(" p <- process thy _ <- symbol ")" - _ <- symbol "@" - m <- msetterm False llit - return $ paddAnn p [ProcessLoc m] + p' <- (do + _ <- try $ symbol "@" + m <- sapicterm + return $ processAddAnnotation p (mempty {location = (Just m)}) + ) + <|> (return p) + return p' + ) + <|> try (do -- parse identifier + -- println ("test process identifier parsing Start") + i <- BC.pack <$> identifier + ts <- option [] $ parens $ commaSep (msetterm False ltypedlit) + (p, vars) <- checkProcess (BC.unpack i) thy + let base_subst = zip vars ts + let extend_sup = foldl (\acc (svar,t) -> + map (,t) + (case svar of + (SapicLVar sl_var (Just _)) -> + [svar, SapicLVar sl_var Nothing] + _ -> [svar] + ) + ++ acc) [] base_subst + substP <- applyM (substFromList extend_sup) p + return (ProcessComb + (ProcessCall (BC.unpack i) ts) mempty + (processAddAnnotation substP (mempty {processnames = [BC.unpack i]})) + (ProcessNull mempty)) ) - <|> try (do -- parens parser - _ <- symbol "(" - p <- process thy - _ <- symbol ")" - return p - ) - -- | checks if process exists, if not -> error -checkProcess :: String -> OpenTheory -> Parser Process +checkProcess :: String -> OpenTheory -> Parser (PlainProcess, [SapicLVar]) checkProcess i thy = case lookupProcessDef i thy of - Just p -> return $ get pBody p + Just p -> return $ (get pBody p, get pVars p) Nothing -> fail $ "process not defined: " ++ i diff --git a/lib/theory/src/Theory/Text/Parser/Signature.hs b/lib/theory/src/Theory/Text/Parser/Signature.hs index d9443b989..a1f7abb86 100644 --- a/lib/theory/src/Theory/Text/Parser/Signature.hs +++ b/lib/theory/src/Theory/Text/Parser/Signature.hs @@ -19,12 +19,14 @@ module Theory.Text.Parser.Signature ( , preddeclaration , goalRanking , diffbuiltins + , export ) where import Prelude hiding (id) import qualified Data.ByteString.Char8 as BC import Data.Foldable (asum) +import Data.Either -- import Data.Monoid hiding (Last) import qualified Data.Set as S import Control.Applicative hiding (empty, many, optional) @@ -39,7 +41,37 @@ import Theory.Text.Parser.Fact import Theory.Text.Parser.Term import Theory.Text.Parser.Formula import Theory.Text.Parser.Exceptions - +import Data.Label.Total +import Data.Label.Mono (Lens) +import Theory.Sapic +import qualified Data.Functor + + + -- Describes the mapping between Maude Signatures and the builtin Name +builtinsDiffNames :: [(String, + MaudeSig)] +builtinsDiffNames = [ + ("diffie-hellman", dhMaudeSig), + ("bilinear-pairing", bpMaudeSig), + + ("multiset", msetMaudeSig), + ("xor", xorMaudeSig), + ("symmetric-encryption", symEncMaudeSig), + ("asymmetric-encryption", asymEncMaudeSig), + ("signing", signatureMaudeSig), + ("revealing-signing", revealSignatureMaudeSig), + ("hashing", hashMaudeSig) + ] + +-- | Describes the mapping between a builtin name, its potential Maude Signatures +-- and its potential option +builtinsNames :: [([Char], Maybe MaudeSig, Maybe (Lens Total Option Bool))] +builtinsNames = + [ + ("locations-report", Just locationReportMaudeSig, Just transReport), + ("reliable-channel", Nothing, Just transReliable) + ] + ++ map (\(x,y) -> (x, Just y, Nothing)) builtinsDiffNames -- | Builtin signatures. builtins :: OpenTheory -> Parser OpenTheory @@ -50,87 +82,78 @@ builtins thy0 =do -- builtinTheory modifies signature in state. return $ foldl setOption' thy0 l where - setOption' thy Nothing = thy - setOption' thy (Just l) = setOption l thy - extendSig msig = do + setName thy name = modify thyItems (++ [TranslationItem (SignatureBuiltin name)]) thy + setOption' thy (Nothing, name) = setName thy name + setOption' thy (Just l, name) = setOption l (setName thy name) + extendSig (name, Just msig, opt) = do + _ <- symbol name modifyStateSig (`mappend` msig) - return Nothing - builtinTheory = asum - [ try (symbol "diffie-hellman") - *> extendSig dhMaudeSig - , try (symbol "bilinear-pairing") - *> extendSig bpMaudeSig - , try (symbol "multiset") - *> extendSig msetMaudeSig - , try (symbol "xor") - *> extendSig xorMaudeSig - , try (symbol "symmetric-encryption") - *> extendSig symEncMaudeSig - , try (symbol "asymmetric-encryption") - *> extendSig asymEncMaudeSig - , try (symbol "signing") - *> extendSig signatureMaudeSig - , try (symbol "revealing-signing") - *> extendSig revealSignatureMaudeSig - , try (symbol "locations-report") - *> do - modifyStateSig (`mappend` locationReportMaudeSig) - return (Just transReport) - , try ( symbol "reliable-channel") - *> return (Just transReliable) - , symbol "hashing" - *> extendSig hashMaudeSig - ] + return (opt, name) + extendSig (name, Nothing, opt) = do + _ <- symbol name + return (opt, name) + builtinTheory = asum $ map (try . extendSig) builtinsNames diffbuiltins :: Parser () diffbuiltins = - symbol "builtins" *> colon *> commaSep1 builtinTheory *> pure () + (symbol "builtins" *> colon *> commaSep1 builtinTheory) Data.Functor.$> () where - extendSig msig = modifyStateSig (`mappend` msig) - builtinTheory = asum - [ try (symbol "diffie-hellman") - *> extendSig dhMaudeSig - , try (symbol "bilinear-pairing") - *> extendSig bpMaudeSig - , try (symbol "multiset") - *> extendSig msetMaudeSig - , try (symbol "xor") - *> extendSig xorMaudeSig - , try (symbol "symmetric-encryption") - *> extendSig symEncMaudeSig - , try (symbol "asymmetric-encryption") - *> extendSig asymEncMaudeSig - , try (symbol "signing") - *> extendSig signatureMaudeSig - , try (symbol "revealing-signing") - *> extendSig revealSignatureMaudeSig - , symbol "hashing" - *> extendSig hashMaudeSig - ] - - -functions :: Parser () -functions = - symbol "functions" *> colon *> commaSep1 functionSymbol *> pure () - where - functionSymbol = do - f <- BC.pack <$> identifier <* opSlash - k <- fromIntegral <$> natural - priv <- option Public (symbol "[private]" *> pure Private) - if (BC.unpack f `elem` ["mun", "one", "exp", "mult", "inv", "pmult", "em", "zero", "xor"]) - then fail $ "`" ++ BC.unpack f ++ "` is a reserved function name for builtins." - else return () + extendSig (name, msig) = + symbol name *> + modifyStateSig (`mappend` msig) + builtinTheory = asum $ map (try . extendSig) builtinsDiffNames + + +functionType :: Parser ([SapicType], SapicType) +functionType = try (do + _ <- opSlash + k <- fromIntegral <$> natural + return (replicate k defaultSapicType, defaultSapicType) + ) + <|>(do + argTypes <- parens (commaSep typep) + _ <- colon + outType <- typep + return (argTypes, outType) + ) + +-- | Parse a 'FunctionAttribute'. +functionAttribute :: Parser (Either Privacy Constructability) +functionAttribute = asum + [ symbol "private" Data.Functor.$> Left Private + , symbol "destructor" Data.Functor.$> Right Destructor + ] + +function :: Parser SapicFunSym +function = do + f <- BC.pack <$> identifier + (argTypes,outType) <- functionType + atts <- option [] $ list functionAttribute + when (BC.unpack f `elem` reservedBuiltins) $ fail $ "`" ++ BC.unpack f ++ "` is a reserved function name for builtins." sign <- sig <$> getState - case lookup f [ o | o <- (S.toList $ stFunSyms sign)] of - Just kp' | kp' /= (k,priv) -> + let k = length argTypes + let priv = if Private `elem` lefts atts then Private else Public + let destr = if Destructor `elem` rights atts then Destructor else Constructor + case lookup f (S.toList $ stFunSyms sign) of + Just kp' | kp' /= (k,priv,destr) && BC.unpack f /= "fst" && BC.unpack f /= "snd" -> fail $ "conflicting arities/private " ++ - show kp' ++ " and " ++ show (k,priv) ++ + show kp' ++ " and " ++ show (k,priv,destr) ++ " for `" ++ BC.unpack f - _ -> modifyStateSig $ addFunSym (f,(k,priv)) + Just kp' | BC.unpack f == "fst" || BC.unpack f == "snd" -> do + return ((f,kp'),argTypes,outType) + _ -> do + modifyStateSig $ addFunSym (f,(k,priv,destr)) + return ((f,(k,priv,destr)),argTypes,outType) + + +functions :: Parser [SapicFunSym] +functions = + (try (symbol "functions") <|> symbol "function") *> colon *> commaSep1 function + equations :: Parser () equations = - symbol "equations" *> colon *> commaSep1 equation *> pure () + (symbol "equations" *> colon *> commaSep1 equation) Data.Functor.$> () where equation = do rrule <- RRule <$> term llitNoPub True <*> (equalSign *> term llitNoPub True) @@ -152,28 +175,45 @@ options thy0 =do setOption' thy Nothing = thy setOption' thy (Just l) = setOption l thy builtinTheory = asum - [ try (symbol "translation-progress") - *> return (Just transProgress) - , symbol "translation-allow-pattern-lookups" - *> return (Just transAllowPatternMatchinginLookup) + [ try (symbol "translation-progress") Data.Functor.$> Just transProgress + , symbol "translation-allow-pattern-lookups" Data.Functor.$> Just transAllowPatternMatchinginLookup + , symbol "enableStateOpt" Data.Functor.$> Just stateChannelOpt + , symbol "asynchronous-channels" Data.Functor.$> Just asynchronousChannels + , symbol "compress-events" Data.Functor.$> Just compressEvents ] - predicate :: Parser Predicate predicate = do f <- fact' lvar _ <- symbol "<=>" - form <- plainFormula - return $ Predicate f form + Predicate f <$> plainFormula "predicate declaration" preddeclaration :: OpenTheory -> Parser OpenTheory preddeclaration thy = do - _ <- try (symbol "predicates") <|> symbol "predicate" + _ <- try (symbol "predicates" <|> symbol "predicate") _ <- colon predicates <- commaSep1 predicate foldM liftedAddPredicate thy predicates - "predicates" + "predicate block" + +-- | parse an export declaration +export :: OpenTheory -> Parser OpenTheory +export thy = do + _ <- try (symbol "export") + tag <- identifier + _ <- colon + text <- doubleQuoted $ many bodyChar -- TODO Gotta use some kind of text. + let ei = ExportInfo tag text + liftMaybeToEx (DuplicateItem (TranslationItem (ExportInfoItem ei))) (addExportInfo ei thy) + "export block" + where + bodyChar = try $ do + c <- anyChar + case c of + '\\' -> char '\\' <|> char '"' + '"' -> mzero + _ -> return c heuristic :: Bool -> Maybe FilePath -> Parser [GoalRanking] heuristic diff workDir = symbol "heuristic" *> char ':' *> skipMany (char ' ') *> many1 (goalRanking diff workDir) <* lexeme spaces diff --git a/lib/theory/src/Theory/Text/Parser/Term.hs b/lib/theory/src/Theory/Text/Parser/Term.hs index a0e7d4225..9428214d7 100644 --- a/lib/theory/src/Theory/Text/Parser/Term.hs +++ b/lib/theory/src/Theory/Text/Parser/Term.hs @@ -10,10 +10,12 @@ module Theory.Text.Parser.Term ( msetterm + , vlit , llit , term , llitNoPub - , llitWithNode + , reservedBuiltins + , llitWithNode ) where @@ -28,15 +30,21 @@ import Text.Parsec hiding ((<|>)) import Term.Substitution import Theory import Theory.Text.Parser.Token +import Data.ByteString.Internal (unpackChars) +import Data.Functor (($>)) --- | Parse an lit with logical variables. +-- | Parse a lit with logical variables parsed by @varp@ +vlit :: Parser v -> Parser (NTerm v) +vlit varp = asum [freshTerm <$> freshName, pubTerm <$> pubName, varTerm <$> varp] + +-- | Parse a lit with logical variables. llit :: Parser LNTerm -llit = asum [freshTerm <$> freshName, pubTerm <$> pubName, varTerm <$> msgvar] +llit = vlit msgvar --- | Parse an lit with logical variables including timepoint variables +-- | Parse a lit with logical variables including timepoint variables llitWithNode :: Parser LNTerm -llitWithNode = asum [freshTerm <$> freshName, pubTerm <$> pubName, varTerm <$> lvar] +llitWithNode = vlit lvar -- | Parse an lit with logical variables without public names in single constants. llitNoPub :: Parser LNTerm @@ -44,21 +52,34 @@ llitNoPub = asum [freshTerm <$> freshName, varTerm <$> msgvar] -- | Lookup the arity of a non-ac symbol. Fails with a sensible error message -- if the operator is not known. -lookupArity :: String -> Parser (Int, Privacy) +lookupArity :: String -> Parser (Int, Privacy,Constructability) lookupArity op = do maudeSig <- sig <$> getState - case lookup (BC.pack op) (S.toList (noEqFunSyms $ maudeSig) ++ [(emapSymString, (2,Public))]) of + case lookup (BC.pack op) (S.toList (noEqFunSyms maudeSig) ++ [(emapSymString, (2,Public,Constructor))]) of Nothing -> fail $ "unknown operator `" ++ op ++ "'" - Just (k,priv) -> return (k,priv) + Just (k,priv,cnstr) -> return (k,priv,cnstr) + +reservedBuiltins :: [[Char]] +reservedBuiltins = map unpackChars [ + munSymString + , oneSymString + , expSymString + , multSymString + , invSymString + , pmultSymString + , emapSymString + , zeroSymString + , xorSymString + ] -- | Parse an n-ary operator application for arbitrary n. naryOpApp :: Ord l => Bool -> Parser (Term l) -> Parser (Term l) naryOpApp eqn plit = do op <- identifier --traceM $ show op ++ " " ++ show eqn - when (eqn && op `elem` ["mun", "one", "exp", "mult", "inv", "pmult", "em", "zero", "xor"]) + when (eqn && op `elem` reservedBuiltins) $ error $ "`" ++ show op ++ "` is a reserved function name for builtins." - (k,priv) <- lookupArity op + ar@(k,_,_) <- lookupArity op ts <- parens $ if k == 1 then return <$> tupleterm eqn plit else commaSep (msetterm eqn plit) @@ -67,20 +88,20 @@ naryOpApp eqn plit = do fail $ "operator `" ++ op ++"' has arity " ++ show k ++ ", but here it is used with arity " ++ show k' let app o = if BC.pack op == emapSymString then fAppC EMap else fAppNoEq o - return $ app (BC.pack op, (k,priv)) ts + return $ app (BC.pack op, ar) ts -- | Parse a binary operator written as @op{arg1}arg2@. binaryAlgApp :: Ord l => Bool -> Parser (Term l) -> Parser (Term l) binaryAlgApp eqn plit = do op <- identifier - when (eqn && op `elem` ["mun", "one", "exp", "mult", "inv", "pmult", "em", "zero", "xor"]) + when (eqn && op `elem` reservedBuiltins) $ error $ "`" ++ show op ++ "` is a reserved function name for builtins." - (k,priv) <- lookupArity op + ar@(k,_,_) <- lookupArity op arg1 <- braced (tupleterm eqn plit) arg2 <- term plit eqn when (k /= 2) $ fail "only operators of arity 2 can be written using the `op{t1}t2' notation" - return $ fAppNoEq (BC.pack op, (2,priv)) [arg1, arg2] + return $ fAppNoEq (BC.pack op, ar) [arg1, arg2] diffOp :: Ord l => Bool -> Parser (Term l) -> Parser (Term l) diffOp eqn plit = do @@ -101,8 +122,8 @@ term :: Ord l => Parser (Term l) -> Bool -> Parser (Term l) term plit eqn = asum [ pairing "pairs" , parens (msetterm eqn plit) - , symbol "1" *> pure fAppOne - , symbol "DH_neutral" *> pure fAppDHNeutral + , symbol "1" $> fAppOne + , symbol "DH_neutral" $> fAppDHNeutral , application "function application" , nullaryApp , plit @@ -114,8 +135,8 @@ term plit eqn = asum nullaryApp = do maudeSig <- sig <$> getState -- FIXME: This try should not be necessary. - asum [ try (symbol (BC.unpack sym)) *> pure (fApp (NoEq (sym,(0,priv))) []) - | NoEq (sym,(0,priv)) <- S.toList $ funSyms $ maudeSig ] + asum [ try (symbol (BC.unpack sym)) $> fApp fs [] + | fs@(NoEq (sym,(0,_,_))) <- S.toList $ funSyms maudeSig ] -- | A left-associative sequence of exponentations. expterm :: Ord l => Bool -> Parser (Term l) -> Parser (Term l) diff --git a/lib/theory/src/Theory/Text/Parser/Token.hs b/lib/theory/src/Theory/Text/Parser/Token.hs index 22c614e69..6b60f8001 100644 --- a/lib/theory/src/Theory/Text/Parser/Token.hs +++ b/lib/theory/src/Theory/Text/Parser/Token.hs @@ -35,10 +35,15 @@ module Theory.Text.Parser.Token ( , freshName , pubName + + , typep , sortedLVar , lvar , msgvar , nodevar + , sapicvar + , sapicpatternvar + , sapicnodevar , letIdentifier @@ -108,7 +113,7 @@ module Theory.Text.Parser.Token ( , parseFile , parseFileWState , parseString - ) where + ,opLessTerm) where import Prelude hiding (id, (.)) @@ -133,6 +138,8 @@ import qualified Text.Parsec.Token as T import Theory import qualified Control.Monad.Catch as Catch import Data.Functor.Identity +import Theory.Sapic.Pattern +import Theory.Sapic ------------------------------------------------------------------------------ @@ -379,6 +386,41 @@ freshName = try (symbol "~" *> singleQuoted identifier) pubName :: Parser String pubName = singleQuoted identifier +-- | Parse a Sapic Type +typep :: Parser SapicType +typep = ( try (symbol defaultSapicTypeS) *> return Nothing) + <|> Just <$> identifier + +-- | Parse a variable in sapic that is typed: +-- first parse for lvar, then parse for one more type +-- so: +-- ~x: foo +-- $x: bar +-- x: foo +-- are all valid, but +-- x: pub: foo +-- is not +sapicvar :: Parser SapicLVar +sapicvar = do + v <- lvar + t <- option Nothing $ colon *> typep + return (SapicLVar v t) + +sapicpatternvar :: Parser PatternSapicLVar +sapicpatternvar = do + eq <- option False parseq + v <- sapicvar + return (if eq then PatternMatch v else PatternBind v) + where parseq = do + _ <- opEqual + return True + + +sapicnodevar :: Parser SapicLVar +sapicnodevar = do + v <- nodevar + return (SapicLVar v defaultSapicNodeType) + -- Term Operators ----------------- @@ -410,6 +452,10 @@ opXor = symbol_ "XOR" <|> symbol_ "⊕" opLess :: Parser () opLess = symbol_ "<" +-- | The multiset comparison operator @(<)@. +opLessTerm :: Parser () +opLessTerm = symbol_ "(<)" + -- | The action-at-timepoint operator \@. opAt :: Parser () opAt = symbol_ "@" diff --git a/lib/theory/src/Theory/Tools/AbstractInterpretation.hs b/lib/theory/src/Theory/Tools/AbstractInterpretation.hs index 95ac63149..e9f9d462c 100644 --- a/lib/theory/src/Theory/Tools/AbstractInterpretation.hs +++ b/lib/theory/src/Theory/Tools/AbstractInterpretation.hs @@ -43,7 +43,7 @@ import Theory.Text.Pretty -- | Higher-order combinator to construct abstract interpreters. interpretAbstractly - :: (Eq s, HasFrees i, Apply i, Show i) + :: (Eq s, HasFrees i, Apply LNSubst i, Show i) => ([Equal LNFact] -> [LNSubstVFresh]) -- ^ Unification of equalities over facts. We assume that facts with -- different tags are never unified. diff --git a/lib/theory/src/Theory/Tools/EquationStore.hs b/lib/theory/src/Theory/Tools/EquationStore.hs index 164cc9b6b..1c8574d3a 100644 --- a/lib/theory/src/Theory/Tools/EquationStore.hs +++ b/lib/theory/src/Theory/Tools/EquationStore.hs @@ -6,6 +6,9 @@ {-# LANGUAGE TupleSections #-} {-# LANGUAGE TypeOperators #-} {-# LANGUAGE ViewPatterns #-} +{-# LANGUAGE TypeSynonymInstances #-} +{-# LANGUAGE FlexibleInstances #-} +{-# LANGUAGE MultiParamTypeClasses #-} -- | -- Copyright : (c) 2010-2012 Benedikt Schmidt, Simon Meier -- License : GPL v3 (see LICENSE) @@ -147,7 +150,7 @@ dropNameHintsLNSubstVFresh subst = -- Instances ------------ -instance Apply SplitId where +instance Apply LNSubst SplitId where apply _ = id instance HasFrees EqStore where @@ -160,7 +163,7 @@ instance HasFrees EqStore where <*> mapFrees f nextSplitId -instance Apply EqStore where +instance Apply LNSubst EqStore where apply subst (EqStore a b c) = EqStore (compose subst a) (fmap (fmap $ S.map $ flip composeVFresh subst) b) (apply subst c) diff --git a/lib/theory/src/Theory/Tools/IntruderRules.hs b/lib/theory/src/Theory/Tools/IntruderRules.hs index ad5c0eb73..3d0ee012f 100644 --- a/lib/theory/src/Theory/Tools/IntruderRules.hs +++ b/lib/theory/src/Theory/Tools/IntruderRules.hs @@ -111,7 +111,7 @@ destructionRules bool (CtxtStRule lhs@(viewTerm -> FApp _ _) (StRhs (pos:[]) rhs go _ _ [] _ _ = [] -- term already in premises, but necessary for constant conclusions go _ (viewTerm -> FApp _ _) (_:[]) _ _ | (frees rhs /= []) = [] - go uprems (viewTerm -> FApp (NoEq (f,(_,Public))) as) (i:p) n pd = + go uprems (viewTerm -> FApp (NoEq (f,(_,Public,_))) as) (i:p) n pd = irule ++ go uprems' t' p funs posname where uprems' = uprems++[ t | (j, t) <- zip [0..] as, i /= j ] @@ -124,7 +124,7 @@ destructionRules bool (CtxtStRule lhs@(viewTerm -> FApp _ _) (StRhs (pos:[]) rhs ((kdFact t'):(map kuFact uprems')) [kdFact rhs] [] [] ] else [] - go _ (viewTerm -> FApp (NoEq (_,(_,Private))) _) _ _ _ = [] + go _ (viewTerm -> FApp (NoEq (_,(_,Private,_))) _) _ _ _ = [] go _ (viewTerm -> Lit _) (_:_) _ _ = error "IntruderRules.destructionRules: impossible, position invalid" @@ -138,7 +138,7 @@ destructionRules _ _ = [] privateConstructorEquations :: [CtxtStRule] -> [(LNTerm, ByteString)] privateConstructorEquations rs = case rs of [] -> [] - (CtxtStRule lhs (StRhs _ (viewTerm -> FApp (NoEq (vname,(0,Private))) _))):xs + (CtxtStRule lhs (StRhs _ (viewTerm -> FApp (NoEq (vname,(0,Private,_))) _))):xs -> (lhs, vname):(privateConstructorEquations xs) _:xs -> privateConstructorEquations xs @@ -158,7 +158,7 @@ privateConstructorRules rules = map createRule $ derivablePrivateConstants (priv where -- creates a constructor rule for constant s createRule s = Rule (ConstrRule (append (pack "_") s)) [] [concfact] [concfact] [] - where m = fAppNoEq (s,(0,Private)) [] + where m = fAppNoEq (s,(0,Private,Constructor)) [] concfact = kuFact m -- | Simple removal of subsumed rules for auto-generated subterm intruder rules. @@ -194,11 +194,11 @@ subtermIntruderRules diff maudeSig = -- function signature @fSig@ constructionRules :: NoEqFunSig -> [IntrRuleAC] constructionRules fSig = - [ createRule s k | (s,(k,Public)) <- S.toList fSig ] + [ createRule s k | (s,(k,Public,Constructor)) <- S.toList fSig ] where createRule s k = Rule (ConstrRule (append (pack "_") s)) (map kuFact vars) [concfact] [concfact] [] where vars = take k [ varTerm (LVar "x" LSortMsg i) | i <- [0..] ] - m = fAppNoEq (s,(k,Public)) vars + m = fAppNoEq (s,(k,Public,Constructor)) vars concfact = kuFact m ------------------------------------------------------------------------------ diff --git a/lib/theory/src/Theory/Tools/LoopBreakers.hs b/lib/theory/src/Theory/Tools/LoopBreakers.hs index 67258f4ce..f8ee96648 100644 --- a/lib/theory/src/Theory/Tools/LoopBreakers.hs +++ b/lib/theory/src/Theory/Tools/LoopBreakers.hs @@ -1,3 +1,4 @@ +{-# LANGUAGE FlexibleContexts #-} {-# LANGUAGE GeneralizedNewtypeDeriving #-} -- | -- Copyright : (c) 2012 Simon Meier diff --git a/lib/theory/src/Theory/Tools/Wellformedness.hs b/lib/theory/src/Theory/Tools/Wellformedness.hs index 9276a4ff8..a1396cbd1 100644 --- a/lib/theory/src/Theory/Tools/Wellformedness.hs +++ b/lib/theory/src/Theory/Tools/Wellformedness.hs @@ -163,9 +163,9 @@ quote cs = '`' : cs ++ "'" sortsClashCheck :: HasFrees t => String -> t -> WfErrorReport sortsClashCheck info t = case clashesOn removeSort id $ frees t of [] -> [] - cs -> return $ + cs -> return ( "sorts" - , text info $-$ (nest 2 $ numbered' $ map prettyVarList cs) + , text info $-$ nest 2 (numbered' $ map prettyVarList cs) ) where removeSort lv = (lowerCase (lvarName lv), lvarIdx lv) @@ -331,7 +331,7 @@ unboundCheck info ru where boundVars = S.fromList $ frees (get rPrems ru) originatesFromLookup v = any (match v) $ get preAttributes $ get rInfo ru - match v (Process (ProcessComb (Lookup _ v') _ _ _)) = v == v' + match v (Process (ProcessComb (Lookup _ v') _ _ _)) = v == slvar v' match _ _ = False unboundVars = do v <- frees (get rConcs ru, get rActs ru, get rInfo ru) diff --git a/lib/theory/src/TheoryObject.hs b/lib/theory/src/TheoryObject.hs index 58c166d99..82a8c1ec8 100644 --- a/lib/theory/src/TheoryObject.hs +++ b/lib/theory/src/TheoryObject.hs @@ -5,7 +5,6 @@ module TheoryObject ( module Lemma , module Items.OptionItem , module Items.ProcessItem - , module Items.PredicateItem , module Items.TheoryItem , module Items.CaseTestItem , module Items.AccLemmaItem @@ -16,12 +15,26 @@ module TheoryObject ( , DiffTheory(..) , TheoryItem(..) , DiffTheoryItem(..) + , thyName + , thySignature + , thyCache + , thyItems + , thyOptions + , diffThyName + , diffThyItems + , diffThySignature + , diffThyCacheLeft + , diffThyCacheRight + , diffThyDiffCacheLeft + , diffThyDiffCacheRight + , thyHeuristic + , diffThyHeuristic , DiffLemma(..) , ProcessDef(..) , Predicate(..) , Option(..) , TranslationElement (..) - , foldTranslationItem + , TranslationElement (..) , foldDiffTheoryItem , mapTheoryItem , mapDiffTheoryItem @@ -71,7 +84,32 @@ module TheoryObject ( , lookupLemma , lookupProcessDef , filterSide - , module TheoryObject + , mapMProcesses + , mapMProcessesDef + , theoryFunctionTypingInfos + , theoryBuiltins + , theoryExportInfos + , theoryEquivLemmas + , theoryDiffEquivLemmas + , addFunctionTypingInfo + , clearFunctionTypingInfos + , addExportInfo + , setforcedInjectiveFacts + , filterLemma + , lookupFunctionTypingInfo + , prettyTheory + , prettyTranslationElement + , prettyProcessDef + , prettyEitherRestriction + , lookupExportInfo + , prettyRestriction + , prettyProcess + , theoryCaseTests + , theoryAccLemmas + , addAccLemma + , addCaseTest + , lookupAccLemma + , lookupCaseTest ) where import Theory.Constraint.Solver.Heuristics @@ -83,7 +121,6 @@ import Theory.Constraint.Solver import Items.OptionItem import Items.ProcessItem -import Items.PredicateItem import Items.TheoryItem import Items.CaseTestItem import Items.AccLemmaItem @@ -112,6 +149,11 @@ import Theory.Sapic.Print import Control.Parallel.Strategies import GHC.Generics import Data.Binary +import Theory.Sapic +import Items.ExportInfo +import qualified Data.Set as S +import Theory.Syntactic.Predicate +import Data.ByteString.Char8 (unpack) -- | A theory contains a single set of rewriting rules modeling a protocol @@ -164,19 +206,6 @@ foldTheoryItem fRule fRestriction fLemma fText fPredicate fTranslationItem i = c PredicateItem p -> fPredicate p TranslationItem s -> fTranslationItem s - - --- Fold a translation item. -foldTranslationItem - :: (Process -> a) -> (ProcessDef -> a) -> (AccLemma -> a) -> (CaseTest -> a) - -> TranslationElement -> a -foldTranslationItem fProcess fProcessDef fAccLemma fCaseTest i = case i of - ProcessItem proc -> fProcess proc - ProcessDefItem pDef -> fProcessDef pDef - AccLemmaItem aLem -> fAccLemma aLem - CaseTestItem cTest -> fCaseTest cTest - - -- | Fold a theory item. foldDiffTheoryItem :: (r -> a) -> ((Side, r2) -> a) -> (DiffLemma p -> a) -> ((Side, Lemma p2) -> a) -> ((Side, Restriction) -> a) -> (FormalComment -> a) @@ -199,6 +228,32 @@ mapDiffTheoryItem :: (r -> r') -> ((Side, r2) -> (Side, r2')) -> (DiffLemma p -> mapDiffTheoryItem f g h i = foldDiffTheoryItem (DiffRuleItem . f) (EitherRuleItem . g) (DiffLemmaItem . h) (EitherLemmaItem . i) EitherRestrictionItem DiffTextItem +-- | Map a process +mapMProcesses :: Monad m => (PlainProcess -> m(PlainProcess)) -> Theory sig c r p TranslationElement -> m (Theory sig c r p TranslationElement) +mapMProcesses f thy = do + itms' <- mapM f' itms + return $ L.set thyItems itms' thy + where + itms = L.get thyItems thy + f' (TranslationItem (ProcessItem p)) = TranslationItem . ProcessItem <$> f p + f' (TranslationItem (DiffEquivLemma p)) = TranslationItem . DiffEquivLemma <$> f p + f' (TranslationItem (EquivLemma p1 p2)) = do + fp1 <- f p1 + fp2 <- f p2 + return $ TranslationItem (EquivLemma fp1 fp2) + f' other = return other + + +-- | Map a process definition +mapMProcessesDef :: Monad m => (ProcessDef -> m(ProcessDef)) -> Theory sig c r p TranslationElement -> m (Theory sig c r p TranslationElement) +mapMProcessesDef f thy = do + itms' <- mapM f' itms + return $ L.set thyItems itms' thy + where + itms = L.get thyItems thy + f' (TranslationItem (ProcessDefItem p)) = TranslationItem . ProcessDefItem <$> f p + f' other = return other + -- | All rules of a theory. theoryRules :: Theory sig c r p s -> [r] theoryRules = @@ -235,30 +290,49 @@ theoryLemmas :: Theory sig c r p s -> [Lemma p] theoryLemmas = foldTheoryItem (const []) (const []) return (const []) (const []) (const []) <=< L.get thyItems +translationElements :: Theory sig c1 b p c2 -> [c2] +translationElements = foldTheoryItem (const []) (const []) (const []) (const []) (const []) return <=< L.get thyItems + -- | All CaseTest definitions of a theory. theoryCaseTests :: Theory sig c r p TranslationElement -> [CaseTest] -theoryCaseTests = foldTranslationItem (const []) (const []) (const []) return <=< translationElements - where translationElements = foldTheoryItem (const []) (const []) (const []) (const []) (const []) return <=< L.get thyItems +theoryCaseTests t = [ i | CaseTestItem i <- translationElements t] -- | All AccLemmas definitions of a theory. theoryAccLemmas :: Theory sig c r p TranslationElement -> [AccLemma] -theoryAccLemmas = foldTranslationItem (const []) (const []) return (const []) <=< translationElements - where translationElements = foldTheoryItem (const []) (const []) (const []) (const []) (const []) return <=< L.get thyItems +theoryAccLemmas t = [ i | AccLemmaItem i <- translationElements t] -- | All processes of a theory (TODO give warning if there is more than one...) -theoryProcesses :: Theory sig c r p TranslationElement -> [Process] -theoryProcesses = foldTranslationItem return (const []) (const []) (const []) <=< translationElements - where translationElements = foldTheoryItem (const []) (const []) (const []) (const []) (const []) return <=< L.get thyItems +theoryProcesses :: Theory sig c r p TranslationElement -> [PlainProcess] +theoryProcesses t = [ i | ProcessItem i <- translationElements t] -- | All process definitions of a theory. theoryProcessDefs :: Theory sig c r p TranslationElement -> [ProcessDef] -theoryProcessDefs = foldTranslationItem (const []) return (const []) (const []) <=< translationElements - where translationElements = foldTheoryItem (const []) (const []) (const []) (const []) (const []) return <=< L.get thyItems +theoryProcessDefs t = [ i | ProcessDefItem i <- translationElements t] + +-- | All function typing information in a theory. +theoryFunctionTypingInfos :: Theory sig c r p TranslationElement -> [SapicFunSym] +theoryFunctionTypingInfos t = [ i | FunctionTypingInfo i <- translationElements t] -- | All process definitions of a theory. theoryPredicates :: Theory sig c r p s -> [Predicate] theoryPredicates = foldTheoryItem (const []) (const []) (const []) (const []) return (const []) <=< L.get thyItems +-- | All export info definitions of a theory. +theoryExportInfos :: Theory sig c b p TranslationElement -> [ExportInfo] +theoryExportInfos t = [ i | ExportInfoItem i <- translationElements t] + +-- | All Builtins of a theory +theoryBuiltins :: Theory sig c r p TranslationElement -> [String] +theoryBuiltins t = [ i | SignatureBuiltin i <- translationElements t] + +-- | All Equivalence queries of a theory +theoryEquivLemmas :: Theory sig c r p TranslationElement -> [(PlainProcess, PlainProcess)] +theoryEquivLemmas t = [ (p1,p2) | EquivLemma p1 p2 <- translationElements t] + +-- | All Equivalence queries of a theory +theoryDiffEquivLemmas :: Theory sig c r p TranslationElement -> [PlainProcess] +theoryDiffEquivLemmas t = [ p | DiffEquivLemma p <- translationElements t] + -- | All restrictions of a theory. diffTheoryRestrictions :: DiffTheory sig c r r2 p p2 -> [(Side, Restriction)] diffTheoryRestrictions = @@ -285,44 +359,16 @@ diffTheoryDiffLemmas = foldDiffTheoryItem (const []) (const []) return (const []) (const []) (const []) <=< L.get diffThyItems --- | expand predicaates in formalua with those defined in theory. If this --- fails, return FactTag of the predicate we could not find. -expandFormula :: Theory sig c r p s - -> SyntacticLNFormula - -> Either FactTag LNFormula -expandFormula thy = traverseFormulaAtom f - where - f:: SyntacticAtom (VTerm Name (BVar LVar)) -> Either FactTag LNFormula - f x | Syntactic (Pred fa) <- x - , Just pr <- lookupPredicate fa thy - = return $ apply' (compSubst (L.get pFact pr) fa) (L.get pFormula pr) - - | (Syntactic (Pred fa)) <- x - , Nothing <- lookupPredicate fa thy = Left $ factTag fa - - | otherwise = return $ Ato $ toAtom x - apply' :: (Integer -> Subst Name (BVar LVar)) -> LNFormula -> LNFormula - apply' subst = mapAtoms (\i a -> fmap (applyVTerm $ subst i) a) - compSubst (Fact _ _ ts1) (Fact _ _ ts2) i = substFromList $ zip ts1' ts2' - -- ts1 varTerms that are free in the predicate definition - -- ts2 terms used in reference, need to add the number of quantifiers we added - -- to correctly dereference. - where - ts1':: [BVar LVar] - ts1' = map Free ts1 - ts2' = map (fmap $ fmap up) ts2 - up (Free v) = Free v - up (Bound i') = Bound $ i' + i - - expandRestriction :: Theory sig c r p s -> ProtoRestriction SyntacticLNFormula -> Either FactTag (ProtoRestriction LNFormula) -expandRestriction thy (Restriction n f) = (Restriction n) <$> expandFormula thy f +expandRestriction thy (Restriction n f) = Restriction n <$> expandFormula (theoryPredicates thy) f + expandLemma :: Theory sig c r p1 s -> ProtoLemma SyntacticLNFormula p2 -> Either FactTag (ProtoLemma LNFormula p2) -expandLemma thy (Lemma n tq f a p) = (\f' -> Lemma n tq f' a p) <$> expandFormula thy f +expandLemma thy (Lemma n tq f a p) = (\f' -> Lemma n tq f' a p) <$> expandFormula (theoryPredicates thy) f + -- | Add a new restriction. Fails, if restriction with the same name exists. addRestriction :: Restriction -> Theory sig c r p s -> Maybe (Theory sig c r p s) @@ -336,6 +382,20 @@ addLemma l thy = do guard (isNothing $ lookupLemma (L.get lName l) thy) return $ modify thyItems (++ [LemmaItem l]) thy +addProcess :: PlainProcess -> Theory sig c r p TranslationElement -> Theory sig c r p TranslationElement +addProcess l = modify thyItems (++ [TranslationItem (ProcessItem l)]) + +-- | Add a new process expression. Since expression (and not definitions) +-- could appear several times, checking for doubled occurrence isn't necessary +addFunctionTypingInfo :: SapicFunSym -> Theory sig c r p TranslationElement -> Theory sig c r p TranslationElement +addFunctionTypingInfo l = modify thyItems (++ [TranslationItem $ FunctionTypingInfo l]) + +-- | Remove all Function Typing information in Theory +clearFunctionTypingInfos :: Theory sig c r p TranslationElement -> Theory sig c r p TranslationElement +clearFunctionTypingInfos = modify thyItems (filter f) + where + f (TranslationItem (FunctionTypingInfo _)) = False + f _ = True -- | Add a new case test. Fails if CaseTest with the same name already exists. addCaseTest :: CaseTest -> Theory sig c r p TranslationElement -> Maybe (Theory sig c r p TranslationElement) addCaseTest cTest thy = do @@ -348,9 +408,12 @@ addAccLemma aLem thy = do guard (isNothing $ lookupAccLemma (L.get aName aLem) thy) return $ modify thyItems (++ [TranslationItem (AccLemmaItem aLem)]) thy -addProcess :: Process -> Theory sig c r p TranslationElement -> Theory sig c r p TranslationElement -addProcess l thy = modify thyItems (++ [TranslationItem (ProcessItem l)]) thy +-- | Add a new process expression. +addExportInfo :: ExportInfo -> Theory sig c r p TranslationElement -> Maybe (Theory sig c r p TranslationElement) +addExportInfo eInfo thy = do + guard (isNothing $ lookupExportInfo (L.get eTag eInfo) thy) + return $ modify thyItems (++ [TranslationItem (ExportInfoItem eInfo)]) thy -- search process findProcess :: String -> Theory sig c r p TranslationElement -> Maybe (Theory sig c r p TranslationElement) @@ -367,7 +430,7 @@ addProcessDef pDef thy = do -- | Add a new process definition. fails if process with the same name already exists addPredicate :: Predicate -> Theory sig c r p TranslationElement -> Maybe (Theory sig c r p TranslationElement) addPredicate pDef thy = do - guard (isNothing $ lookupPredicate (L.get pFact pDef) thy) + guard (isNothing $ lookupPredicate (L.get pFact pDef) (theoryPredicates thy)) return $ modify thyItems (++ [PredicateItem pDef]) thy -- | Add a new option. Overwrite previous settings @@ -376,12 +439,27 @@ setOption :: Data.Label.Poly.Lens -> Theory sig c r p s -> Theory sig c r p s setOption l = L.set (l . thyOptions) True +setforcedInjectiveFacts :: S.Set FactTag + -> Theory sig c r p s -> Theory sig c r p s +setforcedInjectiveFacts = L.set (forcedInjectiveFacts . thyOptions) + -- | Add a new restriction. Fails, if restriction with the same name exists. addRestrictionDiff :: Side -> Restriction -> DiffTheory sig c r r2 p p2 -> Maybe (DiffTheory sig c r r2 p p2) addRestrictionDiff s l thy = do guard (isNothing $ lookupRestrictionDiff s (L.get rstrName l) thy) return $ modify diffThyItems (++ [EitherRestrictionItem (s, l)]) thy +filterLemma :: (ProtoLemma LNFormula p -> Bool) -> Theory sig c r p s -> Theory sig c r p s +filterLemma lemmaSelector = modify thyItems (concatMap fItem) + where + fItem = foldTheoryItem (return . RuleItem) + (return . RestrictionItem) + check + (return . TextItem) + (return . PredicateItem) + (return . TranslationItem) + check l = do guard (lemmaSelector l); return (LemmaItem l) + -- | Add a new lemma. Fails, if a lemma with the same name exists. addLemmaDiff :: Side -> Lemma p2 -> DiffTheory sig c r r2 p p2 -> Maybe (DiffTheory sig c r r2 p p2) addLemmaDiff s l thy = do @@ -465,12 +543,13 @@ lookupAccLemma name = find ((name ==) . L.get aName) . theoryAccLemmas lookupProcessDef :: String -> Theory sig c r p TranslationElement -> Maybe (ProcessDef) lookupProcessDef name = find ((name ==) . L.get pName) . theoryProcessDefs --- | Find the predicate with the fact name. -lookupPredicate :: Fact t -> Theory sig c r p s -> Maybe (Predicate) -lookupPredicate fact = find ((sameName fact) . L.get pFact) . theoryPredicates - where - sameName (Fact tag _ _) (Fact tag' _ _) = tag == tag' +-- | Find the function typing info for a given function symbol. +lookupFunctionTypingInfo :: NoEqSym -> Theory sig c r p TranslationElement -> Maybe SapicFunSym +lookupFunctionTypingInfo tag = find (\(fs,_,_) -> tag == fs) . theoryFunctionTypingInfos +-- | Find the export info for the given tag. +lookupExportInfo :: String -> Theory sig c r p TranslationElement -> Maybe ExportInfo +lookupExportInfo tag = find ((tag ==) . L.get eTag) . theoryExportInfos -- | Find the restriction with the given name. lookupRestrictionDiff :: Side -> String -> DiffTheory sig c r r2 p p2 -> Maybe Restriction @@ -510,35 +589,15 @@ itemToRule :: TheoryItem r p s -> Maybe r itemToRule (RuleItem r) = Just r itemToRule _ = Nothing - - --- | Pretty print a theory. -prettyTheoryWithSapic :: HighlightDocument d - => (sig -> d) -> (c -> d) -> (r -> d) -> (p -> d) -> (TranslationElement -> d) - -> Theory sig c r p TranslationElement -> d -prettyTheoryWithSapic ppSig ppCache ppRule ppPrf ppSap thy = vsep $ - [ kwTheoryHeader $ text $ L.get thyName thy - , lineComment_ "Function signature and definition of the equational theory E" - , ppSig $ L.get thySignature thy - , if thyH == [] then text "" else text "heuristic: " <> text (prettyGoalRankings thyH) - , ppCache $ L.get thyCache thy - ] ++ - parMap rdeepseq ppItem (L.get thyItems thy) ++ - [ kwEnd ] - where - ppItem = foldTheoryItem - ppRule prettyRestriction (prettyLemma ppPrf) (uncurry prettyFormalComment) prettyPredicate ppSap - thyH = L.get thyHeuristic thy - --Pretty print a theory prettyTheory :: HighlightDocument d - => (sig -> d) -> (c -> d) -> (r -> d) -> (p -> d) -> (() -> d) - -> Theory sig c r p () -> d + => (sig -> d) -> (c -> d) -> (r -> d) -> (p -> d) -> (s -> d) + -> Theory sig c r p s -> d prettyTheory ppSig ppCache ppRule ppPrf ppSap thy = vsep $ [ kwTheoryHeader $ text $ L.get thyName thy , lineComment_ "Function signature and definition of the equational theory E" , ppSig $ L.get thySignature thy - , if thyH == [] then text "" else text "heuristic: " <> text (prettyGoalRankings thyH) + , if null thyH then text "" else text "heuristic: " <> text (prettyGoalRankings thyH) , ppCache $ L.get thyCache thy ] ++ parMap rdeepseq ppItem (L.get thyItems thy) ++ @@ -550,7 +609,44 @@ prettyTheory ppSig ppCache ppRule ppPrf ppSap thy = vsep $ prettyTranslationElement :: HighlightDocument d => TranslationElement -> d -prettyTranslationElement _ = text ("TODO prettyPrint TranslationItems") +prettyTranslationElement (ProcessItem p) = text "process" <> colon $-$ (nest 2 $ prettyProcess p) +prettyTranslationElement (DiffEquivLemma p) = text "diffEquivLemma" <> colon $-$ (nest 2 $ prettyProcess p) +prettyTranslationElement (EquivLemma p1 p2) = text "equivLemma" <> colon $-$ (nest 2 $ prettyProcess p1) $$ (nest 2 $ prettyProcess p2) +prettyTranslationElement (ProcessDefItem p) = + (text "let ") + <-> + (text (L.get pName p)) + <-> + (text ("(" ++ intercalate "," (map show $ L.get pVars p) ++ ")")) + <-> + (text "=") + <-> + (nest 2 $ prettyProcess $ L.get pBody p) + +prettyTranslationElement (FunctionTypingInfo ((fsn,(_,priv,_)), intypes, outtype)) = + (text "function:") + <-> + text (unpack fsn) + <-> + (parens $ fsep $ punctuate comma $ map printType intypes) + <-> + text ":" + <-> + printType outtype + <-> + text (showPriv priv) + where + printType = maybe (text defaultSapicTypeS) text + showPriv Private = " [private]" + showPriv Public = "" +prettyTranslationElement (ExportInfoItem eInfo) = + (text "export: ") + <-> + (text $ L.get eTag eInfo) + <-> + (nest 2 $ doubleQuotes $ text $ L.get eText eInfo) + +prettyTranslationElement (SignatureBuiltin s) = (text "builtin ")<->(text s) prettyPredicate :: HighlightDocument d => Predicate -> d prettyPredicate p = kwPredicate <> colon <-> text (factstr ++ "<=>" ++ formulastr) @@ -558,11 +654,12 @@ prettyPredicate p = kwPredicate <> colon <-> text (factstr ++ "<=>" ++ formulast factstr = render $ prettyFact prettyLVar $ L.get pFact p formulastr = render $ prettyLNFormula $ L.get pFormula p -prettyProcess :: HighlightDocument d => Process -> d -prettyProcess p = text (prettySapic p) +prettyProcess :: HighlightDocument d => PlainProcess -> d +prettyProcess = prettySapic + prettyProcessDef :: HighlightDocument d => ProcessDef -> d -prettyProcessDef pDef = text ("let " ++ (L.get pName pDef) ++ " = " ++ (prettySapic (L.get pBody pDef))) +prettyProcessDef pDef = text "let " <-> text (L.get pName pDef) <-> text " = " <-> prettySapic (L.get pBody pDef) -- | Pretty print a restriction. diff --git a/lib/theory/tamarin-prover-theory.cabal b/lib/theory/tamarin-prover-theory.cabal index a80b40575..3d41fc9e3 100644 --- a/lib/theory/tamarin-prover-theory.cabal +++ b/lib/theory/tamarin-prover-theory.cabal @@ -87,6 +87,11 @@ library Theory.Constraint.System.JSON Theory.Constraint.System.Guarded + Theory.Sapic.Term + Theory.Sapic.Pattern + Theory.Sapic.Process + Theory.Sapic.Position + Theory.Sapic.Annotation Theory.Sapic Theory.Sapic.Print @@ -98,6 +103,8 @@ library Theory.Model.Signature Theory.Model.Restriction + Theory.Module + Theory.Text.Pretty Theory.Text.Parser Theory.Text.Parser.Token @@ -121,13 +128,15 @@ library Items.OptionItem Items.RuleItem Items.ProcessItem - Items.PredicateItem Items.TheoryItem + Items.ExportInfo Items.CaseTestItem Items.AccLemmaItem Pretty + other-modules: + Theory.Syntactic.Predicate Theory.Text.Parser.Accountability Theory.Text.Parser.Exceptions Theory.Text.Parser.Fact @@ -139,3 +148,5 @@ library Theory.Text.Parser.Sapic Theory.Text.Parser.Signature Theory.Text.Parser.Term + Theory.Sapic.PlainProcess + Theory.Sapic.Substitution diff --git a/src/Main/Console.hs b/src/Main/Console.hs index 54e1dd5e2..23504b7b9 100644 --- a/src/Main/Console.hs +++ b/src/Main/Console.hs @@ -38,6 +38,9 @@ module Main.Console ( , findArg , argExists + -- ** Utility Functions + , getOutputModule + -- * Pretty printing and console output , lineWidth , shortLineWidth @@ -62,6 +65,8 @@ import Paths_tamarin_prover (version) import Language.Haskell.TH import Development.GitRev +import Theory.Module +import Data.List ------------------------------------------------------------------------------ -- Static constants for the tamarin-prover @@ -152,6 +157,19 @@ updateArg a v = Right . addArg a v helpFlag :: Flag Arguments helpFlag = flagHelpSimple (addEmptyArg "help") +------------------------------------------------------------------------------ +-- Utility Functions +------------------------------------------------------------------------------ + +getOutputModule :: Arguments -> ModuleType +getOutputModule as + | Nothing <- findArg "outModule" as = ModuleSpthy -- default + | Just string <- findArg "outModule" as + , Just modCon <- find (\x -> show x == string) (enumFrom minBound) + = modCon + | otherwise = error "output mode not supported." + + ------------------------------------------------------------------------------ -- Modes for using the Tamarin prover diff --git a/src/Main/Mode/Batch.hs b/src/Main/Mode/Batch.hs index 7631d50d4..f30922faa 100644 --- a/src/Main/Mode/Batch.hs +++ b/src/Main/Mode/Batch.hs @@ -1,4 +1,3 @@ -{-# LANGUAGE DeriveDataTypeable #-} -- | -- Copyright : (c) 2010, 2011 Benedikt Schmidt & Simon Meier -- License : GPL v3 (see LICENSE) @@ -11,8 +10,6 @@ module Main.Mode.Batch ( batchMode ) where -import Accountability.Generation (checkPreTransWellformedness) - import Control.Basics import Control.DeepSeq (force) import Control.Exception (evaluate) @@ -26,13 +23,17 @@ import Extension.Data.Label import qualified Text.PrettyPrint.Class as Pretty import Theory -import Theory.Tools.Wellformedness (checkWellformedness, checkWellformednessDiff) +import Theory.Tools.Wellformedness (checkWellformednessDiff) + +import qualified Sapic +import qualified Export import Main.Console import Main.Environment import Main.TheoryLoader import Main.Utils +import Theory.Module -- import Debug.Trace -- | Batch processing mode. @@ -67,22 +68,30 @@ batchMode = tamarinMode outputFlags = [ flagOpt "" ["output","o"] (updateArg "outFile") "FILE" "Output file" , flagOpt "" ["Output","O"] (updateArg "outDir") "DIR" "Output directory" + , flagOpt "spthy" ["output-module", "m"] (updateArg "outModule") moduleList + moduleDescriptions ] + moduleConstructors = enumFrom minBound :: [ModuleType] + moduleList = intercalate "|" $ map show moduleConstructors + moduleDescriptions = "What to output:" ++ intercalate " " (map (\x -> "\n -"++description x) moduleConstructors) ++ "." -- | Process a theory file. run :: TamarinMode -> Arguments -> IO () run thisMode as | null inFiles = helpAndExit thisMode (Just "no input files given") - | otherwise = do + | argExists "parseOnly" as || argExists "outModule" as = do + mapM_ processThy inFiles + putStrLn "" + | otherwise = do _ <- ensureMaude as - putStrLn $ "" - summaries <- mapM processThy $ inFiles - putStrLn $ "" + putStrLn "" + summaries <- mapM processThy inFiles + putStrLn "" putStrLn $ replicate 78 '=' - putStrLn $ "summary of summaries:" - putStrLn $ "" + putStrLn "summary of summaries:" + putStrLn "" putStrLn $ renderDoc $ Pretty.vcat $ intersperse (Pretty.text "") summaries - putStrLn $ "" + putStrLn "" putStrLn $ replicate 78 '=' where -- handles to arguments @@ -114,47 +123,45 @@ run thisMode as -- theory processing functions ------------------------------ - processThy :: FilePath -> IO (Pretty.Doc) + processThy :: FilePath -> IO Pretty.Doc processThy inFile - -- | argExists "html" as = - -- generateHtml inFile =<< loadClosedThy as inFile | argExists "parseOnly" as && argExists "diff" as = - out (const Pretty.emptyDoc) prettyOpenDiffTheory (loadOpenDiffThy as inFile) - | argExists "parseOnly" as = - out (const Pretty.emptyDoc) prettyOpenTranslatedTheory (loadOpenTranslatedThy as inFile) + out (const Pretty.emptyDoc) (return . prettyOpenDiffTheory) (loadOpenDiffThy as inFile) + | argExists "parseOnly" as || argExists "outModule" as = + out (const Pretty.emptyDoc) choosePretty (loadOpenThy as inFile) | argExists "diff" as = - out ppWfAndSummaryDiff prettyClosedDiffTheory (loadClosedDiffThy as inFile) - | otherwise = do - (openThy, transThy) <- loadOpenAndTranslatedThy as inFile - closedThy <- closeThy as openThy transThy - out (ppWfAndSummary openThy transThy) prettyClosedTheory (return closedThy) + out ppWfAndSummaryDiff (return . prettyClosedDiffTheory) (loadClosedDiffThy as inFile) + | otherwise = do + (thy,report) <- loadClosedThyWf as inFile + out (ppWfAndSummary report) (return . prettyClosedTheory) (return thy) where ppAnalyzed = Pretty.text $ "analyzed: " ++ inFile + ppWfAndSummary report thy = do + report + Pretty.$--$ prettyClosedSummary thy - ppWfAndSummary openThy transThy closedThy = - case checkWellformedness transThy (get thySignature closedThy) - ++ checkPreTransWellformedness openThy of - [] -> Pretty.emptyDoc - errs -> Pretty.vcat $ map Pretty.text $ - [ "WARNING: " ++ show (length errs) - ++ " wellformedness check failed!" - , " The analysis results might be wrong!" ] - Pretty.$--$ prettyClosedSummary closedThy - - ppWfAndSummaryDiff thy = - case checkWellformednessDiff (openDiffTheory thy) (get diffThySignature thy) of - [] -> Pretty.emptyDoc - errs -> Pretty.vcat $ map Pretty.text $ - [ "WARNING: " ++ show (length errs) - ++ " wellformedness check failed!" - , " The analysis results might be wrong!" ] + ppWfAndSummaryDiff thy = do + reportWellformednessDoc $ checkWellformednessDiff (openDiffTheory thy) (get diffThySignature thy) Pretty.$--$ prettyClosedDiffSummary thy - out :: (a -> Pretty.Doc) -> (a -> Pretty.Doc) -> IO a -> IO Pretty.Doc + choosePretty = case getOutputModule as of + ModuleSpthy -> return . prettyOpenTheory <=< Sapic.warnings -- output as is, including SAPIC elements + ModuleSpthyTyped -> return . prettyOpenTheory <=< Sapic.typeTheory <=< Sapic.warnings -- additionally type + ModuleMsr -> return . prettyOpenTranslatedTheory + <=< (return . (filterLemma $ lemmaSelector as)) + <=< (return . removeTranslationItems) + <=< Sapic.typeTheory + <=< Sapic.warnings + ModuleProVerif -> Export.prettyProVerifTheory (lemmaSelector as) <=< Sapic.typeTheoryEnv <=< Sapic.warnings + ModuleProVerifEquivalence -> Export.prettyProVerifEquivTheory <=< Sapic.typeTheoryEnv <=< Sapic.warnings + ModuleDeepSec -> Export.prettyDeepSecTheory <=< Sapic.typeTheory <=< Sapic.warnings + + out :: (a -> Pretty.Doc) -> (a -> IO Pretty.Doc) -> IO a -> IO Pretty.Doc out summaryDoc fullDoc load | dryRun = do thy <- load - putStrLn $ renderDoc $ fullDoc thy + doc <- fullDoc thy + putStrLn $ renderDoc doc return $ ppAnalyzed Pretty.$--$ Pretty.nest 2 (summaryDoc thy) | otherwise = do putStrLn $ "" @@ -163,7 +170,8 @@ run thisMode as let outFile = mkOutPath inFile (thySummary, t) <- timed $ do thy <- load - writeFileWithDirs outFile $ renderDoc $ fullDoc thy + doc <- fullDoc thy + writeFileWithDirs outFile $ renderDoc doc -- ensure that the summary is in normal form evaluate $ force $ summaryDoc thy let summary = Pretty.vcat diff --git a/src/Main/TheoryLoader.hs b/src/Main/TheoryLoader.hs index 8f68a2076..84d1c9bb5 100644 --- a/src/Main/TheoryLoader.hs +++ b/src/Main/TheoryLoader.hs @@ -20,9 +20,11 @@ module Main.TheoryLoader ( -- ** Loading and closing theories , closeThy , loadClosedThy + , loadClosedThyWf , loadClosedThyWfReport , loadClosedThyString , reportOnClosedThyStringWellformedness + , reportWellformednessDoc -- ** Loading open diff theories @@ -44,6 +46,7 @@ module Main.TheoryLoader ( , bpIntruderVariantsFile , addMessageDeductionRuleVariants + , lemmaSelector ) where -- import Debug.Trace @@ -73,13 +76,13 @@ import Theory.Tools.IntruderRules (specialIntruderRules, subt , multisetIntruderRules, xorIntruderRules) import Theory.Tools.Wellformedness import Sapic -import Main.Console (renderDoc, argExists, findArg, addEmptyArg, updateArg, Arguments) +import Main.Console (renderDoc, argExists, findArg, addEmptyArg, updateArg, Arguments, getOutputModule) import Main.Environment import Text.Parsec hiding ((<|>),try) import Safe - +import qualified Theory.Text.Pretty as Pretty ------------------------------------------------------------------------------ -- Theory loading: shared between interactive and batch mode @@ -92,6 +95,9 @@ theoryLoadFlags = [ flagOpt "" ["prove"] (updateArg "prove") "LEMMAPREFIX*|LEMMANAME" "Attempt to prove all lemmas that start with LEMMAPREFIX or the lemma which name is LEMMANAME (can be repeated)." + , flagOpt "" ["lemma"] (updateArg "lemma") "LEMMAPREFIX*|LEMMANAME" + "Select lemma(s) by name or prefx (can be repeated)" + , flagOpt "dfs" ["stop-on-trace"] (updateArg "stopOnTrace") "DFS|BFS|SEQDFS|NONE" "How to search for traces (default DFS)" @@ -131,20 +137,32 @@ defines = findArg "defines" -- | Diff flag in the argument diff :: Arguments -> [String] -diff as = if (argExists "diff" as) then ["diff"] else [] +diff as = if argExists "diff" as then ["diff"] else [] -- | quit-on-warning flag in the argument quitOnWarning :: Arguments -> [String] -quitOnWarning as = if (argExists "quit-on-warning" as) then ["quit-on-warning"] else [] +quitOnWarning as = if argExists "quit-on-warning" as then ["quit-on-warning"] else [] + +hasQuitOnWarning :: Arguments -> Bool +hasQuitOnWarning as = "quit-on-warning" `elem` quitOnWarning as + +lemmaSelectorByModule :: Arguments -> ProtoLemma f p -> Bool +lemmaSelectorByModule as lem = case lemmaModules of + [] -> True -- default to true if no modules (or only empty ones) are set + _ -> getOutputModule as `elem` lemmaModules + where + lemmaModules = concat [ m | LemmaModule m <- get lAttributes lem] -- | Select lemmas for proving lemmaSelector :: Arguments -> Lemma p -> Bool lemmaSelector as lem + | null lemmaNames = True | lemmaNames == [""] = True + | lemmaNames == ["",""] = True | otherwise = any lemmaMatches lemmaNames where lemmaNames :: [String] - lemmaNames = findArg "prove" as + lemmaNames = findArg "prove" as ++ findArg "lemma" as lemmaMatches :: String -> Bool lemmaMatches pattern @@ -158,7 +176,7 @@ diffLemmaSelector as lem | otherwise = any lemmaMatches lemmaNames where lemmaNames :: [String] - lemmaNames = findArg "prove" as + lemmaNames = (findArg "prove" as) ++ (findArg "lemma" as) lemmaMatches :: String -> Bool lemmaMatches pattern @@ -181,9 +199,11 @@ loadOpenTranslatedThy as inFile = do loadOpenAndTranslatedThy :: Arguments -> FilePath -> IO (OpenTheory, OpenTranslatedTheory) loadOpenAndTranslatedThy as inFile = do thy <- loadOpenThy as inFile - thy' <- Sapic.translate thy - thy'' <- Acc.translate thy' - return (thy, removeTranslationItems thy'') + transThy <- + Sapic.typeTheory thy + >>= Sapic.translate + >>= Acc.translate + return (thy, removeTranslationItems transThy) -- | Load a closed theory from a file. loadClosedThy :: Arguments -> FilePath -> IO ClosedTheory @@ -193,7 +213,7 @@ loadClosedThy as inFile = do -- | Load an open diff theory from a file. loadOpenDiffThy :: Arguments -> FilePath -> IO OpenDiffTheory -loadOpenDiffThy as fp = parseOpenDiffTheory (diff as ++ defines as ++ quitOnWarning as) fp +loadOpenDiffThy as = parseOpenDiffTheory (diff as ++ defines as ++ quitOnWarning as) -- | Load a closed diff theory from a file. loadClosedDiffThy :: Arguments -> FilePath -> IO ClosedDiffTheory @@ -202,6 +222,48 @@ loadClosedDiffThy as inFile = do thy1 <- addMessageDeductionRuleVariantsDiff thy0 closeDiffThy as thy1 +reportWellformednessDoc :: WfErrorReport -> Pretty.Doc +reportWellformednessDoc [] = Pretty.emptyDoc +reportWellformednessDoc errs = Pretty.vcat + [ Pretty.text $ "WARNING: " ++ show (length errs) + ++ " wellformedness check failed!" + , Pretty.text " The analysis results might be wrong!" + , prettyWfErrorReport errs + ] + +-- | Report well-formedness errors unless empty. Quit on warning. Start with prefix `prefixAct` +reportWellformedness :: IO a -> Bool -> WfErrorReport -> IO () +reportWellformedness _ _ [] = return () +reportWellformedness prefixAct quit wfreport = + do + _ <- prefixAct -- optional: printout of file name or similar + putStrLn "WARNING: ignoring the following wellformedness errors" + putStrLn "" + putStrLn $ renderDoc $ prettyWfErrorReport wfreport + putStrLn $ replicate 78 '-' + if quit then error "quit-on-warning mode selected - aborting on wellformedness errors." else putStrLn "" + +-- | helper function: print header with theory filename +printFileName :: [Char] -> IO () +printFileName inFile = do + putStrLn "" + putStrLn $ replicate 78 '-' + putStrLn $ "Theory file '" ++ inFile ++ "'" + putStrLn $ replicate 78 '-' + putStrLn "" + +loadClosedThyWf :: Arguments -> FilePath -> IO (ClosedTheory, Pretty.Doc) +loadClosedThyWf as inFile = do + (openThy, transThy0) <- loadOpenAndTranslatedThy as inFile + transThy <- addMessageDeductionRuleVariants transThy0 + sig <- toSignatureWithMaude (maudePath as) $ get thySignature transThy + -- report + let errors = checkWellformedness transThy sig ++ Sapic.checkWellformednessSapic openThy + let report = reportWellformednessDoc errors + -- return closed theory + closedTheory <- closeThyWithMaude sig as openThy transThy + return (closedTheory, report) + -- | Load a closed theory and report on well-formedness errors. loadClosedThyWfReport :: Arguments -> FilePath -> IO ClosedTheory loadClosedThyWfReport as inFile = do @@ -209,20 +271,9 @@ loadClosedThyWfReport as inFile = do transThy <- addMessageDeductionRuleVariants transThy0 transSig <- toSignatureWithMaude (maudePath as) $ get thySignature transThy -- report - case checkWellformedness transThy transSig - ++ checkPreTransWellformedness openThy of - [] -> return () - report -> do - putStrLn "" - putStrLn $ replicate 78 '-' - putStrLn $ "Theory file '" ++ inFile ++ "'" - putStrLn $ replicate 78 '-' - putStrLn "" - putStrLn $ "WARNING: ignoring the following wellformedness errors" - putStrLn "" - putStrLn $ renderDoc $ prettyWfErrorReport report - putStrLn $ replicate 78 '-' - if "quit-on-warning" `elem` quitOnWarning as then error "quit-on-warning mode selected - aborting on wellformedness errors." else putStrLn "" + let prefix = printFileName inFile + let errors = checkWellformedness transThy transSig ++ Sapic.checkWellformednessSapic openThy + reportWellformedness prefix (hasQuitOnWarning as) errors -- return closed theory closeThyWithMaude transSig as openThy transThy @@ -233,19 +284,9 @@ loadClosedDiffThyWfReport as inFile = do thy1 <- addMessageDeductionRuleVariantsDiff thy0 sig <- toSignatureWithMaude (maudePath as) $ get diffThySignature thy1 -- report - case checkWellformednessDiff thy1 sig of - [] -> return () - report -> do - putStrLn "" - putStrLn $ replicate 78 '-' - putStrLn $ "Theory file '" ++ inFile ++ "'" - putStrLn $ replicate 78 '-' - putStrLn "" - putStrLn $ "WARNING: ignoring the following wellformedness errors" - putStrLn "" - putStrLn $ renderDoc $ prettyWfErrorReport report - putStrLn $ replicate 78 '-' - if elem "quit-on-warning" (quitOnWarning as) then error "quit-on-warning mode selected - aborting on wellformedness errors." else putStrLn "" + let prefix = printFileName inFile + let errors = checkWellformednessDiff thy1 sig + reportWellformedness prefix (hasQuitOnWarning as) errors -- return closed theory closeDiffThyWithMaude sig as thy1 @@ -254,9 +295,10 @@ loadClosedThyString as input = case parseOpenTheoryString (defines as) input of Left err -> return $ Left $ "parse error: " ++ show err Right thy -> do - thy' <- Sapic.translate thy - thy'' <- Acc.translate thy' - Right <$> closeThy as thy (removeTranslationItems thy'') -- No "return" because closeThy gives IO (ClosedTheory) + thy' <- Sapic.typeTheory thy + >>= Sapic.translate + >>= Acc.translate + Right <$> closeThy as thy (removeTranslationItems thy') -- No "return" because closeThy gives IO (ClosedTheory) loadClosedDiffThyString :: Arguments -> String -> IO (Either String ClosedDiffTheory) @@ -280,12 +322,16 @@ reportOnClosedThyStringWellformedness :: Arguments -> String -> IO String reportOnClosedThyStringWellformedness as input = case loadOpenThyString as input of Left err -> return $ "parse error: " ++ show err - Right thy -> do - thy' <- Sapic.translate thy - thy'' <- Acc.translate thy' - sig <- toSignatureWithMaude (maudePath as) $ get thySignature thy'' - case checkWellformedness (removeTranslationItems thy'') sig - ++ checkPreTransWellformedness thy of + Right openThy -> do + transThy <- Sapic.typeTheory openThy + >>= Sapic.translate + >>= Acc.translate + transSig <- toSignatureWithMaude (maudePath as) $ get thySignature transThy + -- report + let errors = checkWellformedness (removeTranslationItems transThy) transSig + ++ Sapic.checkWellformednessSapic openThy + ++ checkPreTransWellformedness openThy + case errors of [] -> return "" report -> do if elem "quit-on-warning" (quitOnWarning as) then error "quit-on-warning mode selected - aborting on wellformedness errors." else putStrLn "" @@ -306,7 +352,6 @@ reportOnClosedDiffThyStringWellformedness as input = do if elem "quit-on-warning" (quitOnWarning as) then error "quit-on-warning mode selected - aborting on wellformedness errors." else putStrLn "" return $ " WARNING: ignoring the following wellformedness errors: " ++(renderDoc $ prettyWfErrorReport report) - -- | Close a theory according to arguments. closeThy :: Arguments -> OpenTheory -> OpenTranslatedTheory -> IO ClosedTheory closeThy as openThy transThy = do @@ -322,7 +367,7 @@ closeThyWithMaude sig as openThy transThy = do let transThy' = wfCheck openThy transThy -- close and prove let closedThy = closeTheoryWithMaude sig transThy' (argExists "auto-sources" as) - return $ proveTheory (lemmaSelector as) prover $ partialEvaluation closedThy + return $ proveTheory (lemmaSelectorByModule as &&& lemmaSelector as) prover $ partialEvaluation closedThy where -- apply partial application ---------------------------- @@ -350,6 +395,9 @@ closeDiffThy as thy0 = do sig <- toSignatureWithMaude (maudePath as) $ get diffThySignature thy0 closeDiffThyWithMaude sig as thy0 +(&&&) :: (t -> Bool) -> (t -> Bool) -> t -> Bool +(&&&) f g x = f x && g x + -- | Close a diff theory according to arguments. closeDiffThyWithMaude :: SignatureWithMaude -> Arguments -> OpenDiffTheory -> IO ClosedDiffTheory closeDiffThyWithMaude sig as thy0 = do @@ -358,7 +406,7 @@ closeDiffThyWithMaude sig as thy0 = do let thy2 = wfCheckDiff thy0 -- close and prove let cthy = closeDiffTheoryWithMaude sig (addDefaultDiffLemma thy2) (argExists "auto-sources" as) - return $ proveDiffTheory (lemmaSelector as) (diffLemmaSelector as) prover diffprover $ partialEvaluation cthy + return $ proveDiffTheory (lemmaSelectorByModule as &&& lemmaSelector as) (diffLemmaSelector as) prover diffprover $ partialEvaluation cthy where -- apply partial application ---------------------------- diff --git a/stack.yaml b/stack.yaml index 70fe8d07e..2516f6206 100644 --- a/stack.yaml +++ b/stack.yaml @@ -5,6 +5,7 @@ packages: - lib/term/ - lib/utils/ - lib/sapic/ +- lib/export/ - lib/accountability/ resolver: lts-19.2 nix: diff --git a/tamarin-prover.cabal b/tamarin-prover.cabal index f1df58cd1..778d1d1c4 100644 --- a/tamarin-prover.cabal +++ b/tamarin-prover.cabal @@ -44,8 +44,8 @@ description: prover are given at . . The paper describing the theory underlying the extension for observational - equivalence is published at CCS 2015. Its extended version is available from - . For observational equivalence proofs just + equivalence is published at CCS 2015. Its extended version is available from + . For observational equivalence proofs just add the "--diff" flag when calling the @tamarin-prover@. homepage: https://tamarin-prover.github.io @@ -106,8 +106,8 @@ executable tamarin-prover default-language: Haskell2010 if flag(threaded) - ghc-options: -threaded -eventlog - + ghc-options: -threaded -eventlog + -- -XFlexibleInstances ghc-options: -Wall -fwarn-tabs -rtsopts -feager-blackholing -main-is Main @@ -155,11 +155,11 @@ executable tamarin-prover , warp , yesod-core , yesod-static - , tamarin-prover-utils == 1.7.1 , tamarin-prover-term == 1.7.1 , tamarin-prover-theory == 1.7.1 , tamarin-prover-sapic == 1.7.1 + , tamarin-prover-export == 1.7.1 , tamarin-prover-accountability == 1.7.1 other-modules: @@ -184,7 +184,7 @@ executable tamarin-prover Web.Types Test.ParserTests - + other-extensions: TemplateHaskell diff --git a/testbed.maude b/testbed.maude new file mode 100644 index 000000000..4a9f01b44 --- /dev/null +++ b/testbed.maude @@ -0,0 +1,27 @@ +fmod SENC is +sorts Msg . +op senc : Msg Msg -> Msg [ctor]. +op sdec : Msg Msg ~> Msg . +op bot : -> [Msg] [ctor] . +vars K M C : Msg . +vars k m c : [Msg] . +eq sdec(K,senc(K,M)) = M [variant] . +eq sdec(K,bot) = bot [variant] . +endfm + +get variants in SENC : sdec(K,M) . + +get variants in SENC : sdec(k,m)=C . + +get irredundant variants in SENC : sdec(K,C). + +get variants in SENC : sdec(k,m)=C. + +get variants in SENC : nobot(sdec(K,C)). + +/* ceq sdec(K,senc(K,M)) = M [variant] if . */ +/* get variants in SENC : sdec(K,C). */ + +/* op nobot : Msg -> Msg . */ +ceq sdec(K,C) = bot [variant] + if not (C = senc(K,M)).