chapter {* Analysing ISO_onepass_pk *} (* *********************************** This file is automatically generated from the AnB file "AnB/ISOpubKeyOnePassUnilateralAuthProt.AnB". Backend: Open Source Fixedpoint Model Checker version 2009c ************************************ *) theory "ISOpubKeyOnePassUnilateralAuthProt" imports "../src/ofmc" begin section {* Protocol Model (ISO_onepass_pk) *} datatype Role = rA | rB | rs datatype Purpose = purposeNI | purposeNA | purposeText1 datatype Agent = honest nat | dishonest nat datatype Nonce = "ni" "nat" | "absNA" "Msg" "nat" | "absText1" "Msg" "nat" | "NI" | "NA" | "Text1" and Msg = Nonce "Nonce" | Agent "Agent" | Purpose "Purpose" | pair "Msg*Msg" | scrypt "Msg*Msg" | crypt "Msg*Msg" | inv "Msg" | SID "nat" | Step "nat" | authentication | secrecy (* SymKeys *) | SymKey "Msg" (* Functions *) | "pk" "Msg" datatype Fact = Iknows Msg | State "Role * (Msg list)" | Secret "Msg * Msg" | Attack "Msg" | Witness "Msg * Msg * Msg * Msg" | Request "Msg * Msg * Msg * Msg * Msg" section {* Inductive Protocol Definition (ISO_onepass_pk) *} inductive_set ISO_onepass_pk::"Fact list set" where init_0: "[ Iknows(Nonce((ni Abs_NI)))] : ISO_onepass_pk" | init_1: "[ Iknows(Agent(dishonest(i)))] : ISO_onepass_pk" | init_2: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : ISO_onepass_pk" | init_3: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : ISO_onepass_pk" | init_4: "[ Iknows(Step(0))] : ISO_onepass_pk" | init_5: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : ISO_onepass_pk" | init_6: "[ Iknows(pk(Agent(dishonest(i))))] : ISO_onepass_pk" | init_7: "[ Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(dishonest(i)), pk(Agent(dishonest(i))))))] : ISO_onepass_pk" | init_8: "[ Iknows(SID(sid))] : ISO_onepass_pk" | init_9: "[ Iknows(Agent(honest(a)))] : ISO_onepass_pk" | init_10: "[ State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), SID(sid)] )] : ISO_onepass_pk" | init_11: "[ Iknows(pk(Agent(honest(a))))] : ISO_onepass_pk" | rule_0: "[| t :ISO_onepass_pk; Iknows(crypt(K, M)) : (set t); Iknows(inv(K)) : (set t)|] ==> ((Iknows(M)) #t) : ISO_onepass_pk" | rule_1: "[| t :ISO_onepass_pk; Iknows(crypt(inv(K), M)) : (set t); Iknows(K) : (set t)|] ==> ((Iknows(M)) #t) : ISO_onepass_pk" | rule_2: "[| t :ISO_onepass_pk; Iknows(scrypt(K, M)) : (set t); Iknows(K) : (set t)|] ==> ((Iknows(M)) #t) : ISO_onepass_pk" | rule_3: "[| t :ISO_onepass_pk; Iknows(pair(M1, M2)) : (set t)|] ==> ((Iknows(M1)) #(Iknows(M2)) #t) : ISO_onepass_pk" | rule_4: "[| t :ISO_onepass_pk; Secret(M, Agent(honest(a))) : (set t); Iknows(M) : (set t)|] ==> ((Attack(pair(secrecy, M))) #t) : ISO_onepass_pk" | rule_5: "[| t :ISO_onepass_pk; Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t); ~ ( ? i . B = Agent(dishonest(i))); ~ ( ? B A Abs_NA . M = Nonce((absNA(pair(B, A)) Abs_NA)))|] ==> ((Attack(pair(authentication, pair(A, pair(B, M))))) #t) : ISO_onepass_pk" | rule_6: "[| t :ISO_onepass_pk; Request(A, B, Purpose(purposeText1), M, SID(sid)) : (set t); ~ ( ? i . B = Agent(dishonest(i))); ~ ( ? B A Abs_Text1 . M = Nonce((absText1(pair(B, A)) Abs_Text1)))|] ==> ((Attack(pair(authentication, pair(A, pair(B, M))))) #t) : ISO_onepass_pk" | rule_7: "[| t :ISO_onepass_pk; State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), SID(sid)] ) : (set t)|] ==> ((Witness(Agent(A), Agent(B), Purpose(purposeText1), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))) #(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))))), SID(sid)] )) #(Iknows(pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))))))) #t) : ISO_onepass_pk" | rule_8: "[| t :ISO_onepass_pk; State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t); Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|] ==> ((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) #t) : ISO_onepass_pk" | rule_9: "[| t :ISO_onepass_pk; State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t); Iknows(inv(pk(Agent(A)))) : (set t); Iknows(Nonce(NA)) : (set t); Iknows(Agent(B)) : (set t); Iknows(Nonce(Text1)) : (set t)|] ==> ((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) #t) : ISO_onepass_pk" | rule_10: "[| t :ISO_onepass_pk; State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); Iknows(inv(pk(Agent(honest(a))))) : (set t); Iknows(Agent(A)) : (set t); Iknows(pk(Agent(A))) : (set t); Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|] ==> ((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) #t) : ISO_onepass_pk" | rule_11: "[| t :ISO_onepass_pk; State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); Iknows(inv(pk(Agent(honest(a))))) : (set t); Iknows(Agent(A)) : (set t); Iknows(pk(Agent(A))) : (set t); Iknows(inv(pk(Agent(A)))) : (set t); Iknows(Nonce(NA)) : (set t); Iknows(Agent(B)) : (set t); Iknows(Nonce(Text1)) : (set t)|] ==> ((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) #t) : ISO_onepass_pk" | rule_12: "[| t :ISO_onepass_pk; State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); Iknows(inv(pk(Agent(honest(a))))) : (set t); Iknows(Agent(A)) : (set t); Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|] ==> ((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) #t) : ISO_onepass_pk" | rule_13: "[| t :ISO_onepass_pk; State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); Iknows(inv(pk(Agent(honest(a))))) : (set t); Iknows(Agent(A)) : (set t); Iknows(inv(pk(Agent(A)))) : (set t); Iknows(Nonce(NA)) : (set t); Iknows(Agent(B)) : (set t); Iknows(Nonce(Text1)) : (set t)|] ==> ((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) #t) : ISO_onepass_pk" section {* Fixed-point Definition (ISO_onepass_pk) *} definition "ISO_onepass_pk_fp = {m. ( ? Abs_NI3 Abs_NI4 Abs_NI5 a18 a19 a20 a21 a22 a23 a24 a25 i11 i12 i13 Abs_Text13 Abs_Text14 Abs_Text15 Abs_NA3 a12 a13 a14 Abs_NA4 a15 a16 a17 Abs_NA5 i8 i9 i10 Abs_Text11 Abs_Text12 Abs_NI0 Abs_NI1 Abs_NA1 i3 i4 i5 i6 i7 Abs_NI2 a9 a10 a11 Abs_NA2 sid0 a6 a7 a8 a5 i0 i1 i2 a0 a1 Abs_NA0 a2 a3 a4 Abs_Text10 . (m = Iknows(Nonce((ni Abs_NI0)))) | (m = Iknows(Agent(dishonest(i0)))) | (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(dishonest(i0)), SID(sid0)] )) | (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(honest(a6)), SID(sid0)] )) | (m = Iknows(Step(0))) | (m = Iknows(inv(pk(Agent(dishonest(i0)))))) | (m = Iknows(pk(Agent(dishonest(i0))))) | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))) | (m = Iknows(SID(sid0))) | (m = Iknows(Agent(honest(a0)))) | (m = State(rB, [Agent(honest(a0)), Step(0), pk(Agent(honest(a1))), SID(sid0)] )) | (m = Iknows(pk(Agent(honest(a0))))) | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10)))))))) | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10)))))))) | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text10)))) | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(dishonest(i0)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i1)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_Text10)), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(honest(a9)), pk(Agent(honest(a10))))), crypt(inv(pk(Agent(honest(a11)))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(dishonest(i3)))) Abs_NA1)), pair(Agent(dishonest(i4)), Nonce((absText1(pair(Agent(honest(a13)), Agent(dishonest(i5)))) Abs_Text11)))))), SID(sid0)] )) | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)))) | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text10)), pair(crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), crypt(inv(pk(Agent(honest(a14)))), pair(Nonce((absNA(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), pair(Agent(honest(a17)), Nonce((absText1(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_Text11)))))), SID(sid0)] )) | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((ni Abs_NI0)), SID(sid0))) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((ni Abs_NI1)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a2)), Nonce((ni Abs_NI3))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI4)), pair(Agent(honest(a5)), Nonce((ni Abs_NI5)))))), SID(sid0)] )) | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Agent(honest(a3)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text10))))))) | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))))) | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_Text10))))))) | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10)))))))) | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10)))))))) | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10))))) | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10)))))) | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) | (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10))))) | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)))))) | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), SID(sid0))) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), crypt(inv(pk(Agent(honest(a6)))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA1)), pair(Agent(honest(a9)), Nonce((absText1(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_Text11))))), pk(Agent(honest(a12))), Agent(honest(a13)), crypt(inv(pk(Agent(honest(a14)))), pair(Agent(honest(a15)), pk(Agent(honest(a16))))), pair(crypt(inv(pk(Agent(honest(a17)))), pair(Agent(honest(a18)), pk(Agent(honest(a19))))), crypt(inv(pk(Agent(honest(a20)))), pair(Nonce((absNA(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Agent(honest(a23)), Nonce((absText1(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_Text12)))))), SID(sid0)] )) | (m = Iknows(Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Text10)))) | (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)))) | (m = Iknows(Nonce((absText1(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_Text10)))) | (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)))) | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10)))))))) | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10)))))))) | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10))))) | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10)))))) | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) | (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10))))) | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)))))) | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text10)), SID(sid0))) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_Text12)), pair(Agent(honest(a5)), Nonce((absText1(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_Text13))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_Text14)), pair(Agent(honest(a10)), Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_Text15)))))), SID(sid0)] )) | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0))) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_Text11)), pair(Agent(honest(a5)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NA1))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_Text12)), pair(Agent(honest(a10)), Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_NA2)))))), SID(sid0)] )) | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10)), SID(sid0))) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text12)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text13))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_Text14)), pair(Agent(honest(a12)), Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text15)))))), SID(sid0)] )) | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), SID(sid0))) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text11)), pair(Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_Text12)), pair(Agent(honest(a12)), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA2)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_Text11)), pair(Agent(honest(a4)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a7)), Agent(dishonest(i10)))) Abs_Text12)), pair(Agent(honest(a8)), Nonce((ni Abs_NI2)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_NA1)), pair(Agent(honest(a5)), Nonce((absText1(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_Text11))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_NA2)), pair(Agent(honest(a10)), Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_Text12)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_NA2)), pair(Agent(honest(a5)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NA3))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_NA4)), pair(Agent(honest(a10)), Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_NA5)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_NA1)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Agent(honest(a12)), Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text12)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_NA2)), pair(Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA3))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA4)), pair(Agent(honest(a12)), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA5)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NA1)), pair(Agent(honest(a4)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i10)))) Abs_NA2)), pair(Agent(honest(a8)), Nonce((ni Abs_NI2)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text12)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_Text13))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text14)), pair(Agent(honest(a13)), Nonce((absText1(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_Text15)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text11)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text12)), pair(Agent(honest(a13)), Nonce((absNA(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_NA2)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text12)), pair(Agent(honest(a8)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text13))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text14)), pair(Agent(honest(a15)), Nonce((absText1(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_Text15)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text11)), pair(Agent(honest(a8)), Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text12)), pair(Agent(honest(a15)), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA2)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text11)), pair(Agent(honest(a6)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text12)), pair(Agent(honest(a11)), Nonce((ni Abs_NI2)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA1)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_NA2)), pair(Agent(honest(a13)), Nonce((absText1(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_Text12)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA2)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_NA3))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_NA4)), pair(Agent(honest(a13)), Nonce((absNA(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_NA5)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), pair(Agent(honest(a8)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text11))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA2)), pair(Agent(honest(a15)), Nonce((absText1(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_Text12)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA2)), pair(Agent(honest(a8)), Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA3))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA4)), pair(Agent(honest(a15)), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA5)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA1)), pair(Agent(honest(a6)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA2)), pair(Agent(honest(a11)), Nonce((ni Abs_NI2)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a3)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i10)))) Abs_Text12)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a3)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i10)))) Abs_NA2)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a4)), Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text11))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a9)), Nonce((absText1(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_Text12)))))), SID(sid0)] )) | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a4)), Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a9)), Nonce((absNA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NA2)))))), SID(sid0)] )) | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10)))))))) | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10)))))))) | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10))))) | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10)))))) | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) | (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10))))) | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)))))) )}" section {* Checking Fixed-point (ISO_onepass_pk) *} lemma fp_attack_free: "~ (Attack m : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_0: "Iknows(Nonce((ni Abs_NI))) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_1: "Iknows(Agent(dishonest(i))) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_2: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_3: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_4: "Iknows(Step(0)) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_5: "Iknows(inv(pk(Agent(dishonest(i))))) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_6: "Iknows(pk(Agent(dishonest(i)))) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_7: "Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(dishonest(i)), pk(Agent(dishonest(i)))))) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_8: "Iknows(SID(sid)) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_9: "Iknows(Agent(honest(a))) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_10: "State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma init_11: "Iknows(pk(Agent(honest(a)))) : ISO_onepass_pk_fp" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_0: "[| Iknows(crypt(K, M)) : ISO_onepass_pk_fp; Iknows(inv(K)) : ISO_onepass_pk_fp|] ==> (Iknows(M) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_1: "[| Iknows(crypt(inv(K), M)) : ISO_onepass_pk_fp; Iknows(K) : ISO_onepass_pk_fp|] ==> (Iknows(M) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_2: "[| Iknows(scrypt(K, M)) : ISO_onepass_pk_fp; Iknows(K) : ISO_onepass_pk_fp|] ==> (Iknows(M) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_3: "[| Iknows(pair(M1, M2)) : ISO_onepass_pk_fp|] ==> (Iknows(M1) : ISO_onepass_pk_fp) & (Iknows(M2) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_4: "[| Secret(M, Agent(honest(a))) : ISO_onepass_pk_fp; Iknows(M) : ISO_onepass_pk_fp|] ==> (Attack(pair(secrecy, M)) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_5: "[| Request(A, B, Purpose(purposeNA), M, SID(sid)) : ISO_onepass_pk_fp; ~ ( ? i . B = Agent(dishonest(i))); ~ ( ? B A Abs_NA . M = Nonce((absNA(pair(B, A)) Abs_NA)))|] ==> (Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_6: "[| Request(A, B, Purpose(purposeText1), M, SID(sid)) : ISO_onepass_pk_fp; ~ ( ? i . B = Agent(dishonest(i))); ~ ( ? B A Abs_Text1 . M = Nonce((absText1(pair(B, A)) Abs_Text1)))|] ==> (Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_7: "[| State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), SID(sid)] ) : ISO_onepass_pk_fp|] ==> (Witness(Agent(A), Agent(B), Purpose(purposeText1), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1))) : ISO_onepass_pk_fp) & (State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))))), SID(sid)] ) : ISO_onepass_pk_fp) & (Iknows(pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1))))))) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_8: "[| State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : ISO_onepass_pk_fp; Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|] ==> (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_9: "[| State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : ISO_onepass_pk_fp; Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp; Iknows(Nonce(NA)) : ISO_onepass_pk_fp; Iknows(Agent(B)) : ISO_onepass_pk_fp; Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|] ==> (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_10: "[| State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp; Iknows(Agent(A)) : ISO_onepass_pk_fp; Iknows(pk(Agent(A))) : ISO_onepass_pk_fp; Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|] ==> (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_11: "[| State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp; Iknows(Agent(A)) : ISO_onepass_pk_fp; Iknows(pk(Agent(A))) : ISO_onepass_pk_fp; Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp; Iknows(Nonce(NA)) : ISO_onepass_pk_fp; Iknows(Agent(B)) : ISO_onepass_pk_fp; Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|] ==> (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_12: "[| State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp; Iknows(Agent(A)) : ISO_onepass_pk_fp; Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|] ==> (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ lemma rule_13: "[| State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp; Iknows(Agent(A)) : ISO_onepass_pk_fp; Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp; Iknows(Nonce(NA)) : ISO_onepass_pk_fp; Iknows(Agent(B)) : ISO_onepass_pk_fp; Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|] ==> (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ section {* Security Proof(s) (ISO_onepass_pk) *} lemma over_approx: "t : ISO_onepass_pk ==> (set t) <= ISO_onepass_pk_fp" apply(rule ISO_onepass_pk.induct, simp_all) apply(propagate_fp, cut_tac init_0, (assumption | simp)+) apply(propagate_fp, cut_tac init_1, (assumption | simp)+) apply(propagate_fp, cut_tac init_2, (assumption | simp)+) apply(propagate_fp, cut_tac init_3, (assumption | simp)+) apply(propagate_fp, cut_tac init_4, (assumption | simp)+) apply(propagate_fp, cut_tac init_5, (assumption | simp)+) apply(propagate_fp, cut_tac init_6, (assumption | simp)+) apply(propagate_fp, cut_tac init_7, (assumption | simp)+) apply(propagate_fp, cut_tac init_8, (assumption | simp)+) apply(propagate_fp, cut_tac init_9, (assumption | simp)+) apply(propagate_fp, cut_tac init_10, (assumption | simp)+) apply(propagate_fp, cut_tac init_11, (assumption | simp)+) apply(propagate_fp, cut_tac rule_0, (assumption | simp)+) apply(propagate_fp, cut_tac rule_1, (assumption | simp)+) apply(propagate_fp, cut_tac rule_2, (assumption | simp)+) apply(propagate_fp, cut_tac rule_3, (assumption | simp)+) apply(propagate_fp, cut_tac rule_4, (assumption | simp)+) apply(propagate_fp, cut_tac rule_5, (assumption | simp)+) apply(propagate_fp, cut_tac rule_6, (assumption | simp)+) apply(propagate_fp, cut_tac rule_7, (assumption | simp)+) apply(propagate_fp, cut_tac rule_8, (assumption | simp)+) apply(propagate_fp, cut_tac rule_9, (assumption | simp)+) apply(propagate_fp, cut_tac rule_10, (assumption | simp)+) apply(propagate_fp, cut_tac rule_11, (assumption | simp)+) apply(propagate_fp, cut_tac rule_12, (assumption | simp)+) apply(propagate_fp, cut_tac rule_13, (assumption | simp)+) done end (* theory *)