This repository has been archived on 2021-01-01. You can view files and clone it, but cannot push or open issues or pull requests.
isabelle-ofmc/examples/WideMouthFrog.thy

468 lines
55 KiB
Plaintext

chapter {* Analysing WideMouthFrog *}
(* ***********************************
This file is automatically generated from the AnB file "AnB/WideMouthFrog.AnB".
Backend: Open Source Fixedpoint Model Checker version 2009c
************************************ *)
theory
"WideMouthFrog"
imports
"../src/ofmc"
begin
section {* Protocol Model (WideMouthFrog) *}
datatype Role = rA | rB | rs
datatype Purpose = purposeKAB | purposeNI | purposeTA | purposeTS
datatype Agent = honest nat
| dishonest nat
datatype Nonce = "ni" "nat"
| "absTA" "Msg" "nat"
| "absTS" "Msg" "nat"
| "NI"
| "TA"
| "TS"
and Msg = Nonce "Nonce"
| Agent "Agent"
| Purpose "Purpose"
| pair "Msg*Msg"
| scrypt "Msg*Msg"
| crypt "Msg*Msg"
| inv "Msg"
| SID "nat"
| Step "nat"
| authentication
| secrecy
(* SymKeys *)
| SymKey "Msg"
| "absKAB" "Msg" "nat"
(* Functions *)
| "sk" "Msg"
datatype Fact = Iknows Msg
| State "Role * (Msg list)"
| Secret "Msg * Msg"
| Attack "Msg"
| Witness "Msg * Msg * Msg * Msg"
| Request "Msg * Msg * Msg * Msg * Msg"
section {* Inductive Protocol Definition (WideMouthFrog) *}
inductive_set
WideMouthFrog::"Fact list set"
where
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : WideMouthFrog"
| init_1: "[ Iknows(Agent(dishonest(i)))] : WideMouthFrog"
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog"
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : WideMouthFrog"
| init_4: "[ Iknows(Step(0))] : WideMouthFrog"
| init_5: "[ Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))))] : WideMouthFrog"
| init_6: "[ Iknows(SID(sid))] : WideMouthFrog"
| init_7: "[ Iknows(Agent(honest(a)))] : WideMouthFrog"
| init_8: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog"
| init_9: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : WideMouthFrog"
| init_10: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog"
| init_11: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] )] : WideMouthFrog"
| init_12: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog"
| init_13: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), Agent(honest(a)), SID(sid)] )] : WideMouthFrog"
| rule_0: "[| t :WideMouthFrog;
Iknows(crypt(K, M)) : (set t);
Iknows(inv(K)) : (set t)|]
==>
((Iknows(M))
#t) : WideMouthFrog"
| rule_1: "[| t :WideMouthFrog;
Iknows(crypt(inv(K), M)) : (set t);
Iknows(K) : (set t)|]
==>
((Iknows(M))
#t) : WideMouthFrog"
| rule_2: "[| t :WideMouthFrog;
Iknows(scrypt(K, M)) : (set t);
Iknows(K) : (set t)|]
==>
((Iknows(M))
#t) : WideMouthFrog"
| rule_3: "[| t :WideMouthFrog;
Iknows(pair(M1, M2)) : (set t)|]
==>
((Iknows(M1))
#(Iknows(M2))
#t) : WideMouthFrog"
| rule_4: "[| t :WideMouthFrog;
Secret(M, Agent(honest(a))) : (set t);
Iknows(M) : (set t)|]
==>
((Attack(pair(secrecy, M)))
#t) : WideMouthFrog"
| rule_5: "[| t :WideMouthFrog;
Request(A, B, Purpose(purposeTA), M, SID(sid)) : (set t);
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Abs_TA .
M = Nonce((absTA(pair(B, A)) Abs_TA)))|]
==>
((Attack(pair(authentication, pair(A, pair(B, M)))))
#t) : WideMouthFrog"
| rule_6: "[| t :WideMouthFrog;
Request(A, B, Purpose(purposeKAB), M, SID(sid)) : (set t);
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Abs_KAB .
M = SymKey((absKAB(pair(B, A)) Abs_KAB)))|]
==>
((Attack(pair(authentication, pair(A, pair(B, M)))))
#t) : WideMouthFrog"
| rule_7: "[| t :WideMouthFrog;
Request(A, B, Purpose(purposeTS), M, SID(sid)) : (set t);
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Abs_TS .
M = Nonce((absTS(pair(B, A)) Abs_TS)))|]
==>
((Attack(pair(authentication, pair(A, pair(B, M)))))
#t) : WideMouthFrog"
| rule_8: "[| t :WideMouthFrog;
State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), SID(sid)] ) : (set t)|]
==>
((Secret(SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), Agent(B)))
#(Witness(Agent(A), Agent(B), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))))
#(State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)))))), SID(sid)] ))
#(Iknows(pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))))))))
#t) : WideMouthFrog"
| rule_9: "[| t :WideMouthFrog;
State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : (set t);
Iknows(Agent(A)) : (set t);
Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))) : (set t)|]
==>
((State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ))
#(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))))
#t) : WideMouthFrog"
| rule_10: "[| t :WideMouthFrog;
State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : (set t);
Iknows(Agent(A)) : (set t);
Iknows(SymKey(sk(pair(Agent(A), Agent(honest(a)))))) : (set t);
Iknows(Nonce(TA)) : (set t);
Iknows(Agent(B)) : (set t);
Iknows(SymKey(KAB)) : (set t)|]
==>
((State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ))
#(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))))
#t) : WideMouthFrog"
| rule_11: "[| t :WideMouthFrog;
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : (set t);
Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB))))) : (set t)|]
==>
((Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)))
#(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ))
#t) : WideMouthFrog"
| rule_12: "[| t :WideMouthFrog;
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : (set t);
Iknows(SymKey(sk(pair(Agent(B), Agent(honest(a)))))) : (set t);
Iknows(Nonce(TS)) : (set t);
Iknows(Agent(A)) : (set t);
Iknows(SymKey(KAB)) : (set t)|]
==>
((Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)))
#(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ))
#t) : WideMouthFrog"
section {* Fixed-point Definition (WideMouthFrog) *}
definition
"WideMouthFrog_fp = {m. ( ? Abs_TA2 Abs_TA1 a21 a22 a23 a24 a25 a26 a27 a28 a29 a30 a31 a32 a33 a34 a17 a18 a19 a20 i19 i20 i21 i22 i23 i24 i18 i12 Abs_TS2 i13 i14 Abs_TS3 i15 Abs_TS4 i16 i17 Abs_NI0 Abs_NI1 i6 a9 Abs_NI2 a10 a11 i7 Abs_KAB2 a12 i8 a13 a14 a15 i9 i10 a16 i11 Abs_KAB3 Abs_TS1 a8 i5 Abs_KAB1 sid0 i4 a5 a6 a7 a3 Abs_TA0 a4 a1 a2 i0 i1 Abs_TS0 i2 a0 i3 Abs_KAB0 .
(m = Iknows(Nonce((ni Abs_NI0))))
| (m = Iknows(Agent(dishonest(i0))))
| (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SID(sid0)] ))
| (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] ))
| (m = Iknows(Step(0)))
| (m = Iknows(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))))))
| (m = Iknows(SID(sid0)))
| (m = Iknows(Agent(honest(a0))))
| (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SID(sid0)] ))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
| (m = Secret(SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_KAB0)), Agent(dishonest(i1))))
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_KAB0))))
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_TA0)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Agent(honest(a5)), scrypt(SymKey(sk(pair(Agent(honest(a6)), Agent(honest(a7))))), pair(Nonce((absTA(pair(Agent(honest(a8)), Agent(dishonest(i3)))) Abs_TA1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i5)))) Abs_KAB1)))))), SID(sid0)] ))
| (m = Secret(SymKey((absKAB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), Agent(honest(a2))))
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB0))))
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absTA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_TA0)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0)), pair(Agent(honest(a8)), scrypt(SymKey(sk(pair(Agent(honest(a9)), Agent(honest(a10))))), pair(Nonce((absTA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_TA1)), pair(Agent(honest(a13)), SymKey((absKAB(pair(Agent(honest(a14)), Agent(honest(a15)))) Abs_KAB1)))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a4))))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i6)), SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a5)))))))), pair(Agent(dishonest(i8)), scrypt(SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI2)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a7))))))))), Nonce((absTS(pair(Agent(dishonest(i12)), Agent(dishonest(i13)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS1)), pair(Agent(dishonest(i17)), SymKey(sk(pair(Agent(dishonest(i18)), Agent(honest(a9)))))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a7)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a8)))))))), pair(Agent(dishonest(i5)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a9))))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a10)), SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a11))))))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i8)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a16)))))))), SID(sid0)] ))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TS0)), pair(Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a3))))))))))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_TS0)), pair(Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a1))))))))))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_TA0)), pair(Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_KAB0)))))))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0)))))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0))))))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))))))))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a4))))), pair(Nonce((absTS(pair(Agent(dishonest(i8)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a5)))))))), pair(Agent(dishonest(i12)), scrypt(SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i14)), Agent(dishonest(i15)))) Abs_TS2)), pair(Agent(dishonest(i16)), SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a7))))))))), Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i20)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i21)), Agent(dishonest(i22)))) Abs_TS4)), pair(Agent(dishonest(i23)), SymKey(sk(pair(Agent(dishonest(i24)), Agent(honest(a9)))))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TS1)), pair(Agent(dishonest(i5)), SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a10)))))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTS(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TS2)), pair(Agent(dishonest(i8)), SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a15))))))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS4)), pair(Agent(honest(a19)), SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a20)))))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTA(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TA1)), pair(Agent(dishonest(i5)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTA(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TA2)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS1)), pair(Agent(honest(a19)), SymKey((absKAB(pair(Agent(honest(a20)), Agent(dishonest(i13)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a11)), Agent(honest(a12))))), pair(Nonce((absTA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_TA1)), pair(Agent(honest(a15)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_KAB1))))), pair(Agent(honest(a18)), scrypt(SymKey(sk(pair(Agent(honest(a19)), Agent(honest(a20))))), pair(Nonce((absTA(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_TA2)), pair(Agent(honest(a23)), SymKey((absKAB(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a28)), Agent(honest(a29))))), pair(Nonce((absTS(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_TS1)), pair(Agent(honest(a32)), SymKey((absKAB(pair(Agent(honest(a33)), Agent(honest(a34)))) Abs_KAB3))))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a1))))), SID(sid0)))
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TS1)), pair(Agent(dishonest(i4)), SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a8)))))))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_KAB0)), SID(sid0)))
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTA(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TA1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i5)))) Abs_KAB1))))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB0)), SID(sid0)))
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absTA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_TA1)), pair(Agent(honest(a12)), SymKey((absKAB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_KAB1))))), SID(sid0)] ))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_TS0)), pair(Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_KAB0)))))))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(honest(a1)))) Abs_TS0)), pair(Agent(honest(a2)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0)))))))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(honest(a1)))) Abs_TS0)), pair(Agent(honest(a2)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a3))))))))))
| (m = Iknows(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0))))))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))))))))
| (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))))))))
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0)))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0))))))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a7))))), pair(Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a8)))) Abs_TS1)), pair(Agent(honest(a9)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(dishonest(i7)), scrypt(SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i9)), Agent(honest(a12)))) Abs_TS2)), pair(Agent(honest(a13)), SymKey((absKAB(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i11)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a16)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(honest(a18)), Agent(dishonest(i12)))) Abs_TS4)), pair(Agent(dishonest(i13)), SymKey((absKAB(pair(Agent(honest(a19)), Agent(dishonest(i14)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a7))))), pair(Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a8)))) Abs_TS1)), pair(Agent(honest(a9)), SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a10)))))))), pair(Agent(dishonest(i7)), scrypt(SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i9)), Agent(honest(a12)))) Abs_TS2)), pair(Agent(honest(a13)), SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a14))))))))), Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i11)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a16)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(honest(a18)), Agent(dishonest(i12)))) Abs_TS4)), pair(Agent(dishonest(i13)), SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a19)))))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a11)), Agent(honest(a12))))), pair(Nonce((absTS(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_TS1)), pair(Agent(honest(a15)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_KAB1))))), pair(Agent(honest(a18)), scrypt(SymKey(sk(pair(Agent(honest(a19)), Agent(honest(a20))))), pair(Nonce((absTS(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_TS2)), pair(Agent(honest(a23)), SymKey((absKAB(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a28)), Agent(honest(a29))))), pair(Nonce((absTS(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_TS4)), pair(Agent(honest(a32)), SymKey((absKAB(pair(Agent(honest(a33)), Agent(honest(a34)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(dishonest(i4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_TS1)), pair(Agent(honest(a7)), SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a8)))))))), pair(Agent(dishonest(i9)), scrypt(SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(dishonest(i11)), Agent(dishonest(i12)))) Abs_TS2)), pair(Agent(honest(a10)), SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a11))))))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i14)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_TS4)), pair(Agent(dishonest(i16)), SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a16)))))))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_TS1)), pair(Agent(honest(a12)), SymKey((absKAB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_KAB1))))), SID(sid0)] ))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TS0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0)))))))
| (m = Iknows(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0))))
| (m = Iknows(SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_KAB0))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0))))))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))))))))
| (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))))))))
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0)))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0))))))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TS1)), pair(Agent(dishonest(i5)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTS(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TS2)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS4)), pair(Agent(honest(a19)), SymKey((absKAB(pair(Agent(honest(a20)), Agent(dishonest(i13)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a5))))), pair(Nonce((absTS(pair(Agent(dishonest(i7)), Agent(honest(a6)))) Abs_TS1)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i9)))) Abs_KAB1))))), pair(Agent(dishonest(i10)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a9)))) Abs_TS2)), pair(Agent(dishonest(i13)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i14)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS4)), pair(Agent(dishonest(i20)), SymKey((absKAB(pair(Agent(honest(a12)), Agent(dishonest(i21)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a5))))), pair(Nonce((absTS(pair(Agent(dishonest(i7)), Agent(honest(a6)))) Abs_TS1)), pair(Agent(dishonest(i8)), SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a7)))))))), pair(Agent(dishonest(i10)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a9)))) Abs_TS2)), pair(Agent(dishonest(i13)), SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a10))))))))), Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS4)), pair(Agent(dishonest(i20)), SymKey(sk(pair(Agent(dishonest(i21)), Agent(honest(a12)))))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a4))))), pair(Nonce((absTS(pair(Agent(dishonest(i8)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i11)))) Abs_KAB1))))), pair(Agent(dishonest(i12)), scrypt(SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i14)), Agent(dishonest(i15)))) Abs_TS2)), pair(Agent(dishonest(i16)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i17)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i20)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i21)), Agent(dishonest(i22)))) Abs_TS4)), pair(Agent(dishonest(i23)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i24)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a4))))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i6)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i7)))) Abs_KAB1))))), pair(Agent(dishonest(i8)), scrypt(SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI2)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i11)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i12)), Agent(dishonest(i13)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS1)), pair(Agent(dishonest(i17)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i18)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(dishonest(i4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_TS1)), pair(Agent(honest(a7)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_KAB1))))), pair(Agent(dishonest(i9)), scrypt(SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(dishonest(i11)), Agent(dishonest(i12)))) Abs_TS2)), pair(Agent(honest(a10)), SymKey((absKAB(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i14)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_TS4)), pair(Agent(dishonest(i16)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(dishonest(i17)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a7)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i4)))) Abs_KAB1))))), pair(Agent(dishonest(i5)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a9))))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a10)), SymKey((absKAB(pair(Agent(honest(a11)), Agent(dishonest(i7)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i8)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(dishonest(i11)))) Abs_KAB3))))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TS1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i5)))) Abs_KAB1))))), SID(sid0)] ))
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_TS0)), pair(Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i4)))) Abs_KAB0)))))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0))))))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))))))))
| (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))))))))
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0)))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0))))))
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_KAB0)))))
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i3)))) Abs_KAB0))))))
)}"
section {* Checking Fixed-point (WideMouthFrog) *}
lemma fp_attack_free: "~ (Attack m : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_1: "Iknows(Agent(dishonest(i))) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_4: "Iknows(Step(0)) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_5: "Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a)))))) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_6: "Iknows(SID(sid)) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_7: "Iknows(Agent(honest(a))) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_8: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_9: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_10: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_11: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_12: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma init_13: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_0: "[|
Iknows(crypt(K, M)) : WideMouthFrog_fp;
Iknows(inv(K)) : WideMouthFrog_fp|]
==>
(Iknows(M) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_1: "[|
Iknows(crypt(inv(K), M)) : WideMouthFrog_fp;
Iknows(K) : WideMouthFrog_fp|]
==>
(Iknows(M) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_2: "[|
Iknows(scrypt(K, M)) : WideMouthFrog_fp;
Iknows(K) : WideMouthFrog_fp|]
==>
(Iknows(M) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_3: "[|
Iknows(pair(M1, M2)) : WideMouthFrog_fp|]
==>
(Iknows(M1) : WideMouthFrog_fp) &
(Iknows(M2) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_4: "[|
Secret(M, Agent(honest(a))) : WideMouthFrog_fp;
Iknows(M) : WideMouthFrog_fp|]
==>
(Attack(pair(secrecy, M)) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_5: "[|
Request(A, B, Purpose(purposeTA), M, SID(sid)) : WideMouthFrog_fp;
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Abs_TA .
M = Nonce((absTA(pair(B, A)) Abs_TA)))|]
==>
(Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_6: "[|
Request(A, B, Purpose(purposeKAB), M, SID(sid)) : WideMouthFrog_fp;
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Abs_KAB .
M = SymKey((absKAB(pair(B, A)) Abs_KAB)))|]
==>
(Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_7: "[|
Request(A, B, Purpose(purposeTS), M, SID(sid)) : WideMouthFrog_fp;
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Abs_TS .
M = Nonce((absTS(pair(B, A)) Abs_TS)))|]
==>
(Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_8: "[|
State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), SID(sid)] ) : WideMouthFrog_fp|]
==>
(Secret(SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), Agent(B)) : WideMouthFrog_fp) &
(Witness(Agent(A), Agent(B), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))) : WideMouthFrog_fp) &
(State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)))))), SID(sid)] ) : WideMouthFrog_fp) &
(Iknows(pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))))))) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_9: "[|
State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : WideMouthFrog_fp;
Iknows(Agent(A)) : WideMouthFrog_fp;
Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))) : WideMouthFrog_fp|]
==>
(State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp) &
(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_10: "[|
State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : WideMouthFrog_fp;
Iknows(Agent(A)) : WideMouthFrog_fp;
Iknows(SymKey(sk(pair(Agent(A), Agent(honest(a)))))) : WideMouthFrog_fp;
Iknows(Nonce(TA)) : WideMouthFrog_fp;
Iknows(Agent(B)) : WideMouthFrog_fp;
Iknows(SymKey(KAB)) : WideMouthFrog_fp|]
==>
(State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp) &
(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_11: "[|
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : WideMouthFrog_fp;
Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp|]
==>
(Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)) : WideMouthFrog_fp) &
(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_12: "[|
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : WideMouthFrog_fp;
Iknows(SymKey(sk(pair(Agent(B), Agent(honest(a)))))) : WideMouthFrog_fp;
Iknows(Nonce(TS)) : WideMouthFrog_fp;
Iknows(Agent(A)) : WideMouthFrog_fp;
Iknows(SymKey(KAB)) : WideMouthFrog_fp|]
==>
(Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)) : WideMouthFrog_fp) &
(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp)"
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
section {* Security Proof(s) (WideMouthFrog) *}
lemma over_approx: "t : WideMouthFrog ==> (set t) <= WideMouthFrog_fp"
apply(rule WideMouthFrog.induct, simp_all)
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
apply(propagate_fp, cut_tac init_9, (assumption | simp)+)
apply(propagate_fp, cut_tac init_10, (assumption | simp)+)
apply(propagate_fp, cut_tac init_11, (assumption | simp)+)
apply(propagate_fp, cut_tac init_12, (assumption | simp)+)
apply(propagate_fp, cut_tac init_13, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_11, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_12, (assumption | simp)+)
done
end (* theory *)