This repository has been archived on 2021-01-01. You can view files and clone it, but cannot push or open issues or pull requests.
isabelle-ofmc/examples/nsl-ks.thy

816 lines
79 KiB
Plaintext

chapter {* Analysing NSL *}
(* ***********************************
This file is automatically generated from the AnB file "AnB/nsl-ks.AnB".
Backend: Open Source Fixedpoint Model Checker version 2009c
************************************ *)
theory
"nsl-ks"
imports
"../src/ofmc"
begin
section {* Protocol Model (NSL) *}
datatype Role = rA | rB | rs
datatype Purpose = purposeNI | purposeNA | purposeNB
datatype Agent = honest nat
| dishonest nat
datatype Nonce = "ni" "nat"
| "na" "Msg" "nat"
| "nb" "Msg" "nat"
| "NI"
| "NA"
| "NB"
and Msg = Nonce "Nonce"
| Agent "Agent"
| Purpose "Purpose"
| pair "Msg*Msg"
| scrypt "Msg*Msg"
| crypt "Msg*Msg"
| inv "Msg"
| SID "nat"
| Step "nat"
| authentication
| secrecy
(* SymKeys *)
| SymKey "Msg"
(* Functions *)
| "pk" "Msg"
datatype Fact = Iknows Msg
| State "Role * (Msg list)"
| Secret "Msg * Msg"
| Attack "Msg"
| Witness "Msg * Msg * Msg * Msg"
| Request "Msg * Msg * Msg * Msg * Msg"
section {* Inductive Protocol Definition (NSL) *}
inductive_set
NSL::"Fact list set"
where
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : NSL"
| init_1: "[ Iknows(Agent(dishonest(i)))] : NSL"
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL"
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL"
| init_4: "[ Iknows(Step(0))] : NSL"
| init_5: "[ Iknows(pk(Agent(honest(a))))] : NSL"
| init_6: "[ Iknows(Agent(honest(a)))] : NSL"
| init_7: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : NSL"
| init_8: "[ Iknows(pk(Agent(dishonest(i))))] : NSL"
| init_9: "[ Iknows(SID(sid))] : NSL"
| init_10: "[ Iknows(Agent(honest(a)))] : NSL"
| init_11: "[ State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL"
| init_12: "[ State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL"
| rule_0: "[| t :NSL;
Iknows(crypt(K, M)) : (set t);
Iknows(inv(K)) : (set t)|]
==>
((Iknows(M))
#t) : NSL"
| rule_1: "[| t :NSL;
Iknows(crypt(inv(K), M)) : (set t);
Iknows(K) : (set t)|]
==>
((Iknows(M))
#t) : NSL"
| rule_2: "[| t :NSL;
Iknows(scrypt(K, M)) : (set t);
Iknows(K) : (set t)|]
==>
((Iknows(M))
#t) : NSL"
| rule_3: "[| t :NSL;
Iknows(pair(M1, M2)) : (set t)|]
==>
((Iknows(M1))
#(Iknows(M2))
#t) : NSL"
| rule_4: "[| t :NSL;
Secret(M, Agent(honest(a))) : (set t);
Iknows(M) : (set t)|]
==>
((Attack(pair(secrecy, M)))
#t) : NSL"
| rule_5: "[| t :NSL;
Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t);
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Abs_NA .
M = Nonce((na(pair(B, A)) Abs_NA)))|]
==>
((Attack(pair(authentication, pair(A, pair(B, M)))))
#t) : NSL"
| rule_6: "[| t :NSL;
Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t);
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Arg1 Abs_NB .
M = Nonce((nb(pair(B, pair(A, Arg1))) Abs_NB)))|]
==>
((Attack(pair(authentication, pair(A, pair(B, M)))))
#t) : NSL"
| rule_7: "[| t :NSL;
State(rA, [Agent(A), Step(0), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), SID(sid)] ) : (set t)|]
==>
((State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ))
#(Iknows(pair(Agent(A), Agent(B))))
#t) : NSL"
| rule_8: "[| t :NSL;
State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : (set t);
Iknows(Agent(A)) : (set t);
Iknows(Agent(B)) : (set t)|]
==>
((State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ))
#(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))))
#t) : NSL"
| rule_9: "[| t :NSL;
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t);
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : (set t)|]
==>
((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)))
#(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))))
#(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))))
#t) : NSL"
| rule_10: "[| t :NSL;
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t);
Iknows(inv(pk(Agent(honest(a))))) : (set t);
Iknows(Agent(B)) : (set t);
Iknows(pk(Agent(B))) : (set t)|]
==>
((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)))
#(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))))
#(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))))
#t) : NSL"
| rule_11: "[| t :NSL;
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t);
Iknows(inv(pk(Agent(honest(a))))) : (set t);
Iknows(Agent(B)) : (set t)|]
==>
((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)))
#(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))))
#(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))))
#t) : NSL"
| rule_12: "[| t :NSL;
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t);
Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : (set t)|]
==>
((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ))
#(Iknows(pair(Agent(B), Agent(A))))
#t) : NSL"
| rule_13: "[| t :NSL;
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t);
Iknows(pk(Agent(B))) : (set t);
Iknows(Nonce(NA)) : (set t);
Iknows(Agent(A)) : (set t)|]
==>
((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ))
#(Iknows(pair(Agent(B), Agent(A))))
#t) : NSL"
| rule_14: "[| t :NSL;
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t);
Iknows(Agent(B)) : (set t);
Iknows(Nonce(NA)) : (set t);
Iknows(Agent(A)) : (set t)|]
==>
((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ))
#(Iknows(pair(Agent(B), Agent(A))))
#t) : NSL"
| rule_15: "[| t :NSL;
State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : (set t);
Iknows(Agent(B)) : (set t);
Iknows(Agent(A)) : (set t)|]
==>
((State(rs, [Agent(honest(a)), Step(2), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), pair(Agent(B), Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), SID(sid)] ))
#(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))))
#t) : NSL"
| rule_16: "[| t :NSL;
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t)|]
==>
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
#t) : NSL"
| rule_17: "[| t :NSL;
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
Iknows(inv(pk(Agent(honest(a))))) : (set t);
Iknows(Agent(A)) : (set t);
Iknows(pk(Agent(A))) : (set t)|]
==>
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
#t) : NSL"
| rule_18: "[| t :NSL;
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
Iknows(inv(pk(Agent(honest(a))))) : (set t);
Iknows(Agent(A)) : (set t)|]
==>
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
#t) : NSL"
| rule_19: "[| t :NSL;
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t);
~ ( ? A B Abs_NA .
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
==>
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
#t) : NSL"
| rule_20: "[| t :NSL;
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
Iknows(inv(pk(Agent(honest(a))))) : (set t);
Iknows(Agent(A)) : (set t);
Iknows(pk(Agent(A))) : (set t);
~ ( ? A B Abs_NA .
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
==>
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
#t) : NSL"
| rule_21: "[| t :NSL;
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
Iknows(inv(pk(Agent(honest(a))))) : (set t);
Iknows(Agent(A)) : (set t);
~ ( ? A B Abs_NA .
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
==>
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
#t) : NSL"
| rule_22: "[| t :NSL;
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : (set t)|]
==>
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
#(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
#t) : NSL"
| rule_23: "[| t :NSL;
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
Iknows(pk(Agent(A))) : (set t);
Iknows(Nonce(NA)) : (set t);
Iknows(Nonce(NB)) : (set t);
Iknows(Agent(B)) : (set t)|]
==>
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
#(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
#t) : NSL"
| rule_24: "[| t :NSL;
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
Iknows(Agent(A)) : (set t);
Iknows(Nonce(NA)) : (set t);
Iknows(Nonce(NB)) : (set t);
Iknows(Agent(B)) : (set t)|]
==>
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
#(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
#t) : NSL"
| rule_25: "[| t :NSL;
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
Iknows(crypt(pk(Agent(B)), Nonce(NB))) : (set t)|]
==>
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
#(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
#t) : NSL"
| rule_26: "[| t :NSL;
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
Iknows(pk(Agent(B))) : (set t);
Iknows(Nonce(NB)) : (set t)|]
==>
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
#(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
#t) : NSL"
| rule_27: "[| t :NSL;
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
Iknows(Agent(B)) : (set t);
Iknows(Nonce(NB)) : (set t)|]
==>
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
#(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
#t) : NSL"
section {* Fixed-point Definition (NSL) *}
definition
"NSL_fp = {m. ( ? Abs_NA3 Abs_NA4 Abs_NA5 i13 Abs_NI1 Abs_NI2 a16 a17 a18 a19 a20 a21 a22 a23 a24 a25 a26 a27 a28 Abs_NA1 Abs_NA2 a3 a4 a5 a6 a7 i2 i3 a8 i4 i5 a9 i6 i7 a10 i8 Abs_NB2 i9 a11 i10 Abs_NB3 a12 i11 Abs_NB4 a13 a14 a15 i12 Abs_NB5 sid0 Abs_NI0 Abs_NA0 a0 i0 Abs_NB0 a1 i1 Abs_NB1 a2 .
(m = Iknows(Nonce((ni Abs_NI0))))
| (m = Iknows(Agent(dishonest(i0))))
| (m = State(rA, [Agent(honest(a0)), Step(0), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), SID(sid0)] ))
| (m = State(rA, [Agent(honest(a0)), Step(0), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), SID(sid0)] ))
| (m = Iknows(Step(0)))
| (m = Iknows(pk(Agent(honest(a0)))))
| (m = Iknows(Agent(honest(a0))))
| (m = Iknows(inv(pk(Agent(dishonest(i0))))))
| (m = Iknows(pk(Agent(dishonest(i0)))))
| (m = Iknows(SID(sid0)))
| (m = Iknows(Agent(honest(a0))))
| (m = State(rB, [Agent(honest(a0)), Step(0), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), SID(sid0)] ))
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
| (m = State(rA, [Agent(honest(a0)), Step(1), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), SID(sid0)] ))
| (m = State(rA, [Agent(honest(a0)), Step(1), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(dishonest(i1)), pair(Agent(dishonest(i2)), Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a2)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(dishonest(i0)), pair(Agent(dishonest(i1)), Agent(honest(a3))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(honest(a5)), pk(Agent(honest(a6))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(honest(a2)), pair(Agent(honest(a3)), Agent(dishonest(i1))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i2)), pk(Agent(dishonest(i3))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(honest(a3)), pair(Agent(honest(a4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a6))), pair(Nonce((ni Abs_NI1)), Agent(honest(a7)))), pair(Agent(honest(a8)), Agent(honest(a9))), SID(sid0)] ))
| (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2)))))))
| (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
| (m = Secret(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(dishonest(i1))))
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0))))
| (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), SID(sid0)] ))
| (m = Secret(Nonce((na(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), Agent(honest(a2))))
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0))))
| (m = State(rA, [Agent(honest(a0)), Step(2), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), pk(Agent(honest(a8))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(honest(a10)), pk(Agent(honest(a11))))), Nonce((na(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA0)), crypt(pk(Agent(honest(a14))), pair(Nonce((na(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), Agent(honest(a17)))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(dishonest(i1)), pair(Agent(dishonest(i2)), Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a2)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), pair(Agent(dishonest(i6)), Agent(dishonest(i7))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(dishonest(i8)), pk(Agent(dishonest(i9))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(dishonest(i0)), pair(Agent(dishonest(i1)), Agent(honest(a3))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(honest(a5)), pk(Agent(honest(a6))))), pair(Agent(honest(a7)), Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(honest(a2)), pair(Agent(honest(a3)), Agent(dishonest(i1))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i2)), pk(Agent(dishonest(i3))))), pair(Agent(dishonest(i4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), SID(sid0)] ))
| (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(honest(a3)), pair(Agent(honest(a4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), pair(Agent(honest(a9)), Agent(honest(a10))), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), SID(sid0)] ))
| (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(dishonest(i1))))
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0))))
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), pk(Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i7))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a9)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB1)), Agent(honest(a10))))), SID(sid0)] ))
| (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0))))
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a6))), pair(Nonce((ni Abs_NI1)), Agent(honest(a7)))), pair(Agent(honest(a8)), Agent(honest(a9))), pk(Agent(honest(a10))), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), Nonce((nb(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a16))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a17)), pair(Agent(honest(a18)), Step(0)))) Abs_NB1)), Agent(honest(a19))))), SID(sid0)] ))
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(0)))) Abs_NB0)), Agent(honest(a3)))))))
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))))
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), Agent(honest(a3))))))
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), Agent(honest(a1))))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), SID(sid0)] ))
| (m = Iknows(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))))
| (m = Iknows(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a7))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((nb(pair(Agent(honest(a6)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), SID(sid0)] ))
| (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(1)))) Abs_NB0)), Agent(honest(a2))))
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0))))
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), pk(Agent(honest(a14))), crypt(inv(pk(Agent(honest(a15)))), pair(Agent(honest(a16)), pk(Agent(honest(a17))))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0)))
| (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((na(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NA2)), crypt(pk(Agent(honest(a11))), pair(Nonce((na(pair(Agent(honest(a12)), Agent(dishonest(i9)))) Abs_NA3)), pair(Nonce((na(pair(Agent(honest(a13)), Agent(dishonest(i10)))) Abs_NA4)), Agent(dishonest(i11))))), crypt(pk(Agent(dishonest(i12))), Nonce((na(pair(Agent(honest(a14)), Agent(dishonest(i13)))) Abs_NA5))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0)))
| (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((na(pair(Agent(honest(a12)), Agent(dishonest(i9)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a13)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB1)), Agent(dishonest(i11))))), crypt(pk(Agent(dishonest(i12))), Nonce((nb(pair(Agent(honest(a14)), pair(Agent(dishonest(i13)), Step(0)))) Abs_NB2))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((ni Abs_NI0)), SID(sid0)))
| (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a10))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i8)))) Abs_NA2)), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i9))))), crypt(pk(Agent(dishonest(i10))), Nonce((ni Abs_NI2))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((ni Abs_NI0)), SID(sid0)))
| (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), pk(Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i7))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a9)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB1)), Agent(honest(a10))))), crypt(pk(Agent(honest(a11))), Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i9)), Step(0)))) Abs_NB2))), SID(sid0)] ))
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((ni Abs_NI0)))))
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)))))
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)))))
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a3)), pair(Agent(honest(a4)), Step(1)))) Abs_NB0)), Agent(honest(a5)))))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB1)), Agent(honest(a13))))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a7))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), pk(Agent(honest(a12))), crypt(inv(pk(Agent(honest(a13)))), pair(Agent(honest(a14)), pk(Agent(honest(a15))))), Nonce((nb(pair(Agent(honest(a16)), pair(Agent(honest(a17)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a18))), pair(Nonce((na(pair(Agent(honest(a19)), Agent(dishonest(i2)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a20)), pair(Agent(honest(a21)), Step(0)))) Abs_NB1)), Agent(honest(a22))))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((nb(pair(Agent(honest(a11)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB4)), Agent(honest(a13))))), SID(sid0)] ))
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((nb(pair(Agent(honest(a6)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), pk(Agent(honest(a12))), crypt(inv(pk(Agent(honest(a13)))), pair(Agent(honest(a14)), pk(Agent(honest(a15))))), Nonce((nb(pair(Agent(honest(a16)), pair(Agent(honest(a17)), Step(0)))) Abs_NB2)), crypt(pk(Agent(honest(a18))), pair(Nonce((nb(pair(Agent(honest(a19)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a20)), pair(Agent(honest(a21)), Step(0)))) Abs_NB4)), Agent(honest(a22))))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0)), SID(sid0)))
| (m = State(rA, [Agent(honest(a0)), Step(3), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), pk(Agent(honest(a8))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(honest(a10)), pk(Agent(honest(a11))))), Nonce((na(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA0)), crypt(pk(Agent(honest(a14))), pair(Nonce((na(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), Agent(honest(a17)))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), crypt(pk(Agent(honest(a26))), Nonce((nb(pair(Agent(honest(a27)), pair(Agent(honest(a28)), Step(1)))) Abs_NB2))), SID(sid0)] ))
| (m = Iknows(crypt(pk(Agent(honest(a0))), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(1)))) Abs_NB0)))))
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB1)), Agent(honest(a4)))))))
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(honest(a2)))))))
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0)), Agent(honest(a4)))))))
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), Agent(honest(a2)))))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))))
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2))))))
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), SID(sid0)))
| (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), pk(Agent(honest(a14))), crypt(inv(pk(Agent(honest(a15)))), pair(Agent(honest(a16)), pk(Agent(honest(a17))))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), crypt(pk(Agent(honest(a26))), Nonce((nb(pair(Agent(honest(a27)), pair(Agent(honest(a28)), Step(1)))) Abs_NB2))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0)))
| (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB1)), Agent(honest(a13))))), crypt(pk(Agent(honest(a14))), Nonce((nb(pair(Agent(honest(a15)), pair(Agent(dishonest(i12)), Step(0)))) Abs_NB2))), SID(sid0)] ))
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0)))
| (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((nb(pair(Agent(honest(a11)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB4)), Agent(honest(a13))))), crypt(pk(Agent(honest(a14))), Nonce((nb(pair(Agent(honest(a15)), pair(Agent(dishonest(i12)), Step(0)))) Abs_NB5))), SID(sid0)] ))
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))))
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2))))))
)}"
section {* Checking Fixed-point (NSL) *}
lemma fp_attack_free: "~ (Attack m : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_1: "Iknows(Agent(dishonest(i))) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_4: "Iknows(Step(0)) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_5: "Iknows(pk(Agent(honest(a)))) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_6: "Iknows(Agent(honest(a))) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_7: "Iknows(inv(pk(Agent(dishonest(i))))) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_8: "Iknows(pk(Agent(dishonest(i)))) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_9: "Iknows(SID(sid)) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_10: "Iknows(Agent(honest(a))) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_11: "State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma init_12: "State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_0: "[|
Iknows(crypt(K, M)) : NSL_fp;
Iknows(inv(K)) : NSL_fp|]
==>
(Iknows(M) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_1: "[|
Iknows(crypt(inv(K), M)) : NSL_fp;
Iknows(K) : NSL_fp|]
==>
(Iknows(M) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_2: "[|
Iknows(scrypt(K, M)) : NSL_fp;
Iknows(K) : NSL_fp|]
==>
(Iknows(M) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_3: "[|
Iknows(pair(M1, M2)) : NSL_fp|]
==>
(Iknows(M1) : NSL_fp) &
(Iknows(M2) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_4: "[|
Secret(M, Agent(honest(a))) : NSL_fp;
Iknows(M) : NSL_fp|]
==>
(Attack(pair(secrecy, M)) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_5: "[|
Request(A, B, Purpose(purposeNA), M, SID(sid)) : NSL_fp;
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Abs_NA .
M = Nonce((na(pair(B, A)) Abs_NA)))|]
==>
(Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_6: "[|
Request(A, B, Purpose(purposeNB), M, SID(sid)) : NSL_fp;
~ ( ? i .
B = Agent(dishonest(i)));
~ ( ? B A Arg1 Abs_NB .
M = Nonce((nb(pair(B, pair(A, Arg1))) Abs_NB)))|]
==>
(Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_7: "[|
State(rA, [Agent(A), Step(0), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), SID(sid)] ) : NSL_fp|]
==>
(State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp) &
(Iknows(pair(Agent(A), Agent(B))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_8: "[|
State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp;
Iknows(Agent(A)) : NSL_fp;
Iknows(Agent(B)) : NSL_fp|]
==>
(State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_9: "[|
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp;
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : NSL_fp|]
==>
(Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) &
(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) &
(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_10: "[|
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp;
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
Iknows(Agent(B)) : NSL_fp;
Iknows(pk(Agent(B))) : NSL_fp|]
==>
(Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) &
(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) &
(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_11: "[|
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp;
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
Iknows(Agent(B)) : NSL_fp|]
==>
(Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) &
(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) &
(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_12: "[|
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp;
Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : NSL_fp|]
==>
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) &
(Iknows(pair(Agent(B), Agent(A))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_13: "[|
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp;
Iknows(pk(Agent(B))) : NSL_fp;
Iknows(Nonce(NA)) : NSL_fp;
Iknows(Agent(A)) : NSL_fp|]
==>
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) &
(Iknows(pair(Agent(B), Agent(A))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_14: "[|
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp;
Iknows(Agent(B)) : NSL_fp;
Iknows(Nonce(NA)) : NSL_fp;
Iknows(Agent(A)) : NSL_fp|]
==>
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) &
(Iknows(pair(Agent(B), Agent(A))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_15: "[|
State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : NSL_fp;
Iknows(Agent(B)) : NSL_fp;
Iknows(Agent(A)) : NSL_fp|]
==>
(State(rs, [Agent(honest(a)), Step(2), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), pair(Agent(B), Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_16: "[|
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp|]
==>
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_17: "[|
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
Iknows(Agent(A)) : NSL_fp;
Iknows(pk(Agent(A))) : NSL_fp|]
==>
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_18: "[|
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
Iknows(Agent(A)) : NSL_fp|]
==>
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_19: "[|
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp;
~ ( ? A B Abs_NA .
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
==>
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_20: "[|
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
Iknows(Agent(A)) : NSL_fp;
Iknows(pk(Agent(A))) : NSL_fp;
~ ( ? A B Abs_NA .
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
==>
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_21: "[|
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
Iknows(Agent(A)) : NSL_fp;
~ ( ? A B Abs_NA .
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
==>
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_22: "[|
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : NSL_fp|]
==>
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_23: "[|
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
Iknows(pk(Agent(A))) : NSL_fp;
Iknows(Nonce(NA)) : NSL_fp;
Iknows(Nonce(NB)) : NSL_fp;
Iknows(Agent(B)) : NSL_fp|]
==>
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_24: "[|
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
Iknows(Agent(A)) : NSL_fp;
Iknows(Nonce(NA)) : NSL_fp;
Iknows(Nonce(NB)) : NSL_fp;
Iknows(Agent(B)) : NSL_fp|]
==>
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_25: "[|
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp|]
==>
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_26: "[|
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
Iknows(pk(Agent(B))) : NSL_fp;
Iknows(Nonce(NB)) : NSL_fp|]
==>
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
lemma rule_27: "[|
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
Iknows(Agent(B)) : NSL_fp;
Iknows(Nonce(NB)) : NSL_fp|]
==>
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
section {* Security Proof(s) (NSL) *}
lemma over_approx: "t : NSL ==> (set t) <= NSL_fp"
apply(rule NSL.induct, simp_all)
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
apply(propagate_fp, cut_tac init_9, (assumption | simp)+)
apply(propagate_fp, cut_tac init_10, (assumption | simp)+)
apply(propagate_fp, cut_tac init_11, (assumption | simp)+)
apply(propagate_fp, cut_tac init_12, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_11, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_12, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_13, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_14, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_15, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_16, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_17, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_18, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_19, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_20, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_21, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_22, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_23, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_24, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_25, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_26, (assumption | simp)+)
apply(propagate_fp, cut_tac rule_27, (assumption | simp)+)
done
end (* theory *)