(* (C) Copyright Andreas Viktor Hess, DTU, 2018-2020 (C) Copyright Sebastian A. Mödersheim, DTU, 2018-2020 (C) Copyright Achim D. Brucker, University of Sheffield, 2018-2020 All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *) (* Title: Parallel_Compositionality.thy Author: Andreas Viktor Hess, DTU Author: Sebastian A. Mödersheim, DTU Author: Achim D. Brucker, The University of Sheffield *) section \Parallel Compositionality of Security Protocols\ text \\label{sec:Parallel-Compositionality}\ theory Parallel_Compositionality imports Typing_Result Labeled_Strands begin subsection \Definitions: Labeled Typed Model Locale\ locale labeled_typed_model = typed_model arity public Ana \ for arity::"'fun \ nat" and public::"'fun \ bool" and Ana::"('fun,'var) term \ (('fun,'var) term list \ ('fun,'var) term list)" and \::"('fun,'var) term \ ('fun,'atom::finite) term_type" + fixes label_witness1 and label_witness2::"'lbl" assumes at_least_2_labels: "label_witness1 \ label_witness2" begin text \The Ground Sub-Message Patterns (GSMP)\ definition GSMP::"('fun,'var) terms \ ('fun,'var) terms" where "GSMP P \ {t \ SMP P. fv t = {}}" definition typing_cond where "typing_cond \ \ wf\<^sub>s\<^sub>t {} \ \ fv\<^sub>s\<^sub>t \ \ bvars\<^sub>s\<^sub>t \ = {} \ tfr\<^sub>s\<^sub>t \ \ wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (trms\<^sub>s\<^sub>t \) \ Ana_invar_subst (ik\<^sub>s\<^sub>t \ \ assignment_rhs\<^sub>s\<^sub>t \)" subsection \Definitions: GSMP Disjointedness and Parallel Composability\ definition GSMP_disjoint where "GSMP_disjoint P1 P2 Secrets \ GSMP P1 \ GSMP P2 \ Secrets \ {m. {} \\<^sub>c m}" definition declassified\<^sub>l\<^sub>s\<^sub>t where "declassified\<^sub>l\<^sub>s\<^sub>t (\::('fun,'var,'lbl) labeled_strand) \ \ {t. (\, Receive t) \ set \} \\<^sub>s\<^sub>e\<^sub>t \" definition par_comp where "par_comp (\::('fun,'var,'lbl) labeled_strand) (Secrets::('fun,'var) terms) \ (\l1 l2. l1 \ l2 \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Secrets) \ (\s \ Secrets. \s' \ subterms s. {} \\<^sub>c s' \ s' \ Secrets) \ ground Secrets" definition strand_leaks\<^sub>l\<^sub>s\<^sub>t where "strand_leaks\<^sub>l\<^sub>s\<^sub>t \ Sec \ \ (\t \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t \ \. \l. (\ \ \proj_unl l \@[Send t]\))" subsection \Definitions: Homogeneous and Numbered Intruder Deduction Variants\ definition proj_specific where "proj_specific n t \ Secrets \ t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n \) - (Secrets \ {m. {} \\<^sub>c m})" definition heterogeneous\<^sub>l\<^sub>s\<^sub>t where "heterogeneous\<^sub>l\<^sub>s\<^sub>t t \ Secrets \ ( (\l1 l2. \s1 \ subterms t. \s2 \ subterms t. l1 \ l2 \ proj_specific l1 s1 \ Secrets \ proj_specific l2 s2 \ Secrets))" abbreviation homogeneous\<^sub>l\<^sub>s\<^sub>t where "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Secrets \ \heterogeneous\<^sub>l\<^sub>s\<^sub>t t \ Secrets" definition intruder_deduct_hom:: "('fun,'var) terms \ ('fun,'var,'lbl) labeled_strand \ ('fun,'var) terms \ ('fun,'var) term \ bool" ("\_;_;_\ \\<^sub>h\<^sub>o\<^sub>m _" 50) where "\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t \ \M; \t. homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec \ t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)\ \\<^sub>r t" lemma intruder_deduct_hom_AxiomH[simp]: assumes "t \ M" shows "\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" using intruder_deduct_restricted.AxiomR[of t M] assms unfolding intruder_deduct_hom_def by blast lemma intruder_deduct_hom_ComposeH[simp]: assumes "length X = arity f" "public f" "\x. x \ set X \ \M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m x" and "homogeneous\<^sub>l\<^sub>s\<^sub>t (Fun f X) \ Sec" "Fun f X \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" shows "\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m Fun f X" proof - let ?Q = "\t. homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec \ t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" show ?thesis using intruder_deduct_restricted.ComposeR[of X f M ?Q] assms unfolding intruder_deduct_hom_def by blast qed lemma intruder_deduct_hom_DecomposeH: assumes "\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" "Ana t = (K, T)" "\k. k \ set K \ \M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m k" "t\<^sub>i \ set T" shows "\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t\<^sub>i" proof - let ?Q = "\t. homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec \ t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" show ?thesis using intruder_deduct_restricted.DecomposeR[of M ?Q t] assms unfolding intruder_deduct_hom_def by blast qed lemma intruder_deduct_hom_induct[consumes 1, case_names AxiomH ComposeH DecomposeH]: assumes "\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" "\t. t \ M \ P M t" "\X f. \length X = arity f; public f; \x. x \ set X \ \M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m x; \x. x \ set X \ P M x; homogeneous\<^sub>l\<^sub>s\<^sub>t (Fun f X) \ Sec; Fun f X \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \) \ \ P M (Fun f X)" "\t K T t\<^sub>i. \\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t; P M t; Ana t = (K, T); \k. k \ set K \ \M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m k; \k. k \ set K \ P M k; t\<^sub>i \ set T\ \ P M t\<^sub>i" shows "P M t" proof - let ?Q = "\t. homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec \ t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" show ?thesis using intruder_deduct_restricted_induct[of M ?Q t "\M Q t. P M t"] assms unfolding intruder_deduct_hom_def by blast qed lemma ideduct_hom_mono: "\\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t; M \ M'\ \ \M'; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" using ideduct_restricted_mono[of M _ t M'] unfolding intruder_deduct_hom_def by fast subsection \Lemmata: GSMP\ lemma GSMP_disjoint_empty[simp]: "GSMP_disjoint {} A Sec" "GSMP_disjoint A {} Sec" unfolding GSMP_disjoint_def GSMP_def by fastforce+ lemma GSMP_mono: assumes "N \ M" shows "GSMP N \ GSMP M" using SMP_mono[OF assms] unfolding GSMP_def by fast lemma GSMP_SMP_mono: assumes "SMP N \ SMP M" shows "GSMP N \ GSMP M" using assms unfolding GSMP_def by fast lemma GSMP_subterm: assumes "t \ GSMP M" "t' \ t" shows "t' \ GSMP M" using SMP.Subterm[of t M t'] ground_subterm[of t t'] assms unfolding GSMP_def by auto lemma GSMP_subterms: "subterms\<^sub>s\<^sub>e\<^sub>t (GSMP M) = GSMP M" using GSMP_subterm[of _ M] by blast lemma GSMP_Ana_key: assumes "t \ GSMP M" "Ana t = (K,T)" "k \ set K" shows "k \ GSMP M" using SMP.Ana[of t M K T k] Ana_keys_fv[of t K T] assms unfolding GSMP_def by auto lemma GSMP_append[simp]: "GSMP (trms\<^sub>l\<^sub>s\<^sub>t (A@B)) = GSMP (trms\<^sub>l\<^sub>s\<^sub>t A) \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t B)" using SMP_union[of "trms\<^sub>l\<^sub>s\<^sub>t A" "trms\<^sub>l\<^sub>s\<^sub>t B"] trms\<^sub>l\<^sub>s\<^sub>t_append[of A B] unfolding GSMP_def by auto lemma GSMP_union: "GSMP (A \ B) = GSMP A \ GSMP B" using SMP_union[of A B] unfolding GSMP_def by auto lemma GSMP_Union: "GSMP (trms\<^sub>l\<^sub>s\<^sub>t A) = (\l. GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l A))" proof - define P where "P \ (\l. trms_proj\<^sub>l\<^sub>s\<^sub>t l A)" define Q where "Q \ trms\<^sub>l\<^sub>s\<^sub>t A" have "SMP (\l. P l) = (\l. SMP (P l))" "Q = (\l. P l)" unfolding P_def Q_def by (metis SMP_Union, metis trms\<^sub>l\<^sub>s\<^sub>t_union) hence "GSMP Q = (\l. GSMP (P l))" unfolding GSMP_def by auto thus ?thesis unfolding P_def Q_def by metis qed lemma in_GSMP_in_proj: "t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t A) \ \n. t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A)" using GSMP_Union[of A] by blast lemma in_proj_in_GSMP: "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A) \ t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t A)" using GSMP_Union[of A] by blast lemma GSMP_disjointE: assumes A: "GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t n A) (trms_proj\<^sub>l\<^sub>s\<^sub>t m A) Sec" shows "GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A) \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t m A) \ Sec \ {m. {} \\<^sub>c m}" using assms unfolding GSMP_disjoint_def by auto lemma GSMP_disjoint_term: assumes "GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" shows "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) \ t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) \ t \ Sec \ {} \\<^sub>c t" using assms unfolding GSMP_disjoint_def by blast lemma GSMP_wt_subst_subset: assumes "t \ GSMP (M \\<^sub>s\<^sub>e\<^sub>t \)" "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \)" shows "t \ GSMP M" using SMP_wt_subst_subset[OF _ assms(2,3), of t M] assms(1) unfolding GSMP_def by simp lemma GSMP_wt_substI: assumes "t \ M" "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range I)" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" shows "t \ I \ GSMP M" proof - have "t \ SMP M" using assms(1) by auto hence *: "t \ I \ SMP M" using SMP.Substitution assms(2,3) wf_trm_subst_range_iff[of I] by simp moreover have "fv (t \ I) = {}" using assms(1) interpretation_grounds_all'[OF assms(4)] by auto ultimately show ?thesis unfolding GSMP_def by simp qed lemma GSMP_disjoint_subset: assumes "GSMP_disjoint L R S" "L' \ L" "R' \ R" shows "GSMP_disjoint L' R' S" using assms(1) SMP_mono[OF assms(2)] SMP_mono[OF assms(3)] by (auto simp add: GSMP_def GSMP_disjoint_def) lemma GSMP_disjoint_fst_specific_not_snd_specific: assumes "GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" "l \ l'" and "proj_specific l m \ Sec" shows "\proj_specific l' m \ Sec" using assms by (fastforce simp add: GSMP_disjoint_def proj_specific_def) lemma GSMP_disjoint_snd_specific_not_fst_specific: assumes "GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" and "proj_specific l' m \ Sec" shows "\proj_specific l m \ Sec" using assms by (auto simp add: GSMP_disjoint_def proj_specific_def) lemma GSMP_disjoint_intersection_not_specific: assumes "GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" and "t \ Sec \ {} \\<^sub>c t" shows "\proj_specific l t \ Sec" "\proj_specific l t \ Sec" using assms by (auto simp add: GSMP_disjoint_def proj_specific_def) subsection \Lemmata: Intruder Knowledge and Declassification\ lemma ik_proj_subst_GSMP_subset: assumes I: "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range I)" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" shows "ik\<^sub>s\<^sub>t (proj_unl n A) \\<^sub>s\<^sub>e\<^sub>t I \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A)" proof fix t assume "t \ ik\<^sub>s\<^sub>t (proj_unl n A) \\<^sub>s\<^sub>e\<^sub>t I" hence *: "t \ trms_proj\<^sub>l\<^sub>s\<^sub>t n A \\<^sub>s\<^sub>e\<^sub>t I" by auto then obtain s where "s \ trms_proj\<^sub>l\<^sub>s\<^sub>t n A" "t = s \ I" by auto hence "t \ SMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A)" using SMP_I I(1,2) wf_trm_subst_range_iff[of I] by simp moreover have "fv t = {}" using * interpretation_grounds_all'[OF I(3)] by auto ultimately show "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A)" unfolding GSMP_def by simp qed lemma declassified_proj_ik_subset: "declassified\<^sub>l\<^sub>s\<^sub>t A I \ ik\<^sub>s\<^sub>t (proj_unl n A) \\<^sub>s\<^sub>e\<^sub>t I" proof (induction A) case (Cons a A) thus ?case using proj_ik_append[of n "[a]" A] by (auto simp add: declassified\<^sub>l\<^sub>s\<^sub>t_def) qed (simp add: declassified\<^sub>l\<^sub>s\<^sub>t_def) lemma declassified_proj_GSMP_subset: assumes I: "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range I)" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" shows "declassified\<^sub>l\<^sub>s\<^sub>t A I \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A)" by (rule subset_trans[OF declassified_proj_ik_subset ik_proj_subst_GSMP_subset[OF I]]) lemma declassified_subterms_proj_GSMP_subset: assumes I: "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range I)" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" shows "subterms\<^sub>s\<^sub>e\<^sub>t (declassified\<^sub>l\<^sub>s\<^sub>t A I) \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A)" proof fix t assume t: "t \ subterms\<^sub>s\<^sub>e\<^sub>t (declassified\<^sub>l\<^sub>s\<^sub>t A I)" then obtain t' where t': "t' \ declassified\<^sub>l\<^sub>s\<^sub>t A I" "t \ t'" by moura hence "t' \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A)" using declassified_proj_GSMP_subset[OF assms] by blast thus "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n A)" using SMP.Subterm[of t' "trms_proj\<^sub>l\<^sub>s\<^sub>t n A" t] ground_subterm[OF _ t'(2)] t'(2) unfolding GSMP_def by fast qed lemma declassified_secrets_subset: assumes A: "\n m. n \ m \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t n A) (trms_proj\<^sub>l\<^sub>s\<^sub>t m A) Sec" and I: "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range I)" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" shows "declassified\<^sub>l\<^sub>s\<^sub>t A I \ Sec \ {m. {} \\<^sub>c m}" using declassified_proj_GSMP_subset[OF I] A at_least_2_labels unfolding GSMP_disjoint_def by blast lemma declassified_subterms_secrets_subset: assumes A: "\n m. n \ m \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t n A) (trms_proj\<^sub>l\<^sub>s\<^sub>t m A) Sec" and I: "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range I)" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t I" shows "subterms\<^sub>s\<^sub>e\<^sub>t (declassified\<^sub>l\<^sub>s\<^sub>t A I) \ Sec \ {m. {} \\<^sub>c m}" using declassified_subterms_proj_GSMP_subset[OF I, of A label_witness1] declassified_subterms_proj_GSMP_subset[OF I, of A label_witness2] A at_least_2_labels unfolding GSMP_disjoint_def by fast lemma declassified_proj_eq: "declassified\<^sub>l\<^sub>s\<^sub>t A I = declassified\<^sub>l\<^sub>s\<^sub>t (proj n A) I" unfolding declassified\<^sub>l\<^sub>s\<^sub>t_def proj_def by auto lemma declassified_append: "declassified\<^sub>l\<^sub>s\<^sub>t (A@B) I = declassified\<^sub>l\<^sub>s\<^sub>t A I \ declassified\<^sub>l\<^sub>s\<^sub>t B I" unfolding declassified\<^sub>l\<^sub>s\<^sub>t_def by auto lemma declassified_prefix_subset: "prefix A B \ declassified\<^sub>l\<^sub>s\<^sub>t A I \ declassified\<^sub>l\<^sub>s\<^sub>t B I" using declassified_append unfolding prefix_def by auto subsection \Lemmata: Homogeneous and Heterogeneous Terms\ lemma proj_specific_secrets_anti_mono: assumes "proj_specific l t \ Sec" "Sec' \ Sec" shows "proj_specific l t \ Sec'" using assms unfolding proj_specific_def by fast lemma heterogeneous_secrets_anti_mono: assumes "heterogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" "Sec' \ Sec" shows "heterogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec'" using assms proj_specific_secrets_anti_mono unfolding heterogeneous\<^sub>l\<^sub>s\<^sub>t_def by metis lemma homogeneous_secrets_mono: assumes "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec'" "Sec' \ Sec" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" using assms heterogeneous_secrets_anti_mono by blast lemma heterogeneous_supterm: assumes "heterogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" "t \ t'" shows "heterogeneous\<^sub>l\<^sub>s\<^sub>t t' \ Sec" proof - obtain l1 l2 s1 s2 where *: "l1 \ l2" "s1 \ t" "proj_specific l1 s1 \ Sec" "s2 \ t" "proj_specific l2 s2 \ Sec" using assms(1) unfolding heterogeneous\<^sub>l\<^sub>s\<^sub>t_def by moura thus ?thesis using term.order_trans[OF *(2) assms(2)] term.order_trans[OF *(4) assms(2)] by (auto simp add: heterogeneous\<^sub>l\<^sub>s\<^sub>t_def) qed lemma homogeneous_subterm: assumes "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" "t' \ t" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t t' \ Sec" by (metis assms heterogeneous_supterm) lemma proj_specific_subterm: assumes "t \ t'" "proj_specific l t' \ Sec" shows "proj_specific l t \ Sec \ t \ Sec \ {} \\<^sub>c t" using GSMP_subterm[OF _ assms(1)] assms(2) by (auto simp add: proj_specific_def) lemma heterogeneous_term_is_Fun: assumes "heterogeneous\<^sub>l\<^sub>s\<^sub>t t A S" shows "\f T. t = Fun f T" using assms by (cases t) (auto simp add: GSMP_def heterogeneous\<^sub>l\<^sub>s\<^sub>t_def proj_specific_def) lemma proj_specific_is_homogeneous: assumes \: "\l l'. l \ l' \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" and t: "proj_specific l m \ Sec" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec" proof assume "heterogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec" then obtain s l' where s: "s \ subterms m" "proj_specific l' s \ Sec" "l \ l'" unfolding heterogeneous\<^sub>l\<^sub>s\<^sub>t_def by moura hence "s \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" "s \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \)" using t by (auto simp add: GSMP_def proj_specific_def) hence "s \ Sec \ {} \\<^sub>c s" using \ s(3) by (auto simp add: GSMP_disjoint_def) thus False using s(2) by (auto simp add: proj_specific_def) qed lemma deduct_synth_homogeneous: assumes "{} \\<^sub>c t" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" proof - have "\s \ subterms t. {} \\<^sub>c s" using deduct_synth_subterm[OF assms] by auto thus ?thesis unfolding heterogeneous\<^sub>l\<^sub>s\<^sub>t_def proj_specific_def by auto qed lemma GSMP_proj_is_homogeneous: assumes "\l l'. l \ l' \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l A) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' A) Sec" and "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l A)" "t \ Sec" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t t A Sec" proof assume "heterogeneous\<^sub>l\<^sub>s\<^sub>t t A Sec" then obtain s l' where s: "s \ subterms t" "proj_specific l' s A Sec" "l \ l'" unfolding heterogeneous\<^sub>l\<^sub>s\<^sub>t_def by moura hence "s \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l A)" "s \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l' A)" using assms by (auto simp add: GSMP_def proj_specific_def) hence "s \ Sec \ {} \\<^sub>c s" using assms(1) s(3) by (auto simp add: GSMP_disjoint_def) thus False using s(2) by (auto simp add: proj_specific_def) qed lemma homogeneous_is_not_proj_specific: assumes "homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec" shows "\l::'lbl. \proj_specific l m \ Sec" proof - let ?P = "\l s. proj_specific l s \ Sec" have "\l1 l2. \s1\subterms m. \s2\subterms m. (l1 \ l2 \ (\?P l1 s1 \ \?P l2 s2))" using assms heterogeneous\<^sub>l\<^sub>s\<^sub>t_def by metis then obtain l1 l2 where "l1 \ l2" "\?P l1 m \ \?P l2 m" by (metis term.order_refl at_least_2_labels) thus ?thesis by metis qed lemma secrets_are_homogeneous: assumes "\s \ Sec. P s \ (\s' \ subterms s. {} \\<^sub>c s' \ s' \ Sec)" "s \ Sec" "P s" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t s \ Sec" using assms by (auto simp add: heterogeneous\<^sub>l\<^sub>s\<^sub>t_def proj_specific_def) lemma GSMP_is_homogeneous: assumes \: "\l l'. l \ l' \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" and t: "t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" "t \ Sec" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" proof - obtain n where n: "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n \)" using in_GSMP_in_proj[OF t(1)] by moura show ?thesis using GSMP_proj_is_homogeneous[OF \ n t(2)] by metis qed lemma GSMP_intersection_is_homogeneous: assumes \: "\l l'. l \ l' \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" and t: "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \)" "l \ l'" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" proof - define M where "M \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" define M' where "M' \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \)" have t_in: "t \ M \ M'" "t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" using t(1) in_proj_in_GSMP[of t _ \] unfolding M_def M'_def by blast+ have "M \ M' \ Sec \ {m. {} \\<^sub>c m}" using \ GSMP_disjointE[of l \ l' Sec] t(2) unfolding M_def M'_def by presburger moreover have "subterms\<^sub>s\<^sub>e\<^sub>t (M \ M') = M \ M'" using GSMP_subterms unfolding M_def M'_def by blast ultimately have *: "subterms\<^sub>s\<^sub>e\<^sub>t (M \ M') \ Sec \ {m. {} \\<^sub>c m}" by blast show ?thesis proof (cases "t \ Sec") case True thus ?thesis using * secrets_are_homogeneous[of Sec "\t. t \ M \ M'", OF _ _ t_in(1)] by fast qed (metis GSMP_is_homogeneous[OF \ t_in(2)]) qed lemma GSMP_is_homogeneous': assumes \: "\l l'. l \ l' \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" and t: "t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" "t \ Sec - \{GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) | l1 l2. l1 \ l2}" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" using GSMP_is_homogeneous[OF \ t(1)] GSMP_intersection_is_homogeneous[OF \] t(2) by blast lemma declassified_secrets_are_homogeneous: assumes \: "\l l'. l \ l' \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" and \: "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \)" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \" and s: "s \ declassified\<^sub>l\<^sub>s\<^sub>t \ \" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t s \ Sec" proof - have s_in: "s \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" using declassified_proj_GSMP_subset[OF \, of \ label_witness1] in_proj_in_GSMP[of s label_witness1 \] s by blast show ?thesis proof (cases "s \ Sec") case True thus ?thesis using declassified_subterms_secrets_subset[OF \ \] secrets_are_homogeneous[of Sec "\s. s \ declassified\<^sub>l\<^sub>s\<^sub>t \ \", OF _ _ s] by fast qed (metis GSMP_is_homogeneous[OF \ s_in]) qed lemma Ana_keys_homogeneous: assumes \: "\l l'. l \ l' \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \) Sec" and t: "t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" and k: "Ana t = (K,T)" "k \ set K" "k \ Sec - \{GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) | l1 l2. l1 \ l2}" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t k \ Sec" proof (cases "k \ \{GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) | l1 l2. l1 \ l2}") case False hence "k \ Sec" using k(3) by fast moreover have "k \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" using t SMP.Ana[OF _ k(1,2)] Ana_keys_fv[OF k(1)] k(2) unfolding GSMP_def by auto ultimately show ?thesis using GSMP_is_homogeneous[OF \, of k] by metis qed (use GSMP_intersection_is_homogeneous[OF \] in blast) subsection \Lemmata: Intruder Deduction Equivalences\ lemma deduct_if_hom_deduct: "\M;A;S\ \\<^sub>h\<^sub>o\<^sub>m m \ M \ m" using deduct_if_restricted_deduct unfolding intruder_deduct_hom_def by blast lemma hom_deduct_if_hom_ik: assumes "\M;A;Sec\ \\<^sub>h\<^sub>o\<^sub>m m" "\m \ M. homogeneous\<^sub>l\<^sub>s\<^sub>t m A Sec \ m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t A)" shows "homogeneous\<^sub>l\<^sub>s\<^sub>t m A Sec \ m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t A)" proof - let ?Q = "\m. homogeneous\<^sub>l\<^sub>s\<^sub>t m A Sec \ m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t A)" have "?Q t'" when "?Q t" "t' \ t" for t t' using homogeneous_subterm[OF _ that(2)] GSMP_subterm[OF _ that(2)] that(1) by blast thus ?thesis using assms(1) restricted_deduct_if_restricted_ik[OF _ assms(2)] unfolding intruder_deduct_hom_def by blast qed lemma deduct_hom_if_synth: assumes hom: "homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec" "m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" and m: "M \\<^sub>c m" shows "\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m m" proof - let ?Q = "\m. homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec \ m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" have "?Q t'" when "?Q t" "t' \ t" for t t' using homogeneous_subterm[OF _ that(2)] GSMP_subterm[OF _ that(2)] that(1) by blast thus ?thesis using assms deduct_restricted_if_synth[of ?Q] unfolding intruder_deduct_hom_def by blast qed lemma hom_deduct_if_deduct: assumes \: "par_comp \ Sec" and M: "\m\M. homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec \ m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" and m: "M \ m" "m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" shows "\M; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m m" proof - let ?P = "\x. homogeneous\<^sub>l\<^sub>s\<^sub>t x \ Sec \ x \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" have GSMP_hom: "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" when "t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" for t using \ GSMP_is_homogeneous[of \ Sec t] secrets_are_homogeneous[of Sec "\x. True" t \] that unfolding par_comp_def by blast have P_Ana: "?P k" when "?P t" "Ana t = (K, T)" "k \ set K" for t K T k using GSMP_Ana_key[OF _ that(2,3), of "trms\<^sub>l\<^sub>s\<^sub>t \"] \ that GSMP_hom by presburger have P_subterm: "?P t'" when "?P t" "t' \ t" for t t' using GSMP_subterm[of _ "trms\<^sub>l\<^sub>s\<^sub>t \"] homogeneous_subterm[of _ \ Sec] that by blast have P_m: "?P m" using GSMP_hom[OF m(2)] m(2) by metis show ?thesis using restricted_deduct_if_deduct'[OF M _ _ m(1) P_m] P_Ana P_subterm unfolding intruder_deduct_hom_def by fast qed subsection \Lemmata: Deduction Reduction of Parallel Composable Constraints\ lemma par_comp_hom_deduct: assumes \: "par_comp \ Sec" and M: "\l. \m \ M l. homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec" "\l. M l \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" "\l. Discl \ M l" "Discl \ Sec \ {m. {} \\<^sub>c m}" and Sec: "\l. \s \ Sec - Discl. \(\M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m s)" and t: "\\l. M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" shows "t \ Sec - Discl" (is ?A) "\l. t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) \ \M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" (is ?B) proof - have M': "\l. \m \ M l. m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" proof (intro allI ballI) fix l m show "m \ M l \ m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" using M(2) in_proj_in_GSMP[of m l \] by blast qed show ?A ?B using t proof (induction t rule: intruder_deduct_hom_induct) case (AxiomH t) then obtain lt where t_in_proj_ik: "t \ M lt" by moura show t_not_Sec: "t \ Sec - Discl" proof assume "t \ Sec - Discl" hence "\l. \(\M l;\;Sec\ \\<^sub>h\<^sub>o\<^sub>m t)" using Sec by auto thus False using intruder_deduct_hom_AxiomH[OF t_in_proj_ik] by metis qed have 1: "\l. t \ M l \ t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" using M(2,3) AxiomH by auto have 3: "\l1 l2. l1 \ l2 \ t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) \ {} \\<^sub>c t \ t \ Discl" using \ t_not_Sec by (auto simp add: par_comp_def GSMP_disjoint_def) have 4: "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" "t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" using M(1) M' t_in_proj_ik by auto { fix l assume "t \ Discl" hence "t \ M l" using M(3) by auto hence "\M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" by auto } hence 5: "\l. t \ Discl \ \M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" by metis show "\l. t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) \ \M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t" by (metis (lifting) Int_iff empty_subsetI 1 3 4 5 t_in_proj_ik intruder_deduct_hom_AxiomH[of t _ \ Sec] deduct_hom_if_synth[of t \ Sec "{}"] ideduct_hom_mono[of "{}" \ Sec t]) next case (ComposeH T f) show "\l. Fun f T \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) \ \M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m Fun f T" proof (intro allI impI) fix l assume "Fun f T \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" hence "\t. t \ set T \ t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" using GSMP_subterm[OF _ subtermeqI''] by auto thus "\M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m Fun f T" using ComposeH.IH(2) intruder_deduct_hom_ComposeH[OF ComposeH.hyps(1,2) _ ComposeH.hyps(4,5)] by simp qed thus "Fun f T \ Sec - Discl" using Sec ComposeH.hyps(5) trms\<^sub>l\<^sub>s\<^sub>t_union[of \] GSMP_Union[of \] by (metis (no_types, lifting) UN_iff) next case (DecomposeH t K T t\<^sub>i) have ti_subt: "t\<^sub>i \ t" using Ana_subterm[OF DecomposeH.hyps(2)] \t\<^sub>i \ set T\ by auto have t: "homogeneous\<^sub>l\<^sub>s\<^sub>t t \ Sec" "t \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" using DecomposeH.hyps(1) hom_deduct_if_hom_ik M(1) M' by auto have ti: "homogeneous\<^sub>l\<^sub>s\<^sub>t t\<^sub>i \ Sec" "t\<^sub>i \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" using intruder_deduct_hom_DecomposeH[OF DecomposeH.hyps] hom_deduct_if_hom_ik M(1) M' by auto { fix l assume *: "t\<^sub>i \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" hence "\k. k \ set K \ \M l;\;Sec\ \\<^sub>h\<^sub>o\<^sub>m k" using GSMP_Ana_key[OF _ DecomposeH.hyps(2)] DecomposeH.IH(4) by auto hence "\M l;\;Sec\ \\<^sub>h\<^sub>o\<^sub>m t\<^sub>i" "t\<^sub>i \ Sec - Discl" using Sec DecomposeH.IH(2) *(2) intruder_deduct_hom_DecomposeH[OF _ DecomposeH.hyps(2) _ \t\<^sub>i \ set T\] by force+ } moreover { fix l1 l2 assume *: "t\<^sub>i \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \)" "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \)" "l1 \ l2" have "GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Sec" using *(3) \ by (simp add: par_comp_def) hence "t\<^sub>i \ Sec \ {m. {} \\<^sub>c m}" using GSMP_subterm[OF *(2) ti_subt] *(1) by (auto simp add: GSMP_disjoint_def) moreover have "\k. k \ set K \ \M l2;\;Sec\ \\<^sub>h\<^sub>o\<^sub>m k" using *(2) GSMP_Ana_key[OF _ DecomposeH.hyps(2)] DecomposeH.IH(4) by auto ultimately have "t\<^sub>i \ Sec - Discl" "{} \\<^sub>c t\<^sub>i \ t\<^sub>i \ Discl" using Sec DecomposeH.IH(2) *(2) intruder_deduct_hom_DecomposeH[OF _ DecomposeH.hyps(2) _ \t\<^sub>i \ set T\] by (metis (lifting), metis (no_types, lifting) DiffI Un_iff mem_Collect_eq) hence "\M l1;\;Sec\ \\<^sub>h\<^sub>o\<^sub>m t\<^sub>i" "\M l2;\;Sec\ \\<^sub>h\<^sub>o\<^sub>m t\<^sub>i" "t\<^sub>i \ Sec - Discl" using M(3,4) deduct_hom_if_synth[THEN ideduct_hom_mono] ti by (meson intruder_deduct_hom_AxiomH empty_subsetI subsetCE)+ } moreover have "\l. t\<^sub>i \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" "\l. t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" using in_GSMP_in_proj[of _ \] ti(2) t(2) by presburger+ ultimately show "t\<^sub>i \ Sec - Discl" "\l. t\<^sub>i \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \) \ \M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t\<^sub>i" by (metis (no_types, lifting))+ qed qed lemma par_comp_deduct_proj: assumes \: "par_comp \ Sec" and M: "\l. \m\M l. homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec" "\l. M l \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" "\l. Discl \ M l" and t: "(\l. M l) \ t" "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" and Discl: "Discl \ Sec \ {m. {} \\<^sub>c m}" shows "M l \ t \ (\s \ Sec - Discl. \l. M l \ s)" using t proof (induction t rule: intruder_deduct_induct) case (Axiom t) then obtain l' where t_in_ik_proj: "t \ M l'" by moura show ?case proof (cases "t \ Sec - Discl \ {} \\<^sub>c t") case True note T = True show ?thesis proof (cases "t \ Sec - Discl") case True thus ?thesis using intruder_deduct.Axiom[OF t_in_ik_proj] by metis next case False thus ?thesis using T ideduct_mono[of "{}" t] by auto qed next case False hence "t \ Sec - Discl" "\{} \\<^sub>c t" "t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" using Axiom by auto hence "(\l'. l \ l' \ t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \)) \ t \ Discl" using \ unfolding GSMP_disjoint_def par_comp_def by auto hence "(\l'. l \ l' \ t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l' \)) \ t \ M l \ {} \\<^sub>c t" using M by auto thus ?thesis using Axiom deduct_if_synth[THEN ideduct_mono] t_in_ik_proj by (metis (no_types, lifting) False M(2) intruder_deduct.Axiom subsetCE) qed next case (Compose T f) hence "Fun f T \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" using Compose.prems by auto hence "\t. t \ set T \ t \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" unfolding GSMP_def by auto hence IH: "\t. t \ set T \ M l \ t \ (\s \ Sec - Discl. \l. M l \ s)" using Compose.IH by auto show ?case proof (cases "\t \ set T. M l \ t") case True thus ?thesis by (metis intruder_deduct.Compose[OF Compose.hyps(1,2)]) qed (metis IH) next case (Decompose t K T t\<^sub>i) have hom_ik: "\l. \m\M l. homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec \ m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" proof (intro allI ballI conjI) fix l m assume m: "m \ M l" thus "homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec" using M(1) by simp show "m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" using in_proj_in_GSMP[of m l \] M(2) m by blast qed have par_comp_unfold: "\l1 l2. l1 \ l2 \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Sec" using \ by (auto simp add: par_comp_def) note ti_GSMP = in_proj_in_GSMP[OF Decompose.prems(1)] have "\\l. M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t\<^sub>i" using intruder_deduct.Decompose[OF Decompose.hyps] hom_deduct_if_deduct[OF \, of "\l. M l"] hom_ik ti_GSMP (* ti_hom *) by blast hence "(\M l; \; Sec\ \\<^sub>h\<^sub>o\<^sub>m t\<^sub>i) \ (\s \ Sec-Discl. \l. \M l;\;Sec\ \\<^sub>h\<^sub>o\<^sub>m s)" using par_comp_hom_deduct(2)[OF \ M Discl(1)] Decompose.prems(1) by blast thus ?case using deduct_if_hom_deduct[of _ \ Sec] by auto qed subsection \Theorem: Parallel Compositionality for Labeled Constraints\ lemma par_comp_prefix: assumes "par_comp (A@B) M" shows "par_comp A M" proof - let ?L = "\l. trms_proj\<^sub>l\<^sub>s\<^sub>t l A \ trms_proj\<^sub>l\<^sub>s\<^sub>t l B" have "\l1 l2. l1 \ l2 \ GSMP_disjoint (?L l1) (?L l2) M" using assms unfolding par_comp_def by (metis trms\<^sub>s\<^sub>t_append proj_append(2) unlabel_append) hence "\l1 l2. l1 \ l2 \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 A) (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 A) M" using SMP_union by (auto simp add: GSMP_def GSMP_disjoint_def) thus ?thesis using assms unfolding par_comp_def by blast qed theorem par_comp_constr_typed: assumes \: "par_comp \ Sec" and \: "\ \ \unlabel \\" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \" "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \)" shows "(\l. (\ \ \proj_unl l \\)) \ (\\'. prefix \' \ \ (strand_leaks\<^sub>l\<^sub>s\<^sub>t \' Sec \))" proof - let ?L = "\\'. \t \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t \' \. \l. \{}; proj_unl l \'@[Send t]\\<^sub>d \" have "\{}; unlabel \\\<^sub>d \" using \ by (simp add: constr_sem_d_def) with \ have "(\l. \{}; proj_unl l \\\<^sub>d \) \ (\\'. prefix \' \ \ ?L \')" proof (induction "unlabel \" arbitrary: \ rule: List.rev_induct) case Nil hence "\ = []" using unlabel_nil_only_if_nil by simp thus ?case by auto next case (snoc b B \) hence disj: "\l1 l2. l1 \ l2 \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Sec" by (auto simp add: par_comp_def) obtain a A n where a: "\ = A@[a]" "a = (ln n, b) \ a = (\, b)" using unlabel_snoc_inv[OF snoc.hyps(2)[symmetric]] by moura hence A: "\ = A@[(ln n, b)] \ \ = A@[(\, b)]" by metis have 1: "B = unlabel A" using a snoc.hyps(2) unlabel_append[of A "[a]"] by auto have 2: "par_comp A Sec" using par_comp_prefix snoc.prems(1) a by metis have 3: "\{}; unlabel A\\<^sub>d \" by (metis 1 snoc.prems(2) snoc.hyps(2) strand_sem_split(3)) have IH: "(\l. \{}; proj_unl l A\\<^sub>d \) \ (\\'. prefix \' A \ ?L \')" by (rule snoc.hyps(1)[OF 1 2 3]) show ?case proof (cases "\l. \{}; proj_unl l A\\<^sub>d \") case False then obtain \' where \': "prefix \' A" "?L \'" by (metis IH) hence "prefix \' (A@[a])" using a prefix_prefix[of _ A "[a]"] by simp thus ?thesis using \'(2) a by auto next case True note IH' = True show ?thesis proof (cases b) case (Send t) hence "ik\<^sub>s\<^sub>t (unlabel A) \\<^sub>s\<^sub>e\<^sub>t \ \ t \ \" using a \\{}; unlabel \\\<^sub>d \\ strand_sem_split(2)[of "{}" "unlabel A" "unlabel [a]" \] unlabel_append[of A "[a]"] by auto hence *: "(\l. (ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \)) \ t \ \" using proj_ik_union_is_unlabel_ik image_UN by metis have "ik\<^sub>s\<^sub>t (proj_unl l \) = ik\<^sub>s\<^sub>t (proj_unl l A)" for l using Send A by (metis append_Nil2 ik\<^sub>s\<^sub>t.simps(3) proj_unl_cons(3) proj_nil(2) singleton_lst_proj(1,2) proj_ik_append) hence **: "ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \ \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" for l using ik_proj_subst_GSMP_subset[OF \(3,4,2), of _ \] by auto note Discl = declassified_proj_ik_subset[of A \] declassified_proj_GSMP_subset[OF \(3,4,2), of A] declassified_secrets_subset[OF disj \(3,4,2)] declassified_append[of A "[a]" \] have Sec: "ground Sec" using \ by (auto simp add: par_comp_def) have "\m\ik\<^sub>s\<^sub>t (proj_unl l \) \\<^sub>s\<^sub>e\<^sub>t \. homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec \ m \ Sec-declassified\<^sub>l\<^sub>s\<^sub>t A \" "\m\ik\<^sub>s\<^sub>t (proj_unl l \) \\<^sub>s\<^sub>e\<^sub>t \. m \ GSMP (trms\<^sub>l\<^sub>s\<^sub>t \)" "ik\<^sub>s\<^sub>t (proj_unl l \) \\<^sub>s\<^sub>e\<^sub>t \ \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" for l using declassified_secrets_are_homogeneous[OF disj \(3,4,2)] GSMP_proj_is_homogeneous[OF disj] ik_proj_subst_GSMP_subset[OF \(3,4,2), of _ \] apply (metis (no_types, lifting) Diff_iff Discl(4) UnCI a(1) subsetCE) using ik_proj_subst_GSMP_subset[OF \(3,4,2), of _ \] GSMP_Union[of \] by auto moreover have "ik\<^sub>s\<^sub>t (proj_unl l [a]) = {}" for l using Send proj_ik\<^sub>s\<^sub>t_is_proj_rcv_set[of _ "[a]"] a(2) by auto ultimately have M: "\l. \m\ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \. homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec \ m \ Sec-declassified\<^sub>l\<^sub>s\<^sub>t A \" "\l. ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \ \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" using a(1) proj_ik_append[of _ A "[a]"] by auto have prefix_A: "prefix A \" using A by auto have "s \ \ = s" when "s \ Sec" for s using that Sec by auto hence leakage_case: "\{}; proj_unl l A@[Send s]\\<^sub>d \" when "s \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t A \" "ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \ \ s" for l s using that strand_sem_append(2) IH' by auto have proj_deduct_case_n: "\m. m \ n \ \{}; proj_unl m (A@[a])\\<^sub>d \" "ik\<^sub>s\<^sub>t (proj_unl n A) \\<^sub>s\<^sub>e\<^sub>t \ \ t \ \ \ \{}; proj_unl n (A@[a])\\<^sub>d \" when "a = (ln n, Send t)" using that IH' proj_append(2)[of _ A] by auto have proj_deduct_case_star: "\{}; proj_unl l (A@[a])\\<^sub>d \" when "a = (\, Send t)" "ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \ \ t \ \" for l using that IH' proj_append(2)[of _ A] by auto show ?thesis proof (cases "\l. \m \ ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \. m \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t A \") case True then obtain l s where ls: "s \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t A \" "ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \ \ s" using intruder_deduct.Axiom by metis thus ?thesis using leakage_case prefix_A by blast next case False hence M': "\l. \m\ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \. homogeneous\<^sub>l\<^sub>s\<^sub>t m \ Sec" using M(1) by blast note deduct_proj_lemma = par_comp_deduct_proj[OF snoc.prems(1) M' M(2) _ *, of "declassified\<^sub>l\<^sub>s\<^sub>t A \" n] from a(2) show ?thesis proof assume "a = (ln n, b)" hence "a = (ln n, Send t)" "t \ \ \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n \)" using Send a(1) trms_proj\<^sub>l\<^sub>s\<^sub>t_append[of n A "[a]"] GSMP_wt_substI[OF _ \(3,4,2)] by (metis, force) hence "a = (ln n, Send t)" "\m. m \ n \ \{}; proj_unl m (A@[a])\\<^sub>d \" "ik\<^sub>s\<^sub>t (proj_unl n A) \\<^sub>s\<^sub>e\<^sub>t \ \ t \ \ \ \{}; proj_unl n (A@[a])\\<^sub>d \" "t \ \ \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t n \)" using proj_deduct_case_n by auto hence "(\l. \{}; proj_unl l \\\<^sub>d \) \ (\s \ Sec-declassified\<^sub>l\<^sub>s\<^sub>t A \. \l. ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \ \ s)" using deduct_proj_lemma A a Discl by fast thus ?thesis using leakage_case prefix_A by metis next assume "a = (\, b)" hence ***: "a = (\, Send t)" "t \ \ \ GSMP (trms_proj\<^sub>l\<^sub>s\<^sub>t l \)" for l using Send a(1) GSMP_wt_substI[OF _ \(3,4,2)] by (metis, force) hence "t \ \ \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t A \ \ t \ \ \ declassified\<^sub>l\<^sub>s\<^sub>t A \ \ t \ \ \ {m. {} \\<^sub>c m}" using snoc.prems(1) a(1) at_least_2_labels unfolding par_comp_def GSMP_disjoint_def by blast thus ?thesis proof (elim disjE) assume "t \ \ \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t A \" hence "\s \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t A \. \l. ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \ \ s" using deduct_proj_lemma ***(2) A a Discl by blast thus ?thesis using prefix_A leakage_case by blast next assume "t \ \ \ declassified\<^sub>l\<^sub>s\<^sub>t A \" hence "ik\<^sub>s\<^sub>t (proj_unl l A) \\<^sub>s\<^sub>e\<^sub>t \ \ t \ \" for l using intruder_deduct.Axiom Discl(1) by blast thus ?thesis using proj_deduct_case_star[OF ***(1)] a(1) by fast next assume "t \ \ \ {m. {} \\<^sub>c m}" hence "M \ t \ \" for M using ideduct_mono[OF deduct_if_synth] by blast thus ?thesis using IH' a(1) ***(1) by fastforce qed qed qed next case (Receive t) hence "\{}; proj_unl l \\\<^sub>d \" for l using IH' a proj_append(2)[of l A "[a]"] unfolding unlabel_def proj_def by auto thus ?thesis by metis next case (Equality ac t t') hence *: "\M; [Equality ac t t']\\<^sub>d \" for M using a \\{}; unlabel \\\<^sub>d \\ unlabel_append[of A "[a]"] by auto show ?thesis using a proj_append(2)[of _ A "[a]"] Equality strand_sem_append(2)[OF _ *] IH' unfolding unlabel_def proj_def by auto next case (Inequality X F) hence *: "\M; [Inequality X F]\\<^sub>d \" for M using a \\{}; unlabel \\\<^sub>d \\ unlabel_append[of A "[a]"] by auto show ?thesis using a proj_append(2)[of _ A "[a]"] Inequality strand_sem_append(2)[OF _ *] IH' unfolding unlabel_def proj_def by auto qed qed qed thus ?thesis using \(1) unfolding strand_leaks\<^sub>l\<^sub>s\<^sub>t_def by (simp add: constr_sem_d_def) qed theorem par_comp_constr: assumes \: "par_comp \ Sec" "typing_cond (unlabel \)" and \: "\ \ \unlabel \\" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \" shows "\\\<^sub>\. interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \\<^sub>\) \ (\\<^sub>\ \ \unlabel \\) \ ((\l. (\\<^sub>\ \ \proj_unl l \\)) \ (\\'. prefix \' \ \ (strand_leaks\<^sub>l\<^sub>s\<^sub>t \' Sec \\<^sub>\)))" proof - from \(2) have *: "wf\<^sub>s\<^sub>t {} (unlabel \)" "fv\<^sub>s\<^sub>t (unlabel \) \ bvars\<^sub>s\<^sub>t (unlabel \) = {}" "tfr\<^sub>s\<^sub>t (unlabel \)" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (trms\<^sub>s\<^sub>t (unlabel \))" "Ana_invar_subst (ik\<^sub>s\<^sub>t (unlabel \) \ assignment_rhs\<^sub>s\<^sub>t (unlabel \))" unfolding typing_cond_def tfr\<^sub>s\<^sub>t_def by metis+ obtain \\<^sub>\ where \\<^sub>\: "\\<^sub>\ \ \unlabel \\" "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\" "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \\<^sub>\)" using wt_attack_if_tfr_attack_d[OF * \(2,1)] by metis show ?thesis using par_comp_constr_typed[OF \(1) \\<^sub>\] \\<^sub>\ by auto qed subsection \Theorem: Parallel Compositionality for Labeled Protocols\ subsubsection \Definitions: Labeled Protocols\ text \ We state our result on the level of protocol traces (i.e., the constraints reachable in a symbolic execution of the actual protocol). Hence, we do not need to convert protocol strands to intruder constraints in the following well-formedness definitions. \ definition wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s::"('fun,'var,'lbl) labeled_strand set \ bool" where "wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s \ ~~\ (\\~~ \ \~~. wf\<^sub>l\<^sub>s\<^sub>t {} \~~) \ (\\ \ \~~. \\~~' \ \~~. fv\<^sub>l\<^sub>s\<^sub>t \~~ \ bvars\<^sub>l\<^sub>s\<^sub>t \' = {})" definition wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s'::"('fun,'var,'lbl) labeled_strand set \ ('fun,'var,'lbl) labeled_strand \ bool" where "wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s' \ \ \ (\\' \ \~~. wf\<^sub>s\<^sub>t (wfrestrictedvars\<^sub>l\<^sub>s\<^sub>t \~~) (unlabel \')) \ (\\' \ \~~. \\~~'' \ \~~. fv\<^sub>l\<^sub>s\<^sub>t \~~' \ bvars\<^sub>l\<^sub>s\<^sub>t \'' = {}) \ (\\' \ \~~. fv\<^sub>l\<^sub>s\<^sub>t \~~' \ bvars\<^sub>l\<^sub>s\<^sub>t \ = {}) \ (\\' \ \~~. fv\<^sub>l\<^sub>s\<^sub>t \~~ \ bvars\<^sub>l\<^sub>s\<^sub>t \' = {})" definition typing_cond_prot where "typing_cond_prot \
\ wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s \
\ tfr\<^sub>s\<^sub>e\<^sub>t (\(trms\<^sub>l\<^sub>s\<^sub>t ` \
)) \ wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (\(trms\<^sub>l\<^sub>s\<^sub>t ` \
)) \ (\\ \ \
. list_all tfr\<^sub>s\<^sub>t\<^sub>p (unlabel \)) \ Ana_invar_subst (\(ik\<^sub>s\<^sub>t ` unlabel ` \
) \ \(assignment_rhs\<^sub>s\<^sub>t ` unlabel ` \
))" definition par_comp_prot where "par_comp_prot \
Sec \ (\l1 l2. l1 \ l2 \ GSMP_disjoint (\\ \ \
. trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (\\ \ \
. trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Sec) \ ground Sec \ (\s \ Sec. \s' \ subterms s. {} \\<^sub>c s' \ s' \ Sec) \ typing_cond_prot \
" subsubsection \Lemmata: Labeled Protocols\ lemma wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s_eqs_wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s'[simp]: "wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s S = wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s' S []" unfolding wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s_def wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s'_def unlabel_def by auto lemma par_comp_prot_impl_par_comp: assumes "par_comp_prot \
Sec" "\ \ \
" shows "par_comp \ Sec" proof - have *: "\l1 l2. l1 \ l2 \ GSMP_disjoint (\\ \ \
. trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (\\ \ \
. trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Sec" using assms(1) unfolding par_comp_prot_def by metis { fix l1 l2::'lbl assume **: "l1 \ l2" hence ***: "GSMP_disjoint (\\ \ \
. trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (\\ \ \
. trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Sec" using * by auto have "GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Sec" using GSMP_disjoint_subset[OF ***] assms(2) by auto } hence "\l1 l2. l1 \ l2 \ GSMP_disjoint (trms_proj\<^sub>l\<^sub>s\<^sub>t l1 \) (trms_proj\<^sub>l\<^sub>s\<^sub>t l2 \) Sec" by metis thus ?thesis using assms unfolding par_comp_prot_def par_comp_def by metis qed lemma typing_cond_prot_impl_typing_cond: assumes "typing_cond_prot \
" "\ \ \
" shows "typing_cond (unlabel \)" proof - have 1: "wf\<^sub>s\<^sub>t {} (unlabel \)" "fv\<^sub>l\<^sub>s\<^sub>t \ \ bvars\<^sub>l\<^sub>s\<^sub>t \ = {}" using assms unfolding typing_cond_prot_def wf\<^sub>l\<^sub>s\<^sub>t\<^sub>s_def by auto have "tfr\<^sub>s\<^sub>e\<^sub>t (\(trms\<^sub>l\<^sub>s\<^sub>t ` \
))" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (\(trms\<^sub>l\<^sub>s\<^sub>t ` \
))" "trms\<^sub>l\<^sub>s\<^sub>t \ \ \(trms\<^sub>l\<^sub>s\<^sub>t ` \
)" "SMP (trms\<^sub>l\<^sub>s\<^sub>t \) - Var`\ \ SMP (\(trms\<^sub>l\<^sub>s\<^sub>t ` \
)) - Var`\" using assms SMP_mono[of "trms\<^sub>l\<^sub>s\<^sub>t \" "\(trms\<^sub>l\<^sub>s\<^sub>t ` \
)"] unfolding typing_cond_prot_def by (metis, metis, auto) hence 2: "tfr\<^sub>s\<^sub>e\<^sub>t (trms\<^sub>l\<^sub>s\<^sub>t \)" and 3: "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (trms\<^sub>l\<^sub>s\<^sub>t \)" unfolding tfr\<^sub>s\<^sub>e\<^sub>t_def by (meson subsetD)+ have 4: "list_all tfr\<^sub>s\<^sub>t\<^sub>p (unlabel \)" using assms unfolding typing_cond_prot_def by auto have "subterms\<^sub>s\<^sub>e\<^sub>t (ik\<^sub>s\<^sub>t (unlabel \) \ assignment_rhs\<^sub>s\<^sub>t (unlabel \)) \ subterms\<^sub>s\<^sub>e\<^sub>t (\(ik\<^sub>s\<^sub>t ` unlabel ` \
) \ \(assignment_rhs\<^sub>s\<^sub>t ` unlabel ` \
))" using assms(2) by auto hence 5: "Ana_invar_subst (ik\<^sub>s\<^sub>t (unlabel \) \ assignment_rhs\<^sub>s\<^sub>t (unlabel \))" using assms SMP_mono unfolding typing_cond_prot_def Ana_invar_subst_def by (meson subsetD) show ?thesis using 1 2 3 4 5 unfolding typing_cond_def tfr\<^sub>s\<^sub>t_def by blast qed subsubsection \Theorem: Parallel Compositionality for Labeled Protocols\ definition component_prot where "component_prot n P \ (\l \ P. \s \ set l. is_LabelN n s \ is_LabelS s)" definition composed_prot where "composed_prot \
\<^sub>i \ {\. \n. proj n \ \ \
\<^sub>i n}" definition component_secure_prot where "component_secure_prot n P Sec attack \ (\\ \ P. suffix [(ln n, Send (Fun attack []))] \ \ (\\\<^sub>\. (interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \\<^sub>\)) \ \(\\<^sub>\ \ \proj_unl n \\) \ (\\'. prefix \' \ \ (\t \ Sec-declassified\<^sub>l\<^sub>s\<^sub>t \' \\<^sub>\. \(\\<^sub>\ \ \proj_unl n \'@[Send t]\)))))" definition component_leaks where "component_leaks n \ Sec \ (\\' \\<^sub>\. interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \\<^sub>\) \ prefix \' \ \ (\t \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t \' \\<^sub>\. (\\<^sub>\ \ \proj_unl n \'@[Send t]\)))" definition unsat where "unsat \ \ (\\. interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \ \ \(\ \ \unlabel \\))" theorem par_comp_constr_prot: assumes P: "P = composed_prot Pi" "par_comp_prot P Sec" "\n. component_prot n (Pi n)" and left_secure: "component_secure_prot n (Pi n) Sec attack" shows "\\ \ P. suffix [(ln n, Send (Fun attack []))] \ \ unsat \ \ (\m. n \ m \ component_leaks m \ Sec)" proof - { fix \ \' assume \: "\ = \'@[(ln n, Send (Fun attack []))]" "\ \ P" let ?P = "\\' \\<^sub>\. interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \\<^sub>\) \ prefix \' \ \ (\t \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t \' \\<^sub>\. \m. n \ m \ (\\<^sub>\ \ \proj_unl m \'@[Send t]\))" have tcp: "typing_cond_prot P" using P(2) unfolding par_comp_prot_def by simp have par_comp: "par_comp \ Sec" "typing_cond (unlabel \)" using par_comp_prot_impl_par_comp[OF P(2) \(2)] typing_cond_prot_impl_typing_cond[OF tcp \(2)] by metis+ have "unlabel (proj n \) = proj_unl n \" "proj_unl n \ = proj_unl n (proj n \)" "\A. A \ Pi n \ proj n A = A" "proj n \ = (proj n \')@[(ln n, Send (Fun attack []))]" using P(1,3) \ by (auto simp add: proj_def unlabel_def component_prot_def composed_prot_def) moreover have "proj n \ \ Pi n" using P(1) \ unfolding composed_prot_def by blast moreover { fix A assume "prefix A \" hence *: "prefix (proj n A) (proj n \)" unfolding proj_def prefix_def by force hence "proj_unl n A = proj_unl n (proj n A)" "\I. declassified\<^sub>l\<^sub>s\<^sub>t A I = declassified\<^sub>l\<^sub>s\<^sub>t (proj n A) I" unfolding proj_def declassified\<^sub>l\<^sub>s\<^sub>t_def by auto hence "\B. prefix B (proj n \) \ proj_unl n A = proj_unl n B \ (\I. declassified\<^sub>l\<^sub>s\<^sub>t A I = declassified\<^sub>l\<^sub>s\<^sub>t B I)" using * by metis } ultimately have *: "\\\<^sub>\. interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\ \ wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \\<^sub>\) \ \(\\<^sub>\ \ \proj_unl n \\) \ (\\'. prefix \' \ \ (\t \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t \' \\<^sub>\. \(\\<^sub>\ \ \proj_unl n \'@[Send t]\)))" using left_secure unfolding component_secure_prot_def composed_prot_def suffix_def by metis { fix \ assume \: "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \" "\ \ \unlabel \\" obtain \\<^sub>\ where \\<^sub>\: "interpretation\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\" "wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \\<^sub>\" "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \\<^sub>\)" "\\'. prefix \' \ \ (strand_leaks\<^sub>l\<^sub>s\<^sub>t \' Sec \\<^sub>\)" using par_comp_constr[OF par_comp \(2,1)] * by moura hence "\\'. prefix \' \ \ (\t \ Sec - declassified\<^sub>l\<^sub>s\<^sub>t \' \\<^sub>\. \m. n \ m \ (\\<^sub>\ \ \proj_unl m \'@[Send t]\))" using \\<^sub>\(4) * unfolding strand_leaks\<^sub>l\<^sub>s\<^sub>t_def by metis hence ?P using \\<^sub>\(1,2,3) by auto } hence "unsat \ \ (\m. n \ m \ component_leaks m \ Sec)" by (metis unsat_def component_leaks_def) } thus ?thesis unfolding suffix_def by metis qed end subsection \Automated GSMP Disjointness\ locale labeled_typed_model' = typed_model' arity public Ana \ + labeled_typed_model arity public Ana \ label_witness1 label_witness2 for arity::"'fun \ nat" and public::"'fun \ bool" and Ana::"('fun,(('fun,'atom::finite) term_type \ nat)) term \ (('fun,(('fun,'atom) term_type \ nat)) term list \ ('fun,(('fun,'atom) term_type \ nat)) term list)" and \::"('fun,(('fun,'atom) term_type \ nat)) term \ ('fun,'atom) term_type" and label_witness1 label_witness2::'lbl begin lemma GSMP_disjointI: fixes A' A B B'::"('fun, ('fun, 'atom) term \ nat) term list" defines "f \ \M. {t \ \ | t \. t \ M \ wt\<^sub>s\<^sub>u\<^sub>b\<^sub>s\<^sub>t \ \ wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (subst_range \) \ fv (t \ \) = {}}" and "\ \ var_rename (max_var_set (fv\<^sub>s\<^sub>e\<^sub>t (set A)))" assumes A'_wf: "list_all (wf\<^sub>t\<^sub>r\<^sub>m' arity) A'" and B'_wf: "list_all (wf\<^sub>t\<^sub>r\<^sub>m' arity) B'" and A_inst: "has_all_wt_instances_of \ (set A') (set A)" and B_inst: "has_all_wt_instances_of \ (set B') (set (B \\<^sub>l\<^sub>i\<^sub>s\<^sub>t \))" and A_SMP_repr: "finite_SMP_representation arity Ana \ A" and B_SMP_repr: "finite_SMP_representation arity Ana \ (B \\<^sub>l\<^sub>i\<^sub>s\<^sub>t \)" and AB_trms_disj: "\t \ set A. \s \ set (B \\<^sub>l\<^sub>i\<^sub>s\<^sub>t \). \ t = \ s \ mgu t s \ None \ (intruder_synth' public arity {} t \ intruder_synth' public arity {} s) \ ((\u \ Sec. is_wt_instance_of_cond \ t u) \ (\u \ Sec. is_wt_instance_of_cond \ s u))" and Sec_wf: "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s Sec" shows "GSMP_disjoint (set A') (set B') ((f Sec) - {m. {} \\<^sub>c m})" proof - have A_wf: "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (set A)" and B_wf: "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (set (B \\<^sub>l\<^sub>i\<^sub>s\<^sub>t \))" and A'_wf': "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (set A')" and B'_wf': "wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s (set B')" using finite_SMP_representationD[OF A_SMP_repr] finite_SMP_representationD[OF B_SMP_repr] A'_wf B'_wf unfolding wf\<^sub>t\<^sub>r\<^sub>m\<^sub>s_code[symmetric] wf\<^sub>t\<^sub>r\<^sub>m_code[symmetric] list_all_iff by blast+ have AB_fv_disj: "fv\<^sub>s\<^sub>e\<^sub>t (set A) \ fv\<^sub>s\<^sub>e\<^sub>t (set (B \\<^sub>l\<^sub>i\<^sub>s\<^sub>t \)) = {}" using var_rename_fv_set_disjoint'[of "set A" "set B", unfolded \_def[symmetric]] by simp have "GSMP_disjoint (set A) (set (B \\<^sub>l\<^sub>i\<^sub>s\<^sub>t \)) ((f Sec) - {m. {} \\<^sub>c m})" using ground_SMP_disjointI[OF AB_fv_disj A_SMP_repr B_SMP_repr Sec_wf AB_trms_disj] unfolding GSMP_def GSMP_disjoint_def f_def by blast moreover have "SMP (set A') \ SMP (set A)" "SMP (set B') \ SMP (set (B \\<^sub>l\<^sub>i\<^sub>s\<^sub>t \))" using SMP_I'[OF A'_wf' A_wf A_inst] SMP_SMP_subset[of "set A'" "set A"] SMP_I'[OF B'_wf' B_wf B_inst] SMP_SMP_subset[of "set B'" "set (B \\<^sub>l\<^sub>i\<^sub>s\<^sub>t \)"] by blast+ ultimately show ?thesis unfolding GSMP_def GSMP_disjoint_def by auto qed end end