(******************************************************************************* Project: Development of Security Protocols by Refinement Module: Refinement/Agents.thy (Isabelle/HOL 2016-1) ID: $Id: Agents.thy 133854 2017-03-20 17:53:50Z csprenge $ Author: Christoph Sprenger, ETH Zurich <sprenger@inf.ethz.ch> Agents and nonces (partly based on Paulson's Message.thy) Copyright (c) 2009-2016 Christoph Sprenger Licence: LGPL *******************************************************************************) section ‹Atomic messages› theory Agents imports Main begin text ‹The definitions below are moved here from the message theory, since the higher levels of protocol abstraction do not know about cryptographic messages.› (******************************************************************************) subsection ‹Agents› (******************************************************************************) datatype ― ‹We allow any number of agents plus an honest server.› agent = Server | Agent nat consts bad :: "agent set" ― ‹compromised agents› specification (bad) Server_not_bad [iff]: "Server ∉ bad" by (rule exI [of _ "{Agent 0}"], simp) abbreviation good :: "agent set" where "good ≡ -bad" abbreviation Sv :: "agent" where "Sv ≡ Server" (******************************************************************************) subsection ‹Nonces› (******************************************************************************) text ‹We have an unspecified type of freshness identifiers. For executability, we may need to assume that this type is infinite.› typedecl fid_t datatype fresh_t = mk_fresh "fid_t" "nat" (infixr ‹$› 65) fun fid :: "fresh_t ⇒ fid_t" where "fid (f $ n) = f" fun num :: "fresh_t ⇒ nat" where "num (f $ n) = n" text ‹Nonces› type_synonym nonce = "fresh_t" end