-- Case analyses -- 1) sdm1(s,p10,q10,r10) mod EICASE1 { pr(ICASE1) -- Basic predicates op bp1 : -> Bool #define bp1 ::= (r = r10) . -- Exhaustiveness check op check : -> Bool eq check = bp1 or not bp1 . } -- Case splitting mod ICASE1-1 { pr(EICASE1) eq bp1 = true . } -- mod ICASE1-2 { pr(EICASE1) eq bp1 = false . } -- 2) sdm2(s,p10,r10,m10) mod EICASE2 { pr(ICASE2) -- Basic predicates ops bp1 bp2 bp3 bp4 bp5 : -> Bool #define bp1 ::= (r = r10) . #define bp2 ::= (sender(m10) = intruder) . #define bp3 ::= (nonce(cipher1(m10)) = n(p,q,r)) . #define bp4 ::= (p10 = intruder) . #define bp5 ::= n(p,q,r) \in cnonce(m10 , nw10) . -- Exhaustiveness check op check : -> Bool eq check = bp1 or (not bp1 and not bp2) or (not bp1 and bp2 and not bp3) or (not bp1 and bp2 and bp3 and bp4) or (not bp1 and bp2 and bp3 and not bp4 and bp5) or (not bp1 and bp2 and bp3 and not bp4 and not bp5) . } -- Case splitting mod ICASE2-1 { pr(EICASE2) eq bp1 = true . } -- mod ICASE2-2 { pr(EICASE2) eq bp1 = false . eq bp2 = false . } -- mod ICASE2-3 { pr(EICASE2) eq bp1 = false . eq bp2 = true . eq bp3 = false . } -- mod ICASE2-4 { pr(EICASE2) eq bp1 = false . eq bp2 = true . eq bp3 = true . eq bp4 = true . } -- mod ICASE2-5 { pr(EICASE2) eq bp1 = false . eq bp2 = true . eq bp3 = true . eq bp4 = false . eq bp5 = true . } -- mod ICASE2-6 { pr(EICASE2) eq bp1 = false . eq bp2 = true . -- eq bp3 = true . eq nonce(cipher1(m10)) = n(p,q,r) . -- eq bp4 = false . eq bp5 = false . } -- 3) sdm3(s,p10,r10,m10,m20) mod EICASE3 { pr(ICASE3) -- Basic predicates ops bp1 bp2 bp3 bp4 : -> Bool #define bp1 ::= (sender(m20) = intruder) . #define bp2 ::= (nonce2(cipher2(m20)) = n(p,q,r)) . #define bp3 ::= (p10 = intruder) . #define bp4 ::= n(p,q,r) \in cnonce(m10,m20,nw10) . -- Exhaustiveness check op check : -> Bool eq check = not bp1 or (bp1 and not bp2) or (bp1 and bp2 and bp3) or (bp1 and bp2 and not bp3 and bp4) or (bp1 and bp2 and not bp3 and not bp4) . } -- Case splitting mod ICASE3-1 { pr(EICASE3) eq bp1 = false . } -- mod ICASE3-2 { pr(EICASE3) eq bp1 = true . eq bp2 = false . } -- mod ICASE3-3 { pr(EICASE3) eq bp1 = true . eq bp2 = true . eq bp3 = true . } -- mod ICASE3-4 { pr(EICASE3) eq bp1 = true . eq bp2 = true . eq bp3 = false . eq bp4 = true . } -- mod ICASE3-5 { pr(EICASE3) eq bp1 = true . -- eq bp2 = true . eq nonce2(cipher2(m20)) = n(p,q,r) . -- eq bp3 = false . eq bp4 = false . } -- 4) fkm11(s,p10,q10,e10) mod EICASE4 { pr(ICASE4) -- Basic predicates op bp1 : -> Bool #define bp1 ::= (key(e10) = intruder) . -- Exhaustiveness check op check : -> Bool eq check = not bp1 or bp1 . } -- Case splitting mod ICASE4-1 { pr(EICASE4) eq bp1 = false . } -- mod ICASE4-2 { pr(EICASE4) eq bp1 = true . } -- 5) fkm12(s,p10,q10,n10) mod EICASE5 { pr(ICASE5) -- Basic predicates op bp1 : -> Bool #define bp1 ::= (n(p,q,r) = n10) . -- Exhaustiveness check op check : -> Bool eq check = bp1 or not bp1 . } -- Case splitting mod ICASE5-1 { pr(EICASE5) -- eq bp1 = true . eq n(p,q,r) = n10 . } -- mod ICASE5-2 { pr(EICASE5) eq bp1 = false . } -- 6) fkm21(s,p10,q10,e20) mod EICASE6 { pr(ICASE6) -- Basic predicates op bp1 : -> Bool #define bp1 ::= (key(e20) = intruder) . -- Exhaustiveness check op check : -> Bool eq check = not bp1 or bp1 . } -- Case splitting mod ICASE6-1 { pr(EICASE6) eq bp1 = false . } -- mod ICASE6-2 { pr(EICASE6) eq bp1 = true . } -- 7) fkm22(s,p10,q10,n10,n20) mod EICASE7 { pr(ICASE7) -- Basic predicates ops bp1 bp2 : -> Bool #define bp1 ::= (n(p,q,r) = n10) . #define bp2 ::= (n(p,q,r) = n20) . -- Exhaustiveness check op check : -> Bool eq check = bp1 or bp2 or (not bp1 and not bp2) . } -- Case splitting mod ICASE7-1 { pr(EICASE7) -- eq bp1 = true . eq n(p,q,r) = n10 . } -- mod ICASE7-2 { pr(EICASE7) -- eq bp2 = true . eq n(p,q,r) = n20 . } -- mod ICASE7-3 { pr(EICASE7) eq bp1 = false . eq bp2 = false . } -- 8) fkm31(s,p10,q10,e30) mod EICASE8 { pr(ICASE8) -- Basic predicates op bp1 : -> Bool #define bp1 ::= (key(e30) = intruder) . -- Exhaustiveness check op check : -> Bool eq check = not bp1 or bp1 . } -- Case splitting mod ICASE8-1 { pr(EICASE8) eq bp1 = false . } -- mod ICASE8-2 { pr(EICASE8) eq bp1 = true . } -- 9) fkm32(s,p10,q10,n10) mod EICASE9 { pr(ICASE9) -- Basic predicates op bp1 : -> Bool #define bp1 ::= (n(p,q,r) = n10) . -- Exhaustiveness check op check : -> Bool eq check = bp1 or not bp1 . } -- Case splitting mod ICASE9-1 { pr(EICASE9) -- eq bp1 = true . eq n(p,q,r) = n10 . } -- mod ICASE9-2 { pr(EICASE9) eq bp1 = false . } -- Exhaustiveness Check red in EICASE1 : check . red in EICASE2 : check . red in EICASE3 : check . red in EICASE4 : check . red in EICASE5 : check . red in EICASE6 : check . red in EICASE7 : check . red in EICASE8 : check . red in EICASE9 : check . -- End of Exhaustiveness Check -- Proof -- I) Base case red in INV : inv210(init,p,q,r) . -- II) Inductive cases red in ICASE1-1 : istep210(p,q,r) . red in ICASE1-2 : istep210(p,q,r) . red in ICASE2-1 : istep210(p,q,r) . red in ICASE2-2 : istep210(p,q,r) . red in ICASE2-3 : istep210(p,q,r) . red in ICASE2-4 : istep210(p,q,r) . red in ICASE2-5 : istep210(p,q,r) . red in ICASE2-6 : inv140(s,cipher1(m10)) implies istep210(p,q,r) . red in ICASE3-1 : istep210(p,q,r) . red in ICASE3-2 : istep210(p,q,r) . red in ICASE3-3 : istep210(p,q,r) . red in ICASE3-4 : istep210(p,q,r) . red in ICASE3-5 : inv150(s,cipher2(m20)) implies istep210(p,q,r) . red in ICASE4-1 : istep210(p,q,r) . red in ICASE4-2 : inv100(s,e10) implies istep210(p,q,r) . red in ICASE5-1 : istep210(p,q,r) . red in ICASE5-2 : istep210(p,q,r) . red in ICASE6-1 : istep210(p,q,r) . red in ICASE6-2 : inv110(s,e20) implies istep210(p,q,r) . red in ICASE7-1 : istep210(p,q,r) . red in ICASE7-2 : istep210(p,q,r) . red in ICASE7-3 : istep210(p,q,r) . red in ICASE8-1 : istep210(p,q,r) . red in ICASE8-2 : inv120(s,e30) implies istep210(p,q,r) . red in ICASE9-1 : istep210(p,q,r) . red in ICASE9-2 : istep210(p,q,r) . -- Q.E.D.