Defined apply_encrypted_message_map_event

[rttp-proofs.git] / Communication.thy

header {* Communication layer *}
theory Communication
imports Main
begin

subsection {* Messages *}
type_synonym actor = nat

datatype_new message
  = ActorName actor               -- {* specify an actor *}
  | Number nat                    -- {* arbitrary data, as a natural number *}
  | Signed actor message          -- {* a message signed by an actor *}
  | Encrypted actor actor message -- {* a message encrypted for two actors *}
  | MessageList "message list"    -- {* a list of messages *}

text {* What can a particular actor learn from a particular message? *}
inductive learnable :: "actor \<Rightarrow> message \<Rightarrow> message \<Rightarrow> bool" for a M
  where identity_learnable: "learnable a M M"
          -- {* the message itself *}
      | signed_learnable: "learnable a M (Signed _ m) \<Longrightarrow> learnable a M m"
          -- {* the body of a learnable signed message *}
      | encrypted1_learnable: "learnable a M (Encrypted a _ m) \<Longrightarrow> learnable a M m"
      | encrypted2_learnable: "learnable a M (Encrypted _ a m) \<Longrightarrow> learnable a M m"
          -- {* the body of a learnable message encrypted for the actor *}
      | listed_learnable:
          "m \<in> set l \<Longrightarrow> learnable a M (MessageList l) \<Longrightarrow> learnable a M m"
          -- {* any element of a learnable list of messages *}

text {* What messages can a particular actor construct from a particular set of
        messages? *}
inductive constructible :: "actor \<Rightarrow> message set \<Rightarrow> message \<Rightarrow> bool" for a Ms
  where learnable_constructible:
          "M \<in> Ms \<Longrightarrow> learnable a M m \<Longrightarrow> constructible a Ms m"
          -- {* any message learnable from any message in the set *}
      | actorName_constructible: "constructible a Ms (ActorName _)"
          -- {* any actor's name *}
      | number_constructible: "constructible a Ms (Number _)"
          -- {* any number *}
      | signed_constructible:
          "constructible a Ms m \<Longrightarrow> constructible a Ms (Signed a m)"
          -- {* an otherwise constructible message, signed by this actor *}
      | encrypted_constructible:
          "constructible a Ms m \<Longrightarrow> constructible a Ms (Encrypted _ _ m)"
          -- {* an otherwise constructible message, encrypted to any pair of actors *}
      | listed_constructible:
          "(\<forall> m \<in> set l. constructible a Ms m)
            \<Longrightarrow> constructible a Ms (MessageList l)"
          -- {* a list of otherwise constructible messages *}

subsubsection {* Indistinguishability of encrypted messages *}
datatype_new agent = CommunicationLayer | Actor actor
type_synonym encrypted_message_data = "actor \<times> actor \<times> message"
type_synonym
  encrypted_message_map = "encrypted_message_data \<Rightarrow> encrypted_message_data"

text {* For a particular agent, does a particular encrypted message map leave
        messages indistinguishable from what they meant originally? *}
definition indistinguishability_map :: "agent \<Rightarrow> encrypted_message_map \<Rightarrow> bool"
  where "indistinguishability_map a f \<longleftrightarrow>
          bij f \<and> (\<forall> b c m. a = Actor b \<or> a = Actor c \<longrightarrow> f (b, c, m) = (b, c, m))"

text {* Apply an encrypted message map to a message, from a particular agent's
        point of view *}
function apply_encrypted_message_map
  :: "agent \<Rightarrow> encrypted_message_map \<Rightarrow> message \<Rightarrow> message"
  where "apply_encrypted_message_map _ _ (ActorName a) = ActorName a"
      | "apply_encrypted_message_map _ _ (Number n) = Number n"
      | "apply_encrypted_message_map A f (Signed a m)
          = Signed a (apply_encrypted_message_map A f m)"
      | "A = Actor a \<or> A = Actor b
          \<Longrightarrow> apply_encrypted_message_map A f (Encrypted a b m)
              = Encrypted a b (apply_encrypted_message_map A f m)"
      | "A \<noteq> Actor a \<and> A \<noteq> Actor b
          \<Longrightarrow> apply_encrypted_message_map A f (Encrypted a b m)
              = Encrypted
                  (fst (f (a, b, m)))
                  (fst (snd (f (a, b, m))))
                  (snd (snd (f (a, b, m))))"
      | "apply_encrypted_message_map A f (MessageList ms)
          = MessageList (map (apply_encrypted_message_map A f) ms)"
  by auto (metis message.exhaust)

subsection {* Events *}
datatype_new event
  = Send actor actor message  -- {* send a message from one actor to another *}
  | Receive actor message     -- {* an actor receives a message *}
  | Pay
      actor         -- {* payer *}
      actor         -- {* payee *}
      nat           -- {* specifies amount and manner of payment *}
      nat           -- {* payment id, intended to be unique to payer/payee pair*}

text {* What can a particular agent do, given a set of past events? *}
inductive doable :: "agent \<Rightarrow> event set \<Rightarrow> event \<Rightarrow> bool"
  where communicationLayer_transmit_doable:
          "(Send _ _ m) \<in> es \<Longrightarrow> doable CommunicationLayer es (Receive _ m)"
          -- {* the communication layer can cause anyone to receive any message
                sent by anyone to anyone *}
      | constructible_sendable:
          "constructible a {M. Receive a M \<in> es} m
            \<Longrightarrow> doable (Actor a) es (Send a _ m)"
          -- {* an actor can send any message they can construct from those they've
                received *}
      | pay_doable: "doable (Actor a) _ (Pay a _ _ _)"
          -- {* an actor can always pay anyone any amount with any payment id *}

text {* Which agent must have caused a particular event? *}
fun causal_agent :: "event \<Rightarrow> agent"
  where send_cause: "causal_agent (Send a _ _) = Actor a"
      | receive_cause: "causal_agent (Receive _ _) = CommunicationLayer"
      | pay_cause: "causal_agent (Pay a _ _ _) = Actor a"

text {* If an event is doable by an agent, then that agent must be the causal one *}
lemma doable_implies_causal:
  assumes "doable a es e"
  shows "causal_agent e = a"
  using assms by (cases rule: doable.cases) simp_all

text {* Which events affect a particular agent? *}
inductive affected_agent :: "agent \<Rightarrow> event \<Rightarrow> bool"
  where sender_affected: "affected_agent (Actor a) (Send a _ _)"
      | send_affects_communication:
          "affected_agent CommunicationLayer (Send _ _ _)"
      | receiver_affected: "affected_agent (Actor a) (Receive a _)"
      | receive_affects_communication:
          "affected_agent CommunicationLayer (Receive _ _)"
      | payer_affected: "affected_agent (Actor a) (Pay a _ _ _)"
      | payee_affected: "affected_agent (Actor a) (Pay _ a _ _)"

text {* The causal agent is always affected *}
lemma causal_affected: "affected_agent (causal_agent e) e"
  by (cases rule: causal_agent.induct) (simp_all add: affected_agent.simps)

fun apply_encrypted_message_map_event
  :: "agent \<Rightarrow> encrypted_message_map \<Rightarrow> event \<Rightarrow> event"
  where "apply_encrypted_message_map_event A f (Send a b m)
          = Send a b (apply_encrypted_message_map A f m)"
      | "apply_encrypted_message_map_event A f (Receive a m)
          = Receive a (apply_encrypted_message_map A f m)"
      | "apply_encrypted_message_map_event _ _ e = e"

subsection {* Histories *}
type_synonym time = nat
type_synonym history = "(event \<times> time) set"

text {* Which histories could possibly occur? *}
definition possible_history :: "history \<Rightarrow> bool" where
  "possible_history h \<longleftrightarrow>
    (\<forall> (e, t) \<in> h. doable (causal_agent e) {f. \<exists> u < t. (f, u) \<in> h} e)"

end