Header for Miscellany.thy

[rttp-proofs.git] / Communication.thy

header {* Communication layer *}
theory Communication
imports Main
begin

subsection {* Messages *}
type_synonym actor = nat

datatype_new message
  = ActorName actor               -- {* specify an actor *}
  | Number nat                    -- {* arbitrary data, as a natural number *}
  | Signature actor message       -- {* an actor's signature for a message *}
  | Encrypted actor actor message -- {* a message encrypted for two actors *}
  | MessageList "message list"    -- {* a list of messages *}

datatype_new message_type
  = ActorNameType
  | NumberType
  | SignatureType
  | EncryptedType
  | MessageListType

fun type_of_message :: "message \<Rightarrow> message_type"
  where "type_of_message (ActorName _) = ActorNameType"
      | "type_of_message (Number _) = NumberType"
      | "type_of_message (Signature _ _) = SignatureType"
      | "type_of_message (Encrypted _ _ _) = EncryptedType"
      | "type_of_message (MessageList _) = MessageListType"

text {* What are the components of a message, from an omniscient point of view? *}
inductive contains_message :: "message \<Rightarrow> message \<Rightarrow> bool"
  where contains_message_self: "contains_message M M"
      | contains_message_encrypted:
          "contains_message M (Encrypted _ _ m) \<Longrightarrow> contains_message M m"
      | contains_message_list:
          "m \<in> set ms \<Longrightarrow> contains_message M (MessageList ms)
            \<Longrightarrow> contains_message M m"

text {* What can a particular actor learn from a particular message? *}
inductive learnable :: "actor \<Rightarrow> message \<Rightarrow> message \<Rightarrow> bool" for a M
  where identity_learnable: "learnable a M M"
          -- {* the message itself *}
      | encrypted1_learnable: "learnable a M (Encrypted a _ m) \<Longrightarrow> learnable a M m"
      | encrypted2_learnable: "learnable a M (Encrypted _ a m) \<Longrightarrow> learnable a M m"
          -- {* the body of a learnable message encrypted for the actor *}
      | listed_learnable:
          "m \<in> set l \<Longrightarrow> learnable a M (MessageList l) \<Longrightarrow> learnable a M m"
          -- {* any element of a learnable list of messages *}

text {* What messages can a particular actor construct from a particular set of
        messages? *}
inductive constructible :: "actor \<Rightarrow> message set \<Rightarrow> message \<Rightarrow> bool" for a Ms
  where learnable_constructible:
          "M \<in> Ms \<Longrightarrow> learnable a M m \<Longrightarrow> constructible a Ms m"
          -- {* any message learnable from any message in the set *}
      | actorName_constructible: "constructible a Ms (ActorName _)"
          -- {* any actor's name *}
      | number_constructible: "constructible a Ms (Number _)"
          -- {* any number *}
      | signed_constructible:
          "constructible a Ms m \<Longrightarrow> constructible a Ms (Signature a m)"
          -- {* an otherwise constructible message, signed by this actor *}
      | encrypted_constructible:
          "constructible a Ms m \<Longrightarrow> constructible a Ms (Encrypted _ _ m)"
          -- {* an otherwise constructible message, encrypted to any pair of actors *}
      | listed_constructible:
          "(\<forall> m \<in> set l. constructible a Ms m)
            \<Longrightarrow> constructible a Ms (MessageList l)"
          -- {* a list of otherwise constructible messages *}

subsubsection {* Indistinguishability of messages *}
datatype_new agent = CommunicationLayer | Actor actor

text {* What pairs of messages should we not expect a particular agent to be able
        to distinguish between, given a particular set of messages to work from?
        This definition isn't intended to express a limit on what an attacker might
        be able to do; rather, it's meant to limit what we might reasonably expect
        an honest agent to be able to do without resorting to sophisticated
        cryptanalysis or anything similarly difficult. *}
inductive indistinguishable :: "agent \<Rightarrow> message set \<Rightarrow> message \<Rightarrow> message \<Rightarrow> bool"
  where "indistinguishable CommunicationLayer _ _ _"
      | "indistinguishable _ _ m m"
      | "\<not> constructible a Ms m \<Longrightarrow> \<not> constructible a Ms m'
          \<Longrightarrow> indistinguishable (Actor a) Ms (Signature _ m) (Signature _ m')"
      | "indistinguishable A Ms m m'
          \<Longrightarrow> indistinguishable A Ms (Signature a m) (Signature a m')"
      | "A \<noteq> Actor a \<Longrightarrow> A \<noteq> Actor b \<Longrightarrow> A \<noteq> Actor c \<Longrightarrow> A \<noteq> Actor d
          \<Longrightarrow> indistinguishable A _ (Encrypted a b _) (Encrypted c d _)"
      | "indistinguishable A Ms m m'
          \<Longrightarrow> indistinguishable A Ms (Encrypted a b m) (Encrypted a b m')"
      | "indistinguishable A Ms m m'
          \<Longrightarrow> indistinguishable A Ms (MessageList ms) (MessageList ms')
          \<Longrightarrow> indistinguishable A Ms
                (MessageList (m # ms))
                (MessageList (m' # ms'))"

lemma indistinguishable_symmetric:
  "indistinguishable A Ms m m' \<Longrightarrow> indistinguishable A Ms m' m"
proof (induction rule: indistinguishable.induct)
  fix Ms m m'
  show "indistinguishable CommunicationLayer Ms m m'" by rule
  fix A
  show "indistinguishable A Ms m m" by rule
  fix a b c
  assume "\<not> constructible a Ms m'" and "\<not> constructible a Ms m"
  thus "indistinguishable (Actor a) Ms (Signature c m') (Signature b m)" by rule
next
  fix A Ms m m' a
  assume "indistinguishable A Ms m' m"
  thus "indistinguishable A Ms (Signature a m') (Signature a m)" by rule
next
  fix A Ms m m' a b c d
  assume "A \<noteq> Actor c" and "A \<noteq> Actor d" and "A \<noteq> Actor a" and "A \<noteq> Actor b"
  thus "indistinguishable A Ms (Encrypted c d m') (Encrypted a b m)" by rule
next
  fix A Ms m m' a b
  assume "indistinguishable A Ms m' m"
  thus "indistinguishable A Ms (Encrypted a b m') (Encrypted a b m)" by rule
next
  fix A Ms m m' ms ms'
  assume  "indistinguishable A Ms m' m"
    and   "indistinguishable A Ms (MessageList ms') (MessageList ms)"
  thus "indistinguishable A Ms (MessageList (m' # ms')) (MessageList (m # ms))"
    by rule
qed

definition indistinguishability_map ::
  "agent \<Rightarrow> message set \<Rightarrow> (message \<Rightarrow> message) \<Rightarrow> bool" where
    "indistinguishability_map A Ms f
      \<longleftrightarrow> bij f
        \<and> (\<forall> m. indistinguishable A Ms m (f m)
              \<and> (\<forall> a b. (A = Actor a \<and> constructible a Ms m
                          \<longrightarrow> f (Signature b m) = Signature b (f m)
                        )
                      \<and> (A = Actor a \<or> A = Actor b
                          \<longrightarrow> f (Encrypted a b m) = Encrypted a b (f m)
                        )
                )
          )
        \<and> (A \<noteq> CommunicationLayer
            \<longrightarrow> (\<forall> ms. f (MessageList ms) = MessageList (map f ms))
          )"

lemma learnable_indistinguishability_map:
  assumes im: "indistinguishability_map (Actor a) Ms f"
  shows "learnable a M m \<Longrightarrow> learnable a (f M) (f m)"
proof (induction rule: learnable.induct)
  show "learnable a (f M) (f M)" by rule
  fix b m
  assume "learnable a (f M) (f (Encrypted a b m))"
  moreover
    from im have "f (Encrypted a b m) = Encrypted a b (f m)"
      by (unfold indistinguishability_map_def) simp
  ultimately show "learnable a (f M) (f m)" by (metis encrypted1_learnable)
next
  fix b m
  assume "learnable a (f M) (f (Encrypted b a m))"
  moreover
    from im have "f (Encrypted b a m) = Encrypted b a (f m)"
      by (unfold indistinguishability_map_def) simp
  ultimately show "learnable a (f M) (f m)" by (metis encrypted2_learnable)
next
  fix m ms
  assume  minms: "m \<in> set ms"
    and   learnablefms: "learnable a (f M) (f (MessageList ms))"
  from minms have fminfms: "f m \<in> set (map f ms)" by simp
  from im have "f (MessageList ms) = MessageList (map f ms)"
    by (unfold indistinguishability_map_def) simp
  with fminfms and learnablefms show "learnable a (f M) (f m)"
    by (metis listed_learnable)
qed

lemma indistinguishable_message_type:
  "indistinguishable (Actor a) Ms m m' \<Longrightarrow> type_of_message m = type_of_message m'"
proof (induction rule: indistinguishable.cases)
  assume "Actor a = CommunicationLayer"
  thus "type_of_message m = type_of_message m'" ..
next
  fix n
  assume "m = n" and "m' = n"
  thus "type_of_message m = type_of_message m'" by simp
next
  fix b c n n'
  assume "m = Signature b n" and "m' = Signature c n'"
  thus "type_of_message m = type_of_message m'" by simp
  thus "type_of_message m = type_of_message m'" .
next
  fix b c d e n n'
  assume "m = Encrypted b c n" and "m' = Encrypted d e n'"
  thus "type_of_message m = type_of_message m'" by simp
  thus "type_of_message m = type_of_message m'" .
next
  fix n ns n' ns'
  assume "m = MessageList (n # ns)" and "m' = MessageList (n' # ns')"
  thus "type_of_message m = type_of_message m'" by simp
qed

type_synonym encrypted_message_data = "actor \<times> actor \<times> message"
type_synonym
  encrypted_message_map = "encrypted_message_data \<Rightarrow> encrypted_message_data"

subsection {* Events *}
datatype_new event
  = Send actor actor message  -- {* send a message from one actor to another *}
  | Receive actor message     -- {* an actor receives a message *}
  | Pay
      actor         -- {* payer *}
      actor         -- {* payee *}
      nat           -- {* specifies amount and manner of payment *}
      nat           -- {* payment id, intended to be unique to payer/payee pair*}

text {* Given a set of past events, which messages has a particular actor received? *}
definition messages_received :: "actor \<Rightarrow> event set \<Rightarrow> message set"
  where "messages_received a es = {m. Receive a m \<in> es}"

text {* What can a particular agent do, given a set of past events? *}
inductive doable :: "agent \<Rightarrow> event set \<Rightarrow> event \<Rightarrow> bool"
  where communicationLayer_transmit_doable:
          "(Send _ _ m) \<in> es \<Longrightarrow> doable CommunicationLayer es (Receive _ m)"
          -- {* the communication layer can cause anyone to receive any message
                sent by anyone to anyone *}
      | constructible_sendable:
          "constructible a (messages_received a es) m
            \<Longrightarrow> doable (Actor a) es (Send a _ m)"
          -- {* an actor can send any message they can construct from those they've
                received *}
      | pay_doable: "doable (Actor a) _ (Pay a _ _ _)"
          -- {* an actor can always pay anyone any amount with any payment id *}

text {* Which agent must have caused a particular event? *}
fun causal_agent :: "event \<Rightarrow> agent"
  where send_cause: "causal_agent (Send a _ _) = Actor a"
      | receive_cause: "causal_agent (Receive _ _) = CommunicationLayer"
      | pay_cause: "causal_agent (Pay a _ _ _) = Actor a"

text {* If an event is doable by an agent, then that agent must be the causal one *}
lemma doable_implies_causal:
  assumes "doable a es e"
  shows "causal_agent e = a"
  using assms by (cases rule: doable.cases) simp_all

text {* Which events affect a particular agent? *}
inductive affected_agent :: "agent \<Rightarrow> event \<Rightarrow> bool"
  where sender_affected: "affected_agent (Actor a) (Send a _ _)"
      | send_affects_communication:
          "affected_agent CommunicationLayer (Send _ _ _)"
      | receiver_affected: "affected_agent (Actor a) (Receive a _)"
      | receive_affects_communication:
          "affected_agent CommunicationLayer (Receive _ _)"
      | payer_affected: "affected_agent (Actor a) (Pay a _ _ _)"
      | payee_affected: "affected_agent (Actor a) (Pay _ a _ _)"

text {* The causal agent is always affected *}
lemma causal_affected: "affected_agent (causal_agent e) e"
  by (cases rule: causal_agent.induct) (simp_all add: affected_agent.simps)

fun lift_message_map_event
  :: "(message \<Rightarrow> message) \<Rightarrow> event \<Rightarrow> event"
  where "lift_message_map_event f (Send a b m) = Send a b (f m)"
      | "lift_message_map_event f (Receive a m) = Receive a (f m)"
      | "lift_message_map_event _ e = e"

subsection {* Histories *}
type_synonym time = nat
type_synonym history = "(event \<times> time) set"

text {* Which histories could possibly occur? *}
definition possible_history :: "history \<Rightarrow> bool" where
  "possible_history h \<longleftrightarrow>
    (\<forall> (e, t) \<in> h. doable (causal_agent e) {f. \<exists> u < t. (f, u) \<in> h} e)"

text {* What events occurred before a given time? *}
definition events_before :: "history \<Rightarrow> time \<Rightarrow> event set" where
  "events_before h t = {e. \<exists> u < t. (e, u) \<in> h}"

text {* What messages did a given agent receive before a given time? *}
fun messages_received_before :: "agent \<Rightarrow> history \<Rightarrow> time \<Rightarrow> message set"
  where "messages_received_before CommunicationLayer _ _ = {}"
      | "messages_received_before (Actor a) h t
          = {m. Receive a m \<in> events_before h t}"

text {* What subhistory is relevant to a given agent before a given time? *}
definition relevant_subhistory :: "agent \<Rightarrow> time \<Rightarrow> history \<Rightarrow> history" where
  "relevant_subhistory A t h = {(e, t') \<in> h. affected_agent A e \<and> t' < t}"

end