TSTP Solution File: SWV758-1 by Z3---4.8.9.0
View Problem
- Process Solution
%------------------------------------------------------------------------------
% File : Z3---4.8.9.0
% Problem : SWV758-1 : TPTP v8.1.0. Released v4.1.0.
% Transfm : none
% Format : tptp
% Command : z3_tptp -proof -model -t:%d -file:%s
% Computer : n013.cluster.edu
% Model : x86_64 x86_64
% CPU : Intel(R) Xeon(R) CPU E5-2620 v4 2.10GHz
% Memory : 8042.1875MB
% OS : Linux 3.10.0-693.el7.x86_64
% CPULimit : 300s
% WCLimit : 300s
% DateTime : Thu Sep 29 15:24:22 EDT 2022
% Result : Unsatisfiable 77.75s 49.24s
% Output : Proof 78.13s
% Verified :
% SZS Type : Refutation
% Derivation depth : 19
% Number of leaves : 75
% Syntax : Number of formulae : 138 ( 38 unt; 31 typ; 0 def)
% Number of atoms : 931 ( 53 equ)
% Maximal formula atoms : 24 ( 8 avg)
% Number of connectives : 1251 ( 490 ~; 687 |; 0 &)
% ( 74 <=>; 0 =>; 0 <=; 0 <~>)
% Maximal formula depth : 16 ( 8 avg)
% Maximal term depth : 10 ( 2 avg)
% Number of FOOLs : 63 ( 63 fml; 0 var)
% Number of types : 2 ( 0 usr)
% Number of type conns : 27 ( 15 >; 12 *; 0 +; 0 <<)
% Number of predicates : 7 ( 5 usr; 1 prp; 0-3 aty)
% Number of functors : 30 ( 30 usr; 16 con; 0-3 aty)
% Number of variables : 514 ( 465 !; 0 ?; 514 :)
% Comments :
%------------------------------------------------------------------------------
tff(hBOOL_type,type,
hBOOL: $i > $o ).
tff(c_in_type,type,
c_in: ( $i * $i * $i ) > $i ).
tff(tc_Event_Oevent_type,type,
tc_Event_Oevent: $i ).
tff(c_List_Oset_type,type,
c_List_Oset: ( $i * $i ) > $i ).
tff(v_evs_type,type,
v_evs: $i ).
tff(c_Event_Oevent_ONotes_type,type,
c_Event_Oevent_ONotes: ( $i * $i ) > $i ).
tff(c_Message_Omsg_OMPair_type,type,
c_Message_Omsg_OMPair: ( $i * $i ) > $i ).
tff(hAPP_type,type,
hAPP: ( $i * $i ) > $i ).
tff(v_K_type,type,
v_K: $i ).
tff(c_Message_Omsg_OKey_type,type,
c_Message_Omsg_OKey: $i ).
tff(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1_type,type,
v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1: ( $i * $i * $i ) > $i ).
tff(v_NA_type,type,
v_NA: $i ).
tff(c_Message_Oagent_OSpy_type,type,
c_Message_Oagent_OSpy: $i ).
tff(c_Event_Oevent_OSays_type,type,
c_Event_Oevent_OSays: ( $i * $i * $i ) > $i ).
tff(c_Message_Omsg_OCrypt_type,type,
c_Message_Omsg_OCrypt: ( $i * $i ) > $i ).
tff(c_Message_Omsg_OAgent_type,type,
c_Message_Omsg_OAgent: $i > $i ).
tff(v_A_type,type,
v_A: $i ).
tff(v_B_type,type,
v_B: $i ).
tff(c_Public_OshrK_type,type,
c_Public_OshrK: $i ).
tff(c_Message_Oagent_OServer_type,type,
c_Message_Oagent_OServer: $i ).
tff(v_X_type,type,
v_X: $i ).
tff(tc_List_Olist_type,type,
tc_List_Olist: $i > $i ).
tff(c_NS__Shared__Mirabelle_Ons__shared_type,type,
c_NS__Shared__Mirabelle_Ons__shared: $i ).
tff(tc_Message_Oagent_type,type,
tc_Message_Oagent: $i ).
tff(c_Event_Obad_type,type,
c_Event_Obad: $i ).
tff(tc_Message_Omsg_type,type,
tc_Message_Omsg: $i ).
tff(c_Message_Oparts_type,type,
c_Message_Oparts: $i > $i ).
tff(c_Event_Oknows_type,type,
c_Event_Oknows: ( $i * $i ) > $i ).
tff(c_Message_Oanalz_type,type,
c_Message_Oanalz: $i > $i ).
tff(c_Message_Omsg_ONonce_type,type,
c_Message_Omsg_ONonce: $i > $i ).
tff(v_NB_type,type,
v_NB: $i ).
tff(1,plain,
( hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
<=> hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) ),
inference(rewrite,[status(thm)],]) ).
tff(2,axiom,
hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_conjecture_5) ).
tff(3,plain,
hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))),
inference(modus_ponens,[status(thm)],[2,1]) ).
tff(4,plain,
( ~ hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
<=> ~ hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent)) ),
inference(rewrite,[status(thm)],]) ).
tff(5,axiom,
~ hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent)),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_conjecture_3) ).
tff(6,plain,
~ hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent)),
inference(modus_ponens,[status(thm)],[5,4]) ).
tff(7,plain,
( hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
<=> hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) ),
inference(rewrite,[status(thm)],]) ).
tff(8,axiom,
hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_conjecture_1) ).
tff(9,plain,
hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)),
inference(modus_ponens,[status(thm)],[8,7]) ).
tff(10,plain,
^ [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
refl(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) )),
inference(bind,[status(th)],]) ).
tff(11,plain,
( ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
<=> ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) ),
inference(quant_intro,[status(thm)],[10]) ).
tff(12,plain,
( ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
<=> ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) ),
inference(rewrite,[status(thm)],]) ).
tff(13,plain,
^ [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
trans(
monotonicity(
trans(
monotonicity(
rewrite(
( ( ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) )),
( ( ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) ) )),
rewrite(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) )),
( ( ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) )),
( ( ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) ) )),
rewrite(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) )),
( ( ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) )),
inference(bind,[status(th)],]) ).
tff(14,plain,
( ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ) ),
inference(quant_intro,[status(thm)],[13]) ).
tff(15,axiom,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) )
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) ),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_cert__A__form_1) ).
tff(16,plain,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ),
inference(modus_ponens,[status(thm)],[15,14]) ).
tff(17,plain,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ),
inference(modus_ponens,[status(thm)],[16,12]) ).
tff(18,plain,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ),
inference(skolemize,[status(sab)],[17]) ).
tff(19,plain,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) ),
inference(modus_ponens,[status(thm)],[18,11]) ).
tff(20,plain,
( ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) )
<=> ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) ) ),
inference(rewrite,[status(thm)],]) ).
tff(21,plain,
( ( ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) )
<=> ( hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) ) ),
inference(rewrite,[status(thm)],]) ).
tff(22,plain,
( ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) )
<=> ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) ) ),
inference(monotonicity,[status(thm)],[21]) ).
tff(23,plain,
( ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) )
<=> ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) ) ),
inference(transitivity,[status(thm)],[22,20]) ).
tff(24,plain,
( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) ),
inference(quant_inst,[status(thm)],]) ).
tff(25,plain,
( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ( V_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A))) ) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ( v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) ) ),
inference(modus_ponens,[status(thm)],[24,23]) ).
tff(26,plain,
v_X = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))),
inference(unit_resolution,[status(thm)],[25,19,9,6,3]) ).
tff(27,plain,
c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))) = v_X,
inference(symmetry,[status(thm)],[26]) ).
tff(28,plain,
c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))) = c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X),
inference(monotonicity,[status(thm)],[27]) ).
tff(29,plain,
c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))))) = c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)),
inference(monotonicity,[status(thm)],[28]) ).
tff(30,plain,
c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))) = c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))),
inference(monotonicity,[status(thm)],[29]) ).
tff(31,plain,
c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A))))))) = c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),
inference(monotonicity,[status(thm)],[30]) ).
tff(32,plain,
c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))) = c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),
inference(monotonicity,[status(thm)],[31]) ).
tff(33,plain,
c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent) = c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent),
inference(monotonicity,[status(thm)],[32]) ).
tff(34,plain,
( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
<=> hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(monotonicity,[status(thm)],[33]) ).
tff(35,plain,
( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
<=> hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(symmetry,[status(thm)],[34]) ).
tff(36,plain,
^ [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
refl(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
inference(bind,[status(th)],]) ).
tff(37,plain,
( ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(quant_intro,[status(thm)],[36]) ).
tff(38,plain,
( ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(39,plain,
^ [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
trans(
monotonicity(
trans(
monotonicity(
rewrite(
( ( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) ) )),
rewrite(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) ) )),
rewrite(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
inference(bind,[status(th)],]) ).
tff(40,plain,
( ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(quant_intro,[status(thm)],[39]) ).
tff(41,axiom,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) ),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_A__trusts__NS2_0) ).
tff(42,plain,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[41,40]) ).
tff(43,plain,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[42,38]) ).
tff(44,plain,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(skolemize,[status(sab)],[43]) ).
tff(45,plain,
! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[44,37]) ).
tff(46,plain,
( ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(47,plain,
( ( ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(48,plain,
( ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(monotonicity,[status(thm)],[47]) ).
tff(49,plain,
( ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(transitivity,[status(thm)],[48,46]) ).
tff(50,plain,
( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(quant_inst,[status(thm)],]) ).
tff(51,plain,
( ~ ! [V_NA: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X)))),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[50,49]) ).
tff(52,plain,
hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),v_X))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
inference(unit_resolution,[status(thm)],[51,45,9,6,3]) ).
tff(53,plain,
hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
inference(modus_ponens,[status(thm)],[52,35]) ).
tff(54,plain,
( ~ hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
<=> ~ hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(rewrite,[status(thm)],]) ).
tff(55,axiom,
~ hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_conjecture_6) ).
tff(56,plain,
~ hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
inference(modus_ponens,[status(thm)],[55,54]) ).
tff(57,plain,
( hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
<=> hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) ),
inference(rewrite,[status(thm)],]) ).
tff(58,axiom,
hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_conjecture_0) ).
tff(59,plain,
hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)),
inference(modus_ponens,[status(thm)],[58,57]) ).
tff(60,plain,
^ [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
refl(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
inference(bind,[status(th)],]) ).
tff(61,plain,
( ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(quant_intro,[status(thm)],[60]) ).
tff(62,plain,
( ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(63,plain,
^ [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
trans(
monotonicity(
trans(
monotonicity(
rewrite(
( ( hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) ) )),
rewrite(
( ( ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg)) )
<=> ( hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) )
<=> ( hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) ) )),
rewrite(
( ( hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
inference(bind,[status(th)],]) ).
tff(64,plain,
( ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) )
<=> ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(quant_intro,[status(thm)],[63]) ).
tff(65,axiom,
! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) ),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_A__trusts__NS4__lemma_0) ).
tff(66,plain,
! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[65,64]) ).
tff(67,plain,
! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[66,62]) ).
tff(68,plain,
! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(skolemize,[status(sab)],[67]) ).
tff(69,plain,
! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[68,61]) ).
tff(70,plain,
( ( ~ ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) )
<=> ( ~ ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(71,plain,
( ( ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(72,plain,
( ( ~ ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) ) ),
inference(monotonicity,[status(thm)],[71]) ).
tff(73,plain,
( ( ~ ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) ) ),
inference(transitivity,[status(thm)],[72,70]) ).
tff(74,plain,
( ~ ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(quant_inst,[status(thm)],]) ).
tff(75,plain,
( ~ ! [V_NA: $i,V_NB: $i,V_X: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),V_X))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_OSays(V_B,V_A,c_Message_Omsg_OCrypt(V_K,c_Message_Omsg_ONonce(V_NB))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(c_Event_Oevent_OSays(v_B,v_A,c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Message_Omsg_OCrypt(v_K,c_Message_Omsg_ONonce(v_NB)),c_Message_Oparts(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) ),
inference(modus_ponens,[status(thm)],[74,73]) ).
tff(76,plain,
( ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)) ),
inference(unit_resolution,[status(thm)],[75,69,59,3,56]) ).
tff(77,plain,
hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg)),
inference(unit_resolution,[status(thm)],[76,53]) ).
tff(78,plain,
( ~ hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
<=> ~ hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent)) ),
inference(rewrite,[status(thm)],]) ).
tff(79,axiom,
~ hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent)),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_conjecture_4) ).
tff(80,plain,
~ hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent)),
inference(modus_ponens,[status(thm)],[79,78]) ).
tff(81,plain,
^ [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
refl(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
inference(bind,[status(th)],]) ).
tff(82,plain,
( ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(quant_intro,[status(thm)],[81]) ).
tff(83,plain,
( ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(84,plain,
^ [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
trans(
monotonicity(
trans(
monotonicity(
trans(
monotonicity(
rewrite(
( ( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent))) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent)) ) )),
rewrite(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) ) )),
rewrite(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
rewrite(
( ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
( ( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) )),
inference(bind,[status(th)],]) ).
tff(85,plain,
( ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(quant_intro,[status(thm)],[84]) ).
tff(86,axiom,
! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_secrecy__lemma_0) ).
tff(87,plain,
! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[86,85]) ).
tff(88,plain,
! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[87,83]) ).
tff(89,plain,
! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(skolemize,[status(sab)],[88]) ).
tff(90,plain,
! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[89,82]) ).
tff(91,plain,
( ( ~ ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(92,plain,
( ( ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(rewrite,[status(thm)],]) ).
tff(93,plain,
( ( ~ ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(monotonicity,[status(thm)],[92]) ).
tff(94,plain,
( ( ~ ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )
<=> ( ~ ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ) ),
inference(transitivity,[status(thm)],[93,91]) ).
tff(95,plain,
( ~ ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(quant_inst,[status(thm)],]) ).
tff(96,plain,
( ~ ! [V_NA: $i,V_B: $i,V_A: $i,V_K: $i,V_evs: $i] :
( ~ hBOOL(c_in(V_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,V_evs)),tc_Message_Omsg))
| hBOOL(c_in(V_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(V_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,V_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_A),c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,V_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,V_K),c_Message_Omsg_OAgent(V_A)))))))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(V_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(V_K,V_NA,V_evs),hAPP(c_Message_Omsg_OKey,V_K)))),c_List_Oset(V_evs,tc_Event_Oevent),tc_Event_Oevent)) )
| hBOOL(c_in(v_A,c_Event_Obad,tc_Message_Oagent))
| hBOOL(c_in(v_B,c_Event_Obad,tc_Message_Oagent))
| ~ hBOOL(c_in(v_evs,c_NS__Shared__Mirabelle_Ons__shared,tc_List_Olist(tc_Event_Oevent)))
| ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(modus_ponens,[status(thm)],[95,94]) ).
tff(97,plain,
( ~ hBOOL(c_in(c_Event_Oevent_OSays(c_Message_Oagent_OServer,v_A,c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_A),c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(c_Message_Omsg_OAgent(v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OCrypt(hAPP(c_Public_OshrK,v_B),c_Message_Omsg_OMPair(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Omsg_OAgent(v_A)))))))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(hAPP(c_Message_Omsg_OKey,v_K),c_Message_Oanalz(c_Event_Oknows(c_Message_Oagent_OSpy,v_evs)),tc_Message_Omsg))
| hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(unit_resolution,[status(thm)],[96,90,6,80,3]) ).
tff(98,plain,
hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
inference(unit_resolution,[status(thm)],[97,77,53]) ).
tff(99,plain,
^ [V_NB: $i] :
refl(
( ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
<=> ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) )),
inference(bind,[status(th)],]) ).
tff(100,plain,
( ! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
<=> ! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(quant_intro,[status(thm)],[99]) ).
tff(101,plain,
( ! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
<=> ! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(rewrite,[status(thm)],]) ).
tff(102,axiom,
! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
file('/export/starexec/sandbox/benchmark/theBenchmark.p',cls_conjecture_2) ).
tff(103,plain,
! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
inference(modus_ponens,[status(thm)],[102,101]) ).
tff(104,plain,
! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
inference(skolemize,[status(sab)],[103]) ).
tff(105,plain,
! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)),
inference(modus_ponens,[status(thm)],[104,100]) ).
tff(106,plain,
( ~ ! [V_NB: $i] : ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(V_NB,hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent))
| ~ hBOOL(c_in(c_Event_Oevent_ONotes(c_Message_Oagent_OSpy,c_Message_Omsg_OMPair(v_NA,c_Message_Omsg_OMPair(v_sko__NS__Shared__Mirabelle__Xsecrecy__lemma__1(v_K,v_NA,v_evs),hAPP(c_Message_Omsg_OKey,v_K)))),c_List_Oset(v_evs,tc_Event_Oevent),tc_Event_Oevent)) ),
inference(quant_inst,[status(thm)],]) ).
tff(107,plain,
$false,
inference(unit_resolution,[status(thm)],[106,105,98]) ).
%------------------------------------------------------------------------------
%----ORIGINAL SYSTEM OUTPUT
% 0.00/0.11 % Problem : SWV758-1 : TPTP v8.1.0. Released v4.1.0.
% 0.11/0.12 % Command : z3_tptp -proof -model -t:%d -file:%s
% 0.12/0.33 % Computer : n013.cluster.edu
% 0.12/0.33 % Model : x86_64 x86_64
% 0.12/0.33 % CPU : Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
% 0.12/0.33 % Memory : 8042.1875MB
% 0.12/0.33 % OS : Linux 3.10.0-693.el7.x86_64
% 0.12/0.33 % CPULimit : 300
% 0.12/0.33 % WCLimit : 300
% 0.12/0.33 % DateTime : Sun Sep 4 07:34:01 EDT 2022
% 0.12/0.33 % CPUTime :
% 0.18/0.33 Z3tptp [4.8.9.0] (c) 2006-20**. Microsoft Corp.
% 0.18/0.33 Usage: tptp [options] [-file:]file
% 0.18/0.33 -h, -? prints this message.
% 0.18/0.33 -smt2 print SMT-LIB2 benchmark.
% 0.18/0.33 -m, -model generate model.
% 0.18/0.33 -p, -proof generate proof.
% 0.18/0.33 -c, -core generate unsat core of named formulas.
% 0.18/0.33 -st, -statistics display statistics.
% 0.18/0.33 -t:timeout set timeout (in second).
% 0.18/0.33 -smt2status display status in smt2 format instead of SZS.
% 0.18/0.33 -check_status check the status produced by Z3 against annotation in benchmark.
% 0.18/0.33 -<param>:<value> configuration parameter and value.
% 0.18/0.33 -o:<output-file> file to place output in.
% 77.75/49.24 % SZS status Unsatisfiable
% 77.75/49.24 % SZS output start Proof
% See solution above
%------------------------------------------------------------------------------