







.
    agent_B_gets_forwarded_submessage_and_sends_confirmation_challenge_current : forall _big_a _big_b _big_kab:term, knows_current (crypt (cons _big_kab (cons _big_a nil)) (key sym (cons _big_b (cons server nil)))) -> knows_current (crypt (nonceb_current _big_kab _big_a _big_b) _big_kab)
    agent_B_gets_forwarded_submessage_and_sends_confirmation_challenge_old : forall _big_a _big_b _big_kab:term, knows_old (crypt (cons _big_kab (cons _big_a nil)) (key sym (cons _big_b (cons server nil)))) -> knows_old (crypt (nonceb_old _big_kab _big_a _big_b) _big_kab)
agent : term -> Prop :=
    alice_agent : agent alice
alice_answers_confirmation_challenge_current : forall _big_a _big_b _big_kab _big_msg _big_nb:term, knows_current (crypt (cons (noncea_current _big_a _big_b) (cons _big_b (cons _big_kab (cons _big_msg nil)))) (key sym (cons _big_a (cons server nil)))) -> knows_current (crypt _big_nb _big_kab) -> knows_current (crypt (s _big_nb) _big_kab)
alice_answers_confirmation_challenge_old : forall _big_a _big_b _big_kab _big_msg _big_nb:term, knows_old (crypt (cons (noncea_old _big_a _big_b) (cons _big_b (cons _big_kab (cons _big_msg nil)))) (key sym (cons _big_a (cons server nil)))) -> knows_old (crypt _big_nb _big_kab) -> knows_old (crypt (s _big_nb) _big_kab)
alice_gets_server_message_and_forwards_submessage_to_bob_current : forall _big_a _big_b _big_kab _big_msg:term, knows_current (crypt (cons (noncea_current _big_a _big_b) (cons _big_b (cons _big_kab (cons _big_msg nil)))) (key sym (cons _big_a (cons server nil)))) -> knows_current _big_msg
alice_gets_server_message_and_forwards_submessage_to_bob_old : forall _big_a _big_b _big_kab _big_msg:term, knows_old (crypt (cons (noncea_old _big_a _big_b) (cons _big_b (cons _big_kab (cons _big_msg nil)))) (key sym (cons _big_a (cons server nil)))) -> knows_old _big_msg
    alice_key_current : forall _big_a _big_b _big_kab _big_msg:term, knows_current (crypt (cons (noncea_current _big_a _big_b) (cons _big_b (cons _big_kab (cons _big_msg nil)))) (key sym (cons _big_a (cons server nil)))) -> alice_key_current _big_a _big_kab
alice_key_current : term -> term -> Prop :=
    alice_key_old : forall _big_a _big_b _big_kab _big_msg:term, knows_old (crypt (cons (noncea_old _big_a _big_b) (cons _big_b (cons _big_kab (cons _big_msg nil)))) (key sym (cons _big_a (cons server nil)))) -> alice_key_old _big_a _big_kab
alice_key_old : term -> term -> Prop :=
alice_sends_message_1_to_server_current : forall _big_a _big_b:term, agent _big_b -> agent _big_a -> knows_current (cons _big_a (cons _big_b (cons (noncea_current _big_a _big_b) nil)))
alice_sends_message_1_to_server_old : forall _big_a _big_b:term, agent _big_b -> agent _big_a -> knows_old (cons _big_a (cons _big_b (cons (noncea_old _big_a _big_b) nil)))
bob_agent : agent bob
    bob_key_current : forall _big_a _big_b _big_kab:term, knows_current (crypt (s (nonceb_current _big_kab _big_a _big_b)) _big_kab) -> bob_key_current _big_b _big_kab
bob_key_current : term -> term -> Prop :=
    bob_key_old : forall _big_a _big_b _big_kab:term, knows_old (crypt (s (nonceb_old _big_kab _big_a _big_b)) _big_kab) -> bob_key_old _big_b _big_kab
bob_key_old : term -> term -> Prop :=
intruder_agent : agent i
intruder_can_build_pairs_current : forall _big_m1 _big_m2:term, knows_current _big_m1 -> knows_current _big_m2 -> knows_current (cons _big_m1 _big_m2)
intruder_can_build_pairs_old : forall _big_m1 _big_m2:term, knows_old _big_m1 -> knows_old _big_m2 -> knows_old (cons _big_m1 _big_m2)
intruder_can_compute_predecessors_current : forall _big_m:term, knows_current (s _big_m) -> knows_current _big_m
intruder_can_compute_predecessors_old : forall _big_m:term, knows_old (s _big_m) -> knows_old _big_m
intruder_can_compute_successors_current : forall _big_m:term, knows_current _big_m -> knows_current (s _big_m)
intruder_can_compute_successors_old : forall _big_m:term, knows_old _big_m -> knows_old (s _big_m)
intruder_can_decrypt_if_has_private_key_current : forall _big_k _big_m:term, knows_current (crypt _big_m (key pub _big_k)) -> knows_current (key prv _big_k) -> knows_current _big_m
intruder_can_decrypt_if_has_private_key_old : forall _big_k _big_m:term, knows_old (crypt _big_m (key pub _big_k)) -> knows_old (key prv _big_k) -> knows_old _big_m
intruder_can_decrypt_if_has_public_key_current : forall _big_k _big_m:term, knows_current (crypt _big_m (key prv _big_k)) -> knows_current (key pub _big_k) -> knows_current _big_m
intruder_can_decrypt_if_has_public_key_old : forall _big_k _big_m:term, knows_old (crypt _big_m (key prv _big_k)) -> knows_old (key pub _big_k) -> knows_old _big_m
intruder_can_decrypt_if_has_symmetric_key_current : forall _big_m _big_x:term, knows_current (crypt _big_m (key sym _big_x)) -> knows_current (key sym _big_x) -> knows_current _big_m
intruder_can_decrypt_if_has_symmetric_key_old : forall _big_m _big_x:term, knows_old (crypt _big_m (key sym _big_x)) -> knows_old (key sym _big_x) -> knows_old _big_m
intruder_can_encrypt_current : forall _big_k _big_m:term, knows_current _big_m -> knows_current _big_k -> knows_current (crypt _big_m _big_k)
intruder_can_encrypt_old : forall _big_k _big_m:term, knows_old _big_m -> knows_old _big_k -> knows_old (crypt _big_m _big_k)
intruder_can_take_first_components_current : forall _big_m1 _big_m2:term, knows_current (cons _big_m1 _big_m2) -> knows_current _big_m1
intruder_can_take_first_components_old : forall _big_m1 _big_m2:term, knows_old (cons _big_m1 _big_m2) -> knows_old _big_m1
intruder_can_take_second_components_current : forall _big_m1 _big_m2:term, knows_current (cons _big_m1 _big_m2) -> knows_current _big_m2
intruder_can_take_second_components_old : forall _big_m1 _big_m2:term, knows_old (cons _big_m1 _big_m2) -> knows_old _big_m2
intruder_knows_all_agents_current : forall _big_x:term, agent _big_x -> knows_current _big_x
intruder_knows_all_agents_old : forall _big_x:term, agent _big_x -> knows_old _big_x
intruder_knows_all_previous_session_keys : forall _big_a _big_b _big_na:term, knows_current (key sym (session_old _big_a _big_b _big_na))
intruder_knows_every_public_key_current : forall _big_x:term, knows_current (key pub _big_x)
intruder_knows_every_public_key_old : forall _big_x:term, knows_old (key pub _big_x)
intruder_knows_nil_current : knows_current nil
intruder_knows_nil_old : knows_old nil
intruder_knows_own_private_key_current : knows_current (key prv i)
intruder_knows_own_private_key_old : knows_old (key prv i)
    intruder_knows_session_key_as_seen_by_alice : forall _big_kab:term, alice_key_current alice _big_kab -> knows_current _big_kab -> __query__intruder_knows_session_key_as_seen_by_alice
    intruder_knows_session_key_generated_by_server : forall _big_na:term, knows_current (key sym (session_current alice bob _big_na)) -> __query__intruder_knows_session_key_generated_by_server
intruder_remembers : forall _big_m:term, knows_old _big_m -> knows_current _big_m
knows_current : term -> Prop :=
knows_old : term -> Prop :=
__query__intruder_knows_session_key_as_seen_by_alice : Prop :=
__query__intruder_knows_session_key_generated_by_server : Prop :=
server_agent : agent server
server_answers_A_with_encrypted_packet_current : forall _big_a _big_b _big_na:term, knows_current (cons _big_a (cons _big_b (cons _big_na nil))) -> knows_current (crypt (cons _big_na (cons _big_b (cons (key sym (session_current _big_a _big_b _big_na)) (cons (crypt (cons (key sym (session_current _big_a _big_b _big_na)) (cons _big_a nil)) (key sym (cons _big_b (cons server nil)))) nil)))) (key sym (cons _big_a (cons server nil))))
server_answers_A_with_encrypted_packet_old : forall _big_a _big_b _big_na:term, knows_old (cons _big_a (cons _big_b (cons _big_na nil))) -> knows_old (crypt (cons _big_na (cons _big_b (cons (key sym (session_old _big_a _big_b _big_na)) (cons (crypt (cons (key sym (session_old _big_a _big_b _big_na)) (cons _big_a nil)) (key sym (cons _big_b (cons server nil)))) nil)))) (key sym (cons _big_a (cons server nil))))
