% TIMEFORMAT='%3R'; { time (exec 2>&1; /home/martin/bin/satallax -E /home/martin/.isabelle/contrib/e-2.5-1/x86_64-linux/eprover -p tstp -t 5 /home/martin/judgement-day/tptp-thf/tptp/NS_Shared/prob_475__5232818_1 ) ; }
% This file was generated by Isabelle (most likely Sledgehammer)
% 2020-12-16 14:25:02.066

% Could-be-implicit typings (11)
thf(ty_n_t__Set__Oset_It__List__Olist_It__Event__Oevent_J_J, type,
    set_list_event : $tType).
thf(ty_n_t__Set__Oset_It__Message__Oagent_J, type,
    set_agent : $tType).
thf(ty_n_t__List__Olist_It__Event__Oevent_J, type,
    list_event : $tType).
thf(ty_n_t__Set__Oset_It__Message__Omsg_J, type,
    set_msg : $tType).
thf(ty_n_t__Set__Oset_It__Event__Oevent_J, type,
    set_event : $tType).
thf(ty_n_t__Set__Oset_It__Nat__Onat_J, type,
    set_nat : $tType).
thf(ty_n_t__Public__Okeymode, type,
    keymode : $tType).
thf(ty_n_t__Message__Oagent, type,
    agent : $tType).
thf(ty_n_t__Message__Omsg, type,
    msg : $tType).
thf(ty_n_t__Event__Oevent, type,
    event : $tType).
thf(ty_n_t__Nat__Onat, type,
    nat : $tType).

% Explicit typings (44)
thf(sy_c_Event_Obad, type,
    bad : set_agent).
thf(sy_c_Event_Oevent_ONotes, type,
    notes : agent > msg > event).
thf(sy_c_Event_Oevent_OSays, type,
    says : agent > agent > msg > event).
thf(sy_c_Event_OinitState, type,
    initState : agent > set_msg).
thf(sy_c_Event_Oknows, type,
    knows : agent > list_event > set_msg).
thf(sy_c_Event_Oused, type,
    used : list_event > set_msg).
thf(sy_c_List_Olist_OCons_001t__Event__Oevent, type,
    cons_event : event > list_event > list_event).
thf(sy_c_List_Olist_Oset_001t__Event__Oevent, type,
    set_event2 : list_event > set_event).
thf(sy_c_Message_Oagent_OServer, type,
    server : agent).
thf(sy_c_Message_Oagent_OSpy, type,
    spy : agent).
thf(sy_c_Message_Oanalz, type,
    analz : set_msg > set_msg).
thf(sy_c_Message_OkeysFor, type,
    keysFor : set_msg > set_nat).
thf(sy_c_Message_Omsg_OAgent, type,
    agent2 : agent > msg).
thf(sy_c_Message_Omsg_OCrypt, type,
    crypt : nat > msg > msg).
thf(sy_c_Message_Omsg_OKey, type,
    key : nat > msg).
thf(sy_c_Message_Omsg_OMPair, type,
    mPair : msg > msg > msg).
thf(sy_c_Message_Omsg_ONonce, type,
    nonce : nat > msg).
thf(sy_c_Message_Oparts, type,
    parts : set_msg > set_msg).
thf(sy_c_Message_OsymKeys, type,
    symKeys : set_nat).
thf(sy_c_NS__Shared__Mirabelle__xwdrtqxrux_OIssues, type,
    nS_Sha1425748201Issues : agent > agent > msg > list_event > $o).
thf(sy_c_NS__Shared__Mirabelle__xwdrtqxrux_Ons__shared, type,
    nS_Sha1061662329shared : set_list_event).
thf(sy_c_NS__Shared__Mirabelle__xwdrtqxrux_Ons__sharedp, type,
    nS_Sha1092415543haredp : list_event > $o).
thf(sy_c_Orderings_Otop__class_Otop_001t__Set__Oset_It__Message__Oagent_J, type,
    top_top_set_agent : set_agent).
thf(sy_c_Public_OpublicKey, type,
    publicKey : keymode > agent > nat).
thf(sy_c_Public_OshrK, type,
    shrK : agent > nat).
thf(sy_c_Set_OCollect_001t__Event__Oevent, type,
    collect_event : (event > $o) > set_event).
thf(sy_c_Set_OCollect_001t__List__Olist_It__Event__Oevent_J, type,
    collect_list_event : (list_event > $o) > set_list_event).
thf(sy_c_Set_OCollect_001t__Message__Oagent, type,
    collect_agent : (agent > $o) > set_agent).
thf(sy_c_Set_OCollect_001t__Message__Omsg, type,
    collect_msg : (msg > $o) > set_msg).
thf(sy_c_Set_OCollect_001t__Nat__Onat, type,
    collect_nat : (nat > $o) > set_nat).
thf(sy_c_Set_Oimage_001t__Message__Oagent_001t__Nat__Onat, type,
    image_agent_nat : (agent > nat) > set_agent > set_nat).
thf(sy_c_Set_Oinsert_001t__Message__Omsg, type,
    insert_msg : msg > set_msg > set_msg).
thf(sy_c_member_001t__Event__Oevent, type,
    member_event : event > set_event > $o).
thf(sy_c_member_001t__List__Olist_It__Event__Oevent_J, type,
    member_list_event : list_event > set_list_event > $o).
thf(sy_c_member_001t__Message__Oagent, type,
    member_agent : agent > set_agent > $o).
thf(sy_c_member_001t__Message__Omsg, type,
    member_msg : msg > set_msg > $o).
thf(sy_c_member_001t__Nat__Onat, type,
    member_nat : nat > set_nat > $o).
thf(sy_v_A, type,
    a : agent).
thf(sy_v_B, type,
    b : agent).
thf(sy_v_K, type,
    k : nat).
thf(sy_v_NA, type,
    na : nat).
thf(sy_v_NB, type,
    nb : nat).
thf(sy_v_X, type,
    x : msg).
thf(sy_v_evs, type,
    evs : list_event).

% Relevant facts (156)
thf(fact_0_Spy__analz__shrK, axiom,
    ((![Evs : list_event, A : agent]: ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((member_msg @ (key @ (shrK @ A)) @ (analz @ (knows @ spy @ Evs))) = (member_agent @ A @ bad)))))). % Spy_analz_shrK
thf(fact_1_Spy__see__shrK, axiom,
    ((![Evs : list_event, A : agent]: ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((member_msg @ (key @ (shrK @ A)) @ (parts @ (knows @ spy @ Evs))) = (member_agent @ A @ bad)))))). % Spy_see_shrK
thf(fact_2_NS3__msg__in__parts__spies, axiom,
    ((![S : agent, A : agent, KA : nat, N : msg, B : msg, K : msg, X : msg, Evs : list_event]: ((member_event @ (says @ S @ A @ (crypt @ KA @ (mPair @ N @ (mPair @ B @ (mPair @ K @ X))))) @ (set_event2 @ Evs)) => (member_msg @ X @ (parts @ (knows @ spy @ Evs))))))). % NS3_msg_in_parts_spies
thf(fact_3_Spy__spies__bad__shrK, axiom,
    ((![A : agent, Evs : list_event]: ((member_agent @ A @ bad) => (member_msg @ (key @ (shrK @ A)) @ (knows @ spy @ Evs)))))). % Spy_spies_bad_shrK
thf(fact_4_A__authenticates__and__keydist__to__B, axiom,
    ((![K : nat, NB : nat, Evs : list_event, A : agent, NA : msg, B : agent, X : msg]: ((member_msg @ (crypt @ K @ (nonce @ NB)) @ (parts @ (knows @ spy @ Evs))) => ((member_msg @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X)))) @ (parts @ (knows @ spy @ Evs))) => ((~ ((member_msg @ (key @ K) @ (analz @ (knows @ spy @ Evs))))) => ((~ ((member_agent @ A @ bad))) => ((~ ((member_agent @ B @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (nS_Sha1425748201Issues @ B @ A @ (crypt @ K @ (nonce @ NB)) @ Evs)))))))))). % A_authenticates_and_keydist_to_B
thf(fact_5_B__Issues__A, axiom,
    ((![B : agent, A : agent, K : nat, Nb : nat, Evs : list_event]: ((member_event @ (says @ B @ A @ (crypt @ K @ (nonce @ Nb))) @ (set_event2 @ Evs)) => ((~ ((member_msg @ (key @ K) @ (analz @ (knows @ spy @ Evs))))) => ((~ ((member_agent @ A @ bad))) => ((~ ((member_agent @ B @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (nS_Sha1425748201Issues @ B @ A @ (crypt @ K @ (nonce @ Nb)) @ Evs))))))))). % B_Issues_A
thf(fact_6_shrK__in__knows, axiom,
    ((![A : agent, Evs : list_event]: (member_msg @ (key @ (shrK @ A)) @ (knows @ A @ Evs))))). % shrK_in_knows
thf(fact_7_Crypt__Spy__analz__bad, axiom,
    ((![A : agent, X : msg, Evs : list_event]: ((member_msg @ (crypt @ (shrK @ A) @ X) @ (analz @ (knows @ spy @ Evs))) => ((member_agent @ A @ bad) => (member_msg @ X @ (analz @ (knows @ spy @ Evs)))))))). % Crypt_Spy_analz_bad
thf(fact_8_Spy__in__bad, axiom,
    ((member_agent @ spy @ bad))). % Spy_in_bad
thf(fact_9_Says__imp__analz__Spy, axiom,
    ((![A : agent, B : agent, X : msg, Evs : list_event]: ((member_event @ (says @ A @ B @ X) @ (set_event2 @ Evs)) => (member_msg @ X @ (analz @ (knows @ spy @ Evs))))))). % Says_imp_analz_Spy
thf(fact_10_B__trusts__NS5__lemma, axiom,
    ((![B : agent, Evs : list_event, K : nat, A : agent, NA : msg, NB : nat]: ((~ ((member_agent @ B @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((~ ((member_msg @ (key @ K) @ (analz @ (knows @ spy @ Evs))))) => ((member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A)))))))) @ (set_event2 @ Evs)) => ((member_msg @ (crypt @ K @ (mPair @ (nonce @ NB) @ (nonce @ NB))) @ (parts @ (knows @ spy @ Evs))) => (member_event @ (says @ A @ B @ (crypt @ K @ (mPair @ (nonce @ NB) @ (nonce @ NB)))) @ (set_event2 @ Evs)))))))))). % B_trusts_NS5_lemma
thf(fact_11_analz__parts, axiom,
    ((![H : set_msg]: ((analz @ (parts @ H)) = (parts @ H))))). % analz_parts
thf(fact_12_parts__analz, axiom,
    ((![H : set_msg]: ((parts @ (analz @ H)) = (parts @ H))))). % parts_analz
thf(fact_13_analz__conj__parts, axiom,
    ((![X : msg, H : set_msg]: ((((member_msg @ X @ (analz @ H))) & ((member_msg @ X @ (parts @ H)))) = (member_msg @ X @ (analz @ H)))))). % analz_conj_parts
thf(fact_14_analz__disj__parts, axiom,
    ((![X : msg, H : set_msg]: ((((member_msg @ X @ (analz @ H))) | ((member_msg @ X @ (parts @ H)))) = (member_msg @ X @ (parts @ H)))))). % analz_disj_parts
thf(fact_15_msg_Oinject_I6_J, axiom,
    ((![X61 : msg, X62 : msg, Y61 : msg, Y62 : msg]: (((mPair @ X61 @ X62) = (mPair @ Y61 @ Y62)) = (((X61 = Y61)) & ((X62 = Y62))))))). % msg.inject(6)
thf(fact_16_analz__idem, axiom,
    ((![H : set_msg]: ((analz @ (analz @ H)) = (analz @ H))))). % analz_idem
thf(fact_17_msg_Oinject_I4_J, axiom,
    ((![X4 : nat, Y4 : nat]: (((key @ X4) = (key @ Y4)) = (X4 = Y4))))). % msg.inject(4)
thf(fact_18_parts__idem, axiom,
    ((![H : set_msg]: ((parts @ (parts @ H)) = (parts @ H))))). % parts_idem
thf(fact_19_msg_Oinject_I7_J, axiom,
    ((![X71 : nat, X72 : msg, Y71 : nat, Y72 : msg]: (((crypt @ X71 @ X72) = (crypt @ Y71 @ Y72)) = (((X71 = Y71)) & ((X72 = Y72))))))). % msg.inject(7)
thf(fact_20_msg_Oinject_I3_J, axiom,
    ((![X3 : nat, Y3 : nat]: (((nonce @ X3) = (nonce @ Y3)) = (X3 = Y3))))). % msg.inject(3)
thf(fact_21_msg_Oinject_I1_J, axiom,
    ((![X1 : agent, Y1 : agent]: (((agent2 @ X1) = (agent2 @ Y1)) = (X1 = Y1))))). % msg.inject(1)
thf(fact_22_shrK__injective, axiom,
    ((![X2 : agent, Y : agent]: (((shrK @ X2) = (shrK @ Y)) = (X2 = Y))))). % shrK_injective
thf(fact_23_event_Oinject_I1_J, axiom,
    ((![X11 : agent, X12 : agent, X13 : msg, Y11 : agent, Y12 : agent, Y13 : msg]: (((says @ X11 @ X12 @ X13) = (says @ Y11 @ Y12 @ Y13)) = (((X11 = Y11)) & ((((X12 = Y12)) & ((X13 = Y13))))))))). % event.inject(1)
thf(fact_24_agent_Odistinct_I3_J, axiom,
    ((~ ((server = spy))))). % agent.distinct(3)
thf(fact_25_Server__not__bad, axiom,
    ((~ ((member_agent @ server @ bad))))). % Server_not_bad
thf(fact_26_analz__analzD, axiom,
    ((![X : msg, H : set_msg]: ((member_msg @ X @ (analz @ (analz @ H))) => (member_msg @ X @ (analz @ H)))))). % analz_analzD
thf(fact_27_analz_OInj, axiom,
    ((![X : msg, H : set_msg]: ((member_msg @ X @ H) => (member_msg @ X @ (analz @ H)))))). % analz.Inj
thf(fact_28_parts__partsD, axiom,
    ((![X : msg, H : set_msg]: ((member_msg @ X @ (parts @ (parts @ H))) => (member_msg @ X @ (parts @ H)))))). % parts_partsD
thf(fact_29_parts_OInj, axiom,
    ((![X : msg, H : set_msg]: ((member_msg @ X @ H) => (member_msg @ X @ (parts @ H)))))). % parts.Inj
thf(fact_30_MPair__analz, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((member_msg @ (mPair @ X @ Y2) @ (analz @ H)) => (~ (((member_msg @ X @ (analz @ H)) => (~ ((member_msg @ Y2 @ (analz @ H))))))))))). % MPair_analz
thf(fact_31_analz_OSnd, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((member_msg @ (mPair @ X @ Y2) @ (analz @ H)) => (member_msg @ Y2 @ (analz @ H)))))). % analz.Snd
thf(fact_32_analz_OFst, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((member_msg @ (mPair @ X @ Y2) @ (analz @ H)) => (member_msg @ X @ (analz @ H)))))). % analz.Fst
thf(fact_33_msg_Odistinct_I33_J, axiom,
    ((![X4 : nat, X61 : msg, X62 : msg]: (~ (((key @ X4) = (mPair @ X61 @ X62))))))). % msg.distinct(33)
thf(fact_34_MPair__parts, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((member_msg @ (mPair @ X @ Y2) @ (parts @ H)) => (~ (((member_msg @ X @ (parts @ H)) => (~ ((member_msg @ Y2 @ (parts @ H))))))))))). % MPair_parts
thf(fact_35_parts_OSnd, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((member_msg @ (mPair @ X @ Y2) @ (parts @ H)) => (member_msg @ Y2 @ (parts @ H)))))). % parts.Snd
thf(fact_36_parts_OFst, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((member_msg @ (mPair @ X @ Y2) @ (parts @ H)) => (member_msg @ X @ (parts @ H)))))). % parts.Fst
thf(fact_37_not__parts__not__analz, axiom,
    ((![C : msg, H : set_msg]: ((~ ((member_msg @ C @ (parts @ H)))) => (~ ((member_msg @ C @ (analz @ H)))))))). % not_parts_not_analz
thf(fact_38_analz__into__parts, axiom,
    ((![C : msg, H : set_msg]: ((member_msg @ C @ (analz @ H)) => (member_msg @ C @ (parts @ H)))))). % analz_into_parts
thf(fact_39_msg_Odistinct_I41_J, axiom,
    ((![X61 : msg, X62 : msg, X71 : nat, X72 : msg]: (~ (((mPair @ X61 @ X62) = (crypt @ X71 @ X72))))))). % msg.distinct(41)
thf(fact_40_msg_Odistinct_I35_J, axiom,
    ((![X4 : nat, X71 : nat, X72 : msg]: (~ (((key @ X4) = (crypt @ X71 @ X72))))))). % msg.distinct(35)
thf(fact_41_parts_OBody, axiom,
    ((![K : nat, X : msg, H : set_msg]: ((member_msg @ (crypt @ K @ X) @ (parts @ H)) => (member_msg @ X @ (parts @ H)))))). % parts.Body
thf(fact_42_msg_Odistinct_I27_J, axiom,
    ((![X3 : nat, X61 : msg, X62 : msg]: (~ (((nonce @ X3) = (mPair @ X61 @ X62))))))). % msg.distinct(27)
thf(fact_43_msg_Odistinct_I9_J, axiom,
    ((![X1 : agent, X61 : msg, X62 : msg]: (~ (((agent2 @ X1) = (mPair @ X61 @ X62))))))). % msg.distinct(9)
thf(fact_44_msg_Odistinct_I23_J, axiom,
    ((![X3 : nat, X4 : nat]: (~ (((nonce @ X3) = (key @ X4))))))). % msg.distinct(23)
thf(fact_45_mem__Collect__eq, axiom,
    ((![A2 : agent, P : agent > $o]: ((member_agent @ A2 @ (collect_agent @ P)) = (P @ A2))))). % mem_Collect_eq
thf(fact_46_mem__Collect__eq, axiom,
    ((![A2 : list_event, P : list_event > $o]: ((member_list_event @ A2 @ (collect_list_event @ P)) = (P @ A2))))). % mem_Collect_eq
thf(fact_47_mem__Collect__eq, axiom,
    ((![A2 : msg, P : msg > $o]: ((member_msg @ A2 @ (collect_msg @ P)) = (P @ A2))))). % mem_Collect_eq
thf(fact_48_mem__Collect__eq, axiom,
    ((![A2 : event, P : event > $o]: ((member_event @ A2 @ (collect_event @ P)) = (P @ A2))))). % mem_Collect_eq
thf(fact_49_mem__Collect__eq, axiom,
    ((![A2 : nat, P : nat > $o]: ((member_nat @ A2 @ (collect_nat @ P)) = (P @ A2))))). % mem_Collect_eq
thf(fact_50_Collect__mem__eq, axiom,
    ((![A : set_agent]: ((collect_agent @ (^[X5 : agent]: (member_agent @ X5 @ A))) = A)))). % Collect_mem_eq
thf(fact_51_Collect__mem__eq, axiom,
    ((![A : set_list_event]: ((collect_list_event @ (^[X5 : list_event]: (member_list_event @ X5 @ A))) = A)))). % Collect_mem_eq
thf(fact_52_Collect__mem__eq, axiom,
    ((![A : set_msg]: ((collect_msg @ (^[X5 : msg]: (member_msg @ X5 @ A))) = A)))). % Collect_mem_eq
thf(fact_53_Collect__mem__eq, axiom,
    ((![A : set_event]: ((collect_event @ (^[X5 : event]: (member_event @ X5 @ A))) = A)))). % Collect_mem_eq
thf(fact_54_Collect__mem__eq, axiom,
    ((![A : set_nat]: ((collect_nat @ (^[X5 : nat]: (member_nat @ X5 @ A))) = A)))). % Collect_mem_eq
thf(fact_55_msg_Odistinct_I5_J, axiom,
    ((![X1 : agent, X4 : nat]: (~ (((agent2 @ X1) = (key @ X4))))))). % msg.distinct(5)
thf(fact_56_msg_Odistinct_I29_J, axiom,
    ((![X3 : nat, X71 : nat, X72 : msg]: (~ (((nonce @ X3) = (crypt @ X71 @ X72))))))). % msg.distinct(29)
thf(fact_57_msg_Odistinct_I11_J, axiom,
    ((![X1 : agent, X71 : nat, X72 : msg]: (~ (((agent2 @ X1) = (crypt @ X71 @ X72))))))). % msg.distinct(11)
thf(fact_58_msg_Odistinct_I3_J, axiom,
    ((![X1 : agent, X3 : nat]: (~ (((agent2 @ X1) = (nonce @ X3))))))). % msg.distinct(3)
thf(fact_59_Oops__parts__spies, axiom,
    ((![A : agent, NA : msg, B : msg, K : msg, X : msg, Evs : list_event]: ((member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ B @ (mPair @ K @ X))))) @ (set_event2 @ Evs)) => (member_msg @ K @ (parts @ (knows @ spy @ Evs))))))). % Oops_parts_spies
thf(fact_60_unique__session__keys, axiom,
    ((![A : agent, NA : msg, B : agent, K : nat, X : msg, Evs : list_event, A3 : agent, NA2 : msg, B2 : agent, X6 : msg]: ((member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs)) => ((member_event @ (says @ server @ A3 @ (crypt @ (shrK @ A3) @ (mPair @ NA2 @ (mPair @ (agent2 @ B2) @ (mPair @ (key @ K) @ X6))))) @ (set_event2 @ Evs)) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((A = A3) & ((NA = NA2) & ((B = B2) & (X = X6)))))))))). % unique_session_keys
thf(fact_61_analz__trivial, axiom,
    ((![H : set_msg]: ((![X7 : msg, Y5 : msg]: (~ ((member_msg @ (mPair @ X7 @ Y5) @ H)))) => ((![X7 : msg, K2 : nat]: (~ ((member_msg @ (crypt @ K2 @ X7) @ H)))) => ((analz @ H) = H)))))). % analz_trivial
thf(fact_62_parts_Oinducts, axiom,
    ((![X2 : msg, H : set_msg, P : msg > $o]: ((member_msg @ X2 @ (parts @ H)) => ((![X7 : msg]: ((member_msg @ X7 @ H) => (P @ X7))) => ((![X7 : msg, Y5 : msg]: ((member_msg @ (mPair @ X7 @ Y5) @ (parts @ H)) => ((P @ (mPair @ X7 @ Y5)) => (P @ X7)))) => ((![X7 : msg, Y5 : msg]: ((member_msg @ (mPair @ X7 @ Y5) @ (parts @ H)) => ((P @ (mPair @ X7 @ Y5)) => (P @ Y5)))) => ((![K2 : nat, X7 : msg]: ((member_msg @ (crypt @ K2 @ X7) @ (parts @ H)) => ((P @ (crypt @ K2 @ X7)) => (P @ X7)))) => (P @ X2))))))))). % parts.inducts
thf(fact_63_parts_Osimps, axiom,
    ((![A2 : msg, H : set_msg]: ((member_msg @ A2 @ (parts @ H)) = (((?[X8 : msg]: (((A2 = X8)) & ((member_msg @ X8 @ H))))) | ((((?[X8 : msg]: (?[Y6 : msg]: (((A2 = X8)) & ((member_msg @ (mPair @ X8 @ Y6) @ (parts @ H))))))) | ((((?[X8 : msg]: (?[Y6 : msg]: (((A2 = Y6)) & ((member_msg @ (mPair @ X8 @ Y6) @ (parts @ H))))))) | ((?[K3 : nat]: (?[X8 : msg]: (((A2 = X8)) & ((member_msg @ (crypt @ K3 @ X8) @ (parts @ H)))))))))))))))). % parts.simps
thf(fact_64_parts_Ocases, axiom,
    ((![A2 : msg, H : set_msg]: ((member_msg @ A2 @ (parts @ H)) => ((~ ((member_msg @ A2 @ H))) => ((![Y5 : msg]: (~ ((member_msg @ (mPair @ A2 @ Y5) @ (parts @ H))))) => ((![X7 : msg]: (~ ((member_msg @ (mPair @ X7 @ A2) @ (parts @ H))))) => (~ ((![K2 : nat]: (~ ((member_msg @ (crypt @ K2 @ A2) @ (parts @ H)))))))))))))). % parts.cases
thf(fact_65_analz__impI, axiom,
    ((![Y2 : msg, Evs : list_event, Q : $o]: (((~ ((member_msg @ Y2 @ (analz @ (knows @ spy @ Evs))))) => Q) => ((~ ((member_msg @ Y2 @ (analz @ (knows @ spy @ Evs))))) => Q))))). % analz_impI
thf(fact_66_Says__imp__knows, axiom,
    ((![A : agent, B : agent, X : msg, Evs : list_event]: ((member_event @ (says @ A @ B @ X) @ (set_event2 @ Evs)) => (member_msg @ X @ (knows @ A @ Evs)))))). % Says_imp_knows
thf(fact_67_analz__shrK__Decrypt, axiom,
    ((![A : agent, X : msg, H : set_msg]: ((member_msg @ (crypt @ (shrK @ A) @ X) @ (analz @ H)) => ((member_msg @ (key @ (shrK @ A)) @ (analz @ H)) => (member_msg @ X @ (analz @ H))))))). % analz_shrK_Decrypt
thf(fact_68_Says__imp__knows__Spy, axiom,
    ((![A : agent, B : agent, X : msg, Evs : list_event]: ((member_event @ (says @ A @ B @ X) @ (set_event2 @ Evs)) => (member_msg @ X @ (knows @ spy @ Evs)))))). % Says_imp_knows_Spy
thf(fact_69_B__trusts__NS3, axiom,
    ((![B : agent, K : nat, A : agent, Evs : list_event]: ((member_msg @ (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A))) @ (parts @ (knows @ spy @ Evs))) => ((~ ((member_agent @ B @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (?[NA3 : msg]: (member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ NA3 @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A)))))))) @ (set_event2 @ Evs))))))))). % B_trusts_NS3
thf(fact_70_A__trusts__NS2, axiom,
    ((![A : agent, NA : msg, B : agent, K : nat, X : msg, Evs : list_event]: ((member_msg @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X)))) @ (parts @ (knows @ spy @ Evs))) => ((~ ((member_agent @ A @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs)))))))). % A_trusts_NS2
thf(fact_71_A__trusts__NS4__lemma, axiom,
    ((![Evs : list_event, K : nat, A : agent, NA : msg, B : agent, X : msg, NB : nat]: ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((~ ((member_msg @ (key @ K) @ (analz @ (knows @ spy @ Evs))))) => ((member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs)) => ((member_msg @ (crypt @ K @ (nonce @ NB)) @ (parts @ (knows @ spy @ Evs))) => (member_event @ (says @ B @ A @ (crypt @ K @ (nonce @ NB))) @ (set_event2 @ Evs))))))))). % A_trusts_NS4_lemma
thf(fact_72_NS4__implies__NS3, axiom,
    ((![Evs : list_event, K : nat, A : agent, NA : msg, B : agent, X : msg, NB : nat]: ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((~ ((member_msg @ (key @ K) @ (analz @ (knows @ spy @ Evs))))) => ((member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs)) => ((member_msg @ (crypt @ K @ (nonce @ NB)) @ (parts @ (knows @ spy @ Evs))) => (?[A4 : agent]: (member_event @ (says @ A4 @ B @ X) @ (set_event2 @ Evs)))))))))). % NS4_implies_NS3
thf(fact_73_secrecy__lemma, axiom,
    ((![A : agent, NA : msg, B : agent, K : nat, Evs : list_event]: ((member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A)))))))) @ (set_event2 @ Evs)) => ((~ ((member_agent @ A @ bad))) => ((~ ((member_agent @ B @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((![NB2 : msg]: (~ ((member_event @ (notes @ spy @ (mPair @ NA @ (mPair @ NB2 @ (key @ K)))) @ (set_event2 @ Evs))))) => (~ ((member_msg @ (key @ K) @ (analz @ (knows @ spy @ Evs))))))))))))). % secrecy_lemma
thf(fact_74_B__trusts__NS5, axiom,
    ((![K : nat, NB : nat, Evs : list_event, B : agent, A : agent]: ((member_msg @ (crypt @ K @ (mPair @ (nonce @ NB) @ (nonce @ NB))) @ (parts @ (knows @ spy @ Evs))) => ((member_msg @ (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A))) @ (parts @ (knows @ spy @ Evs))) => ((![NA3 : msg, NB2 : msg]: (~ ((member_event @ (notes @ spy @ (mPair @ NA3 @ (mPair @ NB2 @ (key @ K)))) @ (set_event2 @ Evs))))) => ((~ ((member_agent @ A @ bad))) => ((~ ((member_agent @ B @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (member_event @ (says @ A @ B @ (crypt @ K @ (mPair @ (nonce @ NB) @ (nonce @ NB)))) @ (set_event2 @ Evs))))))))))). % B_trusts_NS5
thf(fact_75_A__trusts__NS4, axiom,
    ((![K : nat, NB : nat, Evs : list_event, A : agent, NA : msg, B : agent, X : msg]: ((member_msg @ (crypt @ K @ (nonce @ NB)) @ (parts @ (knows @ spy @ Evs))) => ((member_msg @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X)))) @ (parts @ (knows @ spy @ Evs))) => ((![NB2 : msg]: (~ ((member_event @ (notes @ spy @ (mPair @ NA @ (mPair @ NB2 @ (key @ K)))) @ (set_event2 @ Evs))))) => ((~ ((member_agent @ A @ bad))) => ((~ ((member_agent @ B @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (member_event @ (says @ B @ A @ (crypt @ K @ (nonce @ NB))) @ (set_event2 @ Evs))))))))))). % A_trusts_NS4
thf(fact_76_Spy__not__see__encrypted__key, axiom,
    ((![A : agent, K4 : nat, NA : msg, B : agent, K : nat, X : msg, Evs : list_event]: ((member_event @ (says @ server @ A @ (crypt @ K4 @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs)) => ((![NB2 : msg]: (~ ((member_event @ (notes @ spy @ (mPair @ NA @ (mPair @ NB2 @ (key @ K)))) @ (set_event2 @ Evs))))) => ((~ ((member_agent @ A @ bad))) => ((~ ((member_agent @ B @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (~ ((member_msg @ (key @ K) @ (analz @ (knows @ spy @ Evs))))))))))))). % Spy_not_see_encrypted_key
thf(fact_77_ns__shared_ONS3, axiom,
    ((![Evs3 : list_event, A : agent, S : agent, NA : nat, B : agent, K : nat, X : msg]: ((member_list_event @ Evs3 @ nS_Sha1061662329shared) => ((~ ((A = server))) => ((member_event @ (says @ S @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs3)) => ((member_event @ (says @ A @ server @ (mPair @ (agent2 @ A) @ (mPair @ (agent2 @ B) @ (nonce @ NA)))) @ (set_event2 @ Evs3)) => (member_list_event @ (cons_event @ (says @ A @ B @ X) @ Evs3) @ nS_Sha1061662329shared)))))))). % ns_shared.NS3
thf(fact_78_ns__shared_OOops, axiom,
    ((![Evso : list_event, B : agent, A : agent, K : nat, NB : nat, NA : nat, X : msg]: ((member_list_event @ Evso @ nS_Sha1061662329shared) => ((member_event @ (says @ B @ A @ (crypt @ K @ (nonce @ NB))) @ (set_event2 @ Evso)) => ((member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evso)) => (member_list_event @ (cons_event @ (notes @ spy @ (mPair @ (nonce @ NA) @ (mPair @ (nonce @ NB) @ (key @ K)))) @ Evso) @ nS_Sha1061662329shared))))))). % ns_shared.Oops
thf(fact_79_Says__S__message__form, axiom,
    ((![S : agent, A : agent, NA : nat, B : agent, K : nat, X : msg, Evs : list_event]: ((member_event @ (says @ S @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs)) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (((~ ((member_nat @ K @ (image_agent_nat @ shrK @ top_top_set_agent)))) & (X = (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A))))) | (member_msg @ X @ (analz @ (knows @ spy @ Evs))))))))). % Says_S_message_form
thf(fact_80_analz__spies__pubK, axiom,
    ((![B3 : keymode, A : agent, Evs : list_event]: (member_msg @ (key @ (publicKey @ B3 @ A)) @ (analz @ (knows @ spy @ Evs)))))). % analz_spies_pubK
thf(fact_81_Notes__imp__knows__Spy, axiom,
    ((![A : agent, X : msg, Evs : list_event]: ((member_event @ (notes @ A @ X) @ (set_event2 @ Evs)) => ((member_agent @ A @ bad) => (member_msg @ X @ (knows @ spy @ Evs))))))). % Notes_imp_knows_Spy
thf(fact_82_ns__shared_ONS5, axiom,
    ((![Evs5 : list_event, K : nat, B2 : agent, A : agent, NB : nat, S : agent, NA : nat, B : agent, X : msg]: ((member_list_event @ Evs5 @ nS_Sha1061662329shared) => ((member_nat @ K @ symKeys) => ((member_event @ (says @ B2 @ A @ (crypt @ K @ (nonce @ NB))) @ (set_event2 @ Evs5)) => ((member_event @ (says @ S @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs5)) => (member_list_event @ (cons_event @ (says @ A @ B @ (crypt @ K @ (mPair @ (nonce @ NB) @ (nonce @ NB)))) @ Evs5) @ nS_Sha1061662329shared)))))))). % ns_shared.NS5
thf(fact_83_publicKey__inject, axiom,
    ((![B3 : keymode, A : agent, C : keymode, A3 : agent]: (((publicKey @ B3 @ A) = (publicKey @ C @ A3)) = (((B3 = C)) & ((A = A3))))))). % publicKey_inject
thf(fact_84_event_Oinject_I3_J, axiom,
    ((![X31 : agent, X32 : msg, Y31 : agent, Y32 : msg]: (((notes @ X31 @ X32) = (notes @ Y31 @ Y32)) = (((X31 = Y31)) & ((X32 = Y32))))))). % event.inject(3)
thf(fact_85_shrK__image__eq, axiom,
    ((![X2 : agent, AA : set_agent]: ((member_nat @ (shrK @ X2) @ (image_agent_nat @ shrK @ AA)) = (member_agent @ X2 @ AA))))). % shrK_image_eq
thf(fact_86_sym__shrK, axiom,
    ((![X : agent]: (member_nat @ (shrK @ X) @ symKeys)))). % sym_shrK
thf(fact_87_publicKey__image__eq, axiom,
    ((![B3 : keymode, X2 : agent, C : keymode, AA : set_agent]: ((member_nat @ (publicKey @ B3 @ X2) @ (image_agent_nat @ (publicKey @ C) @ AA)) = (((B3 = C)) & ((member_agent @ X2 @ AA))))))). % publicKey_image_eq
thf(fact_88_spies__pubK, axiom,
    ((![B3 : keymode, A : agent, Evs : list_event]: (member_msg @ (key @ (publicKey @ B3 @ A)) @ (knows @ spy @ Evs))))). % spies_pubK
thf(fact_89_not__symKeys__pubK, axiom,
    ((![B3 : keymode, A : agent]: (~ ((member_nat @ (publicKey @ B3 @ A) @ symKeys)))))). % not_symKeys_pubK
thf(fact_90_injective__publicKey, axiom,
    ((![B3 : keymode, A : agent, C : keymode, A3 : agent]: (((publicKey @ B3 @ A) = (publicKey @ C @ A3)) => ((B3 = C) & (A = A3)))))). % injective_publicKey
thf(fact_91_symKeys__neq__imp__neq, axiom,
    ((![K : nat, K4 : nat]: ((~ (((member_nat @ K @ symKeys) = (member_nat @ K4 @ symKeys)))) => (~ ((K = K4))))))). % symKeys_neq_imp_neq
thf(fact_92_shrK__notin__image__publicKey, axiom,
    ((![X2 : agent, B3 : keymode, AA : set_agent]: (~ ((member_nat @ (shrK @ X2) @ (image_agent_nat @ (publicKey @ B3) @ AA))))))). % shrK_notin_image_publicKey
thf(fact_93_publicKey__notin__image__shrK, axiom,
    ((![B3 : keymode, X2 : agent, AA : set_agent]: (~ ((member_nat @ (publicKey @ B3 @ X2) @ (image_agent_nat @ shrK @ AA))))))). % publicKey_notin_image_shrK
thf(fact_94_shrK__neq__pubK, axiom,
    ((![B3 : keymode, C2 : agent, A : agent]: (~ (((publicKey @ B3 @ C2) = (shrK @ A))))))). % shrK_neq_pubK
thf(fact_95_event_Odistinct_I3_J, axiom,
    ((![X11 : agent, X12 : agent, X13 : msg, X31 : agent, X32 : msg]: (~ (((says @ X11 @ X12 @ X13) = (notes @ X31 @ X32))))))). % event.distinct(3)
thf(fact_96_analz__mono__contra_I2_J, axiom,
    ((![C : msg, A : agent, X : msg, Evs : list_event]: ((~ ((member_msg @ C @ (analz @ (knows @ spy @ (cons_event @ (notes @ A @ X) @ Evs)))))) => (~ ((member_msg @ C @ (analz @ (knows @ spy @ Evs))))))))). % analz_mono_contra(2)
thf(fact_97_Notes__imp__knows, axiom,
    ((![A : agent, X : msg, Evs : list_event]: ((member_event @ (notes @ A @ X) @ (set_event2 @ Evs)) => (member_msg @ X @ (knows @ A @ Evs)))))). % Notes_imp_knows
thf(fact_98_analz__mono__contra_I1_J, axiom,
    ((![C : msg, A : agent, B : agent, X : msg, Evs : list_event]: ((~ ((member_msg @ C @ (analz @ (knows @ spy @ (cons_event @ (says @ A @ B @ X) @ Evs)))))) => (~ ((member_msg @ C @ (analz @ (knows @ spy @ Evs))))))))). % analz_mono_contra(1)
thf(fact_99_Says__Server__message__form, axiom,
    ((![A : agent, K4 : nat, N : msg, B : agent, K : nat, X : msg, Evs : list_event]: ((member_event @ (says @ server @ A @ (crypt @ K4 @ (mPair @ N @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs)) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((~ ((member_nat @ K @ (image_agent_nat @ shrK @ top_top_set_agent)))) & ((X = (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A)))) & (K4 = (shrK @ A))))))))). % Says_Server_message_form
thf(fact_100_analz__symKeys__Decrypt, axiom,
    ((![K : nat, X : msg, H : set_msg]: ((member_msg @ (crypt @ K @ X) @ (analz @ H)) => ((member_nat @ K @ symKeys) => ((member_msg @ (key @ K) @ (analz @ H)) => (member_msg @ X @ (analz @ H)))))))). % analz_symKeys_Decrypt
thf(fact_101_cert__A__form, axiom,
    ((![A : agent, NA : msg, B : agent, K : nat, X : msg, Evs : list_event]: ((member_msg @ (crypt @ (shrK @ A) @ (mPair @ NA @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X)))) @ (parts @ (knows @ spy @ Evs))) => ((~ ((member_agent @ A @ bad))) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((~ ((member_nat @ K @ (image_agent_nat @ shrK @ top_top_set_agent)))) & (X = (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A))))))))))). % cert_A_form
thf(fact_102_ns__sharedp_OOops, axiom,
    ((![Evso : list_event, B : agent, A : agent, K : nat, NB : nat, NA : nat, X : msg]: ((nS_Sha1092415543haredp @ Evso) => ((member_event @ (says @ B @ A @ (crypt @ K @ (nonce @ NB))) @ (set_event2 @ Evso)) => ((member_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evso)) => (nS_Sha1092415543haredp @ (cons_event @ (notes @ spy @ (mPair @ (nonce @ NA) @ (mPair @ (nonce @ NB) @ (key @ K)))) @ Evso)))))))). % ns_sharedp.Oops
thf(fact_103_ns__sharedp_ONS5, axiom,
    ((![Evs5 : list_event, K : nat, B2 : agent, A : agent, NB : nat, S : agent, NA : nat, B : agent, X : msg]: ((nS_Sha1092415543haredp @ Evs5) => ((member_nat @ K @ symKeys) => ((member_event @ (says @ B2 @ A @ (crypt @ K @ (nonce @ NB))) @ (set_event2 @ Evs5)) => ((member_event @ (says @ S @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs5)) => (nS_Sha1092415543haredp @ (cons_event @ (says @ A @ B @ (crypt @ K @ (mPair @ (nonce @ NB) @ (nonce @ NB)))) @ Evs5))))))))). % ns_sharedp.NS5
thf(fact_104_ns__sharedp_ONS3, axiom,
    ((![Evs3 : list_event, A : agent, S : agent, NA : nat, B : agent, K : nat, X : msg]: ((nS_Sha1092415543haredp @ Evs3) => ((~ ((A = server))) => ((member_event @ (says @ S @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ K) @ X))))) @ (set_event2 @ Evs3)) => ((member_event @ (says @ A @ server @ (mPair @ (agent2 @ A) @ (mPair @ (agent2 @ B) @ (nonce @ NA)))) @ (set_event2 @ Evs3)) => (nS_Sha1092415543haredp @ (cons_event @ (says @ A @ B @ X) @ Evs3))))))))). % ns_sharedp.NS3
thf(fact_105_ns__shared_ONS2, axiom,
    ((![Evs2 : list_event, KAB : nat, A3 : agent, A : agent, B : agent, NA : nat]: ((member_list_event @ Evs2 @ nS_Sha1061662329shared) => ((~ ((member_msg @ (key @ KAB) @ (used @ Evs2)))) => ((member_nat @ KAB @ symKeys) => ((member_event @ (says @ A3 @ server @ (mPair @ (agent2 @ A) @ (mPair @ (agent2 @ B) @ (nonce @ NA)))) @ (set_event2 @ Evs2)) => (member_list_event @ (cons_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ KAB) @ (crypt @ (shrK @ B) @ (mPair @ (key @ KAB) @ (agent2 @ A)))))))) @ Evs2) @ nS_Sha1061662329shared)))))))). % ns_shared.NS2
thf(fact_106_shrK__in__used, axiom,
    ((![A : agent, Evs : list_event]: (member_msg @ (key @ (shrK @ A)) @ (used @ Evs))))). % shrK_in_used
thf(fact_107_publicKey__into__used, axiom,
    ((![B3 : keymode, A : agent, Evs : list_event]: (member_msg @ (key @ (publicKey @ B3 @ A)) @ (used @ Evs))))). % publicKey_into_used
thf(fact_108_usedI, axiom,
    ((![C : msg, Evs : list_event]: ((member_msg @ C @ (parts @ (knows @ spy @ Evs))) => (member_msg @ C @ (used @ Evs)))))). % usedI
thf(fact_109_MPair__used, axiom,
    ((![X : msg, Y2 : msg, H : list_event]: ((member_msg @ (mPair @ X @ Y2) @ (used @ H)) => (~ (((member_msg @ X @ (used @ H)) => (~ ((member_msg @ Y2 @ (used @ H))))))))))). % MPair_used
thf(fact_110_MPair__used__D, axiom,
    ((![X : msg, Y2 : msg, H : list_event]: ((member_msg @ (mPair @ X @ Y2) @ (used @ H)) => ((member_msg @ X @ (used @ H)) & (member_msg @ Y2 @ (used @ H))))))). % MPair_used_D
thf(fact_111_Nonce__supply1, axiom,
    ((![Evs : list_event]: (?[N2 : nat]: (~ ((member_msg @ (nonce @ N2) @ (used @ Evs)))))))). % Nonce_supply1
thf(fact_112_ns__sharedp__ns__shared__eq, axiom,
    ((nS_Sha1092415543haredp = (^[X5 : list_event]: (member_list_event @ X5 @ nS_Sha1061662329shared))))). % ns_sharedp_ns_shared_eq
thf(fact_113_shrK__neq, axiom,
    ((![K : nat, Evs : list_event, B : agent]: ((~ ((member_msg @ (key @ K) @ (used @ Evs)))) => (~ (((shrK @ B) = K))))))). % shrK_neq
thf(fact_114_neq__shrK, axiom,
    ((![S2 : nat, Evs : list_event, B : agent]: ((~ ((member_msg @ (key @ S2) @ (used @ Evs)))) => (~ ((S2 = (shrK @ B)))))))). % neq_shrK
thf(fact_115_Says__imp__used, axiom,
    ((![A : agent, B : agent, X : msg, Evs : list_event]: ((member_event @ (says @ A @ B @ X) @ (set_event2 @ Evs)) => (member_msg @ X @ (used @ Evs)))))). % Says_imp_used
thf(fact_116_Notes__imp__used, axiom,
    ((![A : agent, X : msg, Evs : list_event]: ((member_event @ (notes @ A @ X) @ (set_event2 @ Evs)) => (member_msg @ X @ (used @ Evs)))))). % Notes_imp_used
thf(fact_117_ns__sharedp_ONS1, axiom,
    ((![Evs1 : list_event, NA : nat, A : agent, B : agent]: ((nS_Sha1092415543haredp @ Evs1) => ((~ ((member_msg @ (nonce @ NA) @ (used @ Evs1)))) => (nS_Sha1092415543haredp @ (cons_event @ (says @ A @ server @ (mPair @ (agent2 @ A) @ (mPair @ (agent2 @ B) @ (nonce @ NA)))) @ Evs1))))))). % ns_sharedp.NS1
thf(fact_118_Key__not__used, axiom,
    ((![K : nat, Evs : list_event]: ((~ ((member_msg @ (key @ K) @ (used @ Evs)))) => (~ ((member_nat @ K @ (image_agent_nat @ shrK @ top_top_set_agent)))))))). % Key_not_used
thf(fact_119_ns__sharedp_ONS4, axiom,
    ((![Evs4 : list_event, NB : nat, K : nat, A3 : agent, B : agent, A : agent]: ((nS_Sha1092415543haredp @ Evs4) => ((~ ((member_msg @ (nonce @ NB) @ (used @ Evs4)))) => ((member_nat @ K @ symKeys) => ((member_event @ (says @ A3 @ B @ (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A)))) @ (set_event2 @ Evs4)) => (nS_Sha1092415543haredp @ (cons_event @ (says @ B @ A @ (crypt @ K @ (nonce @ NB))) @ Evs4))))))))). % ns_sharedp.NS4
thf(fact_120_ns__sharedp_ONS2, axiom,
    ((![Evs2 : list_event, KAB : nat, A3 : agent, A : agent, B : agent, NA : nat]: ((nS_Sha1092415543haredp @ Evs2) => ((~ ((member_msg @ (key @ KAB) @ (used @ Evs2)))) => ((member_nat @ KAB @ symKeys) => ((member_event @ (says @ A3 @ server @ (mPair @ (agent2 @ A) @ (mPair @ (agent2 @ B) @ (nonce @ NA)))) @ (set_event2 @ Evs2)) => (nS_Sha1092415543haredp @ (cons_event @ (says @ server @ A @ (crypt @ (shrK @ A) @ (mPair @ (nonce @ NA) @ (mPair @ (agent2 @ B) @ (mPair @ (key @ KAB) @ (crypt @ (shrK @ B) @ (mPair @ (key @ KAB) @ (agent2 @ A)))))))) @ Evs2))))))))). % ns_sharedp.NS2
thf(fact_121_ns__shared_ONS1, axiom,
    ((![Evs1 : list_event, NA : nat, A : agent, B : agent]: ((member_list_event @ Evs1 @ nS_Sha1061662329shared) => ((~ ((member_msg @ (nonce @ NA) @ (used @ Evs1)))) => (member_list_event @ (cons_event @ (says @ A @ server @ (mPair @ (agent2 @ A) @ (mPair @ (agent2 @ B) @ (nonce @ NA)))) @ Evs1) @ nS_Sha1061662329shared)))))). % ns_shared.NS1
thf(fact_122_ns__shared_ONS4, axiom,
    ((![Evs4 : list_event, NB : nat, K : nat, A3 : agent, B : agent, A : agent]: ((member_list_event @ Evs4 @ nS_Sha1061662329shared) => ((~ ((member_msg @ (nonce @ NB) @ (used @ Evs4)))) => ((member_nat @ K @ symKeys) => ((member_event @ (says @ A3 @ B @ (crypt @ (shrK @ B) @ (mPair @ (key @ K) @ (agent2 @ A)))) @ (set_event2 @ Evs4)) => (member_list_event @ (cons_event @ (says @ B @ A @ (crypt @ K @ (nonce @ NB))) @ Evs4) @ nS_Sha1061662329shared)))))))). % ns_shared.NS4
thf(fact_123_new__keys__not__used, axiom,
    ((![K : nat, Evs : list_event]: ((~ ((member_msg @ (key @ K) @ (used @ Evs)))) => ((member_nat @ K @ symKeys) => ((member_list_event @ Evs @ nS_Sha1061662329shared) => (~ ((member_nat @ K @ (keysFor @ (parts @ (knows @ spy @ Evs)))))))))))). % new_keys_not_used
thf(fact_124_analz__insert__freshK, axiom,
    ((![Evs : list_event, KAB : nat, K : nat]: ((member_list_event @ Evs @ nS_Sha1061662329shared) => ((~ ((member_nat @ KAB @ (image_agent_nat @ shrK @ top_top_set_agent)))) => ((member_msg @ (key @ K) @ (analz @ (insert_msg @ (key @ KAB) @ (knows @ spy @ Evs)))) = (((K = KAB)) | ((member_msg @ (key @ K) @ (analz @ (knows @ spy @ Evs))))))))))). % analz_insert_freshK
thf(fact_125_knows__Spy__imp__Says__Notes__initState, axiom,
    ((![X : msg, Evs : list_event]: ((member_msg @ X @ (knows @ spy @ Evs)) => (?[A5 : agent, B4 : agent]: ((member_event @ (says @ A5 @ B4 @ X) @ (set_event2 @ Evs)) | ((member_event @ (notes @ A5 @ X) @ (set_event2 @ Evs)) | (member_msg @ X @ (initState @ spy))))))))). % knows_Spy_imp_Says_Notes_initState
thf(fact_126_parts__cut__eq, axiom,
    ((![X : msg, H : set_msg]: ((member_msg @ X @ (parts @ H)) => ((parts @ (insert_msg @ X @ H)) = (parts @ H)))))). % parts_cut_eq
thf(fact_127_analz__insert__MPair, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((analz @ (insert_msg @ (mPair @ X @ Y2) @ H)) = (insert_msg @ (mPair @ X @ Y2) @ (analz @ (insert_msg @ X @ (insert_msg @ Y2 @ H)))))))). % analz_insert_MPair
thf(fact_128_parts__insert__MPair, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((parts @ (insert_msg @ (mPair @ X @ Y2) @ H)) = (insert_msg @ (mPair @ X @ Y2) @ (parts @ (insert_msg @ X @ (insert_msg @ Y2 @ H)))))))). % parts_insert_MPair
thf(fact_129_parts__insert__Key, axiom,
    ((![K : nat, H : set_msg]: ((parts @ (insert_msg @ (key @ K) @ H)) = (insert_msg @ (key @ K) @ (parts @ H)))))). % parts_insert_Key
thf(fact_130_parts__insert__Crypt, axiom,
    ((![K : nat, X : msg, H : set_msg]: ((parts @ (insert_msg @ (crypt @ K @ X) @ H)) = (insert_msg @ (crypt @ K @ X) @ (parts @ (insert_msg @ X @ H))))))). % parts_insert_Crypt
thf(fact_131_analz__insert__Nonce, axiom,
    ((![N : nat, H : set_msg]: ((analz @ (insert_msg @ (nonce @ N) @ H)) = (insert_msg @ (nonce @ N) @ (analz @ H)))))). % analz_insert_Nonce
thf(fact_132_analz__insert__Agent, axiom,
    ((![Agt : agent, H : set_msg]: ((analz @ (insert_msg @ (agent2 @ Agt) @ H)) = (insert_msg @ (agent2 @ Agt) @ (analz @ H)))))). % analz_insert_Agent
thf(fact_133_parts__insert__Nonce, axiom,
    ((![N : nat, H : set_msg]: ((parts @ (insert_msg @ (nonce @ N) @ H)) = (insert_msg @ (nonce @ N) @ (parts @ H)))))). % parts_insert_Nonce
thf(fact_134_parts__insert__Agent, axiom,
    ((![Agt : agent, H : set_msg]: ((parts @ (insert_msg @ (agent2 @ Agt) @ H)) = (insert_msg @ (agent2 @ Agt) @ (parts @ H)))))). % parts_insert_Agent
thf(fact_135_keysFor__insert__MPair, axiom,
    ((![X : msg, Y2 : msg, H : set_msg]: ((keysFor @ (insert_msg @ (mPair @ X @ Y2) @ H)) = (keysFor @ H))))). % keysFor_insert_MPair
thf(fact_136_keysFor__insert__Key, axiom,
    ((![K : nat, H : set_msg]: ((keysFor @ (insert_msg @ (key @ K) @ H)) = (keysFor @ H))))). % keysFor_insert_Key
thf(fact_137_keysFor__insert__Nonce, axiom,
    ((![N : nat, H : set_msg]: ((keysFor @ (insert_msg @ (nonce @ N) @ H)) = (keysFor @ H))))). % keysFor_insert_Nonce
thf(fact_138_keysFor__insert__Agent, axiom,
    ((![A : agent, H : set_msg]: ((keysFor @ (insert_msg @ (agent2 @ A) @ H)) = (keysFor @ H))))). % keysFor_insert_Agent
thf(fact_139_shrK__in__initState, axiom,
    ((![A : agent]: (member_msg @ (key @ (shrK @ A)) @ (initState @ A))))). % shrK_in_initState
thf(fact_140_publicKey__in__initState, axiom,
    ((![B3 : keymode, A : agent, B : agent]: (member_msg @ (key @ (publicKey @ B3 @ A)) @ (initState @ B))))). % publicKey_in_initState
thf(fact_141_analz__insert__Key, axiom,
    ((![K : nat, H : set_msg]: ((~ ((member_nat @ K @ (keysFor @ (analz @ H))))) => ((analz @ (insert_msg @ (key @ K) @ H)) = (insert_msg @ (key @ K) @ (analz @ H))))))). % analz_insert_Key
thf(fact_142_knows__Spy__Says, axiom,
    ((![A : agent, B : agent, X : msg, Evs : list_event]: ((knows @ spy @ (cons_event @ (says @ A @ B @ X) @ Evs)) = (insert_msg @ X @ (knows @ spy @ Evs)))))). % knows_Spy_Says
thf(fact_143_knows__Spy__Notes, axiom,
    ((![A : agent, X : msg, Evs : list_event]: (((member_agent @ A @ bad) => ((knows @ spy @ (cons_event @ (notes @ A @ X) @ Evs)) = (insert_msg @ X @ (knows @ spy @ Evs)))) & ((~ ((member_agent @ A @ bad))) => ((knows @ spy @ (cons_event @ (notes @ A @ X) @ Evs)) = (knows @ spy @ Evs))))))). % knows_Spy_Notes
thf(fact_144_parts__insert__eq__I, axiom,
    ((![X : msg, H : set_msg]: ((![X9 : msg]: ((member_msg @ X9 @ (parts @ (insert_msg @ X @ H))) => (member_msg @ X9 @ (insert_msg @ X @ (parts @ H))))) => ((parts @ (insert_msg @ X @ H)) = (insert_msg @ X @ (parts @ H))))))). % parts_insert_eq_I
thf(fact_145_parts__insertI, axiom,
    ((![C : msg, G : set_msg, A2 : msg]: ((member_msg @ C @ (parts @ G)) => (member_msg @ C @ (parts @ (insert_msg @ A2 @ G))))))). % parts_insertI
thf(fact_146_analz__insert__eq__I, axiom,
    ((![X : msg, H : set_msg]: ((![X9 : msg]: ((member_msg @ X9 @ (analz @ (insert_msg @ X @ H))) => (member_msg @ X9 @ (insert_msg @ X @ (analz @ H))))) => ((analz @ (insert_msg @ X @ H)) = (insert_msg @ X @ (analz @ H))))))). % analz_insert_eq_I
thf(fact_147_analz__insert__cong, axiom,
    ((![H : set_msg, H2 : set_msg, X : msg]: (((analz @ H) = (analz @ H2)) => ((analz @ (insert_msg @ X @ H)) = (analz @ (insert_msg @ X @ H2))))))). % analz_insert_cong
thf(fact_148_analz__insert__eq, axiom,
    ((![X : msg, H : set_msg]: ((member_msg @ X @ (analz @ H)) => ((analz @ (insert_msg @ X @ H)) = (analz @ H)))))). % analz_insert_eq
thf(fact_149_analz__insertI, axiom,
    ((![C : msg, G : set_msg, A2 : msg]: ((member_msg @ C @ (analz @ G)) => (member_msg @ C @ (analz @ (insert_msg @ A2 @ G))))))). % analz_insertI
thf(fact_150_analz__cut, axiom,
    ((![Y2 : msg, X : msg, H : set_msg]: ((member_msg @ Y2 @ (analz @ (insert_msg @ X @ H))) => ((member_msg @ X @ (analz @ H)) => (member_msg @ Y2 @ (analz @ H))))))). % analz_cut
thf(fact_151_pushKeys_I5_J, axiom,
    ((![K : nat, X : msg, Y2 : msg, A : set_msg]: ((insert_msg @ (key @ K) @ (insert_msg @ (mPair @ X @ Y2) @ A)) = (insert_msg @ (mPair @ X @ Y2) @ (insert_msg @ (key @ K) @ A)))))). % pushKeys(5)
thf(fact_152_pushCrypts_I6_J, axiom,
    ((![X : nat, K : msg, X6 : msg, Y2 : msg, A : set_msg]: ((insert_msg @ (crypt @ X @ K) @ (insert_msg @ (mPair @ X6 @ Y2) @ A)) = (insert_msg @ (mPair @ X6 @ Y2) @ (insert_msg @ (crypt @ X @ K) @ A)))))). % pushCrypts(6)
thf(fact_153_pushKeys_I6_J, axiom,
    ((![K : nat, X : nat, K4 : msg, A : set_msg]: ((insert_msg @ (key @ K) @ (insert_msg @ (crypt @ X @ K4) @ A)) = (insert_msg @ (crypt @ X @ K4) @ (insert_msg @ (key @ K) @ A)))))). % pushKeys(6)
thf(fact_154_pushKeys_I2_J, axiom,
    ((![K : nat, N : nat, A : set_msg]: ((insert_msg @ (key @ K) @ (insert_msg @ (nonce @ N) @ A)) = (insert_msg @ (nonce @ N) @ (insert_msg @ (key @ K) @ A)))))). % pushKeys(2)
thf(fact_155_pushKeys_I1_J, axiom,
    ((![K : nat, C2 : agent, A : set_msg]: ((insert_msg @ (key @ K) @ (insert_msg @ (agent2 @ C2) @ A)) = (insert_msg @ (agent2 @ C2) @ (insert_msg @ (key @ K) @ A)))))). % pushKeys(1)

% Conjectures (4)
thf(conj_0, hypothesis,
    ((~ ((member_agent @ a @ bad))))).
thf(conj_1, hypothesis,
    ((~ ((member_agent @ b @ bad))))).
thf(conj_2, hypothesis,
    ((member_list_event @ evs @ nS_Sha1061662329shared))).
thf(conj_3, conjecture,
    (((member_msg @ (key @ k) @ (analz @ (knows @ spy @ evs))) | ((~ ((member_msg @ (crypt @ (shrK @ a) @ (mPair @ (nonce @ na) @ (mPair @ (agent2 @ b) @ (mPair @ (key @ k) @ x)))) @ (parts @ (knows @ spy @ evs))))) | ((~ ((member_msg @ (crypt @ k @ (mPair @ (nonce @ nb) @ (nonce @ nb))) @ (parts @ (knows @ spy @ evs))))) | (member_event @ (says @ a @ b @ (crypt @ k @ (mPair @ (nonce @ nb) @ (nonce @ nb)))) @ (set_event2 @ evs))))))).
