secret k: Function; const Alice, Bob, Charlie, Eve: Agent; const Simon: Server; /* give the intruder something to work with */ const ne: Nonce; const ke: SessionKey; untrusted Eve; compromised k(Eve,Simon); const authToken: Token; protocol woolamcmv(A,B,S) { role B { var Na: Nonce; const Nb: Nonce; var Kab: SessionKey; var t1,t2: Ticket; read_1(A,B, A,Na); send_2(B,A, B,Nb); read_3(A,B, t1 ); send_4(B,S, t1, { (A,(B,(Na,Nb))) }k(B,S) ); read_5(S,B, t2, { (A,(Na,(Nb,Kab))) }k(B,S) ); send_6(B,A, t2, { Na,Nb }Kab ); read_7(A,B, { Nb }Kab ); claim(B,Secret,Kab,Nb,authToken); } } run woolamcmv.B(Alice,Bob,Simon); run woolamcmv.B(Alice,Bob,Simon);