const pk: Function; secret sk: Function; inversekeys (pk,sk); protocol ns3(I,R) { role I { const ni: Nonce; var nr: Nonce; send_1(I,R, {I,ni}pk(R) ); read_2(R,I, {ni,nr}pk(I) ); send_3(I,R, {nr}pk(R) ); claim(I,Secret,nr); } role R { var ni: Nonce; const nr: Nonce; read_1(I,R, {I,ni}pk(R) ); send_2(R,I, {ni,nr}pk(I) ); read_3(I,R, {nr}pk(R) ); claim(I,Secret,ni); } } const Alice,Bob,Eve : Agent; /* something like this will later on all be implied by 'untrusted Eve' */ untrusted Eve; const nc: Nonce; compromised sk(Eve); /* pre-defined 10 runs, limit using --max-runs parameters */ run ns3.I(Agent,Agent); run ns3.R(Agent,Agent); run ns3.I(Agent,Agent); run ns3.R(Agent,Agent); run ns3.I(Agent,Agent); run ns3.R(Agent,Agent); run ns3.I(Agent,Agent); run ns3.R(Agent,Agent);