reserve SBT for Permutation of (8-tuples_on BOOLEAN);
reserve MCFunc for Permutation of
4-tuples_on(4-tuples_on (8-tuples_on BOOLEAN));
reserve MixColumns for
Permutation of 4-tuples_on(4-tuples_on (8-tuples_on BOOLEAN));

theorem
  for m be Nat,
  text,otext be Element of 4-tuples_on(4-tuples_on (8-tuples_on BOOLEAN)),
  Key be Element of m-tuples_on(4-tuples_on (8-tuples_on BOOLEAN)),
  Keyi1,KeyNr be Element of 4-tuples_on(4-tuples_on (8-tuples_on BOOLEAN))
  st (m = 4 or m = 6 or m = 8) & Keyi1 = ((KeyExpansion(SBT,m)).(Key)).1 &
  KeyNr = (Rev((KeyExpansion(SBT,m)).(Key))).(7+m) &
  otext = AddRoundKey.((ShiftRows*SubBytes(SBT)).text,KeyNr)
  holds (InvSubBytes(SBT)*InvShiftRows).(AddRoundKey.(otext,Keyi1)) = text
proof
  let m be Nat,
  text,otext be Element of 4-tuples_on(4-tuples_on (8-tuples_on BOOLEAN)),
  Key be Element of m-tuples_on(4-tuples_on (8-tuples_on BOOLEAN)),
  Keyi1,KeyNr be Element of 4-tuples_on(4-tuples_on (8-tuples_on BOOLEAN));
  assume
AS: (m = 4 or m = 6 or m = 8) & Keyi1 = ((KeyExpansion(SBT,m)).(Key)).1 &
  KeyNr = (Rev((KeyExpansion(SBT,m)).(Key))).(7+m) &
  otext = AddRoundKey.((ShiftRows*SubBytes(SBT)).text,KeyNr);
  (AddRoundKey.(otext,Keyi1)) = (ShiftRows*SubBytes(SBT)).text by AS,LAST05;
  hence (InvSubBytes(SBT)*InvShiftRows).(AddRoundKey.(otext,Keyi1)) = text
  by LAST01;
end;
