src/HOL/Auth/Yahalom.thy
2006-01-04 paulson 2006-01-04 a few more named lemmas
2005-10-07 nipkow 2005-10-07 changes due to new neq_simproc in simpdata.ML
2005-09-15 wenzelm 2005-09-15 fixed document;
2005-06-17 haftmann 2005-06-17 migrated theory headers to new format
2003-09-26 paulson 2003-09-26 Conversion of all main protocols from "Shared" to "Public". Removal of Key_supply_ax: modifications to possibility theorems. Improved presentation.
2003-09-23 paulson 2003-09-23 Removal of the Key_supply axiom (affects many possbility proofs) and minor changes
2003-05-05 paulson 2003-05-05 improved presentation of HOL/Auth theories
2003-04-26 paulson 2003-04-26 converting more HOL-Auth to new-style theories
2002-08-17 paulson 2002-08-17 tidying of Isar scripts
2001-10-03 wenzelm 2001-10-03 tuned parentheses in relational expressions;
2001-04-12 paulson 2001-04-12 converted many HOL/Auth theories to Isar scripts
2001-02-27 paulson 2001-02-27 Some X-symbols for <notin>, <noteq>, <forall>, <exists> Streamlining of Yahalom proofs Removal of redundant proofs
1999-03-10 paulson 1999-03-10 updating both Yahalom protocols to the Gets model
1998-09-08 paulson 1998-09-08 Got rid of not_Says_to_self and most uses of ~= in definitions and theorems
1998-08-21 paulson 1998-08-21 Tidying
1998-01-08 paulson 1998-01-08 Expressed most Oops rules using Notes instead of Says, and other tidying
1997-10-21 paulson 1997-10-21 Many minor speedups: 1. Some use of rewriting with expand_ifs instead of addsplits[expand_if] 2. Faster proof of new_keys_not_used 3. New version of shrK_neq (no longer refers to "range")
1997-09-18 paulson 1997-09-18 Global change: lost->bad and sees Spy->spies First change just gives a more sensible name. Second change eliminates the agent parameter of "sees" to simplify definitions and theorems
1997-09-05 paulson 1997-09-05 Renamed "evs" to "evs1", "evs2", etc. in protocol inductive definition
1997-07-14 paulson 1997-07-14 Changing "lost" from a parameter of protocol definitions to a constant. Advantages: no "lost" argument everywhere; fewer Vars in subgoals; less need for specially instantiated rules Disadvantage: can no longer prove "Agent_not_see_encrypted_key", but this theorem was never used, and its original proof was also broken the introduction of the "Notes" constructor.
1997-07-01 paulson 1997-07-01 Deleted a redundant A~=B in rules that refer to a previous event
1997-06-26 nipkow 1997-06-26 set_of_list -> set
1997-06-18 paulson 1997-06-18 Defines KeyWithNonce, which is used to prove the secrecy of NB
1997-01-17 paulson 1997-01-17 Now with Andy Gordon's treatment of freshness to replace newN/K
1996-12-19 paulson 1996-12-19 Extensive tidying and simplification, largely stemming from changing newN and newK to take an integer argument
1996-12-13 paulson 1996-12-13 Removed needless quotation marks
1996-11-29 paulson 1996-11-29 Swapped arguments of Crypt (for clarity and because it is conventional)
1996-11-01 paulson 1996-11-01 Minor changes to comments
1996-10-24 paulson 1996-10-24 New Oops message, with Server as source to ensure correct nonces
1996-10-18 paulson 1996-10-18 Addition of Reveal message
1996-09-26 paulson 1996-09-26 Introduction of "lost" argument Changed Enemy -> Spy Ran expandshort
1996-09-13 paulson 1996-09-13 Addition of Yahalom protocol
1996-09-12 paulson 1996-09-12 Tidied many proofs, using AddIffs to let equivalences take the place of separate Intr and Elim rules. Also deleted most named clasets.