1997-07-14 paulson 1997-07-14 Changing "lost" from a parameter of protocol definitions to a constant. Advantages: no "lost" argument everywhere; fewer Vars in subgoals; less need for specially instantiated rules Disadvantage: can no longer prove "Agent_not_see_encrypted_key", but this theorem was never used, and its original proof was also broken the introduction of the "Notes" constructor.
1997-07-11 paulson 1997-07-11 Moving common declarations and proofs from theories "Shared" and "Public" to "Event". NB the original "Event" theory was later renamed "Shared". Addition of the Notes constructor to datatype "event".
1996-09-26 paulson 1996-09-26 Introduction of "lost" argument Changed Enemy -> Spy Ran expandshort
1996-09-03 paulson 1996-09-03 Renaming and simplification
1996-08-21 paulson 1996-08-21 Addition of message NS5
1996-08-20 paulson 1996-08-20 Working version of NS, messages 1-4!
1996-08-20 paulson 1996-08-20 Working version of NS, messages 1-3, WITH INTERLEAVING
1996-08-19 paulson 1996-08-19 Renaming of functions, and tidying
1996-07-29 paulson 1996-07-29 Works up to main theorem, then XXX...X
1996-07-26 paulson 1996-07-26 Auth proofs work up to the XXX...
1996-07-11 paulson 1996-07-11 Added Msg 3; works up to Says_Server_imp_Key_newK
1996-06-28 paulson 1996-06-28 Proving safety properties of authentication protocols