19971224 
paulson 
New Auto_tac (by Oheimb), and new syntax (without parens), and expandshort

19971223 
paulson 
Tidied using rev_iffD1

19971219 
wenzelm 
tuned;

19971216 
paulson 
Simplified proofs using rewrites for f``A where f is injective

19971118 
paulson 
Crypt_imp_keysFor: version of Crypt_imp_invKey_keysFor for shared keys

19971103 
wenzelm 
isatool fixclasimp;

19971021 
paulson 
Many minor speedups:
1. Some use of rewriting with expand_ifs instead of addsplits[expand_if]
2. Faster proof of new_keys_not_used
3. New version of shrK_neq (no longer refers to "range")

19971017 
nipkow 
setloop split_tac > addsplits

19970925 
paulson 
Changed some proofs to use Clarify_tac

19970918 
paulson 
Global change: lost>bad and sees Spy>spies
First change just gives a more sensible name.
Second change eliminates the agent parameter of "sees" to simplify
definitions and theorems

19970917 
paulson 
Fixed comments

19970916 
paulson 
Deleted the redundant simprule not_parts_not_analz

19970722 
paulson 
Cosmetic changes: margins, indentation, ...

19970714 
paulson 
Changing "lost" from a parameter of protocol definitions to a constant.
Advantages: no "lost" argument everywhere; fewer Vars in subgoals;
less need for specially instantiated rules
Disadvantage: can no longer prove "Agent_not_see_encrypted_key", but this
theorem was never used, and its original proof was also broken
the introduction of the "Notes" constructor.

19970711 
paulson 
Removal of monotonicity reasoning involving "lost" and the theorem
Agent_not_see_encrypted_key, which (a) is never used and (b) becomes harder
to prove when Notes is available.

19970704 
paulson 
Changed some variables of type msg to lower case (e.g. from NB to nb

19970627 
paulson 
Corrected indentations and margins after the renaming of "set_of_list"

19970626 
nipkow 
set_of_list > set

19970626 
paulson 
Trivial changes in connection with the Yahalom paper.
Changed the order of the premises in no_nonce_YM1_YM2.
Installed B_trusts_YM4_newK using bind_thm.
Improved some comments.

19970619 
paulson 
Proof tidying and variable renaming (NA>na, NB>nb when of type msg)

19970618 
paulson 
Streamlined proofs of the secrecy of NB and added authentication of A and B

19970609 
paulson 
Strengthened and streamlined the Yahalom proofs

19970507 
paulson 
Conversion to use blast_tac (with other improvements)

19970215 
oheimb 
reflecting my recent changes of the simplifier and classical reasoner

19970117 
paulson 
Now with Andy Gordon's treatment of freshness to replace newN/K

19961220 
paulson 
Corrected comments

19961219 
paulson 
Extensive tidying and simplification, largely stemming from
changing newN and newK to take an integer argument

19961213 
paulson 
Streamlined many proofs

19961205 
paulson 
Trivial renamings

19961129 
paulson 
Swapped arguments of Crypt (for clarity and because it is conventional)

19961128 
paulson 
Extra fix needed in newN case

19961128 
paulson 
Weaking of injectivity assumptions for newK and newN:
they are no longer assumed injective over all traces, merely over the
length of a trace

19961108 
paulson 
Ran expandshort

19961105 
paulson 
Simplified new_keys_not_seen, etc.: replaced the
union over all
agents by the Spy alone. Proofs run faster and they do not have to be
set up in terms of a previous lemma.

19961101 
paulson 
Minor changes to comments

19961028 
paulson 
Simplified proofs

19961018 
paulson 
Addition of Reveal message

19961007 
paulson 
Simplified a proof

19961001 
paulson 
Simplified main theorem by abstracting out newK

19960930 
paulson 
Removed some dead wood. Transferred lemmas used to prove analz_image_newK
to Shared.ML

19960926 
paulson 
Introduction of "lost" argument
Changed Enemy > Spy
Ran expandshort

19960925 
paulson 
Last working version prior to introduction of "lost"

19960923 
paulson 
Proof of Says_imp_old_keys is now more robust

19960913 
paulson 
Reformatting; proved B_gets_secure_key

19960913 
paulson 
Addition of Yahalom protocol

19960912 
paulson 
Tidied many proofs, using AddIffs to let equivalences take
the place of separate Intr and Elim rules. Also deleted most named clasets.

