1997-06-19 paulson 1997-06-19 Made proofs more concise by replacing calls to spy_analz_tac by uses of analz_insert_eq in rewriting
1997-05-15 oheimb 1997-05-15 renamed unsafe_addss to addss
1997-05-07 paulson 1997-05-07 Conversion to use blast_tac (with other improvements)
1997-05-05 paulson 1997-05-05 Some blast_tac calls; more needed
1997-03-25 paulson 1997-03-25 Trivial renamings (for consistency with CSFW papers)
1997-02-15 oheimb 1997-02-15 reflecting my recent changes of the simplifier and classical reasoner
1997-01-17 paulson 1997-01-17 Now with Andy Gordon's treatment of freshness to replace newN/K
1996-12-19 paulson 1996-12-19 Extensive tidying and simplification, largely stemming from changing newN and newK to take an integer argument
1996-12-16 paulson 1996-12-16 New tactic: prove_unique_tac
1996-12-13 paulson 1996-12-13 Streamlined some proofs
1996-12-06 paulson 1996-12-06 Minor renamings
1996-11-29 paulson 1996-11-29 Swapped arguments of Crypt (for clarity and because it is conventional)
1996-11-28 paulson 1996-11-28 Weaking of injectivity assumptions for newK and newN: they are no longer assumed injective over all traces, merely over the length of a trace
1996-11-21 paulson 1996-11-21 Minor reformatting
1996-11-18 paulson 1996-11-18 Removal of an obsolete result, and authentication of B to A
1996-11-08 paulson 1996-11-08 A bit of tidying up
1996-11-07 paulson 1996-11-07 Tidying up: removing redundant assumptions, etc.
1996-11-05 paulson 1996-11-05 Simplified new_keys_not_seen, etc.: replaced the union over all agents by the Spy alone. Proofs run faster and they do not have to be set up in terms of a previous lemma.
1996-10-28 paulson 1996-10-28 Minor corrections
1996-10-28 nipkow 1996-10-28 Renamed and shuffled a few thms.
1996-10-18 paulson 1996-10-18 Replaced excluded_middle_tac by case_tac; tidied proofs
1996-10-08 paulson 1996-10-08 Put in a simpler and *much* faster proof of no_nonce_OR1_OR2
1996-10-07 paulson 1996-10-07 Simple tidying
1996-10-01 paulson 1996-10-01 Greatly simplified the proof of A_can_trust
1996-10-01 paulson 1996-10-01 Added new guarantees for A and B
1996-09-30 paulson 1996-09-30 Removed some dead wood. Transferred lemmas used to prove analz_image_newK to Shared.ML
1996-09-26 paulson 1996-09-26 Introduction of "lost" argument Changed Enemy -> Spy Ran expandshort
1996-09-25 paulson 1996-09-25 Last working version prior to introduction of "lost"
1996-09-23 paulson 1996-09-23 Correction of protocol; addition of Reveal message; proofs of correctness in its presence
1996-09-13 paulson 1996-09-13 Reformatting
1996-09-13 paulson 1996-09-13 Uses the improved enemy_analz_tac of Shared.ML, with simpler proofs Weak liveness
1996-09-09 paulson 1996-09-09 "bad" set simplifies statements of many theorems
1996-09-09 paulson 1996-09-09 Stronger proofs; work for Otway-Rees
1996-09-03 paulson 1996-09-03 A further tidying
1996-09-03 paulson 1996-09-03 Initial working proof of Otway-Rees protocol