More realistic model: the Spy can compute clientK and serverK

Reordered rules in analz_image_freshK_ss to improve clarity

Removal of the obsolete newN function

New theorem priK_inj_eq, injectivity of priK

spy_analz_tac: Restored iffI to the list of rules used to break down the subgoal

New theory TLS

Baby TLS. Proofs work, but model seems unrealistic

New and stronger lemmas; more default simp/cla rules

Deleted the obsolete operators newK, newN and nPair

Now the possibility proof calls the appropriate tactic

Added a comment

Now Collect_mem_eq is a default simprule (how could it have ever been omitted?

New laws for the "lists" operator

More concat lemmas.

Corrected indentations and margins after the renaming of "set_of_list"

set_of_list -> set

Trivial changes in connection with the Yahalom paper. Changed the order of the premises in no_nonce_YM1_YM2. Installed B_trusts_YM4_newK using bind_thm. Improved some comments.

oops;

rearrange pages of ps file to be printed as booklet (duplex);

amdI -> admI2

Tuned Franz's proofs.

Removal of structure Context and its replacement by a theorem list of congruence rules for use in CONTEXT_REWRITE_RULE (where definitions are processed)

Removal of COND_CONG, which is just if_cong RS eq_reflection

Ran expandshort

New "congs" keyword for recdef theory section

removed old Makefile;

removed;

removed old Makefile;

removed old Makefile and compat files;

Made proofs more concise by replacing calls to spy_analz_tac by uses of analz_insert_eq in rewriting

Proof tidying and variable renaming (NA->na, NB->nb when of type msg)

New comments; a tidied proof

Two new rewrite rules--NOT included by default\!

Defines KeyWithNonce, which is used to prove the secrecy of NB

Addition of not_imp (which pushes negation into implication) as a default simprule

Corrected Title in header lines

Streamlined proofs of the secrecy of NB and added authentication of A and B

Removed Says_Crypt_lost and Says_Crypt_not_lost. Installed not_lost_tac. Deleted unused theorems initState_subset and seesD

Removed Says_Crypt_lost and Says_Crypt_not_lost. Installed not_lost_tac

Adapted proofs to the removal of Says_Crypt_lost and Says_Crypt_not_lost

Deleted spurious reference to Spy_not_see_NB, which by chance was defined in Yahalom.ML\!

converse -> ^-1

Type constraint added to ensure that "length" refers to lists. Maybe should not be needed, but the translation length->size happens irrespective of types

Replacing the primrec definition of "length" by a translation to the built-in "size" function

Tuned wf_iff_no_infinite_down_chain proof, based on Konrads ideas. Added selectI2EX.

changed compatible definition;

added deadlock

added deadlock freedom, polished definitions and proofs

Strengthened and streamlined the Yahalom proofs

Useful new lemma

eliminated non-ASCII;

Added AddIffs [Pair_eq]; which made AddSEs [Pair_inject]; redundant.

improved function 'nonreserved'

Removed a few redundant additions of simprules or classical rules

The name bex_conj_distrib was WRONG

Better miniscoping for bounded quantifiers

Tidying and simplification of declarations

Much polishing of proofs

New miniscoping rules for ALL

New facts about In0/1 by Burkhart Wolff

New miniscoping rules ball_triv and bex_triv

Mended the definition of ack(0,n)

Two new examples; corrected a comment

New example theory: Recdef

added finite_converse

Moved image_is_empty from Finite.ML to equalities.ML

Modified a few defs and proofs because of the changes to theory Finite.thy.

Finite.ML Finite.thy: Replaced `finite subset of' by mere `finite'. Relation.ML Trancl.ML: more thms WF.ML WF.thy: added `acyclic' WF_Rel.ML: moved some thms back into WF and added some new ones.

New recdef examples

Removal of freeze_vars and thaw_vars. New freeze_thaw

freezeT now refers to Type.freeze_thaw

Tidying of signature. More robust renaming in freeze_thaw. New tactic distinct_subgoals_tac

Removal of freeze_vars and thaw_vars (quite unused...)

Removal of radixstring from string_of_int; addition of string_of_indexname

There was never need for another copy of radixstring...

Numerous simplifications and removal of HOL-isms Addition of the "simpset" feature (replacing references to \!simpset)

Now loads theory Recdef

A slight simplification of optstring The new "simpset" keyword in the "recdef" declaration

Now extracts the predicate variable from induct0 insteead of trying to predict its name. The new "freeze" function requires this.

Deleted the obsolete "pred_list" relation

Documented the new distinct_subgoals_tac

A slight simplification of optstring

Now extracts the predicate variable from induct0 insteead of trying to predict its name

Made the pseudo-type of split_rule_var a separate argument

eliminated non-ASCII;

eliminated freeze_vars;

changed priority of -> from [6,5]5 to [1,0]0

is_blank: fixed space2;

No longer refers to internal TFL structures

More de-HOLification: using Free, Const, etc. instead of mk_var, mk_const Changed the TFL functor to a structure (currently called Prim)

New theory "Power" of exponentiation (and binomial coefficients)

New theorem about the cardinality of the powerset (uses exponentiation)

Type inference makes a Const here, perhaps elsewhere?thry.sml

poly_tvars allows recdefs to be made without type constraints

Corrected banner: it is W0, not MiniML

New statement and proof of free_tv_subst_var in order to cope with new rewrite rules Un_insert_left, Un_insert_right