Main repository of the Tamarin prover for security protocol verification.
Haskell Python JavaScript CSS Makefile VimL Other
Latest commit e8142b5 Oct 5, 2016 @jdreier jdreier bugfixes concerning the treatment of constants and axioms in teh case…
… of equivalence properties
Failed to load latest commit information.
case-studies-regression Change in one case study due to earlier source change. Aug 3, 2016
data Merge fix: GUI shows different options now Aug 31, 2015
doc added explanation for L_ and F_ usage in manual Sep 10, 2015
etc Make executable relocatable. Apr 13, 2015
examples new examples for unlinkability Jun 29, 2016
images Added third screenshot and thumbnail. Also added production notes. Jul 19, 2012
lib bugfixes concerning the treatment of constants and axioms in teh case… Oct 5, 2016
misc Pydot compatability fix for both old and new API. Sep 2, 2016
src Maude version check also allows 2.7.1 Sep 1, 2016
.gitignore ignore .stack-work, removed cabal-related commands from Makefile and … Aug 14, 2015
.hgignore rename tool directory to 'tamarin-prover' Jan 20, 2012
.travis.yml cleanup of .travis.yml Aug 27, 2015
AUTHORS added authors Aug 26, 2015
CHANGES more documentation Aug 26, 2015 Update Oct 13, 2015 Fix ToC links Jun 10, 2016
LICENSE preparing for release Feb 9, 2012
Makefile Bump version number to 1.1.0 for develop. Oct 19, 2015 added link to readme for improved graph output into initial readme Sep 9, 2015
Setup.hs notes on better --version flag Feb 23, 2012 rename tool directory to 'tamarin-prover' Jan 20, 2012
stack.yaml bugfixes concerning the treatment of constants and axioms in teh case… Oct 5, 2016
tamarin-prover.cabal now GHC 7.10 compatible. Error is deprecated now and should be replaced. Nov 3, 2015

The Tamarin prover repository

master branch build-status

This README describes the organization of the repository of the Tamarin prover for security protocol verification. Its intended audience are interested users and future developers of the Tamarin prover. For installation and usage instructions of the Tamarin prover see: installation instructions.

Developing and contributing

See contributing instructions.

Version Numbering Policy

We use version numbers with four components.

  • The first component is the major version number. It indicates complete rewrites of the codebase.
  • The second component is the minor version number. We use odd minor version numbers to denote development releases intended for early adopters. We use even minor version numbers to denote public releases, which are also published.
  • The third component indicates bugfix releases.
  • The fourth component indicates documentation and meta-data changes.

We ensure that the external interface of a version of the Tamarin prover is backwards compatible with the external interface of all versions that agree on the major and minor version number.

We announce all releases of the Tamarin prover on:


The manual is /doc/ It is part of every installation of the Tamarin prover.

Experimental improved graph output

You can use our experimental improved graph output which may be helpful for very large graphs that can be created for complicated protocols. To enable this feature read the instructions about improved graphs.

Example Protocol Models

All example protocol models are found in the directory


All models that we consider stable are part of every installation of the Tamarin prover. See tamarin-prover.cabal for the list of installed protocols. We use the following sub-directories to organize the models.

csf12/         the AKE case studies from our CSF'12 paper.
classic/       classic security protocols like the ones from
loops/         experiments for testing loop-invariants and protocols with
               non-monotonic state
related_work/  examples from related work on protocols with loops or
               non-monotonic state
experiments/   all other experiments
ake/           more AKE examples including ID-based and tripartite group KE
               protocols based on bilinear pairing
features/      (small) models that demonstrate a given feature
ccs15/         the observational equivalence case studies from our CCS'15 paper

Feel free to add more sub-directories and describe them here.

In general, we try use descriptive names for files containing the models. We also document all our findings as comments in the protocol model. Moreover, we use the following header in all files to make their context more explicit.

   Protocol:    Example
   Modeler:     Simon Meier, Benedikt Schmidt
   Date:        January 2012

   Status:      working

   Description of protocol.