Associative-Commutative Deducibility Constraints
نویسندگان
چکیده
We consider deducibility constraints, which are equivalent to particular Diophantine systems, arising in the automatic verification of security protocols, in presence of associative and commutative symbols. We show that deciding such Diophantine systems is, in general, undecidable. Then, we consider a simple subclass, which we show decidable. Though the solutions of these problems are not necessarily semi-linear sets, we show that there are (computable) semi-linear sets whose minimal solutions are not too far from the minimal solutions of the system. Finally, we consider a small variant of the problem, for which there is a much simpler decision algorithm.
منابع مشابه
Deciding Knowledge in Security Protocols for Monoidal Equational Theories
In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or, . . . ). The analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually used: deducibility and indistinguishability. Only few...
متن کاملAssociative-commutative Deduction with Constraints Associative-commutative Deduction with Constraints
Associative-commutative equational reasoning is known to be highly complex for theorem proving. Hence, it is very important to focus deduction by adding constraints, such as uniication and ordering, and to deene eecient strategies, such as the basic requirements a la Hullot. Constraints are formulas used for pruning the set of ground instances of clauses deduced by a theorem prover. We propose ...
متن کاملAdventures in Associative-commutative Uniication
We have discovered an eecient algorithm for matching and uniication in associative-commutative (AC) and associative-commutative-idempotent (ACI) equational theories. In most cases of AC uniication and in all cases of ACI uniication our method obviates the need for solving diophantine equations, and thus avoids one of the bottlenecks of other associative-commutative uniication techniques. The al...
متن کاملAdventures in Associative-Commutative Unification
We have discovered an eecient algorithm for matching and uniication in associa-tive-commutative (AC) equational theories. In most cases of AC uniication our method obviates the need for solving diophantine equations, and thus avoids one of the bottlenecks of other associative-commutative uniication techniques. The algorithm eeciently utilizes powerful constraints to eliminate much of the search...
متن کاملDeciding Knowledge in Security Protocols Under Equational Theories
The analysis of security protocols requires precise formulations of the knowledge of protocol participants and attackers. In formal approaches, this knowledge is often treated in terms of message deducibility and indistinguishability relations. In this paper we study the decidability of these two relations. The messages in question may employ functions (encryption, decryption, etc.) axiomatized...
متن کامل