The Finite Variant Property: How to Get Rid of Some Algebraic Properties

We consider the following problem: Given a term t, a rewrite system $\cal R$, a finite set of equations E′ such that $\cal R$ is E′-convergent, compute finitely many instances of t: t1,...,tn such that, for every substitution σ, there is an index i and a substitution θ such that $t\sigma\mathord\downarrow =_{E'} t_i\theta$ (where $t\sigma\mathord\downarrow$ is the normal form of tσ w.r.t. $\to_{E'\mathord{\setminus}\mathcal R}$). The goal of this paper is to give equivalent (resp. sufficient) conditions for the finite variant property and to systematically investigate this property for equational theories, which are relevant to security protocols verification. For instance, we prove that the finite variant property holds for Abelian Groups, and a theory of modular exponentiation and does not hold for the theory ACUNh (Associativity, Commutativity, Unit, Nilpotence, homomorphism).

[1]  Stéphanie Delaune,et al.  A decision procedure for the verification of security protocols with explicit destructors , 2004, CCS '04.

[2]  Vitaly Shmatikov,et al.  Intruder deductions, constraint solving and insecurity decision in presence of exclusive or , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[3]  Lawrence C. Paulson,et al.  Mechanized proofs for a recursive authentication protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[4]  Charles Rackoff On the complexity of the theories of weak direct products (Preliminary Report) , 1974, STOC '74.

[5]  J. Van Leeuwen,et al.  Handbook of theoretical computer science - Part A: Algorithms and complexity; Part B: Formal models and semantics , 1990 .

[6]  Véronique Cortier,et al.  New Decidability Results for Fragments of First-Order Logic and Application to Cryptographic Protocols , 2003, RTA.

[7]  Emanuele Viola E-unifiability via Narrowing , 2001, ICTCS.

[8]  Hubert Comon,et al.  Complete axiomatizations of some quotient term algebras , 1993 .

[9]  Hubert Comon-Lundh,et al.  Intruder Theories (Ongoing Work) , 2004, FoSSaCS.

[10]  Jean-Marie Hullot,et al.  Canonical Forms and Unification , 1980, CADE.

[11]  Jean-Pierre Jouannaud,et al.  Rewrite Systems , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[12]  Robin Milner,et al.  Theories for the Global Ubiquitous Computer , 2004, FoSSaCS.

[13]  Ralf Treinen,et al.  A New Method for Undecidability Proofs of First Order Theories , 1990, FSTTCS.

[14]  Paliath Narendran,et al.  An E-unification Algorithm for Analyzing Protocols That Use Modular Exponentiation , 2003, RTA.

[15]  M. A. McRobbie,et al.  Automated Deduction — Cade-13 , 1996, Lecture Notes in Computer Science.

[16]  P. Narendran,et al.  On the Unification Problem for Cartesian Closed Categories , 1997 .

[17]  Leon Sterling,et al.  Meta-Level Inference and Program Verification , 1982, CADE.

[18]  Qing Guo,et al.  Unification and Matching Modulo Nilpotence , 1996, CADE.

[19]  Peter Y. A. Ryan,et al.  An Attack on a Recursive Authentication Protocol. A Cautionary Tale , 1998, Inf. Process. Lett..

[20]  J. Hullot A Catalogue of Canonical Term Rewriting Systems. , 1980 .