Minimal Proof Search for Modal Logic K Model Checking

Most modal logics such as S5, LTL, or ATL are extensions of Modal Logic K. While the model checking problems for LTL and to a lesser extent ATL have been very active research areas for the past decades, the model checking problem for the more basic Multi-agent Modal Logic K (MMLK) has important applications as a formal framework for perfect information multi-player games on its own. We present Minimal Proof Search (MPS), an effort number based algorithm solving the model checking problem for MMLK. We prove two important properties for MPS beyond its correctness. The (dis)proof exhibited by MPS is of minimal cost for a general definition of cost, and MPS is an optimal algorithm for finding (dis)proofs of minimal cost. Optimality means that any comparable algorithm either needs to explore a bigger or equal state space than MPS, or is not guaranteed to find a (dis)proof of minimal cost on every input. As such, our work relates to A* and AO* in heuristic search, to Proof Number Search and DFPN+ in two-player games, and to counterexample minimization in software model checking.Comment: Extended version of the JELIA 2012 paper with the same titl

The accession games: a comparison of three limited-information negotiation designs

We analyze the European Union enlargement process from a rational institutionalist perspective and argue that the accession negotiations are designed to resolve the uncertainty that the existing EU members have in terms of the candidates preferences. We model the negotiations as a Bayesian game and demonstrate how exactly the design in place helps the Union in gathering information about the candidate country. Our model also enables us to compare alternative negotiation designs in terms of their ability to alleviate informational problems. We compare the resulting equilibrium payo¤s under di¤erent negotiation designs to see whether there is any ground for a player to prefer a particular design over others. Our analysis supports the earlier arguments in the literature about the informative role of accession negotiations, and demonstates how exactly the negotiations carry out this role

Three is a crowd - inefficient communication in the multi-player electronic mail game

In a two-player stag hunt with asymmetric information, players may lock each other into requiring a large number of confirmations and confirmations of confirmations from one another before eventually acting. This intuition has been formalized in the electronic mail game (EMG). The literature provides extensions on the EMG that eliminate inefficient equilibria, suggesting that no formal rules are needed to prevent players from playing inefficiently. The present paper investigates whether these results extend to the multi-player EMG. We show that standard equilibrium refinements cannot eliminate inefficient equilibria. While two players are predicted to play efficiently, many players need formal rules telling them when who talks to whom.Multi-Player Electronic Mail Game, Collective Action, Communication Networks

ClaimChain: Improving the Security and Privacy of In-band Key Distribution for Messaging

The social demand for email end-to-end encryption is barely supported by mainstream service providers. Autocrypt is a new community-driven open specification for e-mail encryption that attempts to respond to this demand. In Autocrypt the encryption keys are attached directly to messages, and thus the encryption can be implemented by email clients without any collaboration of the providers. The decentralized nature of this in-band key distribution, however, makes it prone to man-in-the-middle attacks and can leak the social graph of users. To address this problem we introduce ClaimChain, a cryptographic construction for privacy-preserving authentication of public keys. Users store claims about their identities and keys, as well as their beliefs about others, in ClaimChains. These chains form authenticated decentralized repositories that enable users to prove the authenticity of both their keys and the keys of their contacts. ClaimChains are encrypted, and therefore protect the stored information, such as keys and contact identities, from prying eyes. At the same time, ClaimChain implements mechanisms to provide strong non-equivocation properties, discouraging malicious actors from distributing conflicting or inauthentic claims. We implemented ClaimChain and we show that it offers reasonable performance, low overhead, and authenticity guarantees.Comment: Appears in 2018 Workshop on Privacy in the Electronic Society (WPES'18