47 research outputs found
Key Substitution in the Symbolic Analysis of Cryptographic Protocols (extended version)
Key substitution vulnerable signature schemes are signature schemes that
permit an intruder, given a public verification key and a signed message, to
compute a pair of signature and verification keys such that the message appears
to be signed with the new signature key. A digital signature scheme is said to
be vulnerable to destructive exclusive ownership property (DEO) If it is
computationaly feasible for an intruder, given a public verification key and a
pair of message and its valid signature relatively to the given public key, to
compute a pair of signature and verification keys and a new message such that
the given signature appears to be valid for the new message relatively to the
new verification key. In this paper, we prove decidability of the insecurity
problem of cryptographic protocols where the signature schemes employed in the
concrete realisation have this two properties
Metalevel algorithms for variant satisfiability
Variant satisfiability is a theory-generic algorithm to decide quantifier-free satisfiability in an initial algebra when its corresponding theory has the finite variant property and its constructors satisfy a compactness condition. This paper: (i) gives a precise definition of several meta-level sub-algorithms needed for variant satisfiability; (ii) proves them correct; and (iii) presents a reflective implementation in Maude 2.7 of variant satisfiability using these sub-algorithms.NSF CNS 13-19109Ope
Unification theory
The purpose of this paper is not to give an overview of the state of art in unification theory. It is intended to be a short introduction into the area of equational unification which should give the reader a feeling for what unification theory might be about. The basic notions such as complete and minimal complete sets of unifiers, and unification types of equational theories are introduced and illustrated by examples. Then we shall describe the original motivations for considering unification (in the empty theory) in resolution theorem proving and term rewriting. Starting with Robinson\u27s first unification algorithm it will be sketched how more efficient unification algorithms can be derived.
We shall then explain the reasons which lead to the introduction of unification in non-empty theories into the above mentioned areas theorem proving and term rewriting. For theory unification it makes a difference whether single equations or systems of equations are considered. In addition, one has to be careful with regard to the signature over which the terms of the unification problems can be built. This leads to the distinction between elementary unification, unification with constants, and general unification (where arbitrary free function symbols may occur). Going from elementary unification to general unification is an instance of the so-called combination problem for equational theories which can be formulated as follows: Let E, F be equational theories over disjoint signatures. How can unification algorithms for E, F be combined to a unification algorithm for the theory E cup F
Rewriting Modulo SMT and Open System Analysis
This paper proposes rewriting modulo SMT, a new technique that
combines the power of SMT solving, rewriting modulo theories, and model checking.
Rewriting modulo SMT is ideally suited to model and analyze reachability
properties of infinite-state open systems, i.e., systems that interact with a nondeterministic
environment. Such systems exhibit both internal nondeterminism,
which is proper to the system, and external nondeterminism, which is due to the
environment. In a reflective formalism, such as rewriting logic, rewriting modulo
SMT can be reduced to standard rewriting. Hence, rewriting modulo SMT naturally
extends rewriting-based reachability analysis techniques, which are available
for closed systems, to open systems. The proposed technique is illustrated
with the formal analysis of: (i) a real-time system that is beyond the scope of
timed-automata methods and (ii) automatic detection of reachability violations in
a synchronous language developed to support autonomous spacecraft operations.NSF Grant CNS 13-19109 and NASA Research Cooperative Agreement No. NNL09AA00AOpe
Proceedings of Sixth International Workshop on Unification
Swiss National Science Foundation; Austrian Federal Ministry of Science and Research; Deutsche Forschungsgemeinschaft (SFB 314); Christ Church, Oxford; Oxford University Computing Laborator
Automated theorem proving in first-order logic modulo: on the difference between type theory and set theory
Resolution modulo is a first-order theorem proving method that can be applied
both to first-order presentations of simple type theory (also called
higher-order logic) and to set theory. When it is applied to some first-order
presentations of type theory, it simulates exactly higherorder resolution. In
this note, we compare how it behaves on type theory and on set theory
Termination of rewriting strategies: a generic approach
We propose a generic termination proof method for rewriting under strategies,
based on an explicit induction on the termination property. Rewriting trees on
ground terms are modeled by proof trees, generated by alternatively applying
narrowing and abstracting steps. The induction principle is applied through the
abstraction mechanism, where terms are replaced by variables representing any
of their normal forms. The induction ordering is not given a priori, but
defined with ordering constraints, incrementally set during the proof.
Abstraction constraints can be used to control the narrowing mechanism, well
known to easily diverge. The generic method is then instantiated for the
innermost, outermost and local strategies.Comment: 49 page