Implementing a Unification Algorithm for Protocol Analysis with XOR

In this paper, we propose a unification algorithm for the theory $E$ which combines unification algorithms for E\_{\std} and E\_{\ACUN} (ACUN properties, like XOR) but compared to the more general combination methods uses specific properties of the equational theories for further optimizations. Our optimizations drastically reduce the number of non-deterministic choices, in particular those for variable identification and linear orderings. This is important for reducing both the runtime of the unification algorithm and the number of unifiers in the complete set of unifiers. We emphasize that obtaining a ``small'' set of unifiers is essential for the efficiency of the constraint solving procedure within which the unification algorithm is used. The method is implemented in the CL-Atse tool for security protocol analysis

String unification is essentially infinitary

A unifier of two terms s and t is a substitution sigma such that ssigma=tsigma and for first-order terms there exists a most general unifier sigma in the sense that any other unifier delta can be composed from sigma with some substitution lambda, i.e. delta=sigmacirclambda. This notion can be generalised to E-unificationwhere E is an equational theory, =_{E} is equality under E andsigmaa is an E-unifier if ssigma =_{E}tsigma. Depending on the equational theory E, the set of most general unifiers is always a singleton (as above), or it may have more than one, either finitely or infinitely many unifiers and for some theories it may not even exist, in which case we call the theory of type nullary. String unification (or Löb\u27s problem, Markov\u27s problem, unification of word equations or Makanin\u27s problem as it is often called in the literature) is the E-unification problem, where E = {f(x,f(y,z))=f(f(x,y),z)}, i.e. unification under associativity or string unification once we drop the fs and the brackets. It is well known that this problem is infinitary and decidable. Essential unifiers, as introduced by Hoche and Szabo, generalise the notion of a most general unifier and have a dramatically pleasant effect on the set of most general unifiers: the set of essential unifiers is often much smaller than the set of most general unifiers. Essential unification may even reduce an infinitary theory to an essentially finitary theory. The most dramatic reduction known so far is obtained for idempotent semigroups or bands as they are called in computer science: bands are of type nullary, i.e. there exist two unifiable terms s and t, but the set of most general unifiers is not enumerable. This is in stark contrast to essential unification: the set of essential unifiers for bands always exists and is finite. We show in this paper that the early hope for a similar reduction of unification under associativity is not justified: string unification is essentially infinitary. But we give an enumeration algorithm for essential unifiers. And beyond, this algorithm terminates when the considered problem is finitary

A Formalization of the Theorem of Existence of First-Order Most General Unifiers

This work presents a formalization of the theorem of existence of most general unifiers in first-order signatures in the higher-order proof assistant PVS. The distinguishing feature of this formalization is that it remains close to the textbook proofs that are based on proving the correctness of the well-known Robinson's first-order unification algorithm. The formalization was applied inside a PVS development for term rewriting systems that provides a complete formalization of the Knuth-Bendix Critical Pair theorem, among other relevant theorems of the theory of rewriting. In addition, the formalization methodology has been proved of practical use in order to verify the correctness of unification algorithms in the style of the original Robinson's unification algorithm.Comment: In Proceedings LSFA 2011, arXiv:1203.542

Unifiability and Structural Completeness in Relation Algebras and in Products of Modal Logic S5

Unifiability of terms (and formulas) and structural completeness in the variety of relation algebras RA and in the products of modal logic S5 is investigated. Nonunifiable terms (formulas) which are satisfiable in varieties (in logics) are exhibited. Consequently, RA and products of S5 as well as representable diagonal-free n-dimensional cylindric algebras, RDfn, are almost structurally complete but not structurally complete. In case of S5ⁿ a basis for admissible rules and the form of all passive rules are provided

On Unification Modulo One-Sided Distributivity: Algorithms, Variants and Asymmetry

An algorithm for unification modulo one-sided distributivity is an early result by Tid\'en and Arnborg. More recently this theory has been of interest in cryptographic protocol analysis due to the fact that many cryptographic operators satisfy this property. Unfortunately the algorithm presented in the paper, although correct, has recently been shown not to be polynomial time bounded as claimed. In addition, for some instances, there exist most general unifiers that are exponentially large with respect to the input size. In this paper we first present a new polynomial time algorithm that solves the decision problem for a non-trivial subcase, based on a typed theory, of unification modulo one-sided distributivity. Next we present a new polynomial algorithm that solves the decision problem for unification modulo one-sided distributivity. A construction, employing string compression, is used to achieve the polynomial bound. Lastly, we examine the one-sided distributivity problem in the new asymmetric unification paradigm. We give the first asymmetric unification algorithm for one-sided distributivity

A Parallel Implementation of Stickel\u27s AC Unification Algorithm in a Message-Passing Environment

Unification algorithms are an essential component of automated reasoning and term rewriting systems. Unification finds a set of substitutions or unifiers that, when applied to variables in two or more terms, make those terms identical or equivalent. Most systems use Robinson\u27s unification algorithm or some variant of it. However, terms containing functions exhibiting properties such as associativity and commutativity may be made equivalent without appearing identical. Systems employing Robinson\u27s unification algorithm must use some mechanism separate from the unification algorithm to reason with such functions. Often this is done by incorporating the properties into a rule base and generating equivalent terms which can be unified by Robinson\u27s algorithm. However, rewriting the terms in this manner can generate large numbers of useless terms in the problem space of the system. If the properties of the functions are incorporated into the unification algorithm itself, there is no need to rewrite the terms such that they appear identical. Stickel developed an algorithm to unify two terms containing associative and commutative functions. The unifiers (there may be more than one) are found by creating a homogeneous linear Diophantine equation with integer coefficients from the terms being unified. The unifiers can be constructed from solutions to this equation. The unifiers generated from one solution of the Diophantine equation are independent of any other solution to the equation. Therefore, once the Diophantine equation has been solved, the unifiers can be calculated from the solutions in parallel. We have implemented Stickel\u27s AC unification algorithm to run in parallel on a local area network of Sun 4/110 workstations in an effort to improve the speed of AC unification

On Unifiers, Diversifiers, and the Nature of Pattern Recognition

AbstractWe study a dichotomy of scientific styles, unifying and diversifying, as proposed by Freeman J. Dyson. We discuss the extent to which the dichotomy transfers from the natural sciences (where Dyson proposed it) to the field of Pattern Recognition. To address this we must firstly ask what it means to be a “unifier” or “diversifier” in a field, and what are the relative merits of each style of thinking. Secondly, given that Dyson applied this to the sciences, does it also apply in a field known to be a blend of science and engineering? Parallels are drawn to Platonic/Aristotelian views, and to Cartesian/Baconian science, and questions are asked on what drives the Kuhnian paradigm shifts of our field. This article is intended not to marginalise individuals into categories (unifier/diversifier) but instead to demonstrate the utility of philosophical reflection on our field, showing the depth and complexities a seemingly simple idea can unearth

Expectations for Associative-Commutative Unification Speedups in a Multicomputer Environment

An essential element of automated deduction systems is unification algorithms which identify general substitutions and when applied to two expressions, make them identical. However, functions which are associative and commutative, such as the usual addition and multiplication functions, often arise in term rewriting systems, program verification, the theory of abstract data types and logic programming. The introduction to the associative and commutative equality axioms together with standard unification brings with it problems of termination and unreasonably large search spaces. One way around these problems is to remove the troublesome axioms from the system and to employ a unification algorithm which unifies modulo the axioms of associativity and commutativity. Unlike standard unification, the associative-commutative (AC) unification of two expressions can lead to the formation of many most general unifiers. A report is presented on a hybrid AC unification algorithm which has been implemented to run in parallel on an Intel iPSC/