On solving systems of random linear disequations

An important subcase of the hidden subgroup problem is equivalent to the shift problem over abelian groups. An efficient solution to the latter problem would serve as a building block of quantum hidden subgroup algorithms over solvable groups. The main idea of a promising approach to the shift problem is reduction to solving systems of certain random disequations in finite abelian groups. The random disequations are actually generalizations of linear functions distributed nearly uniformly over those not containing a specific group element in the kernel. In this paper we give an algorithm which finds the solutions of a system of N random linear disequations in an abelian p-group A in time polynomial in N, where N=(log|A|)^{O(q)}, and q is the exponent of A.Comment: 13 page

Trace Equivalence Decision: Negative Tests and Non-determinism

We consider security properties of cryptographic protocols that can be modeled using the notion of trace equivalence. The notion of equivalence is crucial when specifying privacy-type properties, like anonymity, vote-privacy, and unlinkability. In this paper, we give a calculus that is close to the applied pi calculus and that allows one to capture most existing protocols that rely on classical cryptographic primitives. First, we propose a symbolic semantics for our calculus relying on constraint systems to represent infinite sets of possible traces, and we reduce the decidability of trace equivalence to deciding a notion of symbolic equivalence between sets of constraint systems. Second, we develop an algorithm allowing us to decide whether two sets of constraint systems are in symbolic equivalence or not. Altogether, this yields the first decidability result of trace equivalence for a general class of processes that may involve else branches and/or private channels (for a bounded number of sessions)

Solving disequations

We present a general study of equations (objects of form s=t and disequations (objects of form s \ne t) solving. The problem is approached from its fully general mathematical definition clearly separating universally and existentially quantified variables. In addition it is showed to have many connections with unification in equational theories like associativity commutativity, in particular methods similar to those used to solve equational unification problem works in solving disequations. This abstract framework is then applied to study the sufficient completeness of a rewrite rule based definition of a function

Nominal disunification

Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Matemática, 2019.Propõe-se uma extensão para problemas de disunificação de primeira-ordem adicionando suporte a operadores de ligação de acordo com a abordagem nominal. Nesta abordagem, abstração é implementada usando átomos nominais ao invés de variáveis de ligação como na representação clássica de termos e renomeamento de átomos é implementado por permutações. Em lógica nominal problemas de unificação consistem de perguntas equacionais da forma s ≈α ? t (lê-se: s é α-equivalente a t?) consideradas sobre problemas de freshness da forma a# ? t (lê-se: a é fresco em t?) que restringem soluções proibindo ocorrências livres de átomos na instanciação de variáveis. Além dessas questões equacionais e freshness, problemas de disunificação nominal incluem restrições na forma de disequações s ̸≈α ? t (lê-se: s é αdiferente de t?) com soluções dadas por pares consistindo de uma substituição σ e um conjunto de restrições de freshness na forma a#X tal que sobre estas restrições a σ-instanciação de equações, disequações, e problemas de freshness são válidas. Mostra-se, reutilizando noções de unificação nominal, como decidir se dois termos nominais podem ser feitos diferentes módulo α-equivalência. Isso é feito extendendo resultados anteriores sobre disunificação de primeira ordem e definindo a noção de soluções com exceção na linguagem nominal. Uma discussão sobre a semântica de restrições em forma de disequações também é apresentada.Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq).An extension of first-order disunification problems is proposed by taking into account binding operators according to the nominal approach. In this approach, bindings are implemented through nominal atoms used instead of binding variables and renaming of atoms are implemented by atom permutations. In the nominal setting, unification problems consist of equational questions of the form s ≈α ? t (read: is s α-equivalent to t?) considered under freshness problems a# ? t (read: is a fresh for t?) that restrict solutions by forbidding free occurrences of atoms in the instantiations of variables. In addition to equational and freshness problems, nominal disunification problems also include nominal disunification constraints in the form of disequations s ̸≈α ? t (read: is s α-different to t?) and their solutions consist of pairs of a substitution σ and a finite set of freshness constraints in the form of a#X such that under these restrictions the σ-instantiation of the equations, disequations, and freshness problems holds. By re-using nominal unification techniques, it is shown how to decide whether two nominal terms can be made different modulo α-equivalence. This is done by extending previous results on first-order disunification and by defining the notion of solutions with exceptions in the nominal syntax. A discussion on the semantics of disunification constraints is also given

Automating Security Analysis: Symbolic Equivalence of Constraint Systems

We consider security properties of cryptographic protocols, that are either trace properties (such as confidentiality or authenticity) or equivalence properties (such as anonymity or strong secrecy). Infinite sets of possible traces are symbolically represented using deducibility constraints. We give a new algorithm that decides the trace equivalence for the traces that are represented using such constraints, in the case of signatures, symmetric and asymmetric encryptions. Our algorithm is implemented and performs well on typical benchmarks. This is the first implemented algorithm, deciding symbolic trace equivalence

Solving Language Equations and Disequations Using Looping Tree Automata with Colors

We extend previous results on the complexity of solving language equations with one-sided concatenation and all Boolean operations to the case where also disequations (i.e., negated equations) may occur. To show that solvability of systems of equations and disequations is still in ExpTime, we introduce a new type of automata working on infinite trees, which we call looping automata with colors. As applications of these results, we show new complexity results for disunification in the description logic FL₀ and for monadic set constraints with negation. We believe that looping automata with colors may also turn out to be useful in other applications.A short version of this report has also appeared in Proceedings of LPAR-18, Springer LNCS 7180, 2012

Combination techniques and decision problems for disunification

Previous work on combination techniques considered the question of how to combine unification algorithms for disjoint equational theories E_{1} ,...,E_{n} in order to obtain a unification algorithm for the union E1 unified ... unified En of the theories. Here we want to show that variants of this method may be used to decide solvability and ground solvability of disunification problems in E_{1}cup...cup E_{n}. Our first result says that solvability of disunification problems in the free algebra of the combined theory E_{1}cup...cup E_{n} is decidable if solvability of disunification problems with linear constant restrictions in the free algebras of the theories E_{i}(i = 1,...,n) is decidable. In order to decide ground solvability (i.e., solvability in the initial algebra) of disunification problems in E_{1}cup...cup E_{n} we have to consider a new kind of subproblem for the particular theories Ei, namely solvability (in the free algebra) of disunification problems with linear constant restriction under the additional constraint that values of variables are not Ei-equivalent to variables. The correspondence between ground solvability and this new kind of solvability holds, (1) if one theory Ei is the free theory with at least one function symbol and one constant, or (2) if the initial algebras of all theories Ei are infinite. Our results can be used to show that the existential fragment of the theory of the (ground) term algebra modulo associativity of a finite number of function symbols is decidable; the same result follows for function symbols which are associative and commutative, or associative, commutative and idempotent