Publications (9)0.36 Total impact
 Frontiers of Combining Systems  10th International Symposium, FroCoS 2015, Wroclaw; 09/2015

Conference Paper: Unification modulo a Theory of Pairing Encryption
UNIF 2015, 29th International Workshop on Unification  RDP 2015; 06/2015  [Show abstract] [Hide abstract]
ABSTRACT: An algorithm for unification modulo onesided distributivity is an early result by Tid\'en and Arnborg. More recently this theory has been of interest in cryptographic protocol analysis due to the fact that many cryptographic operators satisfy this property. Unfortunately the algorithm presented in the paper, although correct, has recently been shown not to be polynomial time bounded as claimed. In addition, for some instances, there exist most general unifiers that are exponentially large with respect to the input size. In this paper we first present a new polynomial time algorithm that solves the decision problem for a nontrivial subcase, based on a typed theory, of unification modulo onesided distributivity. Next we present a new polynomial algorithm that solves the decision problem for unification modulo onesided distributivity. A construction, employing string compression, is used to achieve the polynomial bound. Lastly, we examine the onesided distributivity problem in the new asymmetric unification paradigm. We give the first asymmetric unification algorithm for onesided distributivity.Logical Methods in Computer Science 03/2015; 11(2). DOI:10.2168/LMCS11(2:11)2015 · 0.36 Impact Factor  [Show abstract] [Hide abstract]
ABSTRACT: Asymmetric unification is a new paradigm for unification modulo theories that introduces irreducibility constraints on one side of a unification problem. It has important applications in symbolic cryptographic protocol analysis, for which it is often necessary to put irreducibility constraints on portions of a state. However many facets of asymmetric unification that are of particular interest, including its behavior under combinations of disjoint theories, remain poorly understood. In this paper we give a new formulation of the method for unification in the combination of disjoint equational theories developed by Baader and Schulz that both gives additional insights into the disjoint combination problem in general, and furthermore allows us to extend the method to asymmetric unification, giving the first unification method for asymmetric unification in the combination of disjoint theories.FOSSACS 2014  17th International Conference on Foundations of Software Science and Computation Structures, Grenoble; 04/2014 
Conference Paper: Hierarchical Combination
[Show abstract] [Hide abstract]
ABSTRACT: A novel approach is described for the combination of unification algorithms for two equational theories E1 and E2 which share function symbols. We are able to identify a set of restrictions and a combination method such that if the restrictions are satisfied the method produces a unification algorithm for the union of nondisjoint equational theories. Furthermore, we identify a class of theories satisfying the restrictions. The critical characteristics of the class is the hierarchical organization and the shared symbols being restricted to "inner constructors".CADE24 – the 24th International Conference on Automated Deduction; 06/2013  [Show abstract] [Hide abstract]
ABSTRACT: An algorithm for unification modulo onesided distributivity is an early result by Tiden and Arnborg [14]. Unfortunately the algorithm presented in the paper, although correct, has recently been shown not to be polynomial time bounded as claimed [11]. In addition, for some instances, there exist most general unifiers that are exponentially large with respect to the input size. In this paper we first present a new polynomial time algorithm that solves the decision problem for a nontrivial subcase, based on a typed theory, of unification modulo onesided distributivity. Next we present a new polynomial algorithm that solves the decision problem for unification modulo onesided distributivity. A construction, employing string compression, is used to achieve the polynomial bound.Proceedings of the 6th international joint conference on Automated Reasoning; 06/2012  [Show abstract] [Hide abstract]
ABSTRACT: Arithmetic operators are extensively used in cryptographic protocols. While a protocol using such operations may appear safe if semantic properties of these operations are not used by an intruder, the protocol can become vulnerable otherwise. Several such examples have been reported in the literature. The focus in this paper is on the modular exponentiation operator and its interaction with modular multiplication operators. Unification algorithms for theories involving exponentiation and multiplication operations play an important role in state exploration based approaches for finding attacks. This paper gives decidability results for unification problems for subtheories of exponentiation. The first property considered is the simplification of exponentiation when the exponent is an expression involving modular multiplication The second property investigated is the simplification of exponentiation in which the base expression is expressed using yet another modular multiplication *. Extensions of these theories in which modular multiplication is associative and/or commutative are investigated. The approach used for developing unification algorithms is novel and hierarchical, in the sense a unification algorithm for properties of the multiplication operator can be employed as a plugin into the inference rules for unification derived from equational properties of exponentiation with multiplication operations. A table summarizing all known results about theories of exponentiation is included as well. 
Conference Paper: On the Complexity of the TidenArnborg Algorithm for Unification modulo OneSided Distributivity
[Show abstract] [Hide abstract]
ABSTRACT: We prove that the Tiden and Arnborg algorithm for equational unification modulo onesided distributivity is not polynomial time bounded as previously thought. A set of counterexamples is developed that demonstrates that the algorithm goes through exponentially many steps. Comment: In Proceedings UNIF 2010, arXiv:1012.4554Proceedings 24th International Workshop on Unification; 12/2010 
Conference Paper: Unification modulo a partial theory of exponentiation
[Show abstract] [Hide abstract]
ABSTRACT: Modular exponentiation is a common mathematical operation in modern cryptography. This, along with modular multiplication at the base and exponent levels (to different moduli) plays an important role in a large number of key agreement protocols. In our earlier work, we gave many decidability as well as undecidability results for multiple equational theories, involving various properties of modular exponentiation. Here, we consider a partial subtheory focussing only on exponentiation and multiplication operators. Two main results are proved. The first result is positive, namely, that the unification problem for the above theory (in which no additional property is assumed of the multiplication operators) is decidable. The second result is negative: if we assume that the two multiplication operators belong to two different abelian groups, then the unification problem becomes undecidable. Comment: In Proceedings UNIF 2010, arXiv:1012.4554Proceedings 24th International Workshop on Unification; 12/2010
Publication Stats
9  Citations  
0.36  Total Impact Points  