[show abstract][hide abstract] ABSTRACT: Asymmetric unification is a new paradigm for unification modulo theories that introduces irreducibility constraints on one side of a unification problem. It has important applications in symbolic cryp-tographic protocol analysis, for which it is often necessary to put ir-reducibility constraints on portions of a state. However many facets of asymmetric unification that are of particular interest, including its behavior under combinations of disjoint theories, remain poorly under-stood. In this paper we give a new formulation of the method for uni-fication in the combination of disjoint equational theories developed by Baader and Schulz that both gives additional insights into the disjoint combination problem in general, and furthermore allows us to extend the method to asymmetric unification, giving the first unification method for asymmetric unification in the combination of disjoint theories.
FOSSACS 2014 - 17th International Conference on Foundations of Software Science and Computation Structures, Grenoble; 01/2014
[show abstract][hide abstract] ABSTRACT: A novel approach is described for the combination of uni-fication algorithms for two equational theories E1 and E2 which share function symbols. We are able to identify a set of restrictions and a com-bination method such that if the restrictions are satisfied the method produces a unification algorithm for the union of non-disjoint equational theories. Furthermore, we identify a class of theories satisfying the re-strictions. The critical characteristics of the class is the hierarchical orga-nization and the shared symbols being restricted to "inner constructors".
CADE-24 – the 24th International Conference on Automated Deduction; 01/2013
[show abstract][hide abstract] ABSTRACT: Arithmetic operators are extensively used in cryptographic protocols. While a protocol using such operations may appear safe if semantic properties of these operations are not used by an intruder, the protocol can become vulnerable otherwise. Several such examples have been reported in the literature. The focus in this paper is on the modu-lar exponentiation operator and its interaction with modular multiplication operators. Unification algorithms for theories involving exponentiation and multiplication opera-tions play an important role in state exploration based approaches for finding attacks. This paper gives decidability results for unification problems for subtheories of expo-nentiation. The first property considered is the simplification of exponentiation when the exponent is an expression involving modular multiplication The second prop-erty investigated is the simplification of exponentiation in which the base expression is expressed using yet another modular multiplication *. Extensions of these theories in which modular multiplication is associative and/or commutative are investigated. The approach used for developing unification algorithms is novel and hierarchical, in the sense a unification algorithm for properties of the multiplication operator can be employed as a plug-in into the inference rules for unification derived from equational properties of exponentiation with multiplication operations. A table summarizing all known results about theories of exponentiation is included as well.
Journal of Automata, Languages and Combinatorics. 01/2011; 16(2 - 4):109-140.
[show abstract][hide abstract] ABSTRACT: We prove that the Tiden and Arnborg algorithm for equational unification modulo one-sided distributivity is not polynomial time bounded as previously thought. A set of counterexamples is developed that demonstrates that the algorithm goes through exponentially many steps. Comment: In Proceedings UNIF 2010, arXiv:1012.4554
[show abstract][hide abstract] ABSTRACT: Modular exponentiation is a common mathematical operation in modern cryptography. This, along with modular multiplication at the base and exponent levels (to different moduli) plays an important role in a large number of key agreement protocols. In our earlier work, we gave many decidability as well as undecidability results for multiple equational theories, involving various properties of modular exponentiation. Here, we consider a partial subtheory focussing only on exponentiation and multiplication operators. Two main results are proved. The first result is positive, namely, that the unification problem for the above theory (in which no additional property is assumed of the multiplication operators) is decidable. The second result is negative: if we assume that the two multiplication operators belong to two different abelian groups, then the unification problem becomes undecidable. Comment: In Proceedings UNIF 2010, arXiv:1012.4554