Papers by Paliath Narendran
Journal of the ACM, Jan 2, 1993
In this paper, it is shown that there is an algorithm that, given any finite set E of ground equa... more In this paper, it is shown that there is an algorithm that, given any finite set E of ground equations, produces a reduced canonical rewriting system R equivalent to E in polynomial time. This algorithm based on congruence closure performs simplification steps guided by a total simplification ordering on ground terms, and it runs in time 0(n3).
Journal of Symbolic Computation, May 1, 1989
The question of whether a monoid presented by a finite Thue system is cancellative is shown to be... more The question of whether a monoid presented by a finite Thue system is cancellative is shown to be undecidable (its negation is semidecidable), even when the Thue system is Church-Rosser. A decision procedure is described for the cjise of monadic Church-Rosser Thue systems and general commutative Thue systems. 'The results in this paper were first presented at the Workshop for Combinatorial Algorithms in Algebraic Structures, held in October 1985 at the Europaische Akademie, Otzenhausen, West Germany, under the auspices of Universitat Kaiserslautern. Work by the first author was supported in part by the National Science Foundation under grant DCR 84-08461. Work by the second author was supported in part by the National Science Foundation under grant DCR 84-01898.
The goal of cryptographic protocols is to provide secure communication, and after one time runnin... more The goal of cryptographic protocols is to provide secure communication, and after one time running of a protocol is finished, some accomplishments should be achieved. These accomplishments may include: a key is shared secretly between two authentic users; a user is successfully convinced of the identity of another user; etc. However, if a cryptographic protocol is not designed correctly, it may fail to accomplish the goal it is designed to accomplish. Security flaws can be subtle and hard to find. Formal verification of cryptographic protocols intends to give rigorous and thorough means of protocol analysis so that even the subtlest error of a protocol can be found. Most versions of the state-based approach towards formal cryptographic protocol analysis is based on Dolev and Yao model. Their model of intruder activity does not consider any algebraic property of cryptographic primitives, making the perfect encryption assumption: that is, the cryptosystems are free of any properties except that encryption and decryption with the same key cancel each other out. The NRL Protocol Analyzer (NPA) by Catherine Meadows that this thesis is inspired by is also based on the Dolev-Yao model, but it extends it in many ways, and in particular, relaxes the perfect encryption assumption. Currently, the NPA exploits the state exploration facility by simple unification in combination with equational unification using a narrowing procedure (Narrowing is a procedure that is used to find solutions with respect to a set of terminating rewrite rules). We study equational unification problems with respect to five theories capturing properties of modular multiplication and exponentiation operations that are used in many modern cryptographic algorithms and could not be represented using terminating rewrite systems. For two of these theories, algorithms of equational unification are given, whereas for the remaining three theories, equational unification problems are proved to be undecidable. As a byproduct, we develop a new algorithm for computing strong Grobner bases for right ideals in Z , an algebraic structure similar to a polynomial ring over the integers, except that the indeterminates do not commute.
EPiC series in computing, Jan 23, 2018
HAL (Le Centre pour la Communication Scientifique Directe), Jun 26, 2012
arXiv (Cornell University), Jun 15, 2023
arXiv (Cornell University), Feb 27, 2021
In this paper, we investigate problems which are dual to the unification problem, namely the Fixe... more In this paper, we investigate problems which are dual to the unification problem, namely the Fixed Point (FP) problem, Common Term (CT) problem and the Common Equation (CE) problem for string rewriting systems. Our main motivation is computing fixed points in systems, such as loop invariants in programming languages. We show that the fixed point (FP) problem is reducible to the common term problem. Our new results are: (i) the fixed point problem is undecidable for finite convergent string rewriting systems whereas it is decidable in polynomial time for finite, convergent and dwindling string rewriting systems, (ii) the common term problem is undecidable for the class of dwindling string rewriting systems, and (iii) for the class of finite, monadic and convergent systems, the common equation problem is decidable in polynomial time but for the class of dwindling string rewriting systems, common equation problem is undecidable. Key words and phrases: unification, convergent string-rewriting systems, fixed point problem, common term problem, common equation problem, conjugacy problem, common multiplier problem. * A variant of the paper has also been published in [Akç18, AHN17, AIN17]. Some of the results reported here are a partial fulfillment of the Ph.D. requirements of the fourth author, and will be part of his dissertation. Thanks to Dr. Daniel J. Dougherty for his feedback.
Springer eBooks, 1999
... J. Marcinkowski Deciding the Satisfiability of Quantifier Free Formulae on One-Step Rewrit-in... more ... J. Marcinkowski Deciding the Satisfiability of Quantifier Free Formulae on One-Step Rewrit-ing..... ... 220 F. van Raamsdonk Session 8: System Descriptions The Maude System..... ...
Lecture Notes in Computer Science, 1998
We show that simultaneous rigid E-unification, or SREU for short, is decidable and in fact EXPTIM... more We show that simultaneous rigid E-unification, or SREU for short, is decidable and in fact EXPTIME-complete in the case of one variable. This result implies that the ∀ * ∃∀ * fragment of intuitionistic logic with equality is decidable. Together with a previous result regarding the undecidability of the ∃∃-fragment, we obtain a complete classification of decidability of the prenex fragment of intuitionistic logic with equality, in terms of the quantifier prefix. It is also proved that SREU with one variable and a constant bound on the number of rigid equations is Pcomplete.
Journal of Symbolic Computation, 1991
The inductionless induction (also called proof by consistency) approach for proving equations by ... more The inductionless induction (also called proof by consistency) approach for proving equations by induction from an equational theory, requires a consistency cheek for equational theories. A new method using test sets for checking consistency of an equational theory is proposed. Using this method, a variation of the Knuth-Bendix completion procedure can be used for automatically proving equations by induction. The method does not suffer from limitations imposed by the methods proposed by Musser as well as by Huet and Hullot, and is as powerful as Jouannaud and Kounalis' method based on ground-reducibility. A theoretical comparison of the test set method with Jouannaud and Kounalis' method is given showing that the test set method is generally much better. Both the methods have been implemented in RRL, Rewrite Rule Laboratory, a theorem proving environment based on rewriting techmques and completion. In practice also, the test set method is faster than Jouannaud and Kounalis' method. The test set construction can also be used to check for the sufficient-completeness property of equational axiomatizations including algebraic specifications of abstract data types as well as for identifying constructors in an algebraic specification.
Journal of Symbolic Computation, Aug 1, 1988
The Knuth and Bendix test for local confluence of a term rewriting system involves generating $up... more The Knuth and Bendix test for local confluence of a term rewriting system involves generating $uperposifions of the left-hand sides, and for each superposition deriving a critical pair of terms and checking whether these terms reduce to the same term. We prove that certain superpositions~ which are called composite because they can be split into other superpositinns, do not have to be subjected to the critlcal-pair-joinability test; it suffices to consider olaly prime superpositions. As a corollary, this result settles a conjecture of Lankford that unblocked superpositions can be omitted. To prove the result, we introduce new concepts and proof teehnlques which appear useful for other proofs relating to the Chureh-Rosser property. This test has been implemented in the completion procedures for ordinary term rewriting systems as well as term rewriting systems with assoeiative-commutative operators. Performance of the completion procedures with this test and without the test are compared on a number of examples in the Rewrite Rule Laboratory (RRL) being developed at General Elaetrie Research and Development Center.
Asymmetric unification is a new paradigm for unification modulo theories that introduces irreduci... more Asymmetric unification is a new paradigm for unification modulo theories that introduces irreducibility constraints on one side of a unification problem. It has important applications in symbolic cryptographic protocol analysis, for which it is often necessary to put irreducibility constraints on portions of a state. However many facets of asymmetric unification that are of particular interest, including its behavior under combinations of disjoint theories, remain poorly understood. In this paper we give a new formulation of the method for unification in the combination of disjoint equational theories developed by Baader and Schulz that both gives additional insights into the disjoint combination problem in general, and furthermore allows us to extend the method to asymmetric unification, thus giving the first unification method for asymmetric unification in the combination of disjoint theories.
arXiv (Cornell University), Jun 15, 2017
We compare two kinds of unification problems: Asymmetric Unification and Disunification, which ar... more We compare two kinds of unification problems: Asymmetric Unification and Disunification, which are variants of Equational Unification. Asymmetric Unification is a type of Equational Unification where the right-hand sides of the equations are in normal form with respect to the given term rewriting system. In Disunification we solve equations and disequations with respect to an equational theory for the case with free constants. We contrast the time complexities of both and show that the two problems are incomparable: there are theories where one can be solved in Polynomial time while the other is NP-hard. This goes both ways. The time complexity also varies based on the termination ordering used in the term rewriting system.
We model block chaining in terms of a simple, convergent, rewrite system over a signature with tw... more We model block chaining in terms of a simple, convergent, rewrite system over a signature with two disjoint sorts: list and element. By interpreting a particular symbol of this signature suitably, the rewrite system can model several practical situations of interest. An inference procedure is presented for deciding the unification problem modulo this rewrite system. The procedure is modular in the following sense: any given problem is handled by a system of 'list-inferences', and the set of equations thus derived between the element-terms of the problem is then handed over to any ('black-box') procedure which is complete for solving these element-equations. An example of application of this unification procedure is given, as attack detection on a Needham-Schroeder like protocol employing the CBC encryption mode.
HAL (Le Centre pour la Communication Scientifique Directe), 2004
The techniques and tools of unification theory have long been a core component of many areas of a... more The techniques and tools of unification theory have long been a core component of many areas of automated deduction and logic programming. In particular, equational unification with the purpose of dealing with unification modulo equational axioms is of critical importance to such areas as automated theorem proving and term rewriting. More recently unification has become important in formal verification, particularly in cryptographic protocol analysis. We study the algorithmic and complexity issues of several equational theories with respect to the unification problem. Specifically, we study the one-sided distributive unification problem and the unification problem for modular exponentiation. We prove an exponential runtime bound on the algorithm developed by Tiden and Arnborg, for one-sided distributivity, demonstrating the previous polynomial runtime claim for this algorithm was incorrect. The result also implies the existence of exponential, with respect to the initial unification problem, most general unifiers. We next show that the decision form of the one-sided distributive unification problem is in P by developing a new algorithm with a polynomial bounded runtime. A construction, employing string compression, is used to achieve the polynomial bound. In addition, a new polynomial time algorithm for a variant of one-sided distributivity, called single homomorphism, is developed. We next study a theory for modular exponentiation and develop a new unification algorithm for this theory. We then show that if this theory is extended in a natural way, by the addition of abelian group axioms for two of the operators, the unification problem becomes undecidable. These results help further define the boundary of what theories of exponentiation are usable in protocol analysis.
EPiC series in computing, Jan 23, 2018
EPiC series in computing, Jan 23, 2018
Uploads
Papers by Paliath Narendran