TY - JOUR
T1 - Variant Narrowing and Equational Unification
AU - Escobar, Santiago
AU - Meseguer, José
AU - Sasse, Ralf
N1 - Funding Information:
Acknowledgements. S. Escobar has been partially supported by the EU (FEDER) and the Spanish MEC under grant TIN2007-68093-C02-02, and Integrated Action HA 2006-0007. J. Meseguer and R. Sasse have been partially supported by the ONR Grant N00014-02-1-0715, and by the NSF Grants IIS 07-20482 and CNS 07-16638.
PY - 2009/6/29
Y1 - 2009/6/29
N2 - Narrowing is a well-known complete procedure for equational E-unification when E can be decomposed as a union E = Δ {multiset union} B with B a set of axioms for which a finitary unification algorithm exists, and Δ a set of confluent, terminating, and B-coherent rewrite rules. However, when B ≠ ∅, effective narrowing strategies such as basic narrowing easily fail to be complete and cannot be used. This poses two challenges to narrowing-based equational unification: (i) finding effective narrowing strategies that are complete modulo B under mild assumptions on B, and (ii) finding sufficient conditions under which such narrowing strategies yield finitary E-unification algorithms. Inspired by Comon and Delaune's notion of E-variant for a term, we propose a new narrowing strategy called variant narrowing that has a search space potentially much smaller than full narrowing, is complete, and yields a finitary E-unification algorithm when E has the finite variant property. We also discuss applications to symbolic reachability analysis of concurrent systems specified as rewrite theories, and in particular to the formal analysis of cryptographic protocols modulo the algebraic properties of the underlying cryptographic functions.
AB - Narrowing is a well-known complete procedure for equational E-unification when E can be decomposed as a union E = Δ {multiset union} B with B a set of axioms for which a finitary unification algorithm exists, and Δ a set of confluent, terminating, and B-coherent rewrite rules. However, when B ≠ ∅, effective narrowing strategies such as basic narrowing easily fail to be complete and cannot be used. This poses two challenges to narrowing-based equational unification: (i) finding effective narrowing strategies that are complete modulo B under mild assumptions on B, and (ii) finding sufficient conditions under which such narrowing strategies yield finitary E-unification algorithms. Inspired by Comon and Delaune's notion of E-variant for a term, we propose a new narrowing strategy called variant narrowing that has a search space potentially much smaller than full narrowing, is complete, and yields a finitary E-unification algorithm when E has the finite variant property. We also discuss applications to symbolic reachability analysis of concurrent systems specified as rewrite theories, and in particular to the formal analysis of cryptographic protocols modulo the algebraic properties of the underlying cryptographic functions.
KW - Equational unification
KW - cryptographic protocol analysis
KW - finite variant property
KW - narrowing
KW - symbolic reachability analysis
UR - http://www.scopus.com/inward/record.url?scp=67649395597&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67649395597&partnerID=8YFLogxK
U2 - 10.1016/j.entcs.2009.05.015
DO - 10.1016/j.entcs.2009.05.015
M3 - Article
AN - SCOPUS:67649395597
SN - 1571-0661
VL - 238
SP - 103
EP - 119
JO - Electronic Notes in Theoretical Computer Science
JF - Electronic Notes in Theoretical Computer Science
IS - 3
ER -