Logical Analysis and Verification of Cryptographic Protocols - Loria

More documents

Recommendations

Info

168 CHAPTER 6. ON THE GROUND ENTAILMENT PROBLEMS resolution, we deduce that the empty clause can be derived from S by applying ordered resolution and ordered factoring inferences, and as each ordered resolution (respectively ordered factoring) inference is a selected resolution (respectively selected factoring) inference, by lemma 57, we conclude the proof. � Lemma 60 If a set S of clauses is satisfiable then the empty clause can not be derived from S by applying selected resolution and selected factoring inferences. PROOF. Let S be a set of satisfiable clauses and let us prove the lemma by contradiction. Assume that the empty clause can be derived from S by applying selected resolution and selected factoring inferences. This implies that the empty clause can be derived from S by applying resolution and factoring inferences, by lemma 57 which is impossible due to the soundness of resolution and the unsatisfiability of S. � 6.5.2 A decidability result In the rest of this chapter, we consider a complete simplification ordering ≻t over terms and a complete ordering ≻a over atoms compatible with ≻t. We recall the definition of a complete ordering. An ordering over a set of elements is said to be complete if it is total over ground elements of this set. A complete simplification ordering over terms is any ordering over terms which is well-founded, monotone, stable, subterm, and total over ground terms. We call an atom ordering ≻a compatible with the term ordering ≻t if it satisfies the following condition: p(t1, . . . , tk)≻aq(s1, . . . , sn) if and only if for any j with 1 ≤ j ≤ n there exists an i with 1 ≤ i ≤ k such that ti≻tsj. In the following lemma, we show some properties of the atom ordering ≻a. Lemma 61 The ordering ≻a is: (1) well-founded, (2) monotone, (3) and B ≺a A implies V ar(B) ⊆ V ar(A). PROOF. We recall that the ordering ≻a is compatible with the complete simplification ordering ≻t and ≻a is total on ground atoms. 1. Let us prove that ≻a is well-founded by contradiction. Assume that ≻a is not well-founded. By definition, there is an infinite descending chain of atoms A0≻aA1≻a . . .. By the compatibility of ≻a with ≻t, we deduce that there is an infinite descending chain of terms t0≻tt1≻t . . . where ti is a term
6.5. A DECIDABILITY RESULT 169 � of the atom Ai. That implies ≻t is not well-founded which contradicts the fact that ≻t is a complete simplification ordering. 2. Let A, B be two atoms such that B ≺a A. Suppose that A = I(t1, . . . , tn) and B = I ′ (s1, . . . , sm). By the compatibility of ≻a with ≻t, for all i ∈ {1, . . . , m}, there is j ∈ {1, . . . , n} such that si ≺t tj, and then, by monotonicity of ≻t, siσ ≺t tjσ for any substitution σ. Again by the compatibility of ≻a with ≻t, we deduce that Bσ ≺a Aσ for any σ and then the monotonicity of ≻a. 3. Let A, B be two atoms such that B ≺a A. By the compatibility of ≻a with ≻t, each term in B is smaller than a term in A for the ordering ≻t and as V ar(t) ⊆ V ar(t ′ ) for all terms t, t ′ and t ≺t t ′ (Lemma 6), we deduce that V ar(B) ⊆ V ar(A). Lemma 62 If C is a ground atom there is no infinite chain of atoms C → R g S C1 → R g S . . .. PROOF. Let us prove the lemma by contradiction. Let C be a ground atom and suppose that there is an infinite chain of atoms C = C0 → g RS C1 → g R . . .. For S every i ≥ 0, we have Ci → g RS Ci+1 ∈ R g S and then, by definition of →R g and by S lemma 61, Ci≻aCi+1. From the infinite chain starting from C using the relation → R g S , we deduce that there is an infinite chain C≻aC1≻a . . . starting from C and using the ordering ≻a which contradicts the well-foundness of ≻a and thus, we conclude the proof. � Given a ground atom A, the set Succ(A) of ground atoms is defined as follows: B ∈ Succ(A) if and only if A → R g S B. Lemma 63 If S is a finite and saturated set of clauses then for every ground atom C, Succ(C) is finite. PROOF. Let S be a finite and saturated set of clauses and let RS and R g S be the sets of rewriting rules constructed as defined before (Section 6.5.1). Let As → Bs is a rewriting rule in RS and let σ be a substitution grounding A s and B s . We recall that R g S is the set of ground instances of rewriting rules in RS, and hence, A s σ → B s σ ∈ R g S . Assume that As σ → B s σ be a rewriting rule in R g S that can be applied on C. As C and A s σ are ground, we have C = A s σ. This implies that C and A s are unifiable. As C is ground and by the unification, σ is the unique unifier of C and A s . We deduce that, for each rule in RS, at most one ground instance will be applied on C and by the finiteness of RS, obtained due to the finiteness of S, we conclude the proof. �
Page 1:
Logical Analysis and Verification o
Page 5:
Abstract This thesis is developed i
Page 8 and 9:
viii
Page 10 and 11:
x CONTENTS 2.1.7 Unification . . .
Page 12 and 13:
xii CONTENTS 5.8 Decidability of re
Page 14 and 15:
2 CHAPTER 1. INTRODUCTION Figure 1.
Page 16 and 17:
4 CHAPTER 1. INTRODUCTION Secrecy T
Page 18 and 19:
6 CHAPTER 1. INTRODUCTION “G”.
Page 20 and 21:
8 CHAPTER 1. INTRODUCTION And, a pe
Page 22 and 23:
10 CHAPTER 1. INTRODUCTION intercep
Page 24 and 25:
12 CHAPTER 1. INTRODUCTION Figure 1
Page 26 and 27:
14 CHAPTER 1. INTRODUCTION have bee
Page 28 and 29:
16 CHAPTER 1. INTRODUCTION the orde
Page 30 and 31:
18 CHAPTER 1. INTRODUCTION 1.5.3 Ch
Page 32 and 33:
20 CHAPTER 2. PROTOCOL ANALYSIS USI
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
58 CHAPTER 3. PROTOCOLS WITH VULNER
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
100 CHAPTER 4. PROTOCOLS WITH VULNE
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
112 CHAPTER 5. SATURATED DEDUCTION
Page 126 and 127:
Page 128 and 129:
Page 130 and 131: 118 CHAPTER 5. SATURATED DEDUCTION
Page 160 and 161: 148 CHAPTER 6. ON THE GROUND ENTAIL
Page 190 and 191: 178 CHAPTER 7. VOTER VERIFIABILITY
Page 210 and 211: 198 CHAPTER 8. CONCLUSION AND PERSP
Page 212 and 213: 200 CHAPTER 8. CONCLUSION AND PERSP
Page 214 and 215: 202 BIBLIOGRAPHY [12] M. Abadi and
Page 216 and 217: 204 BIBLIOGRAPHY [36] M. Bellare, A
Page 218 and 219: 206 BIBLIOGRAPHY [60] U. Hustadt Ch
Page 220 and 221: 208 BIBLIOGRAPHY [83] H. Comon-Lund
Page 222 and 223: 210 BIBLIOGRAPHY [108] B. Donovan,
Page 224 and 225: 212 BIBLIOGRAPHY [132] T. Kohno, A.
Page 226 and 227: 214 BIBLIOGRAPHY [160] J. C. Mitche
Page 228 and 229: 216 BIBLIOGRAPHY [187] H. Seidl and
show all

Logical Analysis and Verification of Cryptographic Protocols - Loria

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?