Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6.5. A DECIDABILITY RESULT 173<br />
Thus:<br />
• If C3 is a ground instance <strong>of</strong> a clause in S (i.e. C s 3 ∈ S). Then we have<br />
µ(C3) = µ(C1, C2) \ {A} <strong>and</strong> thus:<br />
µ(C3) ⊆ µ(π) \ {A}<br />
⊆ µ(π) ↓S \{A}<br />
The second inclusion is correct since A is maximal in δS(π, C), <strong>and</strong> thus in<br />
µ(π).<br />
• Otherwise, by definition <strong>of</strong> the saturation algorithm the selected resolution<br />
inference applied on C s 1 <strong>and</strong> C s 2 is redundant <strong>and</strong>, by definition <strong>of</strong> re-<br />
dundancy, all its ground instances are redundant <strong>and</strong> hence the inference<br />
Γ→A,∆ A,Γ ′ →∆ ′<br />
Γ,Γ ′ →∆,∆ ′ is redundant. This implies that the clause C3 = Γ, Γ ′ →<br />
∆, ∆ ′ can be deduced from a finite set S ′ <strong>of</strong> ground clauses instances <strong>of</strong><br />
clauses in S such that<br />
µ(S ′ ) ⊆ µ(C1, C2) ↓S \{A}<br />
⊆ µ(π) ↓S \{A}<br />
Again, the second inclusion holds because A is maximal in δS(π, C), <strong>and</strong><br />
thus in µ(π).<br />
By iterating the construction on π we find another pro<strong>of</strong> π ′ such that<br />
µ(π ′ ) ⊆ µ(π) ↓S \{A}<br />
µ(π ′ ) ↓S⊆ (µ(π) ↓S \{A}) ↓S<br />
Since A is a maximal in π for ≺a this implies:<br />
µ(π ′ ) ↓S⊆ ((µ(π)\{A}) ↓S ∪({A} ↓S \{A})) ↓S = (µ(π) ↓S ∪{A} ↓S) ↓S \{A} =<br />
Since A ∈ δS(π, C) we have A /∈ µ(C) ↓S, <strong>and</strong> thus we have:<br />
δS(π ′ , C) = µ(π ′ ) ↓S \µ(C) ↓S<br />
⊆ ((µ(π) ↓S ∪{A} ↓S) \ {A}) \ µ(C) ↓S<br />
⊆ ((µ(π) ↓S ∪{A} ↓S) \ µ(C) ↓S) \ {A}<br />
< {A}<br />
< δS(π, C)<br />
Thus π is not such that δS(π, C) is minimal. �