Theoretical Computer Science
Handbook of formal languages, vol. 3
An attack on a recursive authentication protocol. A cautionary tale
Information Processing Letters
Key Agreement in Dynamic Peer Groups
IEEE Transactions on Parallel and Distributed Systems
A Method for Automatic Cryptographic Protocol Verification
IPDPS '00 Proceedings of the 15 IPDPS 2000 Workshops on Parallel and Distributed Processing
Beyond Regularity: Equational Tree Automata for Associative and Commutative Theories
CSL '01 Proceedings of the 15th International Workshop on Computer Science Logic
Abstracting Cryptographic Protocols with Tree Automata
SAS '99 Proceedings of the 6th International Symposium on Static Analysis
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Mechanized proofs for a recursive authentication protocol
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Tree automata with one memory set constraints and cryptographic protocols
Theoretical Computer Science - Automata, languages and programming
Journal of Computer and System Sciences
Counting and equality constraints for multitree automata
FOSSACS'03/ETAPS'03 Proceedings of the 6th International conference on Foundations of Software Science and Computation Structures and joint European conference on Theory and practice of software
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
Two-way equational tree automata for AC-like theories: decidability and closure properties
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
Alternating two-way AC-tree automata
Information and Computation
Flat and One-Variable Clauses for Single Blind Copying Protocols: The XOR Case
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
On the complexity of equational horn clauses
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
| Hi-index | 0.00 |
Equational tree automata accept terms modulo equational theories, and have been used to model algebraic properties of cryptographic primitives in security protocols. A serious limitation is posed by the fact that alternation leads to undecidability in case of theories like ACU and that of Abelian groups, whereas for other theories like XOR, the decidability question has remained open. In this paper, we give a positive answer to this open question by giving effective reductions of alternating general two-way XOR automata to equivalent one-way XOR automata in 3EXPTIME, which also means that they are closed under intersection but not under complementation. We also show that emptiness of these automata, which is needed for deciding secrecy, can be decided directly in 2EXPTIME, without translating them to one-way automata. A key technique we use is the study of Branching Vector Plus-Minimum Systems (BVPMS), which are a variant of VASS (Vector Addition Systems with States), and for which we prove a pumping lemma allowing us to compute their coverability set in EXPTIME.