On the Complexity of Equational Horn Clauses

  • Kumar Neeraj Verma
  • Helmut Seidl
  • Thomas Schwentick
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3632)


Security protocols employing cryptographic primitives with algebraic properties are conveniently modeled using Horn clauses modulo equational theories. We consider clauses corresponding to the class \(\mathcal{H}3\) of Nielson, Nielson and Seidl. We show that modulo the theory ACU of an associative-commutative symbol with unit, as well as its variants like the theory XOR and the theory AG of Abelian groups, unsatisfiability is NP-complete. Also membership and intersection-non-emptiness problems for the closely related class of one-way as well as two-way tree automata modulo these equational theories are NP-complete. A key technical tool is a linear time construction of an existential Presburger formula corresponding to the Parikh image of a context-free language. Our algorithms require deterministic polynomial time using an oracle for existential Presburger formulas, suggesting efficient implementations are possible.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: CSFW 2001, pp. 82–96. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  2. 2.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: LICS 2003, pp. 261–270 (2003)Google Scholar
  3. 3.
    Colcombet, T.: Rewriting in the partial algebra of typed terms modulo AC. In: Electronic Notes in Theoretical Computer Science, vol. 68, Elsevier Science Publishers, Amsterdam (2002)Google Scholar
  4. 4.
    Comon, H., Dauchet, M., Gilleron, R., Jacquemard, F., Lugiez, D., Tison, S., Tommasi, M.: Tree automata techniques and applications (1997),
  5. 5.
    Comon-Lundh, H., Cortier, V.: New decidability results for fragments of first-order logic and application to cryptographic protocols. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 148–164. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security (2005) (To appear)Google Scholar
  7. 7.
    de Groote, P., Guillaume, B., Salvati, S.: Vector addition tree automata. In: LICS 2004, pp. 64–73. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  8. 8.
    Esparza, J.: Petri nets, commutative context-free grammars, and basic parallel processes. Fundam. Inform. 31(1), 13–25 (1997)zbMATHMathSciNetGoogle Scholar
  9. 9.
    Ginsburg, S., Spanier, E.H.: Semigroups, Presburger formulas and languages. Pacific Journal of Mathematic 16(2), 285–296 (1966)zbMATHMathSciNetGoogle Scholar
  10. 10.
    Goubault-Larrecq, J., Parrennes, F.: Cryptographic protocol analysis on real C code. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 363–379. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Goubault-Larrecq, J., Roger, M., Verma, K.N.: Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically. Journal of Logic and Algebraic Programming (2005) (to appear), Available as Research Report LSV-04-7, LSV, ENS CachanGoogle Scholar
  12. 12.
    Lugiez, D.: Counting and equality constraints for multitree automata. In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 328–342. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Nielson, F., Riis Nielson, H., Seidl, H.: Normalizable horn clauses, strongly recognizable relations, and spi. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 20–35. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Ohsaki, H., Takai, T.: Decidability and closure properties of equational tree languages. In: Tison, S. (ed.) RTA 2002. LNCS, vol. 2378, pp. 114–128. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Parikh, R.J.: On context-free languages. Journal of the ACM 13(4), 570–581 (1966)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Rusinowitch, M., Vigneron, L.: Automated deduction with associative-commutative operators. Applicable Algebra in Engineering, Communication and Computation 6, 23–56 (1995)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Seidl, H., Schwentick, T., Muscholl, A.: Numerical document queries. In: PODS 2003, pp. 155–166 (2003)Google Scholar
  18. 18.
    Seidl, H., Schwentick, T., Muscholl, A., Habermehl, P.: Counting in trees for free. In: Díaz, J., Karhumäki, J., Lepistö, A., Sannella, D. (eds.) ICALP 2004. LNCS, vol. 3142, pp. 1136–1149. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Seidl, H., Verma, K.N.: Flat and one-variable clauses: Complexity of verifying cryptographic protocols with single blind copying. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS (LNAI), vol. 3452, pp. 79–94. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Verma, K.N.: Two-way equational tree automata for AC-like theories: Decidability and closure properties. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 180–196. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Verma, K.N.: Alternation in equational tree automata modulo XOR. In: Lodaya, K., Mahajan, M. (eds.) FSTTCS 2004. LNCS, vol. 3328, pp. 518–530. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Verma, K.N., Goubault-Larrecq, J.: Karp-Miller trees for a branching extension of VASS. Research Report LSV-04-3, LSV, ENS Cachan, France (January 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Kumar Neeraj Verma
    • 1
  • Helmut Seidl
    • 1
  • Thomas Schwentick
    • 2
  1. 1.Institut für InformatikTechnische Universität MünchenGermany
  2. 2.Fachbereich Mathematik und InformatikPhilipps-Universität MarburgGermany

Personalised recommendations