An Equation-Based Classical Logic

Abstract

We propose and study a logic able to state and reason about equational constraints, by combining aspects of classical propositional logic, equational logic, and quantifiers. The logic has a classical structure over an algebraic base, and a form of universal quantification distinguishing between local and global validity of equational constraints. We present a sound and complete axiomatization for the logic, parameterized by an equational specification of the algebraic base. We also show (by reduction to SAT) that the logic is decidable, under the assumption that its algebraic base is given by a convergent rewriting system, thus covering an interesting range of examples. As an application, we analyze offline guessing attacks to security protocols, where the equational base specifies the algebraic properties of the cryptographic primitives.

6 Appendix

Proof

(Lemma 1 ). To deduce \(\forall (\varphi _1\rightarrow \varphi _2)\rightarrow (\forall \varphi _1\rightarrow \forall \varphi _2)\) we assume \(\forall (\varphi _1\rightarrow \varphi _2)\) and prove that \(\forall \varphi _1\rightarrow \forall \varphi _2.\) Applying MTD we will be done.

In order to prepare the proof of Lemma 3 we present an auxiliary result whose proof we omit but follows easily by induction on the complexity of \(\varphi \).

Lemma 5

Given \(\lnot \forall \varphi _0\in \varXi \) and a local formula \(\varphi \in Loc \) with \(names(\varphi )=\tilde{n}\), \(\forall [\varphi ]_{\tilde{c}_{\varphi _0}}^{\tilde{n}}\in \varXi \text { if and only if }\mathbb {A},\rho ^{\lnot \forall \varphi _0}\Vdash _{loc} [\varphi ]_{\tilde{c}_{\varphi _0}}^{\tilde{n}}.\)

Proof

(Lemma 3 ). Recall that \(RelAt(\varDelta \cup \{\lnot \delta \})\subseteq \forall Loc\cup \lnot \forall Loc\) and let \(\gamma \in RelAt(\varDelta \cup \{\lnot \delta \})\). We split the proof in two cases:

• if \(\gamma \) is of the form \(\forall \varphi \) with \(names(\varphi )=\tilde{n}\), we need to prove that for any \(\rho \in S\) \(\mathbb {A},\rho \Vdash _{loc}\varphi .\) Let \(\rho \in S\) and recall that \(\rho \) was motivated by some \(\lnot \forall \varphi _0\in \varXi \), say that \(\rho =\rho ^{\lnot \forall \varphi _0}\). Since \(\forall \varphi \in RelAt(\varDelta \cup \{\lnot \delta \})\subseteq \varXi \) it follows that \(\forall [\varphi ]_{\tilde{c}_{\varphi _0}}^{\tilde{n}}\in \varXi \) by construction of W. Using Lemma 5 we conclude that \(\mathbb {A},\rho ^{\lnot \forall \varphi _0}\Vdash _{loc}\forall [\varphi ]_{\tilde{c}_{\varphi _0}}^{\tilde{n}},\) which according to definition of \(\rho ^{\lnot \forall \varphi _0}\) implies \(\mathbb {A},\rho ^{\lnot \forall \varphi _0}\Vdash _{loc} \varphi .\)

• on the other hand, if \(\gamma \) is of the form \(\lnot \forall \varphi \) with \(names(\lnot \varphi )=names(\varphi )=\tilde{n}\), consider the already defined outcome \(\rho ^{\lnot \forall \varphi }\in S\). Notice that since \(\lnot \forall \varphi \in \varXi \) it follows that \(\forall [\lnot \varphi ]_{\tilde{c}_{\varphi }}^{\tilde{n}}\in \varXi \). Lemma 5 implies \(\mathbb {A},\rho ^{\lnot \forall \varphi }\Vdash _{loc}[\lnot \varphi ]_{\tilde{c}_{\varphi }}^{\tilde{n}}\), which by definition of \(\rho ^{\lnot \forall \varphi }\) implies \(\mathbb {A},\rho ^{\lnot \forall \varphi }\Vdash _{loc}\lnot \varphi .\) Therefore \(\mathbb {A},S\Vdash \lnot \forall \varphi .\) \(\square \)

To prove soundness and completeness of the procedure of Satisfiability presented in proof of Theorem 2 (Lemma 4) we define a translation of outcomes with values in a F-algebra \(\langle A,-^{\mathbb {A}}\rangle \) to valuations in the propositional context, and vice-versa. For the first kind of translation, denote by \(v_{(\cdot )}\) the transformation of outcomes into valuations, \(v_{(\cdot )}: A^N\rightarrow \{0,1\}^{\mathcal {B}}:\) given \(\rho \in A^N\), let \(v_{\rho }:\mathcal {B}\rightarrow \{0,1\}\) be defined by

$$\begin{aligned} v_{\rho }(p_{t_1\approx t_2})=1 \text { iff } [\![t_1]\!]_{\mathbb {A}}^{\rho }=[\![t_2]\!]_{\mathbb {A}}^{\rho }. \end{aligned}$$

(4)

This translation is sound and complete, the following Lemma is easily proved by induction on \(\varphi \).

Lemma 6

For any \(\varphi \in subform ((\lnot \delta )^{DNF})\cap Loc \) and \(\rho \in A^N\), \(\mathbb {A},\rho \Vdash _{loc}\varphi \text { iff } \{0,1\},v_{\rho }\Vdash p_{\varphi }.\)

For the second kind of translation, we denote by \([\cdot ]\) the transformation of valuations into outcomes \([\cdot ]:\{0,1\}^{\mathcal {B}}\rightarrow 2^{(A^N)}\) such that, given \(v\in \{0,1\}^{\mathcal {B}}\)

$$\begin{aligned} \begin{array}{lll} [v]= & {} \left\{ \rho \in A^N\mid v_{\rho }\cong v\right\} \end{array} \end{aligned}$$

(5)

where \(v_{\rho }\) was defined in (4) and \(\cong \) represents equality of functions. To prove that this translation is sound and complete we need an auxiliary result:

Lemma 7

For any \(t_1,t_2\in subterms(\delta )\), \(v\in \{0,1\}^{\mathcal {B}}\) and assuming \([v]\ne \emptyset \), \(\{0,1\},v\Vdash p_{t_1\approx t_2}\text { if and only if for every }\rho \in [v], \mathbb {A},\rho \Vdash _{loc} t_1\approx t_2.\)

Proof

Let \(t_1,t_2\in subterms(\delta )\), \(v\in \{0,1\}^{\mathcal {B}}\) and assume \(\{0,1\},v\Vdash p_{t_1\approx t_2}\). Note that for any \(\rho \in [v]\) \(v_{\rho }\cong v.\) Since \(\{0,1\},v\Vdash p_{t_1\approx t_2}\) we also have \(\{0,1\},v_{\rho }\Vdash p_{t_1\approx t_2},\) which by definition of \(v_{(\cdot )}\) is equivalent to \([\![t_1 ]\!]_{\mathbb {A}}^{\rho }=[\![t_2 ]\!]_{\mathbb {A}}^{\rho }\) or: \(\mathbb {A},\rho \Vdash _{loc} t_1\approx t_2.\) Reciprocally, assume that for every \(\rho \in [v]\) \(\mathbb {A},\rho \Vdash _{loc} t_1\approx t_2,\) i.e., \(\{0,1\},v_{\rho }\Vdash p_{t_1\approx t_2}.\) This implies \(\{0,1\},v\Vdash p_{t_1\approx t_2}.\) \(\square \)

Lemma 8

For any \(\varphi \in subform ((\lnot \delta )^{DNF})\cap Loc \), \(v\in \{0,1\}^{\mathcal {B}}\) and assuming \([v]\ne \emptyset \), \(\{0,1\},v\Vdash p_{\varphi } \text { if and only if for any}~\rho \in [v] \mathbb {A},~\rho \Vdash _{loc} \varphi .\)

Proof

This proof uses the previous result and explores the construction of \(\varphi \):

• if \(\varphi \) is of the form \(t_1\approx t_2\) the result follows from the previous lemma,

• if \(\varphi \) is of the form \(\lnot \varphi '\) for some \(\varphi '\in Loc \), then \(\varphi '\in subform ((\lnot \delta )^{DNF})\) and

  \(\begin{array}{llll} &{}\{0,1\},v\Vdash p_{\lnot \varphi '} \text { iff }\{0,1\},v\Vdash \lnot p_{\varphi '}&{}\text { iff }&{}\{0,1\},v\not \Vdash p_{\varphi '} \\ \text { iff }&{} \text { for any} \rho \in [v] \,\,\{0,1\},v_{\rho }\not \Vdash p_{\varphi '}&{}\text { iff } &{}\text { for any }\rho \in [v] \,\,\mathbb {A},\rho \not \Vdash _{loc} \varphi ' \\ \text { iff } &{} \text { for any }\rho \in [v] \,\,\mathbb {A},\rho \Vdash _{loc} \lnot \varphi '\\ \end{array}\)

• if \(\varphi \) is of the form \(\varphi _1\wedge \varphi _2\) for some \(\varphi _1\wedge \varphi _2\in Loc \), then \(\varphi _1\), \(\varphi _2\in subform ((\lnot \delta )^{DNF})\) and we have the following equivalences

  \(\begin{array}{ll} &{}\{0,1\},v\Vdash p_{\varphi _1\wedge \varphi _2} \text { iff } \{0,1\},v\Vdash p_{\varphi _1}\wedge p_{\varphi _2} \\ \text { iff }&{}\{0,1\},v\Vdash p_{\varphi _1} \text { and } \{0,1\},v\Vdash p_{\varphi _2}\\ \text { iff }&{} \text { for any }\rho \in [v]\,\, \{0,1\},v_{\rho }\Vdash p_{\varphi _1}\text { and }\{0,1\},v_{\rho }\Vdash p_{\varphi _2}\\ \text { iff } &{}\text { for any }\rho \in [v]\,\, \mathbb {A},\rho \Vdash _{loc} \varphi _1 \text { and } \mathbb {A},\rho \Vdash _{loc} \varphi _2 \\ \text { iff } &{} \text { for any } \rho \in [v]\,\, \mathbb {A},\rho \Vdash _{loc} \varphi _1\wedge \varphi _2.\square \end{array}\)

Proof

(Lemma 4 ). Let \(\delta \in Glob\) be any global formula. For the direct implication, let \((\mathbb {A},S)\) be a model for \((\lnot \delta )^{DNF}\): \((\mathbb {A},S)\Vdash \bigvee \limits _{j=1}^m\bigwedge \limits _{i=1}^{n_j}\delta _i^j.\) Exists \(1\le j\le m\) such that \((\mathbb {A},S)\Vdash \bigwedge \limits _{i=1}^{n_j}\delta _i^j\). Since each \(\delta _i^j\) is either of the form \(\forall \varphi \) or \(\lnot \forall \varphi \) we can rewrite it as

$$(\mathbb {A},S)\Vdash \lnot \forall \varphi _1^j\wedge \ldots \wedge \lnot \forall \varphi _{k_j}^j\wedge \forall \varphi _{k_j+1}^j\wedge \ldots \wedge \forall \varphi _{n_j}^j.$$

Notice that, for any \(l\in \{1,\ldots , k_j\}\) and \(s\in \{k_j+1,\ldots , n_j\}\)

$$\begin{aligned} \begin{array}{lll} (\mathbb {A}, S)\Vdash \lnot \forall \varphi _l\,\,&{} \text { i.e.}&{} \text { exists } \rho \in S \text { such that }\mathbb {A},\rho \Vdash _{loc}\lnot \varphi _l.\\ (\mathbb {A}, S)\Vdash \forall \varphi _s\,\,&{} \text { i.e.}&{}\text { for every }\rho \in S\,\,\mathbb {A},\rho \Vdash _{loc} \varphi _s \end{array} \end{aligned}$$

(6)

For each \(\lnot \forall \varphi _l^j\in \{\lnot \forall \varphi _1^j,\ldots ,\lnot \forall \varphi _{k_j}^j\}\), let \(\rho ^{\varphi _l^j}\) be the outcome whose existence is ensured by (6). The valuation \(v_{\rho ^{\varphi _l^j}}\) is the valuation we are looking for. Recalling that for each \(1\le l\le k_j\), \(\varDelta _l^j=\varPhi \cup \left\{ \varphi _{k_j+1}^j,\ldots , \varphi _{n_j}^j\right\} ^p\cup \{\lnot p_{\varphi _l^j}\}\), from Lemma 6, (6) and since \((\mathbb {A},S)\) satisfies each instance of \(Eq1-4, E\) we have \(\{0,1\},v_{\rho ^{\varphi _l^j}}\Vdash \varDelta _l^j.\)

Reciprocally, let \(j\in \{1,\ldots , m\}\) be in the conditions written in the statement. For each \(l\in \{1,\ldots , k_j\}\), let \(\{0,1\},v_l\Vdash \varDelta _l^j\). \(\{v_1,\ldots ,v_{k_j}\}\) are the relevant valuations for the remaining construction.

Notice that, if we define a model \((\mathbb {A},S)\) for the \(j^{th}\) disjunct, \((\mathbb {A},S)\Vdash \bigwedge \limits _{i=1}^{n_j}\delta _i^j,\) it will be a model for \((\lnot \delta )^{DNF}\) as well. Let us define such F-structure. Begin defining the free algebra \(\mathbb {A}=\langle A,-^{\mathbb {A}}\rangle \) where \(A=T (N)_{/ \equiv }\) and \(\equiv \) is the congruence relation on T (N) generated by the following rule: given \(s\approx s'\in \varGamma \) and \(\sigma \in T(N)^{X}\), \(\sigma (s)\equiv \sigma (s')\). From a simple observation we find that, given \(s\in T (X)\) and \(\sigma \in T (N)^X\), \(\sigma (s)\equiv \sigma (s\!\downarrow )\). Besides the definition of \(\mathbb {A}\), we need to define S. Let \(S=\bigcup \limits _{l=1}^{k_j}[v_l]\). Before proving that \((\mathbb {A},S)\) is actually a F-structure, let us refer to an important Lemma that reports to definition (5).

Lemma 9

Let \(v\in \{0,1\}^{\mathcal {B}}\) be any valuation. If \(\{0,1\},v\Vdash \varPhi \) then \([v]=\left\{ \rho \in A^N\mid v_{\rho }\cong v\right\} \ne \emptyset ,\) where A was already defined by \(A=T (N)_{/ \equiv }\).

Proof

Let us begin defining \(\equiv _v\subseteq \! A\times A\) the congruence generated by the rule:

$$\text {For any }t_1,t_2\in RelTerm, [t_1]_{\equiv }\equiv _v [t_2]_{\equiv } \,\, \text {iff} \,\,\{0,1\},v\Vdash p_{t_1\approx t_2}.$$

Let \(\left[ [t]_{\equiv }\right] _{\equiv _v}^*\) be a representative for the equivalence class \(\left[ [t]_{\equiv }\right] _{\equiv _v}\) and consider the outcome

$$\begin{array}{llll} \rho ^v:&{}N&{}\rightarrow &{} A\\ &{}n&{}\mapsto &{} \left[ [n]_{\equiv }\right] _{\equiv _v}^* \end{array}$$

Let us check that \(\rho ^v\in [v]\), i.e., that \(v_{\rho ^v}\cong v:\) given \(p_{t_1\approx t_2}\in \mathcal {B}\),

\(\begin{array}{llll} v_{\rho ^v} (p_{t_1\approx t_2})=1 &{} \text { iff }&{} [\![t_1]\!]_{\mathbb {A}}^{\rho ^v}=[\![t_2 ]\!]_{\mathbb {A}}^{\rho ^v}&{} \text { (by definition of}~v_{(\cdot )}\text {)}\\ &{}\text { iff }&{} \left[ [t_1]_{\equiv }\right] _{\equiv _v}^*=\left[ [t_2]_{\equiv }\right] _{\equiv _v}^* &{}\text { (by definition of}~\rho ^v\text {)}\\ &{}\text { iff }&{} [t_1]_{\equiv }\equiv _v [t_2]_{\equiv } &{}\text { (***) }\\ &{}\text { iff }&{} \{0,1\},v\Vdash p_{t_1\approx t_2} &{}\text { (by definition of} \equiv _v\text {)}\\ &{}\text { iff }&{} v(p_{t_1\approx t_2})=1. \end{array}\)

(***) the reciprocal implication is immediate, for the direct one assume the equivalence classes \([t_1]_{\equiv }\) and \([t_2]_{\equiv }\) are not the same, \([t_1]_{\equiv }\not \equiv _v [t_2]_{\equiv }.\) This means that \(\left[ [t_1]_{\equiv }\right] _{\equiv _v}\cap \left[ [t_2]_{\equiv }\right] _{\equiv _v}=\emptyset ,\) then they would not have the same representative.

Since \(\rho ^v\in [v]\), it follows that \([v]\ne \emptyset \).\(\square \)

It remains to prove that \((\mathbb {A},S)\) is a F-structure. For that we should notice that \(\mathbb {A}\) satisfies \(\varGamma \) immediately by definition of \(\equiv \) and conclude that \(\emptyset \ne S\subseteq A^N\) as a corollary of Lemma 9.

To prove that \((\mathbb {A},S)\Vdash \bigwedge \limits _{i=1}^{n_j}\delta _i^j,\) i.e., \((\mathbb {A},S)\Vdash \lnot \forall \varphi _1^j\wedge \ldots \wedge \lnot \forall \varphi _{k_j}^j\wedge \forall \varphi _{k_j+1}^j\wedge \ldots \wedge \forall \varphi _{n_j}^j,\) notice that for each \(\varphi \in \{\varphi _{k_j+1}^j,\ldots ,\varphi _{n_j}^j\}\)

$$\{0,1\},v_l\Vdash p_{\varphi } \text { for any } l\in \{1,\ldots k_j\}.$$

So that, by Lemma 8, for any \(\rho \in S\), \(\mathbb {A},\rho \Vdash _{loc}\varphi ,\) and it follows that \((\mathbb {A},S)\Vdash \forall \varphi .\)

Whereas, for each \(\lnot \forall \varphi \in \{\lnot \forall \varphi _1^j,\ldots ,\lnot \forall \varphi _{k_j}^j\}\), exists \(l\in \{1,\ldots , k_j\}\) such that \(\{0,1\},v_l\not \Vdash \lnot p_{\varphi }.\) Then, by Lemma 8, for any \(\rho \in [v_l]\), \(\mathbb {A},\rho \Vdash _{loc}\lnot \varphi \) and it follows that \((\mathbb {A},S)\Vdash \lnot \forall \varphi ,\) as we wanted.\(\square \)