Automatic verification of Finite Variant Property beyond convergent equational theories

TL;DR

This paper introduces a semi-decision procedure for automatically verifying the Finite Variant Property in equational theories beyond convergent rewrite systems, enhancing security protocol analysis tools.

Contribution

It presents a novel semi-decision procedure that verifies FVP without requiring a specific representation, extending beyond existing theories handled by current tools.

Findings

Successfully applied to several theories from literature

Proved FVP automatically without specific representations

Extends the class of theories for which FVP can be verified

Abstract

Computer-aided analysis of security protocols heavily relies on equational theories to model cryptographic primitives. Most automated verifiers for security protocols focus on equational theories that satisfy the Finite Variant Property (FVP), for which solving unification is decidable. However, they either require to prove FVP by hand or at least to provide a representation as an E-convergent rewrite system, usually E being at most the equational theory for an associative and commutative function symbol (AC). The verifier ProVerif is probably the only exception amongst these tools as it automatically proves FVP without requiring a representation, but on a small class of equational theories. In this work, we propose a novel semi-decision procedure for proving FVP, without the need for a specific representation, and for a class of theories that goes beyond the ones expressed by an E-convergent rewrite system. We implemented a prototype and successfully applied it on several theories from the literature.