Achtung:

Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

AG Codes and Kryptographie Bildinformationen anzeigen

AG Codes and Kryptographie

Sonderforschungsbereich 901 On-The-Fly Computing

Hier geht es zur allgemeinen Projektseite des SFB 901

Die große Vision des Sonderforschungsbereiches 901 On-The-Fly Computing ist die Ausführung von individuell und automatisch konfigurierten IT-Dienstleistungen. Die IT-Dienstleistungen (Services) werden hierbei auf Märkten frei gehandelten und erlauben flexible Kombinationen von Services. Die Zielsetzung des SFB 901 liegt in der Entwicklung von Techniken und Verfahren um diese Vision zu verwirklichen.

Kryptographische Lösungen in den On-The-Fly Computing Systemen

Hohe Akzeptanz von On-The-Fly Computing Systemen ist nicht zu gewährleisten ohne die Sicherheitsaspekte in solchen Systemen zu betrachten. Hohe Dynamik und Heterogenität auf verschiedenen Ebenen des Systems sowie verschiedene Aspekte des Datenschutzes stellen eine Herausforderung für die moderne Kryptographie und benötigen neuartige Lösungen. In unserem Teilprojekt entwickeln wir deswegen Verfahren und Techniken um sicherheitskritische SFB Szenarien effizient und sicher realisieren zu können.

Arbeitsbereich Zugangs- und Zugriffskontrolle

In diesem Arbeitsbereich arbeiten wir einerseits an der Entwicklung von attributbasierten Verschlüsselungsverfahren um feingranulare Zugriffskontrolle auf Daten zu realisieren. Andererseits entwickeln wir attributbasierte Zugangsberechtigungssysteme um Zugriff auf Dienste und Services anonym und sicher zu realisieren. In beiden Bereichen benötigen wir Techniken aus der paarungsbasierten Kryptographie. Um die grundlegende Primitive in diesem Bereich effizient auf kryptographisch sicherem Hardware zu realisieren entwickeln und analysieren wir entsprechende Implementierungen auf modernen Smartcards.

Reputationssysteme

Einer der wichtigen Marktmechanismen in den On-The-Fly Computing Systemen ist ein anonymes Reputationssystem, das den Kunden die Möglichkeit geben soll die Produkte und Services zu bewerten und somit ein Anreizsystem zur Entwicklung und Verbesserung der SFB-Dienste zu schaffen. In diesem Arbeitsbereich arbeiten wir deswegen an neuartigen Sicherheitsmodellen und Verfahren um ein flexibles und sicheres Reputationssystem zu entwickeln.

Publikationen


Liste im Research Information System öffnen

Delegatable Attribute-based Anonymous Credentials from Dynamically Malleable Signatures

J. Bobolz, J. Blömer, in: ACNS 2018 Applied Cryptography & Network security, 2018


Practical, Anonymous, and Publicly Linkable Universally-Composable Reputation Systems

J. Blömer, F. Eidens, J. Juhnke, in: Lecture Notes in Computer Science, Springer International Publishing, 2018, pp. 470-490

DOI

Attribute-Based Encryption as a Service for Access Control in Large-Scale Organizations

J. Blömer, P. Günther, V. Krummel, N. Löken, in: Foundations and Practice of Security, Springer International Publishing, 2018, pp. 3-17

DOI

CCA-Security for Predicate Encryption Schemes

G. Liske, Universität Paderborn, 2017


Physical attacks on pairing-based cryptography

P. Günther, Universität Paderborn, 2016


Construction of Fully CCA-Secure Predicate Encryptions from Pair Encoding Schemes

J. Blömer, G. Liske, in: Proceedings of the CT-RSA 2016, 2016, pp. 431-447

DOI
Abstract

This paper presents a new framework for constructing fully CCA-secure predicate encryption schemes from pair encoding schemes. Our construction is the first in the context of predicate encryption which uses the technique of well-formedness proofs known from public key encryption. The resulting constructions are simpler and more efficient compared to the schemes achieved using known generic transformations from CPA-secure to CCA-secure schemes. The reduction costs of our framework are comparable to the reduction costs of the underlying CPA-secure framework. We achieve this last result by applying the dual system encryption methodology in a novel way.


Anonymous credential system based on q-Strong Diffie-Hellman Assumption

F. Eidens. Anonymous credential system based on q-Strong Diffie-Hellman Assumption. 2015.


Anonymous and Publicly Linkable Reputation Systems

J. Blömer, J. Juhnke, C. Kolb, in: Proceedings of the 18th International Conference on Financial Cryptography and Data Security (FC), 2015, pp. 478--488

DOI
Abstract

Reputation systems are used to compute and publish reputation scores for services or products. We consider reputation systems where users are allowed to rate products that they purchased previously. To obtain trustworthy reputations, they are allowed to rate these products only once. As long as users rate products once, they stay anonymous. Everybody is able to detect users deviating from the rate-products-only-once policy and the anonymity of such dishonest users can be revoked by a system manager. In this paper we present formal models for such reputation systems and their security. Based on group signatures presented by Boneh, Boyen, and Shacham we design an efficient reputation system that meets all our requirements.


Voronoi Cells of Lattices with Respect to Arbitrary Norms

J. Blömer, K. Kohn, Universität Paderborn, 2015

Abstract

Motivated by the deterministic single exponential time algorithm of Micciancio and Voulgaris for solving the shortest and closest vector problem for the Euclidean norm, we study the geometry and complexity of Voronoi cells of lattices with respect to arbitrary norms.On the positive side, we show that for strictly convex and smooth norms the geometry of Voronoi cells of lattices in any dimension is similar to the Euclidean case, i.e., the Voronoi cells are defined by the so-called Voronoi-relevant vectors and the facets of a Voronoi cell are in one-to-one correspondence with these vectors. On the negative side, we show that combinatorially Voronoi cells for arbitrary strictly convex and smooth norms are much more complicated than in the Euclidean case.In particular, we construct a family of three-dimensional lattices whose number of Voronoi-relevant vectors with respect to the l_3-norm is unbounded.Since the algorithm of Micciancio and Voulgaris and its run time analysis crucially dependonthefactthatfortheEuclidean normthenumber of Voronoi-relevant vectors is single exponential in the lattice dimension, this indicates that the techniques of Micciancio and Voulgaris cannot be extended to achieve deterministic single exponential time algorithms for lattice problems with respect to arbitrary l_p-norms.


Short Group Signatures with Distributed Traceability

J. Blömer, J. Juhnke, N. Löken, in: Proceedings of the Sixth International Conference on Mathematical Aspects of Computer and Information Sciences (MACIS), 2015, pp. 166-180

DOI
Abstract

Group signatures, introduced by Chaum and van Heyst [15], are an important primitive in cryptography. In group signature schemes every group member can anonymously sign messages on behalf of the group. In case of disputes a dedicated opening manager is able to trace signatures - he can extract the identity of the producer of a given signature. A formal model for static group signatures schemes and their security is defined by Bellare, Micciancio, and Warinschi [4], the case of dynamic groups is considered by Bellare, Shi, and Zhang [5]. Both models define group signature schemes with a single opening manager. The main difference between these models is that the number of group members in static schemes is fixed, while in dynamic schemes group members can join the group over time.


Constructions of Fully Secure Predicate Encryption Schemes

P. Schleiter. Constructions of Fully Secure Predicate Encryption Schemes. 2015.


Number of Voronoi-relevant vectors in lattices with respect to arbitrary norms

K. Kohn. Number of Voronoi-relevant vectors in lattices with respect to arbitrary norms. 2015.


Efficient Verifier-Local Revocation for Anonymous Credentials

J. Bobolz. Efficient Verifier-Local Revocation for Anonymous Credentials. 2015.


A Group Signature Scheme with Distributed Group Management - An Application of Threshold Encryption

N. Löken. A Group Signature Scheme with Distributed Group Management - An Application of Threshold Encryption. 2015.



RSA-Full Domain Hash Revisited

T. Rath, Universität Paderborn, 2014

Abstract

RSA Full Domain Hash ist im Zufallsorakelmodell ein EUF-CMA sicheres Signaturverfahren (existentially unforgeable under chosen-message attacks). Der Sicherheitsbeweis wird unter anderem in der Vorlesung Einf{\"u}hrung in die Kryptographie vorgestellt. Auch bei einer genaueren Analyse verliert man bei der Reduktion einen Faktor \nicefrac{1}{q_{s}}(wobei q_{s}die Anzahl der Anfragen an das Signaturorakel darstellt), was f{\"u}r die Praxis in relativ großen Systemparametern (RSA-Modul) resultiert [1].Seit der Ver{\"o}ffentlichung von [2] wurde geglaubt, dass der Faktor \nicefrac{1}{q_{s}}optimal ist. Erst zehn Jahre sp{\"a}ter offenbarten die Autoren von [3] einen Fehler in [2] und zeigten eine bessere Reduktion allerdings unter einer etwas st{\"a}rkeren Sicherheitsannahme.Die Ergebnisse aus [3] lassen sich auf PSS-Verfahren (Probabilistic Signature Scheme), das z.B. in PKCS #1 benutzt wird, {\"u}bertragen und sind somit von großer Bedeutung f{\"u}r die Praxis. Weiterhin sind die in den Beweisen verwendete Techniken n{\"u}tzlich auch bei anderen kryptographischen Verfahren.In Rahmen dieser Arbeit sollen die entsprechenden Sicherheitsbeweise aufgearbeitet und dessen Auswirkungen f{\"u}r die Praxis analysiert werden.[1] J.S. Coron, “On the Exact Security of Full Domain Hash”, CRYPTO 2000. LNCS 1880, pp. 229-235, 2000.[2] J.S. Coron, “Optimal security proofs for PPS and other signature schemes”, EUROCRYPT 2002. LNCS 2332, pp 272-287, 2002.[3] S.A. Kakvi and E. Kiltz, “Optimal Security Proofs for Full Domain Hash, Revisited”, in EUROCRYPT 2012. LNCS 7237, pp 537-553, 2012.


Constructing CCA-secure predicate encapsulation schemes from CPA-secure schemes and universal one-way hash functions

J. Blömer, G. Liske, Universität Paderborn, 2014

Abstract

We present a new transformation of chosen-plaintext secure predicate encryption schemes with public index into chosen-ciphertext secure schemes. Our construction requires only a universal one-way hash function and is selectively secure in the standard model. The transformation is not generic but can be applied to various existing schemes constructed from bilinear groups. Using common structural properties of these schemes we provide an efficient and simple transformation without overhead in form of one-time signatures or message authentication codes as required in the known generic transformations.


A Practical Second-Order Fault Attack against a Real-World Pairing Implementation

J. Blömer, R. Gomes da Silva, P. Günther, J. Krämer, J. Seifert, in: Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC), 2014, pp. 123--136

DOI
Abstract

Several fault attacks against pairing-based cryptography have been described theoretically in recent years. Interestingly, none of these have been practically evaluated. We accomplished this task and prove that fault attacks against pairing-based cryptography are indeed possible and are even practical — thus posing a serious threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation of the eta pairing on an AVR XMEGA A1. We injected the first fault into the computation of the Miller Algorithm and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that allowed us to generate multiple independent faults in one computation. The setup implements these faults by clock glitches which induce instruction skips. With this setup we conducted the first practical fault attack against a complete pairing computation.


Tampering attacks in pairing-based cryptography

J. Blömer, P. Günther, G. Liske, in: Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC), 2014, pp. 1--7

DOI
Abstract

In the last decade pairings have become an important, and often indispensable, ingredient in the construction of identity-based and attribute-based cryptosystems, as well as group signatures and credential systems. Consequently, the applicability of timing, power, or fault attacks to implementations of pairings is an important research topic. We will review some of the known results in this area.


Hiding software components using functional encryption

J. Jochheim. Hiding software components using functional encryption. 2014.


Fujisaki-Okamoto Transformation

J. Lippert, Universität Paderborn, 2014


Seitenkanalresistenz paarungsbasierter Kryptographie

O. Otte, Universität Paderborn, 2013



Direct Chosen-Ciphertext Secure Attribute-Based Key Encapsulations without Random Oracles

J. Blömer, G. Liske, Universität Paderborn, 2013

Abstract

We present a new technique to realize attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks (CCA-secure). Our approach is to extend certain concrete chosen-plaintext secure (CPA-secure) ABE schemes to achieve more efficient constructions than the known generic constructions of CCA-secure ABE schemes. We restrict ourselves to the construction of attribute-based key encapsulation mechanisms (KEMs) and present two concrete CCA-secure schemes: a key-policy attribute-based KEM that is based on Goyal's key-policy ABE and a ciphertext-policy attribute-based KEM that is based on Waters' ciphertext-policy ABE. To achieve our goals, we use an appropriate hash function and need to extend the public parameters and the ciphertexts of the underlying CPA-secure encryption schemes only by a single group element. Moreover, we use the same hardness assumptions as the underlying CPA-secure encryption schemes.


Securing Critical Unattended Systems with Identity Based Cryptography - A Case Study

J. Blömer, P. Günther, V. Krummel, in: Proceedings of the 5th International Conference on Mathematical Aspects of Computer and Information Sciences (MACIS), 2013, pp. 98-105

Abstract

Unattended systems are key ingredients of various critical infrastruc-tures like networks of self service terminals or automated teller machines.For cost and efficiency reasons they should mostly run autonomously.Unattended systems are attractive and lucrative targets for various kindsof attacks, including attacks on the integrity of their components and thecommunication between components. In this paper, we propose a gen-eral cryptographic framework to protect unattended systems. We alsodemonstrate that instantiating the framework with techniques from iden-tity based cryptography is particularly well-suited to efficiently secureunattended systems.




Attribute-basierte Verschlüsselung

P. Schleiter, Universität Paderborn, 2012




Fault attacks in pairing-based cryptography

G. Liske. Fault attacks in pairing-based cryptography. 2011.


Liste im Research Information System öffnen

Publikationen

  • Johannes Blömer, Fabian Eidens, Jakob Juhnke
    Practical, Anonymous and Publicly Linkable, Universally Composable Reputation Systems
    In: The Cryptographers' Track at the RSA Conference 2018, San Francisco, CA, USA, Proceedings
    accepted for publication
  • Gennadij Liske
    CCA-Security for Predicate Encryption Schemes

    PhD Thesis, Paderborn University, 2017, [Download]
  • Johannes Blömer, Gennadij Liske
    Construction of Fully CCA-Secure Predicate Encryptions from Pair Encoding Schemes
    In: CT-RSA, 2016, [DOI], [Download]
  • Johannes Blömer, Jakob Juhnke, Christina Kolb
    Anonymous and Publicly Linkable Reputation Systems
    In: Financial Cryptography and Data Security (FC), 2015, [DOI], [Download]
  • Johannes Blömer, Jakob Juhnke, Nils Löken
    Short Group Signatures with Distributed Traceability
    In: Proceedings of the Sixth International Conference on Mathematical Aspects of Computer and Information Sciences (MACIS), 2015
  • Johannes Blömer, Kathlén Kohn
    Voronoi Cells of Lattices with Respect to Arbitrary Norms
    In: ArXiv e-prints, 2015, [Download]
  • Benedikt Kalde
    Implementierung eines hybriden Verschlüsselungsverfahrens nach Cramer und Shoup
    Master's Thesis, Paderborn University, 2015
  • Patrick Schleiter
    Constructions of Fully Secure Predicate Encryption Schemes
    Master's Thesis, Paderborn University, 2015, [Download]
  • Johannes Blömer, Peter Günther, Gennadij Liske
    Tampering Attacks in Pairing-Based Cryptography
    In: Proceedings of Fault Tolerance and Diagnosis in Cryptography (FDTC '14), 2014, [DOI]
  • Johannes Blömer, Gennadij Liske
    Constructing CCA-secure predicate encapsulation schemes from CPA-secure schemes and universal one-way hash functions
    In: Cryptology ePrint Archive, 2014, [Download]
  • Johannes Blömer, Ricardo Gomes da Silva, Peter Günther, Juliane Krämer, Jean-Pierre Seifert
    A Practical Second-Order Fault Attack against a Real-World Pairing Implementation
    In: Proceedings of Fault Tolerance and Diagnosis in Cryptography (FDTC '14), 2014, [DOI], [Download]
  • Janek Jochheim
    Hiding software components using functional encryption
    Master's Thesis, Paderborn University, 2014, [Download]
  • Jan Lippert
    Fujisaki-Okamoto Transformation
    Bachelor's Thesis, Paderborn University, 2014, [Download]
  • Timo Rath
    RSA-Full Domain Hash Revisited
    Bachelor's Thesis, Paderborn University, 2014
  • Johannes Blömer, Volker Krummel, Peter Günther
    Securing Critical Unattended Systems with Identity Based Cryptography - A Case Study
    In: Proceedings of the Fifth International Conference on Mathematical Aspects of Computer and Information Sciences (MACIS), 2013
  • Johannes Blömer, Gennadij Liske
    Direct Chosen-Ciphertext Secure Attribute-Based Key Encapsulations without Random Oracles
    In: Cryptology ePrint Archive, 2013, [Download]
  • Kathlén Kohn
    Attributbasierte Verschlüsselung mittels Gittermethoden - Mathematische Grundlagen, Verfahren und Sicherheitsbeweise
    Bachelor's Thesis, Paderborn University, 2013, [Download]
  • Oliver Otte
    Seitenkanalresistenz paarungsbasierter Kryptographie
    Bachelor's Thesis, Paderborn University, 2013, [Download]
  • Alina Tezer
    Verteilte Erstellung und Aktualisierung von Schlüsselservern in identitätsbasierten Verschlüsselungssystemen
    Bachelor's Thesis, Paderborn University, 2013
  • Thomas Haarhoff
    Identitätsbasierte Kryptographie - Implementierung von Paarungen für Körper der Charakteristik 2
    Bachelor's Thesis, Paderborn University, 2012, [Download]
  • Nils Löken
    Identitätsbasierte Signaturen - Ein Sicherheitsbeweis für Signaturen auf Grundlage von Gap-Diffie-Hellman-Gruppen mit Hilfe des Forking-Lemmas
    Bachelor's Thesis, Paderborn University, 2012, [Download]
  • Patrick Schleiter
    Attribute-basierte Verschlüsselung
    Bachelor's Thesis, Paderborn University, 2012, [Download]
  • Gennadij Liske
    Fault attacks in pairing-based cryptography
    Master's Thesis, Paderborn University, 2011, [Download]

Die Universität der Informationsgesellschaft