Collaborative Research Centre 901 On-The-Fly Computing

Link to the official web page of CRC 901 On-The-Fly Computing

The objective of CRC 901 – On-The-Fly Computing (OTF Computing) – is to develop techniques and processes for automatic on-the-fly configuration and provision of individual IT services out of base services. The base serves are available on world-wide markets. In addition to the configuration by special OTF service providers and the provision by what are called OTF Compute Centers, this involves developing methods for quality assurance and the protection of participating clients and providers, methods for the target-oriented further development of markets, and methods to support the interaction of the participants in dynamically changing markets.

Cryptographic solutions in On-The-Fly Computing system

Successful marketing and acceptance of On-The-Fly Computing systems require dealing with their security. The highly dynamic and heterogeneous nature of the visioned system as well as data protection and further legal requirements pose a challenge for modern cryptography and require novel cryptographic solutions.

During the course of the project we intend to design solutions for confidential and authenticated communication in dynamic groups based on identity-based cryptography. This requires key revocation and reduction of power of authority for identity-based schemes. Efficient allocation of services and data access control in On-The-Fly Computing systems also require novel cryptographic schemes, which we intend to realize based on the attribute-based encryption schemes.

Another important market mechanism in On-The-Fly Computing Systems is an anonymous reputation system which enables clients to rate products and services and gives incentives to providers to improve their services. Hence, in this part of the project we develop new models of security and schemes to build a highly flexible and secure reputation system.

Work area: Access Control systems

One of our current goals is to develop secure, efficient and flexible access control systems for On-The-Fly Computing Data Centers and On-The-Fly service providers. A promising approach is to use attribute-based encryption schemes. These novel schemes use techniques from pairing-based cryptography and are related to identity-based cryptography too.

In the ciphertext-policy attribute-based encryption schemes, the owner of data defines an access policy for each data and encrypts it once using this policy. The policies for different data are Boolean formulas over predefined attributes. In order to provide access to the encrypted data, the owner of data gets each customer with a special decryption key. Every key is related to a set of attributes. A customer will be able to decrypt a ciphertext if and only if the attributes of his/her key satisfy the policy of the ciphertext.

The attribute-based approach simplifies the realization of data access control systems, which then can be even stored on an untrusted server. The data access control is completely realized by the encryption and all the data must be encrypted only once for all the customers.

In this area, our research focus is on the development of efficient and flexible attribute-based encryption schemes. The policies of the existing schemes are restricted to several classes of functions and are quite inefficient. On the one hand, we are interested in the development of schemes which can be applied to general function classes. On the other hand, we are looking for more efficient methods when realizing restricted function classes. Other modifications of the schemes will be also necessary when considering further questions arising from privacy protection and further legal requirements.

Work area: reputation systems

A second goal is to develop anonymous reputation systems. To provide trustworthy, reliable, and honest ratings there is a need for anonymous reputation systems that also guarantee that customers rate products only once. To further increase trust in the system, everyone – even outsiders – should be able to verify the validity of ratings. Some of these properties have been studied in the context of group signatures. However, the concept of group signatures does not meet all the requirements for reputation systems. In particular, reputation systems do not consist of a single group of users. Rather one can think of reputation systems as a family of group signature schemes – one for each product. Moreover, we may have providers with several products. Hence, when looking at security and anonymity group signature schemes for different products can not be considered in isolation. Finally, known constructions of group signatures do not provide all properties that we need for a secure and anonymous reputation system and do not provide them simultaneously.

The research focus in the area of reputation systems is the development of new security models and efficient, flexible and secure schemes which meet all our requirements. Here we mainly consider group signatures, but also attribute-based signatures and anonymous credential systems will be taken into account.

Publications

A Group Signature Scheme with Distributed Group Management - An Application of Threshold Encryption
N. Löken, A Group Signature Scheme with Distributed Group Management - An Application of Threshold Encryption, Universität Paderborn, 2015.
A Practical Second-Order Fault Attack against a Real-World Pairing Implementation
J. Blömer, R. Gomes da Silva, P. Günther, J. Krämer, J.-P. Seifert, in: Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC), 2014, pp. 123--136.
Anonymous and Publicly Linkable Reputation Systems
J. Blömer, J. Juhnke, C. Kolb, in: Proceedings of the 18th International Conference on Financial Cryptography and Data Security (FC), 2015, pp. 478--488.
Anonymous credential system based on q-Strong Diffie-Hellman Assumption
F. Eidens, Anonymous Credential System Based on Q-Strong Diffie-Hellman Assumption, Universität Paderborn, 2015.
Attributbasierte Verschlüsselung mittels Gittermethoden - Mathematische Grundlagen, Verfahren und Sicherheitsbeweise
K. Kohn, Attributbasierte Verschlüsselung mittels Gittermethoden - Mathematische Grundlagen, Verfahren und Sicherheitsbeweise, Universität Paderborn, 2013.
Attribute-Based Encryption as a Service for Access Control in Large-Scale Organizations
J. Blömer, P. Günther, V. Krummel, N. Löken, in: Foundations and Practice of Security, Springer International Publishing, Cham, 2017, pp. 3–17.
Attribute-basierte Verschlüsselung
P. Schleiter, Attribute-basierte Verschlüsselung, Universität Paderborn, 2012.
CCA-Security for Predicate Encryption Schemes
G. Liske, CCA-Security for Predicate Encryption Schemes, Universität Paderborn, 2017.
Cloud Architectures for Searchable Encryption
J. Blömer, N. Löken, in: Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018, ACM, New York, NY, USA, n.d., pp. 25:1--25:10.
Construction of Fully CCA-Secure Predicate Encryptions from Pair Encoding Schemes
J. Blömer, G. Liske, in: Proceedings of the CT-RSA 2016, 2016, pp. 431–447.
Constructions of Fully Secure Predicate Encryption Schemes
P. Schleiter, Constructions of Fully Secure Predicate Encryption Schemes, Universität Paderborn, 2015.
Delegatable Attribute-based Anonymous Credentials from Dynamically Malleable Signatures
J. Blömer, J. Bobolz, in: ACNS 2018 Applied Cryptography & Network Security, n.d.
Designing Business Reputation Ecosystems — A Method for Issuing and Trading Monetary Ratings on a Blockchain
S. Hemmrich, J. Bobolz, D. Beverungen, J. Blömer, in: ECIS 2023 Research Papers, 2023.
Efficient Verifier-Local Revocation for Anonymous Credentials
J. Bobolz, Efficient Verifier-Local Revocation for Anonymous Credentials, Universität Paderborn, 2015.
Enhanced Security of Attribute-Based Signatures
J. Blömer, F. Eidens, J. Juhnke, in: The International Conference on Cryptology And Network Security (CANS), Springer, 2018, pp. 235–255.
Fault attacks in pairing-based cryptography
G. Liske, Fault Attacks in Pairing-Based Cryptography, Universität Paderborn, 2011.
Fujisaki-Okamoto Transformation
J. Lippert, Fujisaki-Okamoto Transformation, Universität Paderborn, 2014.
Fully-Featured Anonymous Credentials with Reputation System
K. Bemmann, J. Blömer, J. Bobolz, H. Bröcher, D.P. Diemert, F. Eidens, L. Eilers, J.F. Haltermann, J. Juhnke, B. Otour, L.A. Porzenheim, S. Pukrop, E. Schilling, M. Schlichtig, M. Stienemeier, in: Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES ’18, ACM, New York, NY, USA, n.d.
Hiding software components using functional encryption
J. Jochheim, Hiding Software Components Using Functional Encryption, Universität Paderborn, 2014.
Identitätsbasierte Kryptographie - Implementierung von Paarungen für Körper der Charakteristik 2
T. Haarhoff, Identitätsbasierte Kryptographie - Implementierung von Paarungen für Körper der Charakteristik 2, Universität Paderborn, 2012.
Identitätsbasierte Signaturen - Ein Sicherheitsbeweis für Signaturen auf Grundlage von Gap-Diffie-Hellman-Gruppen mit Hilfe des Forking-Lemmas
N. Löken, Identitätsbasierte Signaturen - Ein Sicherheitsbeweis für Signaturen auf Grundlage von Gap-Diffie-Hellman-Gruppen mit Hilfe des Forking-Lemmas, Universität Paderborn, 2012.
Implementierung eines hybriden Verschlüsselungsverfahrens nach Cramer und Shoup
B. Kalde, Implementierung eines hybriden Verschlüsselungsverfahrens nach Cramer und Shoup, Universität Paderborn, 2015.
Issuer-Hiding Attribute-Based Credentials
J. Bobolz, F. Eidens, S. Krenn, S. Ramacher, K. Samelin, in: Cryptology and Network Security, Springer International Publishing, Cham, 2021.
Models and Constructions for Secure Reputation Systems
J. Juhnke, Models and Constructions for Secure Reputation Systems, Universität Paderborn, 2018.
Number of Voronoi-relevant vectors in lattices with respect to arbitrary norms
K. Kohn, Number of Voronoi-Relevant Vectors in Lattices with Respect to Arbitrary Norms, Universität Paderborn, 2015.
Physical attacks on pairing-based cryptography
P. Günther, Physical Attacks on Pairing-Based Cryptography, Universität Paderborn, 2016.
Practical Cryptograhic Techniques for Secure and Privacy-Preserving Customer Loyalty Systems
J. Blömer, J. Bobolz, F. Eidens, T. Jager, P. Kramer, in: C.-J. Haake, F. Meyer auf der Heide, M. Platzner, H. Wachsmuth, H. Wehrheim (Eds.), On-The-Fly Computing -- Individualized IT-Services in Dynamic Markets, Heinz Nixdorf Institut, Universität Paderborn, Paderborn, 2023, pp. 237–246.
Practical, Anonymous, and Publicly Linkable Universally-Composable Reputation Systems
J. Blömer, F. Eidens, J. Juhnke, in: Topics in Cryptology - {CT-RSA} 2018 - The Cryptographers’ Track at the {RSA} Conference 2018, Proceedings, Springer International Publishing, Cham, 2018, pp. 470–490.
Privacy-Preserving Cryptography: Attribute-Based Signatures and Updatable Credentials
F. Eidens, Privacy-Preserving Cryptography: Attribute-Based Signatures and Updatable Credentials, 2022.
Privacy-Preserving Incentive Systems with Highly Efficient Point-Collection
J. Bobolz, F. Eidens, S. Krenn, D. Slamanig, C. Striecks, in: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS ’20), ACM, New York, NY, USA, 2020.
Provably Anonymous Communication Based on Trusted Execution Environments
J. Blömer, J. Bobolz, C. Scheideler, A. Setzer, Provably Anonymous Communication Based on Trusted Execution Environments, n.d.
Robustness and Security
J. Blömer, F. Eidens, T. Jager, D. Niehues, C. Scheideler, in: C.-J. Haake, F. Meyer auf der Heide, M. Platzner, H. Wachsmuth, H. Wehrheim (Eds.), On-The-Fly Computing -- Individualized IT-Services in Dynamic Markets, Heinz Nixdorf Institut, Universität Paderborn, Paderborn, 2023, pp. 145–164.
RSA-Full Domain Hash Revisited
T. Rath, RSA-Full Domain Hash Revisited, Universität Paderborn, 2014.
Securing Critical Unattended Systems with Identity Based Cryptography - A Case Study
J. Blömer, P. Günther, V. Krummel, in: Proceedings of the 5th International Conference on Mathematical Aspects of Computer and Information Sciences (MACIS), 2013, pp. 98–105.
Security Proofs for Pairing-Based Cryptography in the Generic Group Model
J. Bobolz, Security Proofs for Pairing-Based Cryptography in the Generic Group Model, Universität Paderborn, 2013.
Seitenkanalresistenz paarungsbasierter Kryptographie
O. Otte, Seitenkanalresistenz paarungsbasierter Kryptographie, Universität Paderborn, 2013.
Short Group Signatures with Distributed Traceability
J. Blömer, J. Juhnke, N. Löken, in: Proceedings of the Sixth International Conference on Mathematical Aspects of Computer and Information Sciences (MACIS), 2015, pp. 166–180.
Subtleties in Security Definitions for Predicate Encryption with Public Index
J. Blömer, G. Liske, in: Proceedings of the International Conference of Mathematical Aspects of Computer and Information Sciences (MACIS), Springer International Publishing, Cham, 2017, pp. 438–453.
Tampering attacks in pairing-based cryptography
J. Blömer, P. Günther, G. Liske, in: Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC), 2014, pp. 1--7.
Updatable Anonymous Credentials and Applications to Incentive Systems
J. Blömer, J. Bobolz, D.P. Diemert, F. Eidens, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS ’19, 2019.
Verteilte Erstellung und Aktualisierung von Schlüsselservern in identitätsbasierten Verschlüsselungssystemen
A. Tezer, Verteilte Erstellung und Aktualisierung von Schlüsselservern in identitätsbasierten Verschlüsselungssystemen, Universität Paderborn, 2013.
Voronoi Cells of Lattices with Respect to Arbitrary Norms
J. Blömer, K. Kohn, SIAM Journal on Applied Algebra and Geometry. 2 (2018) 314–338.
Voronoi Cells of Lattices with Respect to Arbitrary Norms
J. Blömer, K. Kohn, Voronoi Cells of Lattices with Respect to Arbitrary Norms, Universität Paderborn, 2015.
Show all publications