@unpublished{63403, abstract = {{Stateful signatures like the NIST standardized signature schemes LMS and XMSS provide an efficient and mature realization of post-quantum secure signature schemes. They are recommended for long-term use cases like e.g. firmware signing. However, stateful signature schemes require to properly manage a so-called state. In stateful signature schemes like LMS and XMSS, signing keys consist of a set of keys of a one-time signature scheme and it has to be guaranteed that each one-time key is used only once. This is done by updating a state in each signature computation, basically recording which one-time keys have already been used. While this is straightforward in centralized systems, in distributed systems like secure enclaves consisting of e.g. multiple hardware security modules (HSMs) with limited communication keeping a distributed state that at any point in time is consistent among all parties involved presents a challenge. This challenge is not addressed by the current standardization processes. In this paper we present a security model for the distributed key management of post-quantum secure stateful signatures like XMSS and LMS. We also present a simple, efficient, and easy to implement protocol proven secure in this security model, i.e. the protocol guarantees at any point in time a consistent state among the parties in a distributed system, like a distributed security enclave. The security model is defined in the universal composabilty (UC) framework by Ran Canetti by providing an ideal functionality for the distributed key management for stateful signatures. Hence our protocol remains secure even if arbitrarily composed with other instances of the same or other protocols, a necessity for the security of distributed key management protocols. Our main application are security enclaves consisting of HSMs, but the model and the protocol can easily be adapted to other scenarios of distributed key management of stateful signature schemes.}}, author = {{Blömer, Johannes and Bröcher, Henrik and Krummel, Volker and Porzenheim, Laurens Alexander}}, keywords = {{distributed state, hash-based signature, stateful hash-based signature, universal composability, secure enclave}}, pages = {{22}}, title = {{{Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol}}}, year = {{2025}}, } @inproceedings{44855, abstract = {{Market transactions are subject to information asymmetry about the delivered value proposition, causing transaction costs and adverse market effects among buyers and sellers. Information systems research has investigated how review systems can reduce information asymmetry in business-to-consumer markets. However, these systems cannot be readily applied to business-to-business markets, are vulnerable to manipulation, and suffer from conceptual weak spots since they use textual data or star ratings. Building on design science research, we conceptualize a new class of reputation systems based on monetary-based payments as quantitative ratings for each transaction stored on a blockchain. Using cryptography, we show that our system assures content confidentiality so that buyers can share and sell their ratings selectively, establishing a reputation ecosystem. Our prescriptive insights advance the design of reputation systems and offer new paths to understanding the antecedents, dynamics, and consequences to reduce information asymmetry in B2B transactions.}}, author = {{Hemmrich, Simon and Bobolz, Jan and Beverungen, Daniel and Blömer, Johannes}}, booktitle = {{ECIS 2023 Research Papers}}, title = {{{Designing Business Reputation Ecosystems — A Method for Issuing and Trading Monetary Ratings on a Blockchain}}}, year = {{2023}}, } @inbook{45901, author = {{Blömer, Johannes and Bobolz, Jan and Eidens, Fabian and Jager, Tibor and Kramer, Paul}}, booktitle = {{On-The-Fly Computing -- Individualized IT-services in dynamic markets}}, editor = {{Haake, Claus-Jochen and Meyer auf der Heide, Friedhelm and Platzner, Marco and Wachsmuth, Henning and Wehrheim, Heike}}, pages = {{237--246}}, publisher = {{Heinz Nixdorf Institut, Universität Paderborn}}, title = {{{Practical Cryptograhic Techniques for Secure and Privacy-Preserving Customer Loyalty Systems}}}, doi = {{10.5281/zenodo.8068755}}, volume = {{412}}, year = {{2023}}, } @inbook{45891, author = {{Blömer, Johannes and Eidens, Fabian and Jager, Tibor and Niehues, David and Scheideler, Christian}}, booktitle = {{On-The-Fly Computing -- Individualized IT-services in dynamic markets}}, editor = {{Haake, Claus-Jochen and Meyer auf der Heide, Friedhelm and Platzner, Marco and Wachsmuth, Henning and Wehrheim, Heike}}, pages = {{145--164}}, publisher = {{Heinz Nixdorf Institut, Universität Paderborn}}, title = {{{Robustness and Security}}}, doi = {{10.5281/zenodo.8068629}}, volume = {{412}}, year = {{2023}}, } @inproceedings{35014, author = {{Blömer, Johannes and Bobolz, Jan and Bröcher, Henrik}}, location = {{Taipeh, Taiwan}}, title = {{{On the impossibility of surviving (iterated) deletion of weakly dominated strategies in rational MPC}}}, year = {{2023}}, } @inproceedings{43458, author = {{Blömer, Johannes and Bobolz, Jan and Porzenheim, Laurens Alexander}}, location = {{Guangzhou, China}}, title = {{{A Generic Construction of an Anonymous Reputation System and Instantiations from Lattices}}}, year = {{2023}}, } @article{20888, author = {{Blömer, Johannes and Brauer, Sascha and Bujna, Kathrin}}, issn = {{1549-6325}}, journal = {{ACM Transactions on Algorithms}}, number = {{4}}, pages = {{1--25}}, title = {{{A Complexity Theoretical Study of Fuzzy K-Means}}}, doi = {{10.1145/3409385}}, volume = {{16}}, year = {{2020}}, } @article{10790, author = {{Blömer, Johannes and Brauer, Sascha and Bujna, Kathrin and Kuntze, Daniel}}, issn = {{1862-5347}}, journal = {{Advances in Data Analysis and Classification}}, pages = {{147–173}}, title = {{{How well do SEM algorithms imitate EM algorithms? A non-asymptotic analysis for mixture models}}}, doi = {{10.1007/s11634-019-00366-7}}, volume = {{14}}, year = {{2020}}, } @inproceedings{13554, abstract = {{We propose a novel personal reputation system for cross-platform reputation. We observe that, in certain usage scenarios, e.g. crowd work, the rater anonymity property typically imposed on reputation systems is not necessary. Instead, we propose a relaxed notion of rater anonymity that is more applicable in the crowd work scenario. This allows us to construct a secure personal reputation system from simple cryptographic primitives.}}, author = {{Blömer, Johannes and Löken, Nils}}, booktitle = {{Security and Trust Management, STM 2019}}, title = {{{Personal Cross-Platform Reputation}}}, doi = {{10.1007/978-3-030-31511-5_9}}, volume = {{11738}}, year = {{2019}}, } @inproceedings{13557, abstract = {{We present a searchable encryption scheme for dynamic document collections in a multi-user scenario. Our scheme features fine-grained access control to search results, as well as access control to operations such as adding documents to the document collection, or changing individual documents. The scheme features verifiability of search results. Our scheme also satisfies the forward privacy notion crucial for the security of dynamic searchable encryption schemes.}}, author = {{Blömer, Johannes and Löken, Nils}}, booktitle = {{12th International Symposium on Foundations and Practice of Security, FPS 2019}}, publisher = {{Springer}}, title = {{{Dynamic Searchable Encryption with Access Control}}}, volume = {{12056}}, year = {{2019}}, } @inproceedings{13904, abstract = {{In this paper, we introduce updatable anonymous credential systems (UACS) and use them to construct a new privacy-preserving incentive system. In a UACS, a user holding a credential certifying some attributes can interact with the corresponding issuer to update his attributes. During this, the issuer knows which update function is run, but does not learn the user's previous attributes. Hence the update process preserves anonymity of the user. One example for a class of update functions are additive updates of integer attributes, where the issuer increments an unknown integer attribute value v by some known value k. This kind of update is motivated by an application of UACS to incentive systems. Users in an incentive system can anonymously accumulate points, e.g. in a shop at checkout, and spend them later, e.g. for a discount.}}, author = {{Blömer, Johannes and Bobolz, Jan and Diemert, Denis Pascal and Eidens, Fabian}}, booktitle = {{Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS '19}}, location = {{London}}, title = {{{Updatable Anonymous Credentials and Applications to Incentive Systems}}}, doi = {{10.1145/3319535.3354223}}, year = {{2019}}, } @inproceedings{2862, author = {{Blömer, Johannes and Eidens, Fabian and Juhnke, Jakob}}, booktitle = {{Topics in Cryptology - {CT-RSA} 2018 - The Cryptographers' Track at the {RSA} Conference 2018, Proceedings}}, isbn = {{9783319769523}}, issn = {{0302-9743}}, location = {{San Francisco, CA, USA}}, pages = {{470--490}}, publisher = {{Springer International Publishing}}, title = {{{Practical, Anonymous, and Publicly Linkable Universally-Composable Reputation Systems}}}, doi = {{10.1007/978-3-319-76953-0_25}}, year = {{2018}}, } @article{2685, author = {{Blömer, Johannes and Kohn, Kathlén}}, issn = {{2470-6566}}, journal = {{SIAM Journal on Applied Algebra and Geometry.}}, number = {{2}}, pages = {{314--338}}, title = {{{Voronoi Cells of Lattices with Respect to Arbitrary Norms}}}, doi = {{10.1137/17M1132045}}, volume = {{2}}, year = {{2018}}, } @inproceedings{3265, abstract = {{We present CLARC (Cryptographic Library for Anonymous Reputation and Credentials), an anonymous credentials system (ACS) combined with an anonymous reputation system. Using CLARC, users can receive attribute-based credentials from issuers. They can efficiently prove that their credentials satisfy complex (access) policies in a privacy-preserving way. This implements anonymous access control with complex policies. Furthermore, CLARC is the first ACS that is combined with an anonymous reputation system where users can anonymously rate services. A user who gets access to a service via a credential, also anonymously receives a review token to rate the service. If a user creates more than a single rating, this can be detected by anyone, preventing users from spamming ratings to sway public opinion. To evaluate feasibility of our construction, we present an open-source prototype implementation.}}, author = {{Bemmann, Kai and Blömer, Johannes and Bobolz, Jan and Bröcher, Henrik and Diemert, Denis Pascal and Eidens, Fabian and Eilers, Lukas and Haltermann, Jan Frederik and Juhnke, Jakob and Otour, Burhan and Porzenheim, Laurens Alexander and Pukrop, Simon and Schilling, Erik and Schlichtig, Michael and Stienemeier, Marcel}}, booktitle = {{Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES '18}}, isbn = {{978-1-4503-6448-5}}, location = {{Hamburg, Germany}}, publisher = {{ACM}}, title = {{{Fully-Featured Anonymous Credentials with Reputation System}}}, doi = {{10.1145/3230833.3234517}}, year = {{2018}}, } @inproceedings{2965, author = {{Blömer, Johannes and Löken, Nils}}, booktitle = {{Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018}}, isbn = {{978-1-4503-6448-5}}, location = {{Hamburg, Germany}}, pages = {{25:1----25:10}}, publisher = {{ACM}}, title = {{{Cloud Architectures for Searchable Encryption}}}, doi = {{10.1145/3230833.3230853}}, year = {{2018}}, } @techreport{5820, abstract = {{In this paper, we investigate the use of trusted execution environments (TEEs, such as Intel's SGX) for an anonymous communication infrastructure over untrusted networks. For this, we present the general idea of exploiting trusted execution environments for the purpose of anonymous communication, including a continuous-time security framework that models strong anonymity guarantees in the presence of an adversary that observes all network traffic and can adaptively corrupt a constant fraction of participating nodes. In our framework, a participating node can generate a number of unlinkable pseudonyms. Messages are sent from and to pseudonyms, allowing both senders and receivers of messages to remain anonymous. We introduce a concrete construction, which shows viability of our TEE-based approach to anonymous communication. The construction draws from techniques from cryptography and overlay networks. Our techniques are very general and can be used as a basis for future constructions with similar goals.}}, author = {{Blömer, Johannes and Bobolz, Jan and Scheideler, Christian and Setzer, Alexander}}, title = {{{Provably Anonymous Communication Based on Trusted Execution Environments}}}, year = {{2018}}, } @inproceedings{4344, author = {{Blömer, Johannes and Brauer, Sascha and Bujna, Kathrin}}, booktitle = {{29th International Symposium on Algorithms and Computation (ISAAC 2018)}}, isbn = {{978-3-95977-094-1}}, location = {{Jiaoxi, Yilan County, Taiwan}}, pages = {{46:1----46:12}}, publisher = {{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik}}, title = {{{Coresets for Fuzzy K-Means with Applications}}}, doi = {{10.4230/LIPIcs.ISAAC.2018.46}}, year = {{2018}}, } @inproceedings{3873, author = {{Blömer, Johannes and Eidens, Fabian and Juhnke, Jakob}}, booktitle = {{The International Conference on Cryptology And Network Security (CANS)}}, isbn = {{978-3-030-00434-7}}, location = {{Naples, Italy}}, pages = {{235--255}}, publisher = {{Springer}}, title = {{{Enhanced Security of Attribute-Based Signatures}}}, doi = {{10.1007/978-3-030-00434-7_12}}, volume = {{11124}}, year = {{2018}}, } @inproceedings{2379, abstract = {{In this paper, we introduce the notion of delegatable attribute-based anonymous credentials (DAAC). Such systems offer fine-grained anonymous access control and they give the credential holder the ability to issue more restricted credentials to other users. In our model, credentials are parameterized with attributes that (1) express what the credential holder himself has been certified and (2) define which attributes he may issue to others. Furthermore, we present a practical construction of DAAC. For this construction, we deviate from the usual approach of embedding a certificate chain in the credential. Instead, we introduce a novel approach for which we identify a new primitive we call dynamically malleable signatures (DMS) as the main ingredient. This primitive may be of independent interest. We also give a first instantiation of DMS with efficient protocols. }}, author = {{Blömer, Johannes and Bobolz, Jan}}, booktitle = {{ACNS 2018 Applied Cryptography & Network security}}, location = {{Leuven, Belgium}}, title = {{{Delegatable Attribute-based Anonymous Credentials from Dynamically Malleable Signatures}}}, doi = {{10.1007/978-3-319-93387-0_12}}, year = {{2018}}, } @inproceedings{2967, author = {{Blömer, Johannes and Liske, Gennadij}}, booktitle = {{Proceedings of the International Conference of Mathematical Aspects of Computer and Information Sciences (MACIS)}}, isbn = {{9783319724522}}, issn = {{0302-9743}}, pages = {{438--453}}, publisher = {{Springer International Publishing}}, title = {{{Subtleties in Security Definitions for Predicate Encryption with Public Index}}}, doi = {{10.1007/978-3-319-72453-9_35}}, volume = {{10693}}, year = {{2017}}, }