@inproceedings{2344, author = {{Blömer, Johannes and Günther, Peter and Krummel, Volker and Löken, Nils}}, booktitle = {{Foundations and Practice of Security}}, isbn = {{9783319756493}}, issn = {{0302-9743}}, pages = {{3--17}}, publisher = {{Springer International Publishing}}, title = {{{Attribute-Based Encryption as a Service for Access Control in Large-Scale Organizations}}}, doi = {{10.1007/978-3-319-75650-9_1}}, year = {{2017}}, } @inproceedings{2947, author = {{Blömer, Johannes and Günther, Peter}}, booktitle = {{2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)}}, isbn = {{9781467375795}}, publisher = {{IEEE}}, title = {{{Singular Curve Point Decompression Attack}}}, doi = {{10.1109/fdtc.2015.17}}, year = {{2016}}, } @inbook{2968, author = {{Blömer, Johannes and Lammersen, Christiane and Schmidt, Melanie and Sohler, Christian}}, booktitle = {{Algorithm Engineering}}, isbn = {{9783319494869}}, issn = {{0302-9743}}, pages = {{81--116}}, publisher = {{Springer International Publishing}}, title = {{{Theoretical Analysis of the k-Means Algorithm – A Survey}}}, doi = {{10.1007/978-3-319-49487-6_3}}, year = {{2016}}, } @unpublished{2969, author = {{Blömer, Johannes and Brauer, Sascha and Bujna, Kathrin}}, publisher = {{Computing Research Repository}}, title = {{{Hard-Clustering with Gaussian Mixture Models}}}, year = {{2016}}, } @inbook{2970, author = {{Blömer, Johannes and Bujna, Kathrin}}, booktitle = {{Advances in Knowledge Discovery and Data Mining}}, isbn = {{9783319317496}}, issn = {{0302-9743}}, pages = {{296--308}}, publisher = {{Springer International Publishing}}, title = {{{Adaptive Seeding for Gaussian Mixture Models}}}, doi = {{10.1007/978-3-319-31750-2_24}}, year = {{2016}}, } @techreport{2971, author = {{Blömer, Johannes and Günther, Peter}}, publisher = {{Tagungsband des 26. Fraunhofer SIT Smartcard-Workshops}}, title = {{{Effizienz und Sicherheit paarungsbasierter Kryptographie}}}, year = {{2016}}, } @inproceedings{2367, abstract = {{One of the most popular fuzzy clustering techniques is the fuzzy K-means algorithm (also known as fuzzy-c-means or FCM algorithm). In contrast to the K-means and K-median problem, the underlying fuzzy K-means problem has not been studied from a theoretical point of view. In particular, there are no algorithms with approximation guarantees similar to the famous K-means++ algorithm known for the fuzzy K-means problem. This work initiates the study of the fuzzy K-means problem from an algorithmic and complexity theoretic perspective. We show that optimal solutions for the fuzzy K-means problem cannot, in general, be expressed by radicals over the input points. Surprisingly, this already holds for simple inputs in one-dimensional space. Hence, one cannot expect to compute optimal solutions exactly. We give the first (1+eps)-approximation algorithms for the fuzzy K-means problem. First, we present a deterministic approximation algorithm whose runtime is polynomial in N and linear in the dimension D of the input set, given that K is constant, i.e. a polynomial time approximation scheme (PTAS) for fixed K. We achieve this result by showing that for each soft clustering there exists a hard clustering with similar properties. Second, by using techniques known from coreset constructions for the K-means problem, we develop a deterministic approximation algorithm that runs in time almost linear in N but exponential in the dimension D. We complement these results with a randomized algorithm which imposes some natural restrictions on the sought solution and whose runtime is comparable to some of the most efficient approximation algorithms for K-means, i.e. linear in the number of points and the dimension, but exponential in the number of clusters.}}, author = {{Blömer, Johannes and Brauer, Sascha and Bujna, Kathrin}}, booktitle = {{2016 IEEE 16th International Conference on Data Mining (ICDM)}}, isbn = {{9781509054732}}, keywords = {{unsolvability by radicals, clustering, fuzzy k-means, probabilistic method, approximation algorithms, randomized algorithms}}, location = {{Barcelona, Spain}}, pages = {{805--810}}, publisher = {{IEEE}}, title = {{{A Theoretical Analysis of the Fuzzy K-Means Problem}}}, doi = {{10.1109/icdm.2016.0094}}, year = {{2016}}, } @inproceedings{208, abstract = {{This paper presents a new framework for constructing fully CCA-secure predicate encryption schemes from pair encoding schemes. Our construction is the first in the context of predicate encryption which uses the technique of well-formedness proofs known from public key encryption. The resulting constructions are simpler and more efficient compared to the schemes achieved using known generic transformations from CPA-secure to CCA-secure schemes. The reduction costs of our framework are comparable to the reduction costs of the underlying CPA-secure framework. We achieve this last result by applying the dual system encryption methodology in a novel way.}}, author = {{Blömer, Johannes and Liske, Gennadij}}, booktitle = {{Proceedings of the CT-RSA 2016}}, pages = {{431--447}}, title = {{{Construction of Fully CCA-Secure Predicate Encryptions from Pair Encoding Schemes}}}, doi = {{10.1007/978-3-319-29485-8_25}}, year = {{2016}}, } @inbook{2978, author = {{Blömer, Johannes and Bujna, Kathrin}}, booktitle = {{Advances in Knowledge Discovery and Data Mining}}, isbn = {{9783319317496}}, issn = {{0302-9743}}, pages = {{296--308}}, publisher = {{Springer International Publishing}}, title = {{{Adaptive Seeding for Gaussian Mixture Models}}}, doi = {{10.1007/978-3-319-31750-2_24}}, year = {{2016}}, } @inproceedings{253, abstract = {{Group signatures, introduced by Chaum and van Heyst [15], are an important primitive in cryptography. In group signature schemes every group member can anonymously sign messages on behalf of the group. In case of disputes a dedicated opening manager is able to trace signatures - he can extract the identity of the producer of a given signature. A formal model for static group signatures schemes and their security is defined by Bellare, Micciancio, and Warinschi [4], the case of dynamic groups is considered by Bellare, Shi, and Zhang [5]. Both models define group signature schemes with a single opening manager. The main difference between these models is that the number of group members in static schemes is fixed, while in dynamic schemes group members can join the group over time.}}, author = {{Blömer, Johannes and Juhnke, Jakob and Löken, Nils}}, booktitle = {{Proceedings of the Sixth International Conference on Mathematical Aspects of Computer and Information Sciences (MACIS)}}, pages = {{166--180}}, title = {{{Short Group Signatures with Distributed Traceability}}}, doi = {{10.1007/978-3-319-32859-1_14}}, year = {{2015}}, } @inproceedings{322, abstract = {{Reputation systems are used to compute and publish reputation scores for services or products. We consider reputation systems where users are allowed to rate products that they purchased previously. To obtain trustworthy reputations, they are allowed to rate these products only once. As long as users rate products once, they stay anonymous. Everybody is able to detect users deviating from the rate-products-only-once policy and the anonymity of such dishonest users can be revoked by a system manager. In this paper we present formal models for such reputation systems and their security. Based on group signatures presented by Boneh, Boyen, and Shacham we design an efficient reputation system that meets all our requirements.}}, author = {{Blömer, Johannes and Juhnke, Jakob and Kolb, Christina}}, booktitle = {{Proceedings of the 18th International Conference on Financial Cryptography and Data Security (FC)}}, pages = {{478----488}}, title = {{{Anonymous and Publicly Linkable Reputation Systems}}}, doi = {{10.1007/978-3-662-47854-7_29}}, year = {{2015}}, } @techreport{233, abstract = {{Motivated by the deterministic single exponential time algorithm of Micciancio and Voulgaris for solving the shortest and closest vector problem for the Euclidean norm, we study the geometry and complexity of Voronoi cells of lattices with respect to arbitrary norms.On the positive side, we show that for strictly convex and smooth norms the geometry of Voronoi cells of lattices in any dimension is similar to the Euclidean case, i.e., the Voronoi cells are defined by the so-called Voronoi-relevant vectors and the facets of a Voronoi cell are in one-to-one correspondence with these vectors. On the negative side, we show that combinatorially Voronoi cells for arbitrary strictly convex and smooth norms are much more complicated than in the Euclidean case.In particular, we construct a family of three-dimensional lattices whose number of Voronoi-relevant vectors with respect to the l_3-norm is unbounded.Since the algorithm of Micciancio and Voulgaris and its run time analysis crucially dependonthefactthatfortheEuclidean normthenumber of Voronoi-relevant vectors is single exponential in the lattice dimension, this indicates that the techniques of Micciancio and Voulgaris cannot be extended to achieve deterministic single exponential time algorithms for lattice problems with respect to arbitrary l_p-norms.}}, author = {{Blömer, Johannes and Kohn, Kathlén}}, publisher = {{Universität Paderborn}}, title = {{{Voronoi Cells of Lattices with Respect to Arbitrary Norms}}}, year = {{2015}}, } @inproceedings{355, abstract = {{In the last decade pairings have become an important, and often indispensable, ingredient in the construction of identity-based and attribute-based cryptosystems, as well as group signatures and credential systems. Consequently, the applicability of timing, power, or fault attacks to implementations of pairings is an important research topic. We will review some of the known results in this area.}}, author = {{Blömer, Johannes and Günther, Peter and Liske, Gennadij}}, booktitle = {{Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC)}}, pages = {{1----7}}, title = {{{Tampering attacks in pairing-based cryptography}}}, doi = {{10.1109/FDTC.2014.10}}, year = {{2014}}, } @article{2976, author = {{Ackermann, Marcel Rudolf and Blömer, Johannes and Kuntze, Daniel and Sohler, Christian}}, issn = {{0178-4617}}, journal = {{Algorithmica}}, publisher = {{Springer US}}, title = {{{Analysis of Agglomerative Clustering}}}, doi = {{10.1007/s00453-012-9717-4}}, volume = {{69}}, year = {{2014}}, } @inproceedings{2977, author = {{Blömer, Johannes and Bujna, Kathrin and Kuntze, Daniel}}, booktitle = {{2014 22nd International Conference on Pattern Recognition}}, isbn = {{9781479952090}}, publisher = {{IEEE}}, title = {{{A Theoretical and Experimental Comparison of the EM and SEM Algorithm}}}, doi = {{10.1109/icpr.2014.253}}, year = {{2014}}, } @unpublished{442, abstract = {{We present a new transformation of chosen-plaintext secure predicate encryption schemes with public index into chosen-ciphertext secure schemes. Our construction requires only a universal one-way hash function and is selectively secure in the standard model. The transformation is not generic but can be applied to various existing schemes constructed from bilinear groups. Using common structural properties of these schemes we provide an efficient and simple transformation without overhead in form of one-time signatures or message authentication codes as required in the known generic transformations.}}, author = {{Blömer, Johannes and Liske, Gennadij}}, publisher = {{Universität Paderborn}}, title = {{{Constructing CCA-secure predicate encapsulation schemes from CPA-secure schemes and universal one-way hash functions}}}, year = {{2014}}, } @inproceedings{463, abstract = {{Several fault attacks against pairing-based cryptography have been described theoretically in recent years. Interestingly, none of these have been practically evaluated. We accomplished this task and prove that fault attacks against pairing-based cryptography are indeed possible and are even practical — thus posing a serious threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation of the eta pairing on an AVR XMEGA A1. We injected the first fault into the computation of the Miller Algorithm and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that allowed us to generate multiple independent faults in one computation. The setup implements these faults by clock glitches which induce instruction skips. With this setup we conducted the first practical fault attack against a complete pairing computation.}}, author = {{Blömer, Johannes and Gomes da Silva, Ricardo and Günther, Peter and Krämer, Juliane and Seifert, Jean-Pierre}}, booktitle = {{Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC)}}, pages = {{123----136}}, title = {{{A Practical Second-Order Fault Attack against a Real-World Pairing Implementation}}}, doi = {{10.1109/FDTC.2014.22}}, year = {{2014}}, } @inbook{2979, author = {{Blömer, Johannes and Günther, Peter and Liske, Gennadij}}, booktitle = {{Constructive Side-Channel Analysis and Secure Design}}, isbn = {{9783642400254}}, issn = {{0302-9743}}, pages = {{154--168}}, publisher = {{Springer Berlin Heidelberg}}, title = {{{Improved Side Channel Attacks on Pairing Based Cryptography}}}, doi = {{10.1007/978-3-642-40026-1_10}}, year = {{2013}}, } @inproceedings{488, abstract = {{Unattended systems are key ingredients of various critical infrastruc-tures like networks of self service terminals or automated teller machines.For cost and efficiency reasons they should mostly run autonomously.Unattended systems are attractive and lucrative targets for various kindsof attacks, including attacks on the integrity of their components and thecommunication between components. In this paper, we propose a gen-eral cryptographic framework to protect unattended systems. We alsodemonstrate that instantiating the framework with techniques from iden-tity based cryptography is particularly well-suited to efficiently secureunattended systems.}}, author = {{Blömer, Johannes and Günther, Peter and Krummel, Volker}}, booktitle = {{Proceedings of the 5th International Conference on Mathematical Aspects of Computer and Information Sciences (MACIS)}}, pages = {{98--105}}, title = {{{Securing Critical Unattended Systems with Identity Based Cryptography - A Case Study}}}, year = {{2013}}, } @unpublished{538, abstract = {{We present a new technique to realize attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks (CCA-secure). Our approach is to extend certain concrete chosen-plaintext secure (CPA-secure) ABE schemes to achieve more efficient constructions than the known generic constructions of CCA-secure ABE schemes. We restrict ourselves to the construction of attribute-based key encapsulation mechanisms (KEMs) and present two concrete CCA-secure schemes: a key-policy attribute-based KEM that is based on Goyal's key-policy ABE and a ciphertext-policy attribute-based KEM that is based on Waters' ciphertext-policy ABE. To achieve our goals, we use an appropriate hash function and need to extend the public parameters and the ciphertexts of the underlying CPA-secure encryption schemes only by a single group element. Moreover, we use the same hardness assumptions as the underlying CPA-secure encryption schemes.}}, author = {{Blömer, Johannes and Liske, Gennadij}}, publisher = {{Universität Paderborn}}, title = {{{Direct Chosen-Ciphertext Secure Attribute-Based Key Encapsulations without Random Oracles}}}, year = {{2013}}, }