Who Am I?

Dominique Schröder is an Associate Professor (with tenure) of Computer Science at Saarland University in Germany and he is also a PI of the Center for IT-Security, Accountability, and Privacy (CISPA). Before joining Saarland University as an Assistant Professor in 2012, he was a postdoctoral fellow of the German Academic Exchange Service (DAAD) under Jonathan Katz at the University of Maryland, USA. In November 2010, Dominique completed his Ph.D. with grade “summa cum laude” at Darmstadt University of Technology, Germany, under Marc Fischlin.

  • 2013 Intel Early Career Faculty Honor Program awardee.
  • 2011 Postdoctoral Fellowship of the German Academic Exchange Service (DAAD).
  • 2010 Fellow of the German Academic Exchange Service (DAAD).
  • 2007 Best Teaching Assistant Award, Introduction to Cryptography, TU Darmstadt.
  • 2000 Winner of the programming contest “N@tkids” by “akte 2000” and in the third category. Invited to the TV show “akte 2000”.

Research interests

Dominique’s research interests span across theory and practice of cryptography. On the theoretical side he is interested in the instantiability of cryptographic primitives and protocols from weak cryptographic assumptions, such as the existence of one-way functions.  His research on the applied side concerns about the construction of efficient cryptographic primitives and protocols, ideally from mild assumptions, such as the DDH assumption. Moreover, Dominique is also interested in applying cryptographic techniques to solve real world problems, such as constructing verifiable outsourced storage or using cryptographic techniques to handle the equivocation problem in distributed systems.

In a cryptographic protocol a set of parties exchange messages in order to securely realize a certain task. These tasks range from abstract problems such as the secure computation of arbitrary functions, over the oblivious computation of signatures (blind signatures), to protocols like voting schemes.

Dominique’s research in this area investigates the round complexity of protocols, the necessary underlying assumptions, and the efficient realization. The corresponding publication appeared at CRYPTO, EUROCRYPT, TCC, and PKC.

Cryptographic primitives, such as private/public encryption, signature schemes, or hash functions, are the main components that are used in various systems and protocols.

In this domain, Dominique has presented the first aggregate signature scheme, he has investigated the security of sanitizable signature schemes, and presented several efficient solutions for various primitives. The correspond publication appeared at CRYPTO, PKC, FC, and ACNS.

Strong security guarantees, such as universally composable (UC) security, guarantee the security of the individual protocols regardless of how the protocol is composed with other protocols. It is well known that achieving such strong notions is only possible assuming the existence of trusted setup assumptions. One way to avoid trusted setup assumptions is the usage of hardware, such as hardware tokens or physical uncloneable functions (PUFs).

In this context, Dominique has investigated feasibility and infeasibility of secure computation with malicious PUFs and the construction of oblivious transfer using a minimal number of stateless tokens. The corresponding publication appeared at CRYPTO and TCC.

Cloud providers offer the possibility to outsource computation and storage. These services are extremely beneficial for society, since they are accessible from any location and can therefore be used to jointly work and share information without being bound to specific devices or location. Besides the tremendous positive aspects of cloud services, they also introduced new security and privacy threats.

In this are, Dominique has suggested several (privacy-preserving) protocols to verifiable outsourced storage, and to handle access control for outsourced data. The corresponding publications appeared at IEEE S&P, ACM CCS, and FC.

Making conflicting statements to others, or equivocation, is a simple yet remarkably powerful tool of malicious participants in distributed systems of all kinds. Decentralized crypto-currency systems such as Bitcoin and its derivatives follow a novel approach to handle equivocation. To protect against equivocation in the form of double-spending, i.e., spending the same funds to different parties, Bitcoin employs a special decentralized public append-only log based on proof of work called the blockchain: In a decentralized crypto-currency, users transfer their funds by publishing digitally signed transactions. Our key idea towards preventing equivocation is to use Bitcoin to prescribe a monetary penalty for equivocation. The corresponding publication appeared at ACM CCS.

The security of almost all cryptographic primitives and protocols is based on certain hardness assumptions. These assumptions are either concrete number theoretical hardness problems, such as computing discrete logarithms, or complexity based assumptions such as the existence of one-way functions. Seminal results in this area show, for example, a separation between digital signature schemes and public-key encryption. Concretely, these results show that digital signature schemes can be constructed from one-way functions in black-box way, while this is not impossible for public-key encryption.

Dominique’s research in this area has shown that, in contrast to digital signatures, blind signature cannot be constructed from one-way functions and that verifiable random functions cannot be constructed from trapdoor permutation in a black-box way. The results appeared at TCC.

Selected projects

The Center for IT-Security, Privacy, and Accountability (short: CISPA) was founded in October 2011 as a competence center for IT security at Saarland University. It is a joint endeavor of Saarland University (UdS) and its on-site partner institutions: the Max Planck Institute for Informatics (MPI-INF), the Max Planck Institute for Software Systems (MPI-SWS), and the German Research Center for Artificial Intelligence (DFKI). Cyber security is the cross-cutting theme of central importance for all these institutions.With the two Max Planck Institutes MPI-INF and MPI-SWS as well as the Computer Science Department at Saarland University working on cutting-edge foundational research aspects in CISPA, and with DFKI as the nowadays biggest application-oriented research institution in Europe being part of CISPA, we are in a unique position to address cyber security questions in a truly holistic manner: seminal foundational solutions based on newly developed principles and approaches are systematically developed into deployable security technologies and finally into prototypical and actually deployed systems in collaboration with industrial partners and own spin-off companies. The nucleus for this joint endeavor was the CISPA project, funded by the Federal Ministry of Education and Research (BMBF) in 2011. As of today, CISPA has become one of Europe’s leading research sites for IT security with more than 200 researchers working in IT security and related fields.

Funding Agency: BMBF

Period: 2015-2019

Role: PI

In the past years cloud services have rapidly gained a central role in digital society, allowing users to outsource storage and computation. These services are extremely beneficial for society, since they are accessible from any location and can therefore be used to jointly work and share information without being bound to specific devices.

Besides the tremendous positive aspects of cloud services, they also introduced new security and privacy threats. Since existing cryptographic primitives and protocols fall short in addressing these new threats, this proposal aims to develop mathematically sound foundations and tools for providing cloud services with various security and privacy guarantees for outsourced data.

Funding Agency: DAAD

Period: 2015-2016

Role:Sole PI

Selected publications

Authors: Nico Döttling and Dominique Schröder

Abstract: Pseudorandom functions (PRFs) are one of the most fundamental building blocks in cryp- tography with numerous applications such as message authentication codes and private key encryption. In this work, we propose a new framework to construct PRFs with the overall goal to build efficient PRFs from standard assumptions with an almost tight proof of security. The main idea of our frame- work is to start from a PRF for any small domain (i.e. poly-sized domain) and turn it into an l-bounded pseudorandom function, i.e., into a PRF whose outputs are pseudorandom for the first l distinct queries to F. In the second step, we apply a novel technique which we call on-the-fly adaptation that turns any bounded PRF into a fully-fledged (large domain) PRF. Both steps of our framework have a tight security reduction, meaning that any successful attacker can be turned into an efficient algorithm for the underlying hard computational problem without any significant increase in the running time or loss of success probability.

Instantiating our framework with specific number theoretic assumptions, we construct a PRF based on k-LIN (and thus DDH) that is faster than all known constructions, which reduces almost tightly to the underlying problem, and which has shorter keys. Instantiating our framework with general assumptions, we construct a PRF with very flat circuits whose security tightly reduces to the security of some small domain PRF.

Publication Info: IACR CRYPTO 2015

Download: PDF

Authors: Dana Dachman-Soled, Nils Fleischhacker, Jonathan Katz, Anna Lysyanskaya, and Dominique Schröder.

A recent line of work has explored the use of physically uncloneable functions (PUFs) for secure computation, with the goals of
(1) achieving universal composability without (additional) setup, and/or
(2) obtaining unconditional security (i.e., avoiding complexity-theoretic assumptions). Initial work assumed that all PUFs, even those created by an attacker, are honestly generated. Subsequently, researchers have investigated models in which an adversary can create malicious PUFs with arbitrary behavior. Researchers have considered both malicious PUFs that might be stateful, as well as malicious PUFs that can have arbi- trary behavior but are guaranteed to be stateless.
We settle the main open questions regarding secure computation in the malicious-PUF model:
– We prove that unconditionally secure oblivious transfer is impossible, even in the stand-alone setting, if the adversary can construct (malicious) stateful PUFs.
– We show that universally composable two-party computation is pos- sible if the attacker is limited to creating (malicious) stateless PUFs. Our protocols are simple and efficient, and do not require any cryp- tographic assumptions.

Publication Info: IACR CRYPTO 2014


Authors: Dominique Schröder and Dominique Unruh
(merged with Sanjam Garg, Vanishree Rao, and Amit Sahai)

Constructing round-optimal blind signatures in the standard model has been a long standing open problem. In particular, Fischlin and Schröder recently ruled out a large class of three-move blind signatures in the standard model (Eurocrypt’10). In particular, their result shows that finding security proofs for the well-known blind signature schemes by Chaum, and by Pointcheval and Stern in the standard model via black-box reductions is hard. In this work we propose the first round-optimal, i.e., two-move, blind signature scheme in the standard model (i.e., without assuming random oracles or the existence of a common reference string). Our scheme relies on the Decisional Diffie Hellman assumption and the existence of sub-exponentially hard 1-to-1 one way functions. This scheme is also secure in the concurrent setting.

Publication Info: IACR CRYPTO 2011

Download: Proceedings Version (PDF) and submitted version

Authors:Dominique Schröder and Heike Schröder

In a verifiable data streaming protocol, the client streams a long string to the server who stores it in its database. The stream is verifiable in the sense that the server can neither change the order of the elements nor manipulate them. The client may also retrieve data from the database and update them. The content of the database is publicly verifiable such that any party in possession of some value s and a proof π can check that s is indeed in the database.

We introduce the notion of verifiable data streaming and present an efficient instantiation that supports an exponential number of values based on general assumptions. Our main technique is an authentication tree in which the leaves are not fixed in advanced such that the user, knowing some trapdoor, can authenticate a new element on demand without pre- or re-computing all other leaves. We call this data structure chameleon authentication tree (CAT). We instantiate our scheme with primitives that are secure under the discrete logarithm assumption. The algebraic properties of this assumption allow us to obtain a very efficient verification algorithm. As a second application of CATs, we present a new transformation from any one-time to many-time signature scheme that is more efficient than previously known solutions.

Publication Info: The ACM Conference on Computer and Communications Security (CCS) 2012

Download: PDF

Authors: Tim Ruffing, Aniket Kate, and Dominique Schröder

Abstract: We show that equivocation, i.e., making conflicting statements to others in a distributed protocol, can be monetar- ily disincentivized by the use of crypto-currencies such as Bitcoin. To this end, we design completely decentralized non-equivocation contracts, which make it possible to penalize an equivocating party by the loss of its money. At the core of these contracts, there is a novel cryptographic primitive called accountable assertions, which reveals the party’s Bitcoin credentials if it equivocates.

Non-equivocation contracts are particularly useful for distributed systems that employ public append-only logs to protect data integrity, e.g., in cloud storage and social networks. Moreover, as double-spending in Bitcoin is a special case of equivocation, the contracts enable us to design a payment protocol that allows a payee to receive funds at several unsynchronized points of sale, while being able to penalize a double-spending payer after the fact.

Publication Info: The ACM Conference on Computer and Communications Security (CCS) 2015

Authors: Matteo Maffei and Giulio Malavolta and Manuel Reinert and Dominique Schröder

Abstract: Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having access to outsourced files might be malicious and misbehave. These concerns are particularly serious in sensitive applications like personal health records and credit score systems.

To tackle this problem, we present GORAM, a cryptographic system that protects the secrecy and integrity of outsourced data with respect to both an untrusted server and malicious clients, guarantees the anonymity and unlinkability of accesses to such data, and allows the data owner to share outsourced data with other clients, selectively granting them read and write permissions. GORAM is the first system to achieve such a wide range of security and privacy properties for outsourced storage. In the process of designing an efficient construction, we developed two new, generally applicable cryptographic schemes, namely, batched zero-knowledge proofs of shuffle and an accountability technique based on chameleon signatures, which we consider of independent interest. We implemented GORAM in Amazon Elastic Compute Cloud (EC2) and ran a performance evaluation demonstrating the scalability and efficiency of our construction.

Publication Info: IEEE Symposium on Security and Privacy 2015

Download: PDF

Authors: Marc Fischlin and Dominique Schröder

We investigate the possibility to prove security of the well-known blind signature schemes by Chaum, and by Pointcheval and Stern in the standard model, i.e., without random oracles. We subsume these schemes under a more general class of blind signature schemes and show that finding security proofs for these schemes via black-box reductions in the standard model is hard. Technically, our result deploys meta-reduction techniques showing that black-box reductions for such schemes could be turned into efficient solvers for hard non-interactive cryptographic problems like RSA or discrete-log. Our technique yields significantly stronger impossibility results than previous meta-reductions in other settings by playing off the two security requirements of the blind signatures (unforgeability and blindness).

Publication Info: IACR EUROCRYPT

Download: PDF


Email: ds@ca.cs DOT uni-saarland DOT de **  Office: Campus E1 1 ** Postal: Saarland University, Dep. of Computer Science, 66123 Saarbruecken