-
HDT: Hierarchical Document Transformer
Authors:
Haoyu He,
Markus Flicke,
Jan Buchmann,
Iryna Gurevych,
Andreas Geiger
Abstract:
In this paper, we propose the Hierarchical Document Transformer (HDT), a novel sparse Transformer architecture tailored for structured hierarchical documents. Such documents are extremely important in numerous domains, including science, law or medicine. However, most existing solutions are inefficient and fail to make use of the structure inherent to documents. HDT exploits document structure by…
▽ More
In this paper, we propose the Hierarchical Document Transformer (HDT), a novel sparse Transformer architecture tailored for structured hierarchical documents. Such documents are extremely important in numerous domains, including science, law or medicine. However, most existing solutions are inefficient and fail to make use of the structure inherent to documents. HDT exploits document structure by introducing auxiliary anchor tokens and redesigning the attention mechanism into a sparse multi-level hierarchy. This approach facilitates information exchange between tokens at different levels while maintaining sparsity, thereby enhancing computational and memory efficiency while exploiting the document structure as an inductive bias. We address the technical challenge of implementing HDT's sample-dependent hierarchical attention pattern by developing a novel sparse attention kernel that considers the hierarchical structure of documents. As demonstrated by our experiments, utilizing structural information present in documents leads to faster convergence, higher sample efficiency and better performance on downstream tasks.
△ Less
Submitted 11 July, 2024;
originally announced July 2024.
-
Attribute or Abstain: Large Language Models as Long Document Assistants
Authors:
Jan Buchmann,
Xiao Liu,
Iryna Gurevych
Abstract:
LLMs can help humans working with long documents, but are known to hallucinate. Attribution can increase trust in LLM responses: The LLM provides evidence that supports its response, which enhances verifiability. Existing approaches to attribution have only been evaluated in RAG settings, where the initial retrieval confounds LLM performance. This is crucially different from the long document sett…
▽ More
LLMs can help humans working with long documents, but are known to hallucinate. Attribution can increase trust in LLM responses: The LLM provides evidence that supports its response, which enhances verifiability. Existing approaches to attribution have only been evaluated in RAG settings, where the initial retrieval confounds LLM performance. This is crucially different from the long document setting, where retrieval is not needed, but could help. Thus, a long document specific evaluation of attribution is missing. To fill this gap, we present LAB, a benchmark of 6 diverse long document tasks with attribution, and experiment with different approaches to attribution on 4 LLMs of different sizes, both prompted and fine-tuned. We find that citation, i.e. response generation and evidence extraction in one step, mostly performs best. We investigate whether the ``Lost in the Middle'' phenomenon exists for attribution, but do not find this. We also find that evidence quality can predict response quality on datasets with simple responses, but not so for complex responses, as models struggle with providing evidence for complex claims. We release code and data for further investigation.
△ Less
Submitted 10 July, 2024;
originally announced July 2024.
-
Document Structure in Long Document Transformers
Authors:
Jan Buchmann,
Max Eichler,
Jan-Micha Bodensohn,
Ilia Kuznetsov,
Iryna Gurevych
Abstract:
Long documents often exhibit structure with hierarchically organized elements of different functions, such as section headers and paragraphs. Despite the omnipresence of document structure, its role in natural language processing (NLP) remains opaque. Do long-document Transformer models acquire an internal representation of document structure during pre-training? How can structural information be…
▽ More
Long documents often exhibit structure with hierarchically organized elements of different functions, such as section headers and paragraphs. Despite the omnipresence of document structure, its role in natural language processing (NLP) remains opaque. Do long-document Transformer models acquire an internal representation of document structure during pre-training? How can structural information be communicated to a model after pre-training, and how does it influence downstream performance? To answer these questions, we develop a novel suite of probing tasks to assess structure-awareness of long-document Transformers, propose general-purpose structure infusion methods, and evaluate the effects of structure infusion on QASPER and Evidence Inference, two challenging long-document NLP tasks. Results on LED and LongT5 suggest that they acquire implicit understanding of document structure during pre-training, which can be further enhanced by structure infusion, leading to improved end-task performance. To foster research on the role of document structure in NLP modeling, we make our data and code publicly available.
△ Less
Submitted 31 January, 2024;
originally announced January 2024.
-
CARE: Collaborative AI-Assisted Reading Environment
Authors:
Dennis Zyska,
Nils Dycke,
Jan Buchmann,
Ilia Kuznetsov,
Iryna Gurevych
Abstract:
Recent years have seen impressive progress in AI-assisted writing, yet the developments in AI-assisted reading are lacking. We propose inline commentary as a natural vehicle for AI-based reading assistance, and present CARE: the first open integrated platform for the study of inline commentary and reading. CARE facilitates data collection for inline commentaries in a commonplace collaborative read…
▽ More
Recent years have seen impressive progress in AI-assisted writing, yet the developments in AI-assisted reading are lacking. We propose inline commentary as a natural vehicle for AI-based reading assistance, and present CARE: the first open integrated platform for the study of inline commentary and reading. CARE facilitates data collection for inline commentaries in a commonplace collaborative reading environment, and provides a framework for enhancing reading with NLP-based assistance, such as text classification, generation or question answering. The extensible behavioral logging allows unique insights into the reading and commenting behavior, and flexible configuration makes the platform easy to deploy in new scenarios. To evaluate CARE in action, we apply the platform in a user study dedicated to scholarly peer review. CARE facilitates the data collection and study of inline commentary in NLP, extrinsic evaluation of NLP assistance, and application prototyping. We invite the community to explore and build upon the open source implementation of CARE.
△ Less
Submitted 24 February, 2023;
originally announced February 2023.
-
Revise and Resubmit: An Intertextual Model of Text-based Collaboration in Peer Review
Authors:
Ilia Kuznetsov,
Jan Buchmann,
Max Eichler,
Iryna Gurevych
Abstract:
Peer review is a key component of the publishing process in most fields of science. The increasing submission rates put a strain on reviewing quality and efficiency, motivating the development of applications to support the reviewing and editorial work. While existing NLP studies focus on the analysis of individual texts, editorial assistance often requires modeling interactions between pairs of t…
▽ More
Peer review is a key component of the publishing process in most fields of science. The increasing submission rates put a strain on reviewing quality and efficiency, motivating the development of applications to support the reviewing and editorial work. While existing NLP studies focus on the analysis of individual texts, editorial assistance often requires modeling interactions between pairs of texts -- yet general frameworks and datasets to support this scenario are missing. Relationships between texts are the core object of the intertextuality theory -- a family of approaches in literary studies not yet operationalized in NLP. Inspired by prior theoretical work, we propose the first intertextual model of text-based collaboration, which encompasses three major phenomena that make up a full iteration of the review-revise-and-resubmit cycle: pragmatic tagging, linking and long-document version alignment. While peer review is used across the fields of science and publication formats, existing datasets solely focus on conference-style review in computer science. Addressing this, we instantiate our proposed model in the first annotated multi-domain corpus in journal-style post-publication open peer review, and provide detailed insights into the practical aspects of intertextual annotation. Our resource is a major step towards multi-domain, fine-grained applications of NLP in editorial support for peer review, and our intertextual framework paves the path for general-purpose modeling of text-based collaboration. Our corpus and accompanying code are publicly available.
△ Less
Submitted 31 May, 2022; v1 submitted 22 April, 2022;
originally announced April 2022.
-
ELSA: Efficient Long-Term Secure Storage of Large Datasets
Authors:
Matthias Geihs,
Johannes Buchmann
Abstract:
An increasing amount of information today is generated, exchanged, and stored digitally. This also includes long-lived and highly sensitive information (e.g., electronic health records, governmental documents) whose integrity and confidentiality must be protected over decades or even centuries. While there is a vast amount of cryptography-based data protection schemes, only few are designed for lo…
▽ More
An increasing amount of information today is generated, exchanged, and stored digitally. This also includes long-lived and highly sensitive information (e.g., electronic health records, governmental documents) whose integrity and confidentiality must be protected over decades or even centuries. While there is a vast amount of cryptography-based data protection schemes, only few are designed for long-term protection. Recently, Braun et al. (AsiaCCS'17) proposed the first long-term protection scheme that provides renewable integrity protection and information-theoretic confidentiality protection. However, computation and storage costs of their scheme increase significantly with the number of stored data items. As a result, their scheme appears suitable only for protecting databases with a small number of relatively large data items, but unsuitable for databases that hold a large number of relatively small data items (e.g., medical record databases). In this work, we present a solution for efficient long-term integrity and confidentiality protection of large datasets consisting of relatively small data items. First, we construct a renewable vector commitment scheme that is information-theoretically hiding under selective decommitment. We then combine this scheme with renewable timestamps and information-theoretically secure secret sharing. The resulting solution requires only a single timestamp for protecting a dataset while the state of the art requires a number of timestamps linear in the number of data items. We implemented our solution and measured its performance in a scenario where 12 000 data items are aggregated, stored, protected, and verified over a time span of 100 years. Our measurements show that our new solution completes this evaluation scenario an order of magnitude faster than the state of the art.
△ Less
Submitted 28 October, 2018;
originally announced October 2018.
-
PROPYLA: Privacy Preserving Long-Term Secure Storage
Authors:
Matthias Geihs,
Nikolaos Karvelas,
Stefan Katzenbeisser,
Johannes Buchmann
Abstract:
An increasing amount of sensitive information today is stored electronically and a substantial part of this information (e.g., health records, tax data, legal documents) must be retained over long time periods (e.g., several decades or even centuries). When sensitive data is stored, then integrity and confidentiality must be protected to ensure reliability and privacy. Commonly used cryptographic…
▽ More
An increasing amount of sensitive information today is stored electronically and a substantial part of this information (e.g., health records, tax data, legal documents) must be retained over long time periods (e.g., several decades or even centuries). When sensitive data is stored, then integrity and confidentiality must be protected to ensure reliability and privacy. Commonly used cryptographic schemes, however, are not designed for protecting data over such long time periods. Recently, the first storage architecture combining long-term integrity with long-term confidentiality protection was proposed (AsiaCCS'17). However, the architecture only deals with a simplified storage scenario where parts of the stored data cannot be accessed and verified individually. If this is allowed, however, not only the data content itself, but also the access pattern to the data (i.e., the information which data items are accessed at which times) may be sensitive information. Here we present the first long-term secure storage architecture that provides long-term access pattern hiding security in addition to long-term integrity and long-term confidentiality protection. To achieve this, we combine information-theoretic secret sharing, renewable timestamps, and renewable commitments with an information-theoretic oblivious random access machine. Our performance analysis of the proposed architecture shows that achieving long-term integrity, confidentiality, and access pattern hiding security is feasible.
△ Less
Submitted 27 April, 2019; v1 submitted 27 November, 2017;
originally announced November 2017.
-
The Status of Quantum-Based Long-Term Secure Communication over the Internet
Authors:
Matthias Geihs,
Oleg Nikiforov,
Denise Demirel,
Alexander Sauer,
Denis Butin,
Felix Günther,
Gernot Alber,
Thomas Walther,
Johannes Buchmann
Abstract:
Sensitive digital data, such as health information or governmental archives, are often stored for decades or centuries. The processing of such data calls for long-term security. Secure channels on the Internet require robust key establishment methods. Currently used key distribution protocols are either vulnerable to future attacks based on Shor's algorithm, or vulnerable in principle due to their…
▽ More
Sensitive digital data, such as health information or governmental archives, are often stored for decades or centuries. The processing of such data calls for long-term security. Secure channels on the Internet require robust key establishment methods. Currently used key distribution protocols are either vulnerable to future attacks based on Shor's algorithm, or vulnerable in principle due to their reliance on computational problems. Quantum-based key distribution protocols are information-theoretically secure and offer long-term security. However, significant obstacles to their real-world use remain. This paper, which results from a multidisciplinary project involving computer scientists and physicists, systematizes knowledge about obstacles to and strategies for the realization of long-term secure Internet communication from quantum-based key distribution. We discuss performance and security particulars, consider the specific challenges arising from multi-user network settings, and identify key challenges for actual deployment.
△ Less
Submitted 27 November, 2017;
originally announced November 2017.
-
MoPS: A Modular Protection Scheme for Long-Term Storage
Authors:
Christian Weinert,
Denise Demirel,
Martín Vigil,
Matthias Geihs,
Johannes Buchmann
Abstract:
Current trends in technology, such as cloud computing, allow outsourcing the storage, backup, and archiving of data. This provides efficiency and flexibility, but also poses new risks for data security. It in particular became crucial to develop protection schemes that ensure security even in the long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic primitives. However, all…
▽ More
Current trends in technology, such as cloud computing, allow outsourcing the storage, backup, and archiving of data. This provides efficiency and flexibility, but also poses new risks for data security. It in particular became crucial to develop protection schemes that ensure security even in the long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic primitives. However, all current solutions fail to provide optimal performance for different application scenarios. Thus, in this work, we present MoPS, a modular protection scheme to ensure authenticity and integrity for data stored over long periods of time. MoPS does not come with any requirements regarding the storage architecture and can therefore be used together with existing archiving or storage systems. It supports a set of techniques which can be plugged together, combined, and migrated in order to create customized solutions that fulfill the requirements of different application scenarios in the best possible way. As a proof of concept we implemented MoPS and provide performance measurements. Furthermore, our implementation provides additional features, such as guidance for non-expert users and export functionalities for external verifiers.
△ Less
Submitted 7 August, 2017;
originally announced August 2017.
-
Update-tolerant and Revocable Password Backup (Extended Version)
Authors:
Moritz Horsch,
Johannes Braun,
Dominique Metz,
Johannes Buchmann
Abstract:
It is practically impossible for users to memorize a large portfolio of strong and individual passwords for their online accounts. A solution is to generate passwords randomly and store them. Yet, storing passwords instead of memorizing them bears the risk of loss, e.g., in situations where the device on which the passwords are stored is damaged, lost, or stolen. This makes the creation of backups…
▽ More
It is practically impossible for users to memorize a large portfolio of strong and individual passwords for their online accounts. A solution is to generate passwords randomly and store them. Yet, storing passwords instead of memorizing them bears the risk of loss, e.g., in situations where the device on which the passwords are stored is damaged, lost, or stolen. This makes the creation of backups of the passwords indispensable. However, placing such backups at secure locations to protect them as well from loss and unauthorized access and keeping them up-to-date at the same time is an unsolved problem in practice.
We present PASCO, a backup solution for passwords that solves this challenge. PASCO backups need not to be updated, even when the user's password portfolio is changed. PASCO backups can be revoked without having physical access to them. This prevents password leakage, even when a user loses control over a backup. Additionally, we show how to extend PASCO to enable a fully controllable emergency access. It allows a user to give someone else access to his passwords in urgent situations. We also present a security evaluation and an implementation of PASCO.
△ Less
Submitted 26 April, 2017; v1 submitted 10 April, 2017;
originally announced April 2017.
-
PALPAS - PAsswordLess PAssword Synchronization
Authors:
Moritz Horsch,
Andreas Hülsing,
Johannes Buchmann
Abstract:
Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that syn…
▽ More
Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.
△ Less
Submitted 15 June, 2015;
originally announced June 2015.
-
Intrinsically Legal-For-Trade Objects by Digital Signatures
Authors:
A. Wiesmaier,
U. Rauchschwalbe,
C. Ludwig,
B. Henhapl,
M. Ruppert,
J. Buchmann
Abstract:
The established techniques for legal-for-trade registration of weight values meet the legal requirements, but in praxis they show serious disadvantages. We report on the first implementation of intrinsically legal-for-trade objects, namely weight values signed by the scale, that is accepted by the approval authority. The strict requirements from both the approval- and the verification-authority…
▽ More
The established techniques for legal-for-trade registration of weight values meet the legal requirements, but in praxis they show serious disadvantages. We report on the first implementation of intrinsically legal-for-trade objects, namely weight values signed by the scale, that is accepted by the approval authority. The strict requirements from both the approval- and the verification-authority as well as the limitations due to the hardware of the scale were a special challenge. The presented solution fulfills all legal requirements and eliminates the existing practical disadvantages.
△ Less
Submitted 2 March, 2006;
originally announced March 2006.
-
The Workshop - Implementing Well Structured Enterprise Applications
Authors:
A. Wiesmaier,
V. Karatsiolis,
M. Lippert,
J. Buchmann
Abstract:
We specify an abstraction layer to be used between an enterprise application and the utilized enterprise framework (like J2EE or .NET). This specification is called the Workshop. It provides an intuitive metaphor supporting the programmer in designing easy understandable code. We present an implementation of this specification. It is based upon the J2EE framework and is called the JWorkshop. As…
▽ More
We specify an abstraction layer to be used between an enterprise application and the utilized enterprise framework (like J2EE or .NET). This specification is called the Workshop. It provides an intuitive metaphor supporting the programmer in designing easy understandable code. We present an implementation of this specification. It is based upon the J2EE framework and is called the JWorkshop. As a proof of concept we implement a special certification authority called the Key Authority based upon the JWorkshop. The mentioned certification authority runs very successfully in a variety of different real world projects.
△ Less
Submitted 13 June, 2005;
originally announced June 2005.
-
Towards a Flexible Intra-Trustcenter Management Protocol
Authors:
V. Karatsiolis,
M. Lippert,
A. Wiesmaier,
A. Pitaev,
M. Ruppert,
J. Buchmann
Abstract:
This paper proposes the Intra Trustcenter Protocol (ITP), a flexible and secure management protocol for communication between arbitrary trustcenter components. Unlike other existing protocols (like PKCS#7, CMP or XKMS) ITP focuses on the communication within a trustcenter. It is powerful enough for transferring complex messages which are machine and human readable and easy to understand. In addi…
▽ More
This paper proposes the Intra Trustcenter Protocol (ITP), a flexible and secure management protocol for communication between arbitrary trustcenter components. Unlike other existing protocols (like PKCS#7, CMP or XKMS) ITP focuses on the communication within a trustcenter. It is powerful enough for transferring complex messages which are machine and human readable and easy to understand. In addition it includes an extension mechanism to be prepared for future developments.
△ Less
Submitted 18 November, 2004;
originally announced November 2004.
-
An Evaluated Certification Services System for the German National Root CA - Legally Binding and Trustworthy Transactions in E-Business and E-Government
Authors:
A. Wiesmaier,
M. Lippert,
E. Karatsiolis,
G. Raptis,
J. Buchmann
Abstract:
National Root CAs enable legally binding E-Business and E-Government transactions. This is a report about the development, the evaluation and the certification of the new certification services system for the German National Root CA. We illustrate why a new certification services system was necessary, and which requirements to the new system existed. Then we derive the tasks to be done from the…
▽ More
National Root CAs enable legally binding E-Business and E-Government transactions. This is a report about the development, the evaluation and the certification of the new certification services system for the German National Root CA. We illustrate why a new certification services system was necessary, and which requirements to the new system existed. Then we derive the tasks to be done from the mentioned requirements. After that we introduce the initial situation at the beginning of the project. We report about the very process and talk about some unfamiliar situations, special approaches and remarkable experiences. Finally we present the ready IT system and its impact to E-Business and E-Government.
△ Less
Submitted 26 May, 2005; v1 submitted 18 November, 2004;
originally announced November 2004.
-
Outflanking and securely using the PIN/TAN-System
Authors:
A. Wiesmaier,
M. Fischer,
M. Lippert,
J. Buchmann
Abstract:
The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code attacks on real World Wide Web transaction systems. In doing so we find that it is really easy to outflank these systems. This is even supported by the users' b…
▽ More
The PIN/TAN-system is an authentication and authorization scheme used in e-business. Like other similar schemes it is successfully attacked by criminals. After shortly classifying the various kinds of attacks we accomplish malicious code attacks on real World Wide Web transaction systems. In doing so we find that it is really easy to outflank these systems. This is even supported by the users' behavior. We give a few simple behavior rules to improve this situation. But their impact is limited. Also the providers support the attacks by having implementation flaws in their installations. Finally we show that the PIN/TAN-system is not suitable for usage in highly secure applications.
△ Less
Submitted 26 May, 2005; v1 submitted 12 October, 2004;
originally announced October 2004.
