I'm a Ph. D. student in the Department of Computer Science and Engineering at the University of Minnesota. I am studying anonymity-enhancing primitives and protocols, distributed network security and applied cryptography, particularly driven to build and prove the best solutions for complex problems. I am honored to work with my advisor, Prof. Nick Hopper.
I received my bachelor's degree from Zhejiang University in 2006, and then received a master's degree in Computer Science from the University of Minnesota in 2009.
I used to be an active participant in many programming contests, and was lucky enough to be a two-time ACM ICPC world finalist.
Scalable Anonymous Blacklisting System
Wikipedia is a great tool. It is such a nice portal that takes you from
"Chosen ciphertext attack" to "Call of Duty". A perfect tool to digress from work while pretending to be a hard(ly)-working PhD student.
Unfortunately some governments censor the access to Wikipedia so we have
to use proxies and/or Tor. But Wikipedia doesn't like Tor. Why and what can
leads researcher into this problem. Using pseudonym and blacklist, we
can 1. block vandals via Tor (which Wiki desires) and 2. we don't have to
block IP addresses (which Tor desires). Asymptotically the blacklist is linear to
the number of blocked users.
When my advisor asked me to reduce the blacklist complexity to be
constant wrt blocked user count, possibly with a crypto tool called accumulator, I spent one year to build the
One of the challenges is cryptographic accumulator is not
intended for accumulating elements anonymously. The hard part is how to add a pseudonym
to a accumulator without revealing user secret key and how user don't
need to acquire a new pseudonym once he/she is freed from the blacklist.
Finally we achieve our goal. The blacklist is in constant size and the
trust model is simpler. Here is how we did it.
Jack: Scalable Anonymous Blacklisting System in WPES 2010 (Travel Award granted)
Secure Network Data Collection and Computation
Generic MPC framework for Tor user online pattern research. Explore the scalability of VSS computation.
Projects in lurking status
1. How would active traffic anonymizer attack active traffic analysis?
2. Can people use their phone to privately test location proximity without
anything like "check-in service" that IMHO sucks?
"Efficient Private Proximity Testing with GSM Location Sketches", accepted by Financial Crypto 2012