Qianhong Wu

• Universitat Rovira i Virgili

To guarantee the liveness of Byzantine fault-tolerant state machine replication (BFT-SMR) protocols in asynchronous environments, asynchronous fallback strategies are frequently utilized to replace traditional leader-based view change mechanisms. However, leader-centric protocols have certain limitations: (1) a single leader may create a system bot...

Blockchain and cryptocurrencies are developing rapidly, and the scalability issue has become a constraint on their practical application and development. Off-chain payment channel is an effective solution to the scalability problem of blockchain. Currently, various payment channel protocols have been proposed. However, privacy issues are vital in p...

Random beacons are of paramount importance in distributed systems (e.g., blockchain, electronic voting, governance). The sheer scale of nodes inherent in distributed environments necessitates minimizing communication overhead per node while ensuring protocol availability, particularly under adversarial conditions. Existing solutions have managed to...

Web3 is a revolutionary Internet paradigm that focusing decentralization, user empowerment, and intelligence. One of its key technologies is decentralized identity (DID), which has gained significant attention recently. However, existing DID solutions are not scalable enough to be compatible with the large-scale identity node applications required...

Blockchain has gained significant attention for its potential to revolutionize various fields. The security of the blockchain system heavily relies on private key management, and traditional key management schemes pose a higher risk of key compromise or loss. A general key management solution with security supervision is needed to overcome the prob...

Due to the promising scalability property, sharding technology has gained widespread attention. It improves the transaction throughput of blockchain systems but also introduces cross-shard transactions. Current two-phase commit (2PC) protocols process different cross-shard transactions sequentially, resulting in significant system overhead and low...

Secret leader election in consensus could protect leaders from Denial of Service (DoS) or bribery attacks, enhancing the blockchain system security. Single Secret Leader Election (SSLE), proposed by Boneh et al., supports electing a single random leader from a group of nodes while the leader’s identity remains secret until he reveals himself. Subse...

Tor's original design does not have an incentive mechanism but relies on volunteers to maintain their relay nodes for free, eventually leading to the current situation of centralization and lack of relay nodes. Current incentive schemes designed for Tor generally rely on centralized roles, thus presenting a risk of destroying Tor's anonymity. This...

Consensus protocols play a crucial role in determining the security and performance of blockchain systems, with committee-based consensus protocols being particularly important, especially in sharding consensus protocols. Anonymous election of committee nodes can mitigate DDoS attacks and bribery attempts. This approach can also be applied to shard...

As the artificial intelligence, large model, Metaverse and Web 3.0 develop rapidly, data is being traded constantly. Existing data exchange methods primarily rely on trusted third parties, which compromises fairness and decentralization. Moreover, existing methods often overlook data access control during trading and typically employ a one-to-one m...

The sixth-generation (6G) network is the core technology of next-generation communication, providing high-quality, low-latency, and broad connectivity communication services for the digitalization and intelligent transformation of future society. The large-scale, low-latency access demands of 6G devices place higher requirements on authentication s...

The Automatic Dependent Surveillance Broadcast (ADS-B) system is a critical surveillance technology in Air Traffic Management (ATM), essential for enhancing aviation safety and operational efficiency. However, ADS-B broadcasts plaintext messages over open channels without authentication mechanisms, and is constrained by message length limitations a...

The AI-driven Internet of Things (AIoT) has been widely applied in the field of Internet of Vehicles (IoV) for vehicular cooperation. Federated Learning (FL), due to its ability to protect users’ data privacy, reduce communication overhead, and facilitate real-time decision-making, is widely applied in the augmented intelligence of things for vehic...

In Web 3.0's pursuit of a decentralized and user-autonomous network, traditional access control methods, such as central servers and weak decentralized algorithms, are insufficient regarding security, fault tolerance ability, and scalability. To solve this, we first design a decentralized multi-committee attribute-based encryption, X-ABE, to addres...

Addressing blockchain's insufficient throughput and scalability is imperative for practical viability. Off-chain approaches, such as state channels (including Hash Time Lock Contract (HTLC), virtual channels), demonstrate enhanced throughput by enabling parallel transaction processing. While virtual channels introduce execution complexity, HTLC suf...

Trading data through blockchain platforms is hard to achieve fair exchange. Reasons come from two folds: Firstly, guaranteeing fairness between sellers and consumers is a challenging task as the deception of any participating parties is risk-free. This leads to the second issue where judging the behavior of data executors (such as cloud service pro...

Cross-chain technology aims to enable interoperability between isolated blockchains. However, existing cross-chain solutions cannot achieve both decentralization and incentive compatibility. In the paper, we introduce Subsidy Bridge, a general and decentralized relay scheme with special incentive design similar to Bitcoin mining. In Subsidy Bridge,...

Featured Application This paper provides a fair, secure and distributed solution for the licensed spectrum distribution towards 6G. Abstract Spectrum distribution is a classical licensed spectrum accessing method in mobile communication networks. The licensed idle spectrum resources are authorized and distributed from spectrum owners to mobile use...

Traditional public key infrastructure (PKI) only provides authentication for network communication, and the standard X.509 certificate used in this architecture reveals the user’s identity. This lack of privacy protection no longer satisfies the increasing demands for personal privacy. Though an optimized anonymous PKI certificate realizes anonymit...

Spectrum distribution is a classical licensed spectrum accessing method in mobile communication networks. The licensed idle spectrum resources are authorized and distributed from spectrum owners to mobile users. However, the exponential growth of user capacity brings excessive load pressure on the traditional centralized network architecture. As la...

Sharding technology is crucial to achieve decentralization, scalability, and security simultaneously. However, existing sharding blockchain schemes suffer from high cross-shard transaction processing latency, low parallelism, incomplete cross-shard views of shard members, centralized reconfiguration, high overhead of randomness generation, and lack...

With the emergence of the resource and equipment sharing concept, many enterprises and organizations begin to implement cross-domain sharing of devices, especially in the field of the Internet of Things (IoT). However, there are many problems in the cross-domain usage process of devices, such as access control, authentication, and privacy protectio...

The cloud-edge-end architecture is suitable for many essential scenarios, such as 5 G, the Internet of Things (IoT), and mobile edge computing. Under this architecture, cross-domain and cross-layer data sharing is commonly in need. Considering cross-domain data sharing under the zero-trust model, where each entity does not trust the others, existin...

The space-air-ground integrated network (SAGIN) has a stringent demand on the efficiency of authentication protocols deployed in the devices that have been launched into the air and space. In this paper, we define the concept of the security model of conditional physical unclonable function (CPUF) that guarantees the security of the protocol while...

Network traffic, which records users’ behaviors, is valuable data resources for diagnosing the health of the network. Mining anomaly in network is essential for network defense. Although traditional machine learning approaches have good performance, their dependence on huge training data set with expensive labels make them impractical. Furthermore,...

Cloud computing has become an increasingly popular option for users to store and share data. Encryption prior to outsourcing data to the cloud is the best way to protect data security and privacy; however, it hinders sharing of the data that was encrypted. In addition, users in many real-world organizations (e.g., enterprises) have multiple level s...

With the continuous advancement of edge intelligence, edge servers undertake more and more intelligent computing tasks. Nowadays, there are a large number of IoT devices in the network in idle state. For instance, the mining process for consensus of miners in blockchain such as Bitcoin causes a waste of computing resources and energy. A natural que...

Blockchain is a decentralized ledger system that enables transactional consensus among untrusted nodes. Due to the independence between blockchains, it is tough to complete asset exchange tasks between diverse chains. Facing this problem, multiple cross-chain exchange schemes were proposed, but they have not been widely used due to various defects...

A complete sharding blockchain consists of many vital components, the two most important of which are the intra-shard consensus algorithm and the cross-shard transaction processing method. The latter usually requires a two-phase commit protocol, which usually relies on the shard leaders to transfer critical messages among different shards. In the p...

With the proliferation of cryptocurrency, many automated cross-ledger trading platforms were set up. These platforms introduce new challenges in tracing the money flows and getting evidence of illicit behaviors. Yousaf, Kappos, and Meiklejohn (USENIX Security’19) are the first to link the cross-ledger money flows. However, their scheme is only appl...

The centralized exchange is one of the hottest DeFi applications based on blockchain transaction systems. However, depositing user assets to the exchanges brings the security risks of assets misappropriation. Threshold cryptosystem can effectively solve the drawbacks of centralized hosting by assigning the assets authorization to multiple trustees,...

Compared to 5G mobile network with a peak rate of 10Gbps, 6G can provide over 100Gbps peak rate, which can better support Industrial Internet of Things (IIoT) popularity and application. Spectrum dynamic access is one of the basic techniques of 6G, and spectrum auction has been gradually applied to mobile communication to solve the problem of secon...

Traceable ring signature (TRS), a variant of ring signature, allows a signer to sign a message anonymously labeled with a tag on behalf of a group of users, but may reveal the signer’s identity if he creates two signatures with the same tag. TRS provides accountable anonymity for users, and serves as an important role in e-voting systems and e-coup...

Cloud storage services allow data owners to outsource their potentially sensitive data (e.g., private genome data) to remote cloud servers in a ciphertext form. To enable data owners to further share the data encrypted in ciphertexts, many proxy re-encryption (PRE) schemes are proposed. However, most schemes only support single-recipient or coarse-...

Because of billions of users, the social network is the best choice for person who has an urgent task which needs enough people to participant or that only a few people are able to solve. Inspired by incentive mechanisms for retrieving information from networked agents and motivating the participation of people in crowdsourcing or human tasking sys...

With the rapid development of the digital world, digital rights management (DRM) becomes increasingly important. Multi-Authority Attribute Based Encryption (MA-ABE) schemes provide suitable solutions for flexible fine-grained access control in DRM. However, there are two accountable problems unsolved when applying existing ABE schemes to DRM direct...

The fast development of Internet of Things (IoT) has shown that it becomes one of the most popular techniques. In the IoT paradigm, ubiquitous sensors and smart devices can be interconnected to collect various status data and share with others. When deployed in an environment status monitoring system, distributed sensors may be requested to periodi...

Cloud technology has brought great convenience to enterprises as well as customers. System logs record notable events and are becoming valuable resources to track and investigate system status. Detecting anomaly from logs as fast as possible can improve the quality of service significantly. Although many machine learning algorithms (e.g., SVM, Logi...

Cloud storage is an effective way for data owners to outsource their data by remotely storing them in the cloud and enjoy on-demand high quality services. In traditional cloud storage systems, cloud data integrity verification relies on centralized entities and data is stored in a small number of storage servicers. However, these centralized entiti...

Sharding blockchains are proposed to solve the scalability problem while maintaining security and decentralization. However, there are still many issues to be solved. First, the member selection and assignment process are not strictly analyzed, which might lead to an increase in the adversary proportion. Second, current intra-shard consensus algori...

Verifiable delay function (VDF) has been a hot topic in recent cryptography research since the Ethereum researchers announced that they intended to use it in Ethereum 2.0. VDF has many applications in decentralized systems. This paper tries to organize the development path of VDF and related applications. We compare the performance of the four stat...

Sharding blockchains could improve the transaction throughput and achieve scalibility, making the application fields of the blockchain technology more extensive. Cross-shard transactions account for a large fraction of transactions in a sharding blockchain, so the processing method of cross-shard transactions is of vital importance to the system ef...

Sharding blockchains are promising in improving transaction throughput and achieving network scalability. Intra-shard consensus and cross-shard communication are two essential parts for almost every kind of sharding blockchain. However, some security problems still exist in current sharding solutions such as replay attacks, and there is still room...

As a combination of cloud computing and edge computing, cloud-fog-end computing models are gradually replacing traditional centralized cloud computing models due to their high controllability and low latency. However, this model has certain shortcomings in terms of resource awareness of edge devices. Two problems are the most prominent. One is that...

Outsourcing encrypted data to cloud servers that has become a prevalent trend among Internet users to date. There is a long list of advantages on data outsourcing, such as the reduction cost of local data management. How to securely operate encrypted data (remotely), however, is the top-rank concern over data owner. Liang et al. proposed a novel...

With the rapid development of cloud computing, an increasing number of individuals and organizations are sharing data in the public cloud. To protect the privacy of data stored in the cloud, a data owner usually encrypts his data in such a way that certain designated data users can decrypt the data. This raises a serious problem when the encrypted...

It is becoming fashionable for people to access data outsourced to clouds with mobile devices. To protect data security and privacy, attribute-based encryption (ABE) has been widely used in cloud storage systems. However, one of the main efficiency drawbacks of ABE is the high computation overheads at mobile devices during user revocation and file...

The application of cloud storage system has been deployed widely in recent years. A lot of electronic medical records (EMRs) are collected and uploaded to the cloud for scalable sharing among the authority users. It is necessary to guarantee the confidentiality of EMRs and the privacy of EMR owners. To achieve this target, we summarize a series of...

Traceable ring signature (TRS), a variant of ring signature, allows a signer to sign a message anonymously labeled with a tag on behalf of a group of users, but may reveal the signer’s identity if he creates two signatures with the same tag. TRS provides accountable anonymity for users, and serves as an important role in e-voting systems and e-coup...

In this paper, we consider the security issues in data sharing cliques via remote server. We present a public key re-encryption scheme with delegated equality test on ciphertexts (PRE-DET). The scheme allows users to share outsourced data on the server without performing decryption-then-encryption procedures, allows new users to dynamically join th...

As the value of data has received considerable attention, data trading shows broad market prospects. The existing data trading methods, including private trades and centralized trades, have high risks regarding transaction security and data protection. To solve this problem, we propose a decentralized trading solution for open fair data trading by...

Machine learning in artificial intelligence relies on legitimate big data, where the process of data publishing involves a large number of privacy issues. m-Invariance is a fundamental privacy-preserving notion in microdata republication. Unfortunately, if for big data release, the existing generalization based m-Invariance requiring to modify the...

With the rapid development of cloud computing technology, more and more users save a large amount of data in cloud storage. In addition to meeting the performance requirements, how to ensure the integrity of these data has become a hot topic for academic research in recent years. Provable data possession (PDP) based on trusted party auditor (TPA) i...

The Stern signatures are a class of lattice-based signatures constructed from Stern protocols, a special class of sigma protocols, admitting diverse functionalities with good asymptotic efficiency. However, the post-quantum security of existing Stern signatures is unclear, since they are built via the Fiat-Shamir transformation, which has not been...

An increasing number of people are sharing their data through third-party platforms. Attribute-based encryption (ABE) is a promising primitive that allows enforcing fine-grained access control on the data to be shared. An issue in ABE is that a priori access policies should be determined during the system setup or encryption phase, but these polici...

Transaction privacy protection has always been the subject of interest in blockchain-based transaction system. The one-time public key method commonly used in current system does not perfectly achieve this function. Other technologies such as Mixcoin and zk-SNARKs also confront with some centralization and efficiency drawbacks. In this paper, we pr...

To address security and privacy issues in messaging services, we present a public key signcryption scheme with designated equality test on ciphertexts (PKS-DET) in this paper. The scheme enables a sender to simultaneously encrypt and sign (signcrypt) messages, and to designate a tester to perform equality test on ciphertexts, i.e., to determine whe...

The emergence of anonymity abusing in anonymous communication has received considerable attention. Achieving the liability of auditing and tracing illegal users becomes to be a critical requirement. Although some anonymity abusing control strategies have been proposed, they mostly possess no prior audit judgment function. In this paper, we propose...

Improving the throughput of blockchain systems such as Bitcoin and Ethereum has been an important research problem. Off-chain payments are one of the most promising technologies to tackle this challenge. Once a payment channel, however, is established there exists a strict one-one correspondence between a payee and prepayments, which reduces the fl...

Off-chain payments are an important technique for improving the scalability of blockchain-based cryptocurrencies. However, since tokens locked in off-chain channels cannot circulate from one channel to another, current off-chain payment systems have a limitation in their capacities. In this work, we present a secure large-scale instant payment (SLI...

With the outbreak of e-mail message leakage events, such as the Hillary Clinton's Email Controversy, privacy and security of sensitive e-mail information have become users' primary concern. Encrypted email seems to be a viable solution for providing security, but it will greatly limit their operations. Public encryption with keyword search (PEKS) s...

Fog Computing enables computation, storage, applications and network services between Internet of Things (IoT) and cloud servers by extending the Cloud Computing paradigm to the edge of the network. When protecting information security in Fog Computing, advanced security with low latency, wide-spread geographical distribution support and high flexi...

The connected vehicular ad-hoc network (VANET) and cloud computing technology allows entities in VANET to enjoy the advantageous storage and computing services offered by some cloud service provider. However, the advantages do not come free since their combination brings many new security and privacy requirements for VANET applications. In this art...

Cloud storage brings strong conveniences for flexible data sharing. When sharing data with a large number of entities described with fuzzy identities, the data owners must leverage a suitable encryption scheme to meet the security and efficiency requirements. (hierarchical) Identity-based encryption is a promising candidate to ensure fuzzy-entity d...

Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a...

Ever-increasing transaction costs, serious network congestion, and low transaction rates in the current blockchain systems restrict their extensive use. To relieve from this situation, we present a secure versatile light payment (SVLP) scheme. The SVLP merely employs a digital signature algorithm and a one-way function and has similar security comp...

A member of an intelligence agency needs to receive messages secretly from outside. Except for authorized officers of the agency, no one knows how the members are organized, even a receiver only knows the organization of his/her subordinates. However, existing primitives cannot implement this typical scenario. In this paper, we propose a primitive,...

Abusing anonymity has become a severe threat for anonymous communication system. Auditing and further tracing the identity of illegal users become an urgent requirement. Although a large body of anonymous communication mechanisms have been proposed, there is almost no research on auditing and supervising. In this paper, we propose a general constru...

Smart mobile devices are playing a more and more important role in our daily life. Cancelable biometrics is a promising mechanism to provide authentication to mobile devices and protect biometric templates by applying a noninvertible transformation to raw biometric data. However, the negative effect of nonlinear distortion will usually degrade the...

An effective and secure system used for evidence preservation is essential to possess the properties of anti-loss, anti-forgery, anti-tamper and perfect verifiability. Traditional architecture which relies on centralized cloud storage is depressingly beset by the security problems such as incomplete confidence and unreliable regulation. Moreover, a...

Electronic medical records (EMRs) play an important role in healthcare networks. Since these records always contain considerable sensitive information regarding patients, privacy preservation for the EMR system is critical. Current schemes usually authorize a user to read one’s EMR if and only if his/her role satisfies the defined access policy. Ho...

There is an increasing demand of securely selling pay-TV channels to large organizations such as chained hotels. Most solutions usually employ a key generation authority to distribute secret access credentials for all users, which would cause the single-point problem of inefficient key management. Further, there is a risk of the leakage of users’ a...

The unmanned aerial vehicle (UAV) network has attracted much attention in industry and academia. However, a UAV as a vital information carrier and data relay platform is prone to various attacks. In this paper, we propose a secure communication scheme for UAV network. In our scheme, each drone maintains and manages an area in which the authorized d...

With ubiquitous use of electronic devices where personal information is often stored, secure authentication is greatly underscored. As conventional password entry approaches are vulnerable to shoulder-surfing, gaze-based authentication approaches have been developed, but most of them require extra eye trackers which usually rely on special hardware...

With the development of cloud computing, the enterprises tend to outsource their data to the third party for saving cost and mobile access. However, simultaneously achieving the security and the operability of the outsourced data becomes a real challenge. Existing solutions mainly deal with the security of the outsourced data, but cannot support th...

Along with large scale deployment of electronic medical record systems, huge amount of health data is collected. To protect the sensitive information, it must be securely stored and accessed. Considering secure storage on cloud servers, we summary a series of attack behaviors and present the security model against many types of unwanted privacy lea...

We propose an efficient revocable multi-authority large-universe attribute-based encryption system deployed to cloud storage service, which supports multiple authorities issuing secret keys for users with attributes from different domains in considering of privacy preserving and efficiency. In addition, it supports large-universe attributes allowin...

Recently, verifiably encrypted signatures (VESs) have been widely used in fair exchange, however most of them do not provide a method to protect the anonymity of the signer, leading to privacy leakage in fair exchange. Verifiably Encrypted Group Signature (VEGS) overcomes drawbacks of VES, which allows a verifier to check its validity without decry...

There is an increasing demand of data sharing via cloud. Data privacy and secrecy protections are arguably the major challenges in such applications. It is widely suggested to encrypt outsourced data using advanced encryption primitives for flexible sensitive data sharing in cloud. In all existing asymmetric based systems, a subtle issue is that th...