Zongyang Zhang

Zongyang Zhang
Beihang University (BUAA) | BUAA · School of Cyber Science and Technology

Ph.D

About

51
Publications
12,106
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
341
Citations
Citations since 2017
27 Research Items
271 Citations
20172018201920202021202220230204060
20172018201920202021202220230204060
20172018201920202021202220230204060
20172018201920202021202220230204060
Introduction
Additional affiliations
April 2014 - March 2016
National Institute of Advanced Industrial Science and Technology
Position
  • JSPS Postodoctor
September 2012 - March 2014
National Institute of Advanced Industrial Science and Technology
Position
  • AIST Postdoctor
Education
March 2008 - March 2012
Shanghai Jiao Tong University
Field of study
  • Cryptography

Publications

Publications (51)
Chapter
The immutability of blockchain means that data in blockchain cannot be modified once confirmed. It guarantees the reliability and integrity of blockchain. However, absolute immutability is not conducive to timely correction of blockchain. Currently, there are some researches on redactable blockchain. They replaced hash functions with chameleon hash...
Article
With the proliferation of cryptocurrency, many automated cross-ledger trading platforms were set up. These platforms introduce new challenges in tracing the money flows and getting evidence of illicit behaviors. Yousaf, Kappos, and Meiklejohn (USENIX Security’19) are the first to link the cross-ledger money flows. However, their scheme is only appl...
Chapter
Nowadays, mass-surveillance is becoming an increasingly severe threat to the public’s privacy. The PRISM and a series of other events showed that inner attacks such as subversion attacks may exist in the current network extensively. As an important strategy to defend users’ privacy against these attacks, cryptographic reverse firewall (CRF) is desi...
Article
中本聪共识是区块链共识机制中最基础和研究最广泛的一种共识机制, 其安全性对整个区块链领域的发展具有重要的理论意义和应用价值. 现有大量研究在各种模型假设下 对中本聪共识进行了安全性分析和证明. 本文首先详细描述了中本聪共识的执行模型, 包括时间模型, 网络模型, 敌手模型等. 其次, 系统总结了中本聪共识安全性的形式化定义. 再次, 根据时间模型将中本聪共识研究方法分为基于离散时间模型和连续时间模型两类, 并指出不同方法的优缺点. 最后对中本聪共识的安全性研究进行展望, 旨在为区块链共识机制的研究提供技术支撑.
Chapter
The inner product argument is an effective tool to reduce communication complexity in many cryptographic protocols. Bootle et al. (EUROCRYPT’16) presented an inner product argument with a statement including two vector commitments to two vectors and the inner product of the two vectors equals to a public scalar. Bünz et al. (S&P’18) then presented...
Preprint
Full-text available
Sharding is the prevalent approach to breaking the trilemma of simultaneously achieving decentralization, security, and scalability in traditional blockchain systems, which are implemented as replicated state machines relying on atomic broadcast for consensus on an immutable chain of valid transactions. Sharding is to be understood broadly as techn...
Article
Full-text available
Smart contracts are regarded as one of the most promising and appealing notions in blockchain technology. Their self-enforcing and event-driven features make some online activities possible without a trusted third party. Nevertheless, problems such as miscellaneous attacks, privacy leakage, and low processing rates prevent them from being widely ap...
Article
Full-text available
We propose an attribute-based fast data cloud-outsourcing (FDCO) scheme, which shows great performance in mobile devices. Technically, this work is a CCA-secure online/offline key encapsulation scheme based on ciphertext-policy attribute-based encryption with public validity test and indirect user revocation mechanism. We adapt it to a mobile cloud...
Preprint
Full-text available
Smart contract has been regarded as one of the most promising and appealing notions in blockchain technology. Its self-enforcing and event-driven features make some online activities possible without a trusted third party, especially those related to financial and business. However, problems such as high security risk and low processing rate preven...
Article
Full-text available
The PRISM made the research of cryptography against subversion attacks flourish these years. In a subversion attack, surveillants can compromise the security of users’ systems by subverting implementations of cryptographic algorithms. While the scenario of a single‐surveillant has been researched by several works, the multi‐surveillant setting attr...
Article
Full-text available
Committee-based blockchain consensus protocols combine permissionless consensus and classical state machine replication protocols to process transactions efficiently. Due to corruptions by the adversary, reconfiguration mechanisms have to be deployed to update committee members. How to select enough fraction of honest nodes is a key issue that need...
Article
Full-text available
With the continuous development and popularity of blockchain technology, anonymity of cryptocurrency has attracted wide attention. Zcash is an altcoin of Bitcoin aiming to protect blockchain anonymity. Its anonymity is highly guaranteed by zero-knowledge proofs. However, it is still practicable to decrease Zcash’s anonymity. In this paper, we provi...
Article
Full-text available
The application of cloud storage system has been deployed widely in recent years. A lot of electronic medical records (EMRs) are collected and uploaded to the cloud for scalable sharing among the authority users. It is necessary to guarantee the confidentiality of EMRs and the privacy of EMR owners. To achieve this target, we summarize a series of...
Chapter
Full-text available
Mass surveillance attracts much of attentions nowadays. Evidences showed that some intelligence agencies try to monitor public’s communication by unconventional methods, for example, providing users subverted cryptographic algorithms and compelling them to use. To address this new situation, researchers proposed a series of formal analyses and secu...
Chapter
Bitcoin-NG, introduced by Eyal et al. in NSDI 2016, divides a blockchain into key-blocks and micro-blocks to improve transaction process efficiency. In this paper, we propose a novel attack on Bitcoin-NG, called a micro-block chain truncation attack. Combined with key-block selfish and stubborn mining, and an eclipse attack, this attack is able to...
Article
Full-text available
Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a...
Article
The public ledger of Bitcoin blockchain system offers ownership proof for distributed users by revealing all transaction details from coinbase transaction to unspent transaction output. However, an adversary could deanonymize user identities by transaction graph analysis and obtain transaction amount which reveals users' privacy. This paper resolve...
Conference Paper
Full-text available
We propose a multi-authority fast data cloud-outsourcing (MFDCO) scheme especially suitable for mobile devices. It is a multi-authority online/offline encapsulation scheme based on efficient large-universe ciphertext-policy attribute-based encryption, and supports fine-grained access control, dynamic revocation, and public validity test. Any party...
Chapter
Full-text available
Recently, due to the inherent restriction of Bitcoin design, the throughput of Bitcoin blockchain protocol fails to meet the daily needs, leaving the scalability technology in dire need to provide better efficiency. To address this issue, numerous solutions have been proposed, including blocksize expansion, off-chain transactions and block structur...
Article
Full-text available
Electronic medical records (EMRs) play an important role in healthcare networks. Since these records always contain considerable sensitive information regarding patients, privacy preservation for the EMR system is critical. Current schemes usually authorize a user to read one’s EMR if and only if his/her role satisfies the defined access policy. Ho...
Conference Paper
Full-text available
Along with large scale deployment of electronic medical record systems, huge amount of health data is collected. To protect the sensitive information, it must be securely stored and accessed. Considering secure storage on cloud servers, we summary a series of attack behaviors and present the security model against many types of unwanted privacy lea...
Article
Full-text available
Bitcoin is a crypto currency introduced by Satoshi Nakamoto in 2008. It has the features of decentralization, cross-border and fixed total amount and has become one of the most widely used crypto currencies. Due to some initial limitations set by the inventor and the following developers, the transaction throughput of the Bitcoin network is much li...
Conference Paper
In this paper, we bridge the gap between structure-preserving signatures (SPSs) and fully structure-preserving signatures (FSPSs). In SPSs, all the messages, signatures, and verification keys consist only of group elements, while in FSPSs, even signing keys are required to be a collection of group elements. To achieve our goal, we introduce two new...
Conference Paper
Logistical management has been advanced rapidly in these years, taking advantage of the broad connectivity of the Internet. As it becomes an important part of our lives, it also raises many challenging issues, e.g., the counterfeits of expensive goods pose a serious threat to supply chain management. As a result, path authentication becomes especia...
Conference Paper
A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle (RO) model. The work of Fischlin and Fleischhacker (Eurocrypt ’13) investigated the case of Schnorr signature (and generally, Fiat-Shamir signatures) and showed the reliance of RO model is inherent. We generalize their results...
Article
Identity-based non-interactive key exchange (IB-NIKE) is a powerful but a bit overlooked primitive in identity-based cryptography. While identity-based encryption and signature have been extensively investigated over the past three decades, IB-NIKE has remained largely unstudied. So far, there are only few IB-NIKE schemes in the literature. Among t...
Article
When an adversary can measure the physical memory storing the decryption key, decryption functionality often comes in handy. Halevi and Lin (TCC'11) studied after-the-fact (pr post-challenge) leakage in public-key encryption (PKE), in which an adversary can make leakage queries from a split state after seeing the challenge ciphertext, but left secu...
Conference Paper
Full-text available
As one-more problems are widely used in both proving and analyzing the security of various cryptographic schemes, it is of fundamental importance to investigate the hardness of the one-more problems themselves. Bresson et al. (CT-RSA ’08) first showed that it is difficult to rely the hardness of some one-more problems on the hardness of their “regu...
Conference Paper
We put forth the notion of publicly evaluable pseudorandom functions (PEPRFs), which is a non-trivial extension of the standard pseudorandom functions (PRFs). Briefly, PEPRFs are defined over domain X containing an NP language L in which the witness is hard to extract on average, and each secret key sk is associated with a public key pk. For any x...
Conference Paper
Full-text available
Identity-based non-interactive key exchange (IB-NIKE) is a powerful but a bit overlooked primitive in identity-based cryptography. While identity-based encryption and signature have been extensively investigated over the past three decades, IB-NIKE has remained largely unstudied. Currently, there are only few IB-NIKE schemes in the literature. Amon...
Conference Paper
Recently, Wee (EUROCRYPT’12) introduced the notion of dual projective hashing as an extension of the Cramer-Shoup projective hashing, with a simple construction of lossy trapdoor functions, and a simple construction of deterministic encryption schemes which is chosen-plaintext-attack secure with respect to hard-to-invert auxiliary input. In this wo...
Article
Secure two-party computation allows two parties with private inputs to securely compute some function of their inputs, even in the presence of a malicious adversary. In this work, we revisit zero-knowledge proofs and focus on adaptive adversaries, which could corrupt an arbitrary number of parties and adaptively determine who and when to corrupt du...
Article
In this paper, we introduce a general paradigm called identity-based extractable hash proof system (IB-EHPS), which is an extension of extractable hash proof system (EHPS) proposed by Wee (CRYPTO'10). We show how to construct identity-based key encapsulation mechanism (IB-KEM) from IB-EHPS in a simple and modular fashion. Our construction provides...
Article
In this work, we generalize the paradigm of the hash proof system (HPS) proposed by Cramer and Shoup (EUROCRYPT 2002). In the center of our generalization, we lift a subset membership problem to a distribution-distinguishing problem. Our generalized HPS clarifies and encompasses all the known public-key encryption (PKE) schemes that essentially imp...
Article
We consider public key encryption (PKE) schemes with auxiliary input, that is, the adversary is given any computationally uninvertible function of the secret key. Previous result only achieves security under chosen-plaintext attacks (CPA). In this paper, we construct public key encryption schemes that are secure under chosen-ciphertext attacks even...
Conference Paper
We introduce the concept of anonymous identity-based hash proof system (IB-HPS), and show how to use it to construct identity-based encryption schemes providing anonymity in the presence of key leakage. We give four different constructions of anonymous IB-HPS based on: (1) the decision bilinear Diffie-Hellman assumption, (2) the decision truncated...
Conference Paper
In this paper, we introduce a general paradigm called identity-based extractable hash proof system (IB-EHPS), which is an extension of extractable hash proof system (EHPS) proposed by Wee (CRYPTO '10). We show how to construct identity-based encryption (IBE) scheme from IB-EHPS in a simple and modular fashion. Our construction provides a generic me...
Article
We present a modular construction of non-malleable statistically hiding commitment schemes that retains its properties when concurrently executed a polynomial number of times. Our protocol is based on a statistically hiding commitment scheme and a concurrent non-malleable zero-knowledge protocol for all of NPNP. Our result is achieved in the plain...
Conference Paper
In this paper, we propose a two-level path authentication protocol for object genuineness verification in RFID-based supply chain and EPCglobal Network. In our solution, a tag's path in a supply chain can be generated dynamically, where each reader in the path can verify the validation of the path using its own private key. Our solution has a few p...
Conference Paper
Full-text available
In this paper, we propose several selective-identity chosen-ciphertext attack (IND-sID-CCA) secure identity based key encapsulation (IB-KEM) schemes that are provably secure under the computational bilinear Diffie-Hellman (CBDH) assumption in the standard model. Our schemes compare favorably to previous results in efficiency. With delicate modifica...
Article
Security under man-in-the-middle attacks is extremely important when protocols are executed on asynchronous networks, as the Internet. Focusing on interactive proof systems, one would like also to achieve unconditional soundness, so that proving a false statement is not possible even for a computationally unbounded adversarial prover. Motivated by...
Article
Full-text available
We propose an efficient collusion-attack-resistant position-verification protocol in a new model named multi-channel model. In the multi-channel model, there are lots of communication chan-nels. When a player picks a random channel and sends a short message over it, the message might slip by an adversary with high probability if the adversary does...
Conference Paper
Full-text available
When commitment schemes are used in complex environments, e.g., the Internet, the issue of malleability appears, i.e., a concurrent man-in-the-middle adversary might generate commitments to values related to ones committed to by honest players. In the plain model, the current best solution towards resolving this problem in a constant number of roun...
Conference Paper
Full-text available
We give a construction of non-malleable statistically hiding commitments based on the existence of one-way functions. Our construction employs statistically hiding commitment schemes recently proposed by I. Haitner and O. Reingold [in: Proceedings of the 39th annual ACM symposium on theory of computing, STOC 2007. New York, NY: ACM Press. 1–10 (200...
Conference Paper
Ostrovsky et al. [1] gave the first definition of non-malleable witness-indistinguishable argument systems. A surprising result given by them showed this notion was incomparable with the notion of non-malleable zero-knowledge. However, they only discussed their relations in the interactive setting. In this paper, we make an observation on relation...

Network

Cited By