Xiaoyun Wang C. N. Yang Professor
Academician of Chinese Academy of Sciences
IACR Fellow
TWAS Fellow
Education background
B.S., Mathematics Department , Shandong University, 1987.
M.S., Mathematics Department , Shandong University, 1990.
Ph.D., Mathematics Department , Shandong University, 1993.
Experience
Xiaoyun Wang was honored C. N. Yang Professorship in 2005, was appointed as “Yangtze-River” Scholar in 2006., the Academician of Chinese Academy of Sciences in 2017, the International Association for Cryptologic Research (IACR) fellow in 2019 and The World Academy of Sciences (TWAS) fellow in 2021.
Research Status
Xiaoyun Wang has been dedicating herself to cryptology and cryptographic mathematics. She developed the bit-based cryptanalysis theory, and gave the collision attack on five popular hash functions, including widely adopted and deployed MD5 and SHA-1 in the network world. She was in charge of designing SM3 cryptographic hash function as a Chinese standard, which has currently been deployed widely in finance, transportation, state grid and other important economic fields in China. In 2018, SM3 officially became one of the ISO/IEC international standards of new generation hash functions. Hash functions can provide the key technique of digital signatures, digital currency and various provable cryptosystems, it is also critical in blockchains for building the consensus protocol.
She also analyzed some important cryptographic primitives with keys, including message authentication codes, symmetric ciphers and authenticated encryption schemes, and achieved significant contributions on famous HMAC-MD5, MD5-MAC, SIMON, Keccak-MAC etc.
Since 2006, Xiaoyun Wang has been focusing on lattice-based cryptography which is the most popular public-key cryptography to resist the quantum computing attack. She has obtained a series of innovative results in lattice-based cryptography. She proposed the two-level SVP sieving algorithm to reduce the time complexity of solving SVP (shortest vector problem) which is the theoretical foundation of lattice-based cryptography. She also proved the transference theorem with the optimal upper bound for lattices with gaps. Recently, her co-work established crucial reductions, showing the equivalence of automorphism problem and the shortest vector problem for integer lattices. This research uncovers the deep link between lattice symmetry and computational complexity, offering novel tools for randomized reduction of lattice hard problems.
Xiaoyun Wang led her team to make innovative works in Byzantine Fault Tolerance (BFT). Particularly, they introduced the Dashing protocol, which utilizes an f+1 quorum size for improved efficiency over the traditional 2f+1 voting paradigm while maintaining security. Dashing offers the efficiency approximately 50% faster than the state-of-the-art HotStuff.
She has published over 70 papers, a large part of which were published in top international conferences in cryptology, including CRYPTO, EUROCRYPT, ASIACRYPT, FSE, PKC, CHES. Four papers were awarded IACR Best Papers, including CRYPTO 2005, EUROCRYPT 2005, ASIACRYPT2023.
Honors And Awards
Xiaoyun Wang has made a significant contribution to cryptology and that won her numerous prizes and awards including the Beijing Zhongguancun Award for Outstanding Contributions (2023), the First Prize of Chinese National Science and Technology Progress Award (2020), the 2005 Test-of-Time Award for Crypto (2020), the Levchin Prize for Real-World Cryptography (2020), the Mathematics and Computer Science Prize of Future Science Prize (2019), the Special Prize for Cryptographic Innovation of Chinese Association for Cryptologic Research (2014), the CSIAM Su Buchin Prize (2010), the 2nd Class Prize of Chinese National Natural Science Award (2008), the Chinese Young Women in Science Award (2006), the Thomson Reuters Research Fronts Award (2008), the Tan Kah Kee Science Award (2006), and the Qiushi Outstanding Scientist Award (2006), etc.
Academic Achievement
[1] Xiaoyun Wang*, Yiqun Lisa Yin, Hongbo Yu: Finding Collisions in the Full SHA-1. CRYPTO 2005: 17-36 (Best Paper Award).
[2] Xiaoyun Wang*, Hongbo Yu: How to Break MD5 and Other Hash Functions. EUROCRYPT 2005: 19-35 (Best Paper Award).
[3] Xiaoyun Wang*, Xuejia Lai, Dengguo Feng, Hui Chen, Xiuyuan Yu: Cryptanalysis of the Hash Functions MD4 and RIPEMD. EUROCRYPT 2005: 1-18 (Best Paper Award).
[4] Hongbo Yu, Gaoli Wang, Guoyan Zhang, Xiaoyun Wang*: The Second-Preimage Attack on MD4. CANS 2005: 1-12 (Best Paper Award).
[5] Kaijie Jiang, Anyu Wang*, Hengyi Luo, Guoxiao Liu, Yang Yu, Xiaoyun Wang: Exploiting the Symmetry of $\mathbb {Z}^n$: Randomization and the Automorphism Problem. ASIACRYPT (4) 2023: 167-200 (Best Paper Award).
[6] Sisi Duan, Haibin Zhang, Xiao Sui, Baohan Huang, Changchun Mu, Gang Di, Xiaoyun Wang*: Dashing and Star: Byzantine Fault Tolerance with Weak Certiffcates. EuroSys 2024: 250-264.
[7] Shihe Ma, Tairong Huang, Anyu Wang*, Qixian Zhou, Xiaoyun Wang: Fast and Accurate: Efficient Full-Domain Functional Bootstrap and Digit Decomposition for Homomorphic Computation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2024(1): 592-616.
[8] Shihe Ma, Tairong Huang, Anyu Wang*, Xiaoyun Wang: Accelerating BGV Bootstrapping for Large p Using Null Polynomials over $\mathbb {Z}_{p^e}$. EUROCRYPT (2) 2024: 403-432.
[9] Tianrui Wang, Anyu Wang*, Xiaoyun Wang: Exploring Decryption Failures of BIKE: New Class of Weak Keys and Key Recovery Attacks. CRYPTO (3) 2023: 70-100.
[10] Yang Yu, Huiwen Jia*, Xiaoyun Wang: Compact Lattice Gadget and Its Applications to Hash-and Sign Signatures. CRYPTO (5) 2023: 390-420.
[11] Qingyuan Yu, Xiaoyang Dong*, Lingyue Qin, Yongze Kang, Keting Jia, Xiaoyun Wang, Guoyan Zhang*: Automatic Search of Meet-in-the-Middle Differential Fault Analysis on AES-like Ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst 2023(4): 1-31.
[12] Qingliang Hou, Xiaoyang Dong*, Lingyue Qin*, Guoyan Zhang*, Xiaoyun Wang*: Automated Meet-in-the-Middle Attack Goes to Feistel. ASIACRYPT (3) 2023: 370-404.
[13] Lingyue Qin, Jialiang Hua, Xiaoyang Dong*, Hailun Yan, Xiaoyun Wang: Meet-in-the-Middle Preimage Attacks on Sponge-Based Hashing. EUROCRYPT (4) 2023: 158-188.
[14] Jialiang Hua, Xiaoyang Dong*, Siwei Sun, Zhiyu Zhang, Lei Hu, Xiaoyun Wang: Improved MITM Cryptanalysis on Streebog. IACR Trans. Symmetric Cryptol. 2022(2): 63-91.
[15] Lingyue Qin, Xiaoyang Dong*, Anyu Wang*, Jialiang Hua*, Xiaoyun Wang*: Mind the TWEAKEY Schedule: Cryptanalysis on SKINNYe-64-256. ASIACRYPT (1) 2022: 287-317.
[16] Xiaoyang Dong, Lingyue Qin*, Siwei Sun, Xiaoyun Wang: Key Guessing Strategies for Linear Key-Schedule Algorithms in Rectangle Attacks. EUROCRYPT (3) 2022: 3–33.
[17] Xiaoyang Dong, Zhiyu Zhang, Siwei Sun*, Congming Wei, Xiaoyun Wang, Lei Hu: Automatic Classical and Quantum Rebound Attacks on AES-Like Hashing by Exploiting Related-Key Differentials. ASIACRYPT (1) 2021: 241-271.
[18] Xiaoyang Dong, Jialiang Hua, Siwei Sun, Zheng Li, Xiaoyun Wang, Lei Hu: Meet-in-the-Middle Attacks Revisited: Key-Recovery, Collision, and Preimage Attacks. CRYPTO (3) 2021: 278-308.
[19] Lingyue Qin, Xiaoyang Dong, Xiaoyun Wang*, Keting Jia, Yunwen Liu: Automated Search Oriented to Key Recovery on Ciphers with Linear Key Schedule Applications to Boomerangs in SKINNY and ForkSkinny. IACR Trans. Symmetric Cryptol. 2021(2): 249-291.
[20] Zhenzhen Bao*, Xiaoyang Dong*, Jian Guo*, Zheng Li*, Danping Shi*, Siwei Sun*, Xiaoyun Wang*: Automatic Search of Meet-in-the-Middle Preimage Attacks on AES-like Hashing. EUROCRYPT (1) 2021: 771-804.
[21] Xiaoyang Dong, Bingyou Dong, Xiaoyun Wang*: Quantum attacks on some feistel block ciphers. Des. Codes Cryptogr. 88(6): 1179-1203 (2020).
[22] Xiaoyang Dong, Siwei Sun, Danping Shi, Fei Gao, Xiaoyun Wang, Lei Hu: Quantum Collision Attacks on AES-Like Hashing with Low Quantum Random Access Memories. ASIACRYPT (2) 2020: 727-757.
[23] Wenquan Bi, Xiaoyang Dong, Zheng Li, Rui Zong, Xiaoyun Wang*: MILP-aided cube-attack-like cryptanalysis on Keccak Keyed modes. Des. Codes Cryptogr. 87(6): 1271-1296 (2019).
[24] Rui Zong, Xiaoyang Dong, Xiaoyun Wang*: Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256. Sci. China Inf. Sci. 62(3): 32102:1-32102:12 (2019).
[25] Ximing Fu, Xiaoyun Wang*, Xiaoyang Dong, Willi Meier: A Key-Recovery Attack on 855-round Trivium. CRYPTO (2) 2018: 160-184.
[26] Wenquan Bi, Zheng Li, Xiaoyang Dong, Lu Li, Xiaoyun Wang*: Conditional cube attack on round-reduced River Keyak. Des. Codes Cryptogr. 86(6): 1295-1310 (2018).
[27] Ning Wang, Xiaoyun Wang*, Keting Jia, Jingyuan Zhao: Differential attacks on reduced SIMON versions with dynamic key-guessing techniques. Sci. China Inf. Sci. 61(9): 098103:1-098103:3 (2018).
[28] Zhongxiang Zheng, Xiaoyun Wang*, Guangwu Xu, Yang Yu: Orthogonalized lattice enumeration for solving SVP. Sci. China Inf. Sci. 61(3): 32115:1-32115:15 (2018).
[29] Xiaoyang Dong, Zheng Li, Xiaoyun Wang*: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2): 22501:1-22501:12 (2019).
[30] Xiaoyang Dong, Xiaoyun Wang*: Quantum key-recovery attack on Feistel structures. Sci. China Inf. Sci. 61(10): 102501:1-102501:7 (2018).
[31] Yaoling Ding, Xiaoyun Wang*, Ning Wang, Wei Wang: Improved automatic search of impossible differentials for camellia with FL/FL -1 layers. Sci. China Inf. Sci. 61(3): 038103:1-038103:3 (2018).
[32] Senyang Huang, Xiaoyun Wang*, Guangwu Xu, Meiqin Wang, Jingyuan Zhao: Conditional Cube Attack on Reduced-Round Keccak Sponge Function. EUROCRYPT (2) 2017: 259-288.
[33] Zheng Li, Wenquan Bi, Xiaoyang Dong, Xiaoyun Wang*: Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method. ASIACRYPT (1) 2017: 99-127.
[34] Yang Yu, Guangwu Xu, Xiaoyun Wang*: Provably Secure NTRU Instances over Prime Cyclotomic Rings. Public Key Cryptography (1) 2017: 409-434.
[35] Zheng Li, Xiaoyang Dong, Xiaoyun Wang*: Conditional Cube Attack on Round-Reduced ASCON. IACR Trans. Symmetric Cryptol. 2017(1): 175-202.
[36] Xiaoyang Dong, Zheng Li, Xiaoyun Wang*, Ling Qin: Cube-like Attack on Round-Reduced Initialization of Ketje Sr. IACR Trans. Symmetric Cryptol. 2017(1): 259-280.
[37] Huaifeng Chen, Xiaoyun Wang*: Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-Guessing Techniques. FSE 2016: 428-449.
[38] Xiaoyang Dong, Xiaoyun Wang*: Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes. IACR Trans. Symmetric Cryptol. 2016(1): 13-32.
[39] Leibo Li, Keting Jia, Xiaoyun Wang*, Xiaoyang Dong: Meet-in-the-Middle Technique for Truncated Differential and Its Applications to CLEFIA and Camellia. FSE 2015: 48-70.
[40] Leibo Li, Keting Jia, Xiaoyun Wang*: Improved Single-Key Attacks on 9-Round AES-192/256. FSE 2014: 1-20.
[41] Hongbo Yu, Jiazhe Chen, Xiaoyun Wang: Partial-Collision Attack on the Round-Reduced Compression Function of Skein-256. FSE 2013: 263–283.
[42] Meiqin Wang, Xiaoyun Wang, Lucas C.K. Hui: Differential-algebraic cryptanalysis of reduced-round of Serpent-256. Sci. China Inf. Sci. 53(3): 546-556 (2010).
[43] Lidong Han, Xiaoyun Wang, Guangwu Xu: On an Attack on RSA with Small CRT-Exponents. Sci. China Inf. Sci. 53(8): 1511-1518 (2010).
[44] Xiaoyun Wang*, Hongbo Yu, Wei Wang, Haina Zhang, Tao Zhan: Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. EUROCRYPT 2009: 121-133.
[45] Zheng Yuan, Wei Wang, Keting Jia, Guangwu Xu, Xiaoyun Wang*: New Birthday Attacks on Some MACs Based on Block Ciphers. CRYPTO 2009: 209-230.
[46] Xiaoyun Wang*, Wei Wang, Keting Jia, Meiqin Wang: New Distinguishing Attack on MAC using Secret-Prefix Method, FSE 2009: 363-374.
[47] Haina Zhang, Lin Li, Xiaoyun Wang*: Fast Correlation Attack on Stream Cipher ABC v3. Sci. China Ser. F Inf. Sci. 51(7): 936-947 (2008).
[48] Hongbo Yu, Xiaoyun Wang*, Aaram Yun, Sangwoo Park: Cryptanalysis of the Full HAVAL with 4 and 5 Passes. FSE 2006: 89-110.
[49] Xiaoyun Wang*, Hongbo Yu, Yiqun Lisa Yin: Efficient Collision Search Attacks on SHA-0. CRYPTO 2005: 1-16.
[50] Xiaoyun Wang*, Dengguo Feng, Xiuyuan Yu: An Attack on Hash Function HAVAL-128. Sci. China Ser. F Inf. Sci. 48(5): 545-556 (2005)
[51] Xiaoyun Wang*, Lucas Chi Kwong Hui, K. P. Chow, Wai Wan Tsang, C. F. Chong, H. W. Chan: Secure and Practical Tree-Structure Signature Schemes Based on Discrete Logarithms. Public Key Cryptography 2000: 167-177.