王小云

清华大学高等研究院“杨振宁讲座”教授。

2017年当选中国科学院院士。

2019年当选国际密码协会会士（IACR Fellow）。

2021年当选发展中国家科学院院士 （TWAS Fellow）。

教育背景

1987年，山东大学 数学系获学士学位

1990年，山东大学 数学系获硕士学位

1993年，山东大学 数学系获博士学位

工作履历

1993.7-1995.6 山东大学 数学系 讲师

1995.7-2001.6 山东大学 数学系 副教授

2001.7至今 山东大学 数学学院 教授

2005.7至今 清华大学 高等研究院 杨振宁讲座教授

研究概况

主要从事密码理论及相关数学问题研究。在密码分析领域，提出了密码哈希函数的碰撞攻击理论，即模差分比特分析法；破解了包括MD5、SHA-1在内的5个国际通用哈希函数算法；将比特分析法进一步应用于带密钥的密码算法包括消息认证码、对称加密算法、认证加密算法的分析，给出系列重要算法HMAC-MD5、MD5-MAC、Keccak-MAC等重要分析结果。在密码设计领域，主持设计的哈希函数SM3为国家密码算法标准，在金融、交通、国家电网等重要经济领域广泛使用，并于2018年10月正式成为ISO/IEC国际标准。

2006年起专注于抗量子计算机攻击的公钥密码研究，特别是格密码研究（最受关注的下一代密码算法），给出了格最短向量求解的启发式算法二重筛法以及带Gap格的反转定理等；提出了高维格的随机化归约框架，证明了整数格的自同构问题与同构问题、最短向量问题、最短特征向量问题的等价性等重要归约结果。

代表性论文50余篇，4篇获欧密会、美密会、亚密会最佳论文。

奖励与荣誉

获2023年北京市突出贡献中关村奖；2021年全国三八红旗手；2020年国家科技进步一等奖、2020年国际密码协会“最具时间价值奖”（IACR Test-of-Time Awards）、真实世界密码学奖（The Levchin Prize for Real-World Cryptography）；2019 年未来科学大奖——数学与计算机科学奖；2018年北京市“三八”红旗奖章；2017年全国创新争先奖状；2016年全国优秀科技工作者、网络安全优秀人才奖；2014年中国密码学会密码创新奖特等奖；2010年苏步青应用数学奖；2008年国家自然科学二等奖；2006年陈嘉庚科学奖、求是杰出科学家奖、中国青年女科学家奖等。”

学术成果

[1] Xiaoyun Wang*, Yiqun Lisa Yin, Hongbo Yu: Finding Collisions in the Full SHA-1. CRYPTO 2005: 17-36 (Best Paper Award).

[2] Xiaoyun Wang*, Hongbo Yu: How to Break MD5 and Other Hash Functions. EUROCRYPT 2005: 19-35 (Best Paper Award).

[3] Xiaoyun Wang*, Xuejia Lai, Dengguo Feng, Hui Chen, Xiuyuan Yu: Cryptanalysis of the Hash Functions MD4 and RIPEMD. EUROCRYPT 2005: 1-18 (Best Paper Award).

[4] Hongbo Yu, Gaoli Wang, Guoyan Zhang, Xiaoyun Wang*: The Second-Preimage Attack on MD4. CANS 2005: 1-12 (Best Paper Award).

[5] Kaijie Jiang, Anyu Wang*, Hengyi Luo, Guoxiao Liu, Yang Yu, Xiaoyun Wang: Exploiting the Symmetry of $\mathbb {Z}^n$: Randomization and the Automorphism Problem. ASIACRYPT (4) 2023: 167-200 (Best Paper Award).

[6] Sisi Duan, Haibin Zhang, Xiao Sui, Baohan Huang, Changchun Mu, Gang Di, Xiaoyun Wang*: Dashing and Star: Byzantine Fault Tolerance with Weak Certiffcates. EuroSys 2024: 250-264.

[7] Shihe Ma, Tairong Huang, Anyu Wang*, Qixian Zhou, Xiaoyun Wang: Fast and Accurate: Efficient Full-Domain Functional Bootstrap and Digit Decomposition for Homomorphic Computation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2024(1): 592-616.

[8] Shihe Ma, Tairong Huang, Anyu Wang*, Xiaoyun Wang: Accelerating BGV Bootstrapping for Large p Using Null Polynomials over $\mathbb {Z}_{p^e}$. EUROCRYPT (2) 2024: 403-432.

[9] Tianrui Wang, Anyu Wang*, Xiaoyun Wang: Exploring Decryption Failures of BIKE: New Class of Weak Keys and Key Recovery Attacks. CRYPTO (3) 2023: 70-100.

[10] Yang Yu, Huiwen Jia*, Xiaoyun Wang: Compact Lattice Gadget and Its Applications to Hash-and Sign Signatures. CRYPTO (5) 2023: 390-420.

[11]  Qingyuan Yu, Xiaoyang Dong*, Lingyue Qin, Yongze Kang, Keting Jia, Xiaoyun Wang, Guoyan Zhang*: Automatic Search of Meet-in-the-Middle Differential Fault Analysis on AES-like Ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst 2023(4): 1-31.

[12]  Qingliang Hou, Xiaoyang Dong*, Lingyue Qin*, Guoyan Zhang*, Xiaoyun Wang*: Automated Meet-in-the-Middle Attack Goes to Feistel. ASIACRYPT (3) 2023: 370-404.

[13]  Lingyue Qin, Jialiang Hua, Xiaoyang Dong*, Hailun Yan, Xiaoyun Wang: Meet-in-the-Middle Preimage Attacks on Sponge-Based Hashing. EUROCRYPT (4) 2023: 158-188.

[14]  Jialiang Hua, Xiaoyang Dong*, Siwei Sun, Zhiyu Zhang, Lei Hu, Xiaoyun Wang: Improved MITM Cryptanalysis on Streebog. IACR Trans. Symmetric Cryptol. 2022(2): 63-91.

[15]  Lingyue Qin, Xiaoyang Dong*, Anyu Wang*, Jialiang Hua*, Xiaoyun Wang*: Mind the TWEAKEY Schedule: Cryptanalysis on SKINNYe-64-256. ASIACRYPT (1) 2022: 287-317.

[16] Xiaoyang Dong, Lingyue Qin*, Siwei Sun, Xiaoyun Wang: Key Guessing Strategies for Linear Key-Schedule Algorithms in Rectangle Attacks. EUROCRYPT (3) 2022: 3–33.

[17]  Xiaoyang Dong, Zhiyu Zhang, Siwei Sun*, Congming Wei, Xiaoyun Wang, Lei Hu: Automatic Classical and Quantum Rebound Attacks on AES-Like Hashing by Exploiting Related-Key Differentials. ASIACRYPT (1) 2021: 241-271.

[18]  Xiaoyang Dong, Jialiang Hua, Siwei Sun, Zheng Li, Xiaoyun Wang, Lei Hu: Meet-in-the-Middle Attacks Revisited: Key-Recovery, Collision, and Preimage Attacks. CRYPTO (3) 2021: 278-308.

[19]  Lingyue Qin, Xiaoyang Dong, Xiaoyun Wang*, Keting Jia, Yunwen Liu: Automated Search Oriented to Key Recovery on Ciphers with Linear Key Schedule Applications to Boomerangs in SKINNY and ForkSkinny. IACR Trans. Symmetric Cryptol. 2021(2): 249-291.

[20]  Zhenzhen Bao*, Xiaoyang Dong*, Jian Guo*, Zheng Li*, Danping Shi*, Siwei Sun*, Xiaoyun Wang*: Automatic Search of Meet-in-the-Middle Preimage Attacks on AES-like Hashing. EUROCRYPT (1) 2021: 771-804.

[21]  Xiaoyang Dong, Bingyou Dong, Xiaoyun Wang*: Quantum attacks on some feistel block ciphers. Des. Codes Cryptogr. 88(6): 1179-1203 (2020).

[22]  Xiaoyang Dong, Siwei Sun, Danping Shi, Fei Gao, Xiaoyun Wang, Lei Hu: Quantum Collision Attacks on AES-Like Hashing with Low Quantum Random Access Memories. ASIACRYPT (2) 2020: 727-757.

[23]  Wenquan Bi, Xiaoyang Dong, Zheng Li, Rui Zong, Xiaoyun Wang*: MILP-aided cube-attack-like cryptanalysis on Keccak Keyed modes. Des. Codes Cryptogr. 87(6): 1271-1296 (2019).

[24]  Rui Zong, Xiaoyang Dong, Xiaoyun Wang*: Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256. Sci. China Inf. Sci. 62(3): 32102:1-32102:12 (2019).

[25]  Ximing Fu, Xiaoyun Wang*, Xiaoyang Dong, Willi Meier: A Key-Recovery Attack on 855-round Trivium. CRYPTO (2) 2018: 160-184.

[26]  Wenquan Bi, Zheng Li, Xiaoyang Dong, Lu Li, Xiaoyun Wang*: Conditional cube attack on round-reduced River Keyak. Des. Codes Cryptogr. 86(6): 1295-1310 (2018).

[27]  Ning Wang, Xiaoyun Wang*, Keting Jia, Jingyuan Zhao: Differential attacks on reduced SIMON versions with dynamic key-guessing techniques. Sci. China Inf. Sci. 61(9): 098103:1-098103:3 (2018).

[28]  Zhongxiang Zheng, Xiaoyun Wang*, Guangwu Xu, Yang Yu: Orthogonalized lattice enumeration for solving SVP. Sci. China Inf. Sci. 61(3): 32115:1-32115:15 (2018).

[29]  Xiaoyang Dong, Zheng Li, Xiaoyun Wang*: Quantum cryptanalysis on some generalized Feistel schemes. Sci. China Inf. Sci. 62(2): 22501:1-22501:12 (2019).

[30]  Xiaoyang Dong, Xiaoyun Wang*: Quantum key-recovery attack on Feistel structures. Sci. China Inf. Sci. 61(10): 102501:1-102501:7 (2018).

[31]  Yaoling Ding, Xiaoyun Wang*, Ning Wang, Wei Wang: Improved automatic search of impossible differentials for camellia with FL/FL -1 layers. Sci. China Inf. Sci. 61(3): 038103:1-038103:3 (2018).

[32]  Senyang Huang, Xiaoyun Wang*, Guangwu Xu, Meiqin Wang, Jingyuan Zhao: Conditional Cube Attack on Reduced-Round Keccak Sponge Function. EUROCRYPT (2) 2017: 259-288.

[33]  Zheng Li, Wenquan Bi, Xiaoyang Dong, Xiaoyun Wang*: Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method. ASIACRYPT (1) 2017: 99-127.

[34]  Yang Yu, Guangwu Xu, Xiaoyun Wang*: Provably Secure NTRU Instances over Prime Cyclotomic Rings. Public Key Cryptography (1) 2017: 409-434.

[35]  Zheng Li, Xiaoyang Dong, Xiaoyun Wang*: Conditional Cube Attack on Round-Reduced ASCON. IACR Trans. Symmetric Cryptol. 2017(1): 175-202.

[36]  Xiaoyang Dong, Zheng Li, Xiaoyun Wang*, Ling Qin: Cube-like Attack on Round-Reduced Initialization of Ketje Sr. IACR Trans. Symmetric Cryptol. 2017(1): 259-280.

[37]  Huaifeng Chen, Xiaoyun Wang*: Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-Guessing Techniques. FSE 2016: 428-449.

[38]  Xiaoyang Dong, Xiaoyun Wang*: Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes. IACR Trans. Symmetric Cryptol. 2016(1): 13-32.

[39]  Leibo Li, Keting Jia, Xiaoyun Wang*, Xiaoyang Dong: Meet-in-the-Middle Technique for Truncated Differential and Its Applications to CLEFIA and Camellia. FSE 2015: 48-70.

[40]  Leibo Li, Keting Jia, Xiaoyun Wang*: Improved Single-Key Attacks on 9-Round AES-192/256. FSE 2014: 1-20.

[41]  Hongbo Yu, Jiazhe Chen, Xiaoyun Wang: Partial-Collision Attack on the Round-Reduced Compression Function of Skein-256. FSE 2013: 263–283.

[42]  Meiqin Wang, Xiaoyun Wang, Lucas C.K. Hui: Differential-algebraic cryptanalysis of reduced-round of Serpent-256. Sci. China Inf. Sci. 53(3): 546-556 (2010).

[43]  Lidong Han, Xiaoyun Wang, Guangwu Xu: On an Attack on RSA with Small CRT-Exponents. Sci. China Inf. Sci. 53(8): 1511-1518 (2010).

[44] Xiaoyun Wang*, Hongbo Yu, Wei Wang, Haina Zhang, Tao Zhan: Cryptanalysis on HMAC/NMAC-MD5 and MD5-MAC. EUROCRYPT 2009: 121-133.

[45]  Zheng Yuan, Wei Wang, Keting Jia, Guangwu Xu, Xiaoyun Wang*: New Birthday Attacks on Some MACs Based on Block Ciphers. CRYPTO 2009: 209-230.

[46] Xiaoyun Wang*, Wei Wang, Keting Jia, Meiqin Wang: New Distinguishing Attack on MAC using Secret-Prefix Method, FSE 2009: 363-374.

[47]  Haina Zhang, Lin Li, Xiaoyun Wang*: Fast Correlation Attack on Stream Cipher ABC v3. Sci. China Ser. F Inf. Sci. 51(7): 936-947 (2008).

[48] Hongbo Yu, Xiaoyun Wang*, Aaram Yun, Sangwoo Park: Cryptanalysis of the Full HAVAL with 4 and 5 Passes. FSE 2006: 89-110.

[49] Xiaoyun Wang*, Hongbo Yu, Yiqun Lisa Yin: Efficient Collision Search Attacks on SHA-0. CRYPTO 2005: 1-16.

[50]  Xiaoyun Wang*, Dengguo Feng, Xiuyuan Yu: An Attack on Hash Function HAVAL-128. Sci. China Ser. F Inf. Sci. 48(5): 545-556 (2005)

[51] Xiaoyun Wang*, Lucas Chi Kwong Hui, K. P. Chow, Wai Wan Tsang, C. F. Chong, H. W. Chan: Secure and Practical Tree-Structure Signature Schemes Based on Discrete Logarithms. Public Key Cryptography 2000: 167-177.