My research focuses on building secure, scalable, and trustworthy systems. I am particularly interested in translating advances in security and privacy into production environments, as well as understanding the emerging challenges posed by AI-driven agentic systems.
About Me
I'm a third-year PhD student in cryptography at Northwestern University,
advised by Prof. Xiao Wang.
Before joining Northwestern, I obtained my bachelor's degree from
the ACM Honors Class,
Shanghai Jiao Tong University. In my junior year at SJTU, I worked as a student
intern advised by Prof. Yu Yu.
During this internship, I mainly worked on using formal verification and automated reasoning tools to audit the security of security protocols.
Last fall, I was a Research Intern at Chainlink Labs,
advised by Gregory Neven. My work focused on integrating advanced cryptographic techniques into Chainlink Confidential Compute, helping bridge cutting-edge security research with production-scale decentralized infrastructure.
I have experience designing and implementing secure, scalable software systems, ranging from research prototypes to production-oriented platforms. I have also designed and deployed agentic workflows and AI platforms for computation outsourcing.
LLM agents increasingly depend on third-party API routers to connect with upstream model providers. Because these intermediaries can read and modify plaintext requests and responses, a malicious router may inject instructions, alter tool calls, or exfiltrate credentials without being noticed.
Recent measurements found real routers performing malicious injection and accessing sensitive canary credentials, exposing a serious integrity gap in today’s agent infrastructure.
We are working on a cryptographic way to solve this problem. Our goal is to protect the integrity of agent-model communication and make unauthorized manipulation detectable, even when requests pass through untrusted intermediaries.
Large-scale quantum computers threaten the public-key cryptography used by Bitcoin and many other distributed systems. Recent Google research suggests that breaking elliptic-curve cryptography may require far fewer physical qubits than earlier estimates, bringing the need for quantum readiness closer.
The challenge is especially difficult for decentralized infrastructure: cryptographic migrations must remain secure while coordinating many independent participants, handling legacy state, and continuing to scale.
We are working on a solution based purely on quantum assumptions for distributed and scalable systems. Our goal is to provide quantum-ready security without sacrificing the decentralization or performance these systems require.
BountyLand is a Web3 marketplace for long-horizon agent tasks. Users post a computation bounty, then hire a specialized agent or open the task to human workers.
The platform covers the full workflow—from task routing and agent execution to validator scoring and on-chain reward settlement. Current agents can build Web3 datasets and debug public code repositories.
Each run produces traceable artifacts, reports, and execution logs for review. The prototype combines a React interface, a LangGraph agent core, and Solidity contracts for recording results and allocating rewards.
Private signaling addresses the challenge that users cannot efficiently retrieve their relevant transactions on privacy-preserving blockchains, where transaction data is encrypted by design. This is a fundamental difficulty faced by many private database systems: they often have to sacrifice user experience for the feature of privacy, which becomes a significant bottleneck in large Web3 systems such as Zcash and Aztec.
To the best of our knowledge, this is the first cryptographic algorithmic solution to private signaling that is secure against malicious adversaries. Prior work addresses this problem using hardware security, while our approach provides rigorous mathematical proofs of security without relying on trusted hardware. I developed both the core idea and the full implementation independently.
Dung Bui, Haotian Chu, Geoffroy Couteau, Xiao Wang, Chenkai Weng, Kang Yang, Yu Yu. Journal of Cryptology 2024.
ZK (Zero-Knowledge Proofs) allows one party to prove that a statement is true without revealing the underlying private information. In finance, for example, a user could prove that they can afford a certain futures position without revealing their bank account balance.
This is a rather theoretical and algorithmic paper focused on methodological improvement, showing how to transform a parallelized algorithm into general-purpose protocols. We also present concrete instantiations, implementation, and benchmarks. I developed the core idea with Xiao as an undergrad student.
