Nan Wang's Site

Selected Publications

Here are the top conferences in my research field and an exhaustive list of top venues in Computer Security & Cryptography by Google Scholars.

The CORE Conference Ranking is used for assessing the conference publications.

Please refer to the ePrint versions of my publications, as I will keep them updated with corrections and additional details.

# Corresponding Author

2025

[USENIX Sec, Top4 Security] BulletCT: Towards More Scalable Ring Confidential Transactions With Transparent Setup
- The 34th USENIX Security Symposium (USENIX Security 2025, CORE A*)
- 1 of only 11 papers unconditionally accepted in Cycle 1, representing the top 1% of all submissions.
- Nan Wang#, Qianhui Wang, Dongxi Liu, Muhammed F. Esgin, Alsharif Abuadbba
- Paper ePrint Code (Please see the ePrint version for the full details)

BulletCT is a new Ring Confidential Transaction (RingCT) signature scheme in the discrete logarithm setting that does not require a trusted setup. It achieves greater scalability than state-of-the-art RingCT schemes. BulletCT features a novel K-out-of-N proof for strong anonymity and a tag proof that leverages permutation constraints to achieve linkability. Additionally, we identify key limitations in applying Any-out-of-N proofs to RingCT and address a critical flaw in prior constructions.

2024

[PETS] FlashSwift: A Configurable and More Efficient Range Proof With Transparent Setup
- The 24th Privacy Enhancing Technologies Symposium (PETS 2024, CORE A)
- Nan Wang#, Dongxi Liu
- Paper ePrint Code Talk

FlashSwift is a logarithmic-sized zero-knowledge range argument in the discrete logarithm setting without using a trusted setup. By combining the techniques from both Flashproof and SwiftRange, FlashSwift inherits and capitalizes on their efficiency advantages. It creates two new records of the smallest proof sizes, 289 bytes and 417 bytes, for 8-bit and 16-bit ranges among all the bit-decomposition-based range proofs without requiring trusted setups. Moreover, it is the first configurable range proof that is adaptable to various scenarios with different specifications.

[Oakland S&P, Top4 Security] SwiftRange: A Short and Efficient Zero-Knowledge Range Argument For Confidential Transactions and More
- The 45th IEEE Symposium on Security & Privacy (Oakland S&P 2024, CORE A*)
- Nan Wang#, Sid Chi-Kin Chau, Dongxi Liu
- Paper ePrint Talk

- SwiftRange is a logarithmic-sized zero-knowledge range argument in the discrete logarithm setting without using a trusted setup. It is tailored for confidential transactions (CT) on blockchain platforms. It proves a committed value lies in the range [0, 2^N-1], where N is the bit length of the range size. It achieves double verifier efficiency of Bulletproofs at a smaller communication cost for CT-friendly ranges, where N is 32 or 64.

2022

[AsiaCrypt, Top3 Crypto] Flashproofs: Efficient Zero-knowledge Arguments of Range and Polynomial Evaluation with Transparent Setup
- The 28th Annual International Conference on the Theory and Application of Cryptology and Information Security (AsiaCrypt 2022, CORE A)
- Nan Wang#, Sid Chi-Kin Chau
- Paper ePrint Code Talk (Please see the ePrint version for the full details)

- Flashproofs are efficient zero-knowledge proofs of knowledge in the discrete logarithm setting without using a trusted setup, consisting of:
  - A range argument proves a committed value lies in the range [0, 2^N-1], where N is the bit length of the range size. It achieves O(N^(2/3)) efficiency in both communication and verification. Especially, the high verification efficiency makes it a suitable candidate for smart-contract blockchain platforms, whose verification consumes comparable gas costs to that of the most efficient zk-SNARK (Groth16) that relies on a trusted setup.
  - A polynomial evaluation argument proves that two committed values satisfy a public polynomial relation. It achieves logarithmic efficiency in both communication and verification and is a crucial building block for zero-knowledge arguments of membership and non-membership, where an argument of membership or non-membership proves a committed value belongs or does not belong to a public set of values.

[IEEE TCC] Cloud-based Privacy-Preserving Collaborative Consumption in Sharing Economy
- IEEE Transactions on Cloud Computing 2022 (IEEE TCC 2022)
- Lingjuan Lyu, Sid Chi-Kin Chau, Nan Wang, Yifeng Zheng
- Paper

- We propose a multi-party computation protocol based on Paillier threshold cryptosystem. Our protocol enables privacy-preserving collaborative consumption in a semi-honest setting.

2021

[ACM e-Energy] Privacy-Preserving Energy Storage Sharing with Blockchain (Best Paper Award)
- The 12th ACM International Conference on Future Energy Systems (ACM e-Energy 2021)
- Nan Wang, Sid Chi-Kin Chau, Yue Zhou
- Paper

- We propose an efficient multi-party computation protocol and a blockchain-based cost-sharing solution to achieve energy storage sharing in a privacy-preserving manner. Our protocol leverages SPDZ framework to defend against a dishonest majority, who arbitrarily deviate from the protocol.

zkUnlearner: A Zero-Knowledge Framework for Verifiable Unlearning with Multi-Granularity and Forgery-Resistance
- Nan Wang, Nan Wu, Xiangyu Hui, Jiafan Wang, Xin Yuan
- ePrint

- We present the first zero-knowledge framework for verifiable machine unlearning, specifically designed to support multi-granularity and forgery-resistance. Our solution enables not only traditional sample-level unlearning but also more advanced feature-level and class-level unlearning. Furthermore, we propose the first effective strategies to resist state-of-the-art forging attacks, where in stochastic gradient descent optimization, gradients from unlearned data, or from minibatches containing it, can be forged using alternative data samples or minibatches that exclude it.

Practically Efficient Secure Computation of Rank-based Statistics Over Distributed Datasets
- Nan Wang#, Sid Chi-Kin Chau
- ePrint

- We propose an efficient multi-party computation protocol to compute ranked-based statistics, e.g., median, percentiles, over distributed datasets. Our protocol achieves higher accuracy and stronger security compared with the state-of-the-art. Moreover, we leverage different zero-knowledge proofs to defend against malicious parties from dishonestly deviating from the protocol.

Page updated

Google Sites

Report abuse