avatar

Wenhao Wang

Associate Professor
Institute of Information Engineering, CAS
wangwenhao (at) iie.ac.cn


Biography

Dr. Wenhao Wang is an associate professor at Institute of Information Engineering (IIE), CAS. His research interests now focus on protecting user privacy data with the help of hardware features, such as Intel SGX, as well as cryptographic techniques (e.g., homomorphic encryption). Dr. Wenhao Wang was a visiting scholar of Prof. XiaoFeng Wang’s group in Indiana University Bloomington from April 2016 to August 2018, during which he worked closely with Prof. Wang and Prof. Haixu Tang in organizing the Genomic data privacy and security protection competition. Please find the cv here: in English, 中文.

Please send an email to wangwenhao@iie.ac.cn if you would like to join the group. Students with interests in topics related to operating system, virtualization, hardware-assisted security, TEE, privacy preserving technologies and microarchitectural side channels etc., are all welcome.

Due to the institute’s policy, I am currently unable to accept international students.

News

  • [Oct. 2025] One paper on side-channel attacks has been accepted by IEEE Transactions on Information Forensics and Security (TIFS). The paper reveals novel timing side channels in LLM inference arising from shared KV and semantic caches, demonstrates practical attacks that recover private and system prompts through timing-based inference, and highlights the urgent need for mitigation against such privacy threats in multi-user LLM deployments. Following our findings, several LLM API providers (including OpenAI, Azure, and Fireworks) have implemented mitigations for these timing vulnerabilities, such as disabling global cache sharing across organizations and updating their documentation.

  • [Aug. 2025] Two papers on efficient and privacy-preserving neural network inference have been accepted for presentation at S&P 2025 and NDSS 2026. The first paper leverages sparsity in Transformers to reduce computational costs, while the second introduces performance-efficient fine-tuning (PEFT) adapters specifically designed for private inference.

  • [Aug. 2025] One paper on side channel attacks has been accepted by IEEE Transactions on Information Forensics and Security (TIFS). The paper demonstrates that the leakage in Dilithium’s NTT-based polynomial multiplication can be effectively exploited in template attacks, and proposes a multivariate template attack to significantly improve key-recovery efficiency in both simulated and real-world settings.

Selected Publications (Full list: Google Scholar)

* Corresponding authors, [ ] Equal Contributions, Advised by me

    0 0 1 1 2 2 3 3 4 5 6 7 8 4 5 9 10 6 7 11 12 13 14 15 16 17 8 18 19 20 9
  1. TIFS
    [ J9 ] The Early Bird Catches the Leak: Unveiling Timing Side Channels in LLM Serving Systems
    [Linke Song, Zixuan Pang], Wenhao Wang*, Zihao Wang, XiaoFeng Wang, Hongbo Chen, Wei Song, Yier Jin, Dan Meng, Rui Hou
    IEEE Transactions on Information Forensics and Security (TIFS) (CCF-A)
    PDF Code Project Page
  2. NDSS
    [ C20 ] CryptPEFT: Efficient and Private Neural Network Inference via Parameter-Efficient Fine-Tuning
    Saisai Xia, Wenhao Wang*, Zihao Wang*, Yuhui Zhang, Yier Jin, Dan Meng, Rui Hou
    Network and Distributed System Security Symposium (NDSS) 2026 (CCF-A)
    PDF Code To appear
  3. TIFS
    [ J8 ] Multivariate Template Attack against NTT based Polynomial Multiplication of Dilithium
    Haopeng Fan, Hailong Zhang*, Yongjuan Wang*, Wenhao Wang, Haojin Zhang, Qingjun Yuan
    IEEE Transactions on Information Forensics and Security (TIFS) (CCF-A)
    PDF
  4. S&P
    [ C19 ] Comet: Accelerating Private Inference for Large Language Model by Predicting Activation Sparsity
    Guang Yan, Yuhui Zhang*, Zimu Guo, Lutan Zhao, Xiaojun Chen, Chen Wang, Wenhao Wang, Dan Meng, Rui Hou*
    2025 IEEE Symposium on Security and Privacy (S&P) (CCF-A)
    PDF
  5. NDSS
    [ C18 ] The Road to Trust: Building Enclaves within Confidential VMs
    Wenhao Wang, Linke Song, Benshan Mei, Shuang Liu, Shijun Zhao, Shoumeng Yan*, XiaoFeng Wang, Dan Meng, Rui Hou*
    Network and Distributed System Security Symposium (NDSS) 2025 (CCF-A)
    PDF Code
  6. TIFS
    [ J7 ] Screening Least Square Technique assisted Multivariate Template Attack against the Random Polynomial Generation of Dilithium
    Haopeng Fan, Hailong Zhang*, Yongjuan Wang*, Wenhao Wang, Yanbei Zhu, Haojin Zhang, Qingjun Yuan
    IEEE Transactions on Information Forensics and Security (TIFS) (CCF-A)
    PDF
  7. DAC
    [ C17 ] ThermalScope: A Practical Interrupt Side Channel Attack Based On Thermal Event Interrupts
    Xin Zhang, Zhi Zhang, Qingni Shen, Wenhao Wang, Yansong Gao, Zhuoxi Yang, Zhonghai Wu
    The 61st Design Automation Conference (DAC 2024) (CCF-A)
  8. JCS
    [ J6 ] Cache attacks on subkey calculation of Blowfish
    Haopeng Fan, Wenhao Wang*, Yongjuan Wang, Xiangbin Wang, Yang Gao
    Journal of Computer Security (JCS) (CCF-B)
    PDF
  9. ICDE
    [ C16 ] PP-Stream: A Privacy-Preserving Neural Network Inference Service with Stream Processing
    Qingxiu Liu, Qun Huang*, Xiang Chen, Sa Wang, Wenhao Wang, Shujie Han, Patrick P. C. Lee
    40th IEEE International Conference on Data Engineering (ICDE 2024) (CCF-A)
  10. ASPLOS
    [ C15 ] Verifying Rust Implementation of Page Tables in a Software Enclave Hypervisor
    Zhenyang Dai, Shuang Liu, Vilhelm Sjoberg*, Xupeng Li, Yu Chen, Wenhao Wang, Yuekai Jia, Sean Noble Anderson, Laila Elbeheiry, Shubham Sondhi, Yu Zhang, Zhaozhong Ni, Shoumeng Yan*, Ronghui Gu, Zhengyu He
    International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2024) (CCF-A)
    PDF
  11. HPCA
    [ C14 ] SegScope: Probing Fine-grained Interrupts via Architectural Footprints
    [Xin Zhang, Zhi Zhang], Qingni Shen*, Wenhao Wang, Yansong Gao, Zhuoxi Yang, Jiliang Zhang
    30th IEEE International Symposium on High-Performance Computer Architecture (HPCA 2024) (CCF-A)
    Code
  12. Security
    [ C13 ] Tossing in the Dark: Practical Bit-Flipping on Gray-box Deep Neural Networks for Runtime Trojan Injection
    Zihao Wang, Di Tang*, XiaoFeng Wang, Wei He, Zhaoyang Geng, Wenhao Wang*
    USENIX Security 2024 (CCF-A)
    PDF
  13. CCS
    [ C12 ] The Danger of Minimum Exposures: Understanding Cross-App Information Leaks on iOS through Multi-Side-Channel Learning
    [Zihao Wang, Jiale Guan], XiaoFeng Wang, Wenhao Wang, Luyi Xing, Fares Alharbi
    ACM Conference on Computer and Communications Security (ACM CCS 2023) (CCF-A)
    PDF Project Page
  14. TC
    [ J5 ] WhistleBlower: A System-level Empirical Study on RowHammer
    [Wei He, Zhi Zhang], Yueqiang Cheng, Wenhao Wang*, Wei Song, Yansong Gao, Qifei Zhang, Kang Li, Dongxi Liu, Surya Nepal
    IEEE Transactions on Computers (TC) (CCF-A)
    PDF
  15. TDSC
    [ J4 ] Implicit Hammer: Cross-Privilege-Boundary Rowhammer through Implicit Accesses
    [Zhi Zhang, Wei He], Yueqiang Cheng, Wenhao Wang, Yansong Gao*, Dongxi Liu, Kang Li, Surya Nepal, Anmin Fu, Yi Zou
    IEEE Transactions on Dependable and Secure Computing (TDSC) (CCF-A)
    PDF
  16. ATC
    [ C11 ] HyperEnclave: An Open and Cross-platform Trusted Execution Environment
    Yuekai Jia, Shuang Liu, Wenhao Wang*, Yu Chen, Zhengde Zhai, Shoumeng Yan, Zhengyu He
    2022 USENIX Annual Technical Conference (USENIX ATC) (CCF-A)
    PDF Slides Code
  17. ATC
    [ C10 ] SoftTRR: Protect Page Tables Against RowHammer Attacks using Software-only Target Row Refresh
    [Zhi Zhang, Yueqiang Cheng], Minghua Wang, Wei He, Wenhao Wang*, Nepal Surya, Yansong Gao, Kang Li, Zhe Wang, Chenggang Wu
    2022 USENIX Annual Technical Conference (USENIX ATC) (CCF-A)
    PDF Slides
  18. TDSC
    [ J3 ] Trust Beyond Border: Lightweight, Verifiable User Isolation for Protecting In-Enclave Services
    Wenhao Wang*, Weijie Liu, Hongbo Chen, XiaoFeng Wang, Hongliang Tian, Dongdai Lin
    IEEE Transactions on Dependable and Secure Computing (TDSC) (CCF-A)
    PDF
  19. TIFS
    [ J2 ] BitMine: An End-to-End Tool for Detecting Rowhammer Vulnerability
    [Zhi Zhang, Wei He], Yueqiang Cheng, Wenhao Wang, Yansong Gao*, Minghua Wang, Kang Li, Surya Nepal, Yang Xiang
    IEEE Transactions on Information Forensics and Security (TIFS) (CCF-A)
    PDF
  20. DSN
    [ C9 ] Practical and Efficient in-Enclave Verification of Privacy Compliance
    Weijie Liu, Wenhao Wang*, Hongbo Chen, XiaoFeng Wang*, Yaosong Lu, Kai Chen, Xinyu Wang, Qingtao Shen, Yi Chen, Haixu Tang
    51st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021) (CCF-B)
    PDF Slides
  21. S&P
    [ C8 ] Randomized Last-Level Caches Are Still Vulnerable to Cache Side-Channel Attacks! But We Can Fix It
    Wei Song, Boya Li, Zihan Xue, Zhenzhen Li, Wenhao Wang, Peng Liu
    2021 IEEE Symposium on Security and Privacy (S&P) (CCF-A)
    PDF
  22. S&P
    [ C7 ] Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment
    Jianping Zhu, Rui Hou*, XiaoFeng Wang*, Wenhao Wang, Jiangfeng Cao, Boyan Zhao, Zhongpu Wang, Yuhui Zhang, Jiameng Ying, Lixin Zhang, Dan Meng
    2020 IEEE Symposium on Security and Privacy (S&P) (CCF-A)
    PDF
  23. TCHES
    [ C6 ] Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX
    Tianlin Huo, Xiaoni Meng, Wenhao Wang*, Chunliang Hao, Pei Zhao, Jian Zhai, Mingshu Li*
    IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES 2020) (CCF-B)
    PDF
  24. ACSAC
    [ C5 ] Beware of Your Screen: Anonymous Fingerprinting of Device Screens for Off-line Payment Protection
    Zhe Zhou, Di Tang, Wenhao Wang, XiaoFeng Wang, Zhou Li, Kehuan Zhang
    Annual Computer Security Applications Conference (ACSAC 2018) (CCF-B)
    PDF
  25. Eurocrypt
    [ C4 ] Correlation Cube Attacks: From Weak-Key Distinguisher to Key Recovery
    Meicheng Liu, Jingchun Yang, Wenhao Wang, Dongdai Lin
    37th Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt 2018) (CCF-A)
    PDF
  26. S&P
    [ C3 ] Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races
    [Guoxing Chen, Wenhao Wang*], Tianyu Chen, Sanchuan Chen, Yinqian Zhang, XiaoFeng Wang, Ten-Hwang Lai, Dongdai Lin
    2018 IEEE Symposium on Security and Privacy (S&P) (CCF-A)
    PDF
  27. Genomics
    [ J1 ] iDASH secure genome analysis competition 2017
    XiaoFeng Wang, Haixu Tang, Shuang Wang, Xiaoqian Jiang, Wenhao Wang, Diyue Bu, Lei Wang, Yicheng Jiang, Chenghong Wang
    2018 BMC Medical Genomics
    PDF
  28. CCS
    [ C2 ] Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
    Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, Carl A. Gunter
    ACM Conference on Computer and Communications Security (ACM CCS 2017) (CCF-A)
    PDF Slides
  29. FEAST
    [ C1 ] Binary Code Retrofitting and Hardening Using SGX
    Shuai Wang, Wenhao Wang, Qinkun Bao, Pei Wang, XiaoFeng Wang, Dinghao Wu
    2nd Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017
    PDF Slides

Manuscripts

    0 1 2 3
  1. Arxiv
    [ A3 ] virtCCA: Virtualized Arm Confidential Compute Architecture with TrustZone
    Xiangyi Xu, Wenhao Wang*, Yongzheng Wu, Chenyu Wang, Huifeng Zhu, Haocheng Ma, Zhennan Min, Zixuan Pang, Rui Hou, Yier Jin*
    Arxiv
    PDF
  2. Arxiv
    [ A2 ] Understanding TEE Containers, Easy to Use? Hard to Trust
    [Weijie Liu, Hongbo Chen], XiaoFeng Wang, Zhi Li, Danfeng Zhang, Wenhao Wang, Haixu Tang
    Arxiv
    PDF
  3. Arxiv
    [ A1 ] Toward Scalable Fully Homomorphic Encryption Through Light Trusted Computing Assistance
    Wenhao Wang, Yichen Jiang, Qintao Shen, Weihao Huang, Hao Chen, Shuang Wang, XiaoFeng Wang, Haixu Tang, Kai Chen, Kristin Lauter, Dongdai Lin
    Arxiv
    PDF

Courses

Professional Services

Awards

Students

Alumni

Last updated: Oct. 2025.


Powered by Jekyll and Minimal Light theme. Unique visitors: .