Dr. Wenhao Wang is an associate professor at Institute of Information Engineering (IIE), CAS. His research interests now focus on protecting user privacy data with the help of hardware features, such as Intel SGX, as well as cryptographic techniques (e.g., homomorphic encryption). Dr. Wenhao Wang was a visiting scholar of Prof. XiaoFeng Wang’s group in Indiana University Bloomington from April 2016 to August 2018, during which he worked closely with Prof. Wang and Prof. Haixu Tang in organizing the Genomic data privacy and security protection competition. Please find the cv here: in English, 中文.
Please send an email to wangwenhao@iie.ac.cn if you would like to join the group. Students with interests in topics related to operating system, virtualization, hardware-assisted security, TEE, privacy preserving technologies and microarchitectural side channels etc., are all welcome.
Due to the institute’s policy, I am currently unable to accept international students.
[Oct. 2025] One paper on side-channel attacks has been accepted by IEEE Transactions on Information Forensics and Security (TIFS). The paper reveals novel timing side channels in LLM inference arising from shared KV and semantic caches, demonstrates practical attacks that recover private and system prompts through timing-based inference, and highlights the urgent need for mitigation against such privacy threats in multi-user LLM deployments. Following our findings, several LLM API providers (including OpenAI, Azure, and Fireworks) have implemented mitigations for these timing vulnerabilities, such as disabling global cache sharing across organizations and updating their documentation.
[Aug. 2025] Two papers on efficient and privacy-preserving neural network inference have been accepted for presentation at S&P 2025 and NDSS 2026. The first paper leverages sparsity in Transformers to reduce computational costs, while the second introduces performance-efficient fine-tuning (PEFT) adapters specifically designed for private inference.
[Aug. 2025] One paper on side channel attacks has been accepted by IEEE Transactions on Information Forensics and Security (TIFS). The paper demonstrates that the leakage in Dilithium’s NTT-based polynomial multiplication can be effectively exploited in template attacks, and proposes a multivariate template attack to significantly improve key-recovery efficiency in both simulated and real-world settings.
Last updated: Oct. 2025.
Powered by Jekyll and Minimal Light theme. Unique visitors: