Zhiniang Peng

Work

I am a security researcher at Qihoo 360 Core Security. My main research area is cyber security. My work focuses on applied cryptography, software security and threat hunting. In the meantime, I am also interested in finding and researching on new security threats and directions.

Background

I started learning cybersecurity when I was a middle school student (Since 2003) and started taking part-time job on cybersecurity when I was a high school student. I did B.E. in material science in South China University of Technology (SCUT) from 2009 to 2013. After spending 4 years in material science, I decided to return to cybersecurity. I get my Ph.D degree in Post-Quantum Cryptography in SCUT from 2013 to 2017. After that, I joined Qihoo 360 Core Security.

Contact:

Twitter: @edwardzpeng

Github: edwardz246003

Papers:

Qin Wang, Jiangshan Yu, Zhiniang Peng , Vancuong Bui , Shiping Chen, Yong Ding : Security Analysis on dBFT protocol of NEO. FC2020 (2020)

Yiming Wu, Shaohua Tang, Bowen Zhao, Zhiniang Peng: BPTM: Blockchain-Based Privacy-Preserving Task Matching in Crowdsourcing. IEEE Access 7: 45605-45617 (2019)

Shibin Zhao, Yuanhao Deng, Zhiniang Peng*, : Improved Meet-in-the-Middle Attacks on Generic Feistel Constructions. IEEE Access 7: 34416-34424 (2019)

Bo Lv, Zhiniang Peng, Shaohua Tang: Precomputation Methods for UOV Signature on Energy-Harvesting Sensors. IEEE Access 6: 56924-56933 (2018)

Zhiniang Peng, Shaohua Tang: Circulant UOV: a new UOV variant with shorter private key and faster signature generation. TIIS 12(3): 1376-1395 (2018)

Zhiniang Peng, Yuki Chen: All roads lead to Rome: Many ways to double spend your cryptocurrency. CoRR abs/1811.06751 (2018)

Zhiniang Peng, Shaohua Tang: Circulant Rainbow: A New Rainbow Variant With Shorter Private Key and Faster Signature Generation. IEEE Access 5: 11877-11886 (2017)

Zhiniang Peng, Shaohua Tang, Linzhi Jiang: A Symmetric Authenticated Proxy Re-encryption Scheme with Provable Security. ICCCS (2) 2017: 86-99

Bo Lv, Zhiniang Peng, Shaohua Tang: A Secure Variant of the SRP Encryption Scheme with Shorter Private Key. ISPEC 2017: 156-167

Zhiniang Peng, Shaohua Tang, Ju Chen, Chen Wu, Xinglin Zhang: Fast Implementation of Simple Matrix Encryption Scheme on Modern x64 CPU. ISPEC 2016: 151-166

Shaohua Tang, Bo Lv, Guomin Chen, Zhiniang Peng, Adama Diene, Xiaofeng Chen: Efficient hardware implementation of PMI+ for low-resource devices in mobile cloud computing. Future Generation Comp. Syst. 52: 116-124 (2015)

Shaohua Tang, Bo Lv, Guomin Chen, Zhiniang Peng: Efficient Hardware Implementation of MQ Asymmetric Cipher PMI+ on FPGAs. ISPEC 2014: 187-201

Shaohua Tang, Bo Lv, Guomin Chen, Zhiniang Peng: Efficient Hardware Implementation of MQ Asymmetric Cipher PMI+ on FPGAs. IACR Cryptology ePrint Archive 2013: 878 (2013)

几种多变量公钥密码的改进方案及其安全性分析, 工学博士学位论文. 2017

FPGA上基于多变量公钥密码体制的身份认证系统的设计与实现 . 2013

Patents:

   客户端与服务器之间的通信方法及装置(专利), 2018.
   加密方法及装置 (专利), 2018.
   一种在线离线循环非平衡油醋签名方法 (专利), 2017.

一种多变量公钥的签名系统和方法(专利), 2016.
一种基于对称密码的可认证的代理重加密系统(专利), 2016

Talks and Articles:

Zhiniang Peng, Attacks on shadowsocks ciphers, Article. 2019

Zhiniang Peng, Yuki Chen, All roads lead to Rome: Many ways to double spend your cryptocurrency, Article. 2018

Zhiniang Peng, Not A Fair Game – Fairness Analysis of Dice2win, Article. 2018

Zhiniang Peng, Analysis and Improvement of NEO dBFT Consensus Mechanism ,Article. 2018

Zhiniang Peng, NEO Smart Contract Platform Runtime Serialize Calls DoS, Article. 2018

Yuki Chen, Zhiniang Peng, EOS Node Remote Code Execution Vulnerability — EOS WASM Contract Function Table Array Out of Bounds , Article. 2018

Zhiniang Peng, Attackers Fake Computational Power to Steal Cryptocurrencies from Mining Pools, Article. 2018

Zhiniang Peng, Bitpie Key Recovery vulnerability, Article. 2018

Zhiniang Peng, Yi Zhang, Proposal for suggested texts for ITU-T X.stov Security threats to online voting using distributed ledger technology,Draft Standard. 2018

Zhiniang Peng, Yi Zhang, Proposal for suggested texts for Security framework for Distributed Ledger Technology, Draft Standard. 2018

Zhiniang Peng, Yi Zhang, Proposal for suggested texts for the X.sct-dlt Security capabilities of and threats to Distributed Ledger Technology,Draft Standard. 2018

Zhiniang Peng, Yi Zhang, Proposal for suggested texts for X.strdlt The security threats and requirements for digital payment services based on distributed ledger technology, Draft Standard. 2018

Zhiniang Peng, Security Risks in Zero Knowledge Proof Cryptocurrencies, Presentation in PacSec 2019.

Zhiniang Peng, danger of using fully homomorphic encryption, a look at microsoft seal, Presentation in Cansecwest, Opcde, Overdrive 2019.

Zhiniang Peng, Many way to double spend your cryptocurrency, Presentation, NEO devcon 2019.

Zhiniang Peng, Some Security Risks for DLT, Presentation, ITU-SG17. 2018

Zhiniang Peng, Some Mining Related Attacks, Presentation, Monero village, Defcon26. 2018

Zhiniang Peng, EOS Node Remote Code Execution Vulnerability, Presentation, EOS devcon 2018.

一次新奇的区块链漏洞之旅, Presentation, 360技术开放日. 2018

几种挖矿攻击及相关缓解措施, Presentation, BCcon2018.

BCH重启Op-code背后的安全故事, Presentation, BCH meetup Beijing 2018.

Zhiniang Peng. Chen Wu, IIS remote code execution, Article. 2017

基于linux的嵌入式设备漏洞自动化动态分析, Presentation, VSRC. 2017

正方教务管理系统数据库任意操作漏洞, Article. 2012

小米电商主站数据库任意操作漏洞, Article. 2012

Struts2远程任意代码执行漏洞及利用工具, Code. 2012

新浪微博用户密码泄露漏洞, Article. 2011

Softwares:

WhiteBox crypto library, https://jiagu.360.cn

SDK for secure communication, https://jiagu.360.cn

Secure data exchange platfrom, https://jiagu.360.cn

Bitcoin cash fork, https://github.com/bitcoincandyofficial

Caichuang Sha,an open source Sanguosha game with addtional heroes, https://github.com/edwardz246003/-Three-Kingdoms-Kill-sanguosha-

DAA simulator, https://github.com/edwardz246003/DAA_simulator