How Zhao Mang’s Groundbreaking Cryptography Research Is Shaping China’s Security Landscape

Research Overview

Zhao Mang, a cryptography researcher, has produced a series of peer‑reviewed contributions on the formal security analysis of modern cryptographic primitives and protocols. His work appears in the top venues IEEE Symposium on Security & Privacy (S&P) and USENIX Security.

Provable Security of Ed25519

In a 2021 IEEE S&P paper titled The Provable Security of Ed25519: Theory and Practice , Zhao and co‑authors gave the first rigorous security proof for the Ed25519 signature scheme. The proof establishes strong unforgeability under selective‑message attacks for the most widely deployed variant and clarifies subtle differences among alternative parameter sets (e.g., different hash‑to‑curve encodings). The analysis uses the standard game‑hop technique and models the underlying twisted Edwards curve arithmetic in the symbolic prover Tamarin, enabling mechanised verification of the security reduction.

Post‑Quantum Security of FIDO2, CTAP 2.1 and WebAuthn 2

A 2023 IEEE S&P paper ( FIDO2, CTAP 2.1, and WebAuthn 2: Provable Security and Post‑Quantum Instantiation ) introduces a fine‑grained security model for the FIDO2 authentication ecosystem. The model captures token‑binding, user‑verification, and the “no‑proof” mode of operation. Using this model the authors:

Prove that the protocol remains secure when the underlying public‑key primitives are replaced by post‑quantum constructions (e.g., lattice‑based signatures and KEMs).

Identify a downgrade‑resistance weakness and propose a minimal modification to the CTAP 2.1 flow that restores resistance.

The work demonstrates how to instantiate the WebAuthn 2 specification with concrete post‑quantum algorithms while preserving the original security guarantees.

Automated Symbolic Analysis of AEAD‑Based Protocols

At the 32nd USENIX Security Symposium, Zhao presented Automated Analysis of Protocols that use Authenticated Encryption: How Subtle AEAD Differences can impact Protocol Security . The contribution consists of:

A generic symbolic model for Authenticated Encryption with Associated Data (AEAD) that captures confidentiality, integrity, and authenticity guarantees, as well as the effect of associated‑data handling.

An integration of this model into the Tamarin prover, allowing fully automated reasoning about protocols that employ a specific AEAD primitive.

Case studies that automatically discovered known attacks such as the Salamander attack on Facebook Messenger and vulnerabilities in SFrame and YubiHSM, as well as new weaknesses in several protocol designs.

The approach enables security analysts to evaluate the impact of choosing different AEAD schemes (e.g., AES‑GCM, ChaCha20‑Poly1305) without manual proof effort.

Secure Messaging with Strong Compromise Resilience

In a 2024 IEEE S&P paper ( Secure Messaging with Strong Compromise Resilience, Temporal Privacy, and Immediate Decryption ), Zhao and collaborators propose a new end‑to‑end encrypted messaging protocol that satisfies:

Immediate decryption of received messages (no post‑processing delay).

Temporal privacy: message timestamps are hidden from adversaries even after long‑term key compromise.

Strong compromise resilience: the protocol limits the damage of a partial key exposure to the compromised session only.

A novel definition of offline deniability suitable for post‑quantum settings, and a proof that the protocol meets this definition when combined with a post‑quantum key‑exchange.

The design is built on constant‑size ciphertexts and leverages lattice‑based primitives to remain secure against quantum adversaries.

Key Technical Artifacts

All papers are publicly available through the following URLs:

Ed25519 security proof: https://ieeexplore.ieee.org/abstract/document/9519456/

FIDO2 post‑quantum analysis: https://ieeexplore.ieee.org/abstract/document/10179454/

AEAD automated analysis (USENIX 2023): https://www.usenix.org/conference/usenixsecurity23/presentation/cremers-protocols

Secure messaging protocol (IEEE S&P 2024): https://ieeexplore.ieee.org/abstract/document/10646742/

Implementation of the AEAD model and the Tamarin scripts are hosted in the authors’ public Git repository (e.g., https://github.com/cremers/aead-tamarin).

Code example

收
藏
，
分
享
、
在
看
，
给
个
三
连
击呗！