About

Yuecheng "Peter" Zhou, Ph.D., is an Assistant Professor at the University of Illinois Urbana-Champaign, affiliated with the Department of Materials Science and Engineering, the Department of Chemical and Biomolecular Engineering, the Department of Bioengineering, the Materials Research Laboratory, and the Beckman Institute for Advanced Science and Technology. He completed his postdoctoral training as a scholar in Chemistry and at the Wu Tsai Neurosciences Institute at Stanford University in 2024, working with Bianxiao Cui. Dr. Zhou earned his Ph.D. in Materials Science and Engineering from the University of Illinois Urbana-Champaign in 2019 under the mentorship of Charles M. Schroeder. He also holds a B.S. in Materials Science and Engineering with High Honors from the University of Illinois Urbana-Champaign, awarded in 2014.

Research topics

• Computer Science
• Computer Security
• Arithmetic
• Computer architecture
• Computer hardware
• Mathematics
• Multimedia
• Operating system
• Discrete mathematics
• Embedded system
• Combinatorics
• Parallel computing
• Internet privacy
• Human–computer interaction

Selected publications

• Testing Access-Control Configuration Changes for Web Applications

  ArXiv.org · 2025-05-19

  preprintOpen access

  Access-control misconfigurations are among the main causes of today's data breaches in web applications. However, few techniques are available to support automatic and systematic testing for access-control changes and detecting risky changes to prevent severe consequences. As a result, those critical security configurations often lack testing, or are tested manually in an ad hoc way. This paper advocates that tests should be made available for users to test access-control configuration changes. The key challenges are such tests need to be run with production environments (to reason end-to-end behavior) and need to be performance-efficient. We present a new approach to create such tests, as a mini test environment incorporating production program and data, called ACtests. ACtests report the impacts of access-control changes, namely the requests that were denied but would be allowed after a change, and vice versa. Users can validate if the changed requests are intended or not and identify potential security vulnerabilities. We evaluate ACtests with 193 public configurations of widely-used web applications on Dockerhub. ACtests detect 168 new vulnerabilities from 72 configuration images. We report them to the image maintainers: 54 of them have been confirmed and 44 have been fixed. We also conduct in-depth experiments with five real-world deployed systems, including Wikipedia and a commercial company's web proxy. Our results show that ACtests effectively and efficiently detect all the change impacts.

  PublisherOA PDFDOI

• Rejected Signatures’ Challenges Pose New Challenges: Key Recovery of CRYSTALS-Dilithium via Side-Channel Attacks

  IACR Transactions on Cryptographic Hardware and Embedded Systems · 2025-09-05 · 2 citations

  articleOpen access1st authorCorresponding

  Rejection sampling is a crucial security mechanism in lattice-based signature schemes that follow the Fiat-Shamir with aborts paradigm, such as MLDSA/ CRYSTALS-Dilithium. This technique transforms secret-dependent signature samples into ones that are statistically close to a secret-independent distribution (in the random oracle model). While many side-channel attacks have directly targeted sensitive data such as nonces, secret keys, and decomposed commitments, fewer studies have explored the potential leakage associated with rejection sampling. Notably, at HOST 2021, Karabulut et al. showed that leakage from rejected signatures’ challenges can undermine, but not entirely break, the security of the Dilithium scheme.Motivated by the above, we convert the problem of key recovery (from the leakage of rejection sampling) to an integer linear programming problem (ILP), where rejected responses of unique Hamming weights set upper/lower constraints of the product between the challenge and the private key. We formally study the worst-case complexity of the problem as well as empirically confirm the practicality of the rejected signature’s challenge attack. For all three security levels of Dilithium-2/3/5, our attack recovers the private key in seconds or minutes with a 100% Success Rate (SR).Our attack leverages knowledge of the rejected signature’s challenge and response, and thus we propose methods to extract this information by exploiting single-trace sidechannel leakage from Number Theoretic Transform (NTT) operations and functions associated with the response generation procedure. We demonstrate the practicality of this rejected signature’s challenge attack by using real power consumption on an ARM Cortex-M4 microcontroller. To the best of our knowledge, it is the first practical and efficient side-channel key recovery attack on ML-DSA/Dilithium that targets the rejection sampling procedure. Furthermore, we discuss some countermeasures to mitigate this security issue.

  PublisherOA PDFDOI

• Enhancing the efficiency and stability of perovskite solar cells via a polymer heterointerface bridge

  Nature Photonics · 2025-06-06 · 61 citations

  article
  PublisherDOI

• Dynamic sequential cross-sectional scanning increases detection rate of congenital heart disease in sonographers: a prenatal ultrasound training program

  BMC Medical Education · 2024-10-22 · 1 citations

  articleOpen access

  BACKGROUND: Prenatal ultrasound is the preferred modality for diagnosing fetal congenital heart disease. Given issues of physician proficiency and hospital distribution, we propose a dynamic sequential cross-sectional scanning (SCS) to explore the feasibility of cardiac screening by sonographers with less than 5 years of experience in ultrasound. MATERIALS AND METHODS: Twenty residents were randomly divided into two groups, receiving training in the American Institute of Ultrasound in Medicine (AIUM) fetal echocardiography and the SCS method. According to the needs of training, the professional staff developed the theoretical knowledge question bank, the CHD ultrasonic video disease bank, and the assessment scale. Trainees completed the pre-training examination, theory and skill operation training, and post-training assessment. For the two groups, the theoretical knowledge, skill operation and disease diagnosis were analyzed statistically before and after training. RESULTS: After training, the trainees in both groups had significantly improved knowledge and diagnostic abilities, their diagnostic thinking about CHD was clear, and they could identify major or even all structural abnormalities and make a definite diagnosis. In terms of skill operation, both groups could complete all required scanning within the specified time. The scanning time of the SCS group was significantly lower than that of the AIUM group, and the effect of the receptor site in the AIUM group was significantly higher than that in the SCS group. CONCLUSION: SCS can be used as a new rapid fetal cardiac scanning method and try to popularize among echocardiographer.

  PublisherOA PDFDOI

• The effects of host and home country economies on MNEs’ overseas CSR investment

  Journal of International Management · 2024-09-14 · 5 citations

  article1st author
  PublisherDOI

• S-box Pooling: Towards More Efficient Side-Channel Security Evaluations

  Lecture notes in computer science · 2022-01-01 · 2 citations

  book-chapterOpen access1st authorCorresponding
  PublisherOA PDFDOI

• Table of Contents

  2022-07-22

  articleOpen access
  PublisherOA PDFDOI

• A Third is All You Need: Extended Partial Key Exposure Attack on CRT-RSA with Additive Exponent Blinding

  Lecture notes in computer science · 2022 · 7 citations

  1st authorCorresponding
  • Combinatorics
  • Mathematics
  • Discrete mathematics
  PublisherOA PDFDOI

• Scatter: a Missing Case?

  Lecture notes in computer science · 2021-01-01 · 1 citations

  book-chapterOpen access1st authorCorresponding
  PublisherOA PDFDOI

• {PYLIVE}: On-the-Fly Code Change for Python-based Online Services

  2021-01-01

  articleSenior author

Recent grants

• CSR--PDOS: Improving System Reliability via Delta Execution

  NSF · $762k · 2006–2010

• CSR: Small: Improving Software Diagnosability via Automatic Log Inferrence and Informative Logging

  NSF · $478k · 2010–2016

• CSR: SMALL: Automatically Detecting, Diagnosing and Resolving Abnormal Battery Drain Issues on Smartphone Systems

  NSF · $350k · 2012–2015

• CAREER: Improving Storage System Performance, Dependability and Manageability Using System Mining Techniques

  NSF · $449k · 2004–2010

• CSR---PDOS: Online Production-Run Software Failure Diagnosis at the User Site

  NSF · $569k · 2009–2012

Frequent coauthors

• Rajeev Balasubramonian

  University of Utah

  17 shared

• Craig Zilles

  University of Illinois Urbana-Champaign

  17 shared

• Pin Zhou

  Integrated Chinese Medicine (China)

  17 shared

• Shan Lu

  Microsoft (United States)

  17 shared

• Wen‐mei Hwu

  University of Illinois Urbana-Champaign

  16 shared

• Moinuddin K. Qureshi

  Georgia Institute of Technology

  16 shared

• Juanita Hoe

  University of West London

  16 shared

• Georgia Tech

  Carnegie Mellon University

  16 shared

Labs

• Zhou LabPI

Awards & honors

• Materials Research Society Fellowships and Awards