About

Wenhai Sun is an Associate Professor and University Faculty Scholar at Purdue University, where he also serves as the Chair of the Cybersecurity Program in the School of Applied and Creative Computing. He holds two Ph.D. degrees in computer science and cryptography. His research focuses on security and privacy issues across a broad range of systems and applications, including artificial intelligence, cloud computing, blockchain, and cyber-physical systems. A particular area of interest for Professor Sun is the intersection of AI and privacy, where he investigates how privacy-enhancing technologies such as differential privacy can be exploited to cause unexpected harm to applications, systems, and participants. He works on mitigating these emerging threats by leveraging AI, machine learning, and provable algorithm design to maintain privacy and utility. Professor Sun is recognized for his contributions with awards such as the NSF CAREER Award in 2023 and the Purdue University Faculty Scholar honor in 2025. He is an Associate Editor for IEEE Transactions on Information Forensics and Security and IEEE Transactions on Dependable and Secure Computing, and he is a senior member of IEEE as well as a member of ACM, AAAS, and ACSIC.

Research topics

• Computer Science
• Computer Security
• Artificial Intelligence
• Data Mining
• Information Retrieval
• Speech recognition
• Computer network

Selected publications

• Machine learning approach for predicting the fracture toughness of bulk metallic glasses

  The Philosophical Magazine A Journal of Theoretical Experimental and Applied Physics · 2025-04-02 · 2 citations

  article
  PublisherDOI

• DEXO: A Secure and Fair Exchange Mechanism for Decentralized IoT Data Markets

  IEEE Internet of Things Journal · 2025-01-28 · 1 citations

  articleOpen access

  Opening up data produced by the Internet of Things (IoT) and mobile devices for public utilization can maximize their economic value. Challenges remain in the trustworthiness of the data sources and the security of the trading process, particularly when there is no trust between the data providers and consumers. In this article, we propose DEXO, a decentralized data exchange mechanism that facilitates secure and fair data exchange between data consumers and distributed IoT/mobile data providers at scale, allowing the consumer to verify the data generation process and the providers to be compensated for providing authentic data, with correctness guarantees from the exchange platform. To realize this, DEXO extends the decentralized oracle network model that has been successful in the blockchain applications domain to incorporate novel hardware-cryptographic co-design that harmonizes trusted execution environment, secret sharing, and smart contract-assisted fair exchange. For the first time, DEXO ensures end-to-end data confidentiality, source verifiability, and fairness of the exchange process with strong resilience against participant collusion. We implemented a prototype of the DEXO system to demonstrate feasibility. The evaluation shows a moderate deployment cost and significantly improved blockchain operation efficiency compared to a popular data exchange mechanism.

  PublisherOA PDFDOI

• Mitigating Data Poisoning Attacks to Local Differential Privacy

  2025-11-19 · 1 citations

  articleOpen accessSenior author

  The distributed nature of local differential privacy (LDP) invites data poisoning attacks and poses unforeseen threats to the underlying LDP-supported applications. In this paper, we propose a comprehensive mitigation framework for popular frequency estimation, which contains a suite of novel defenses, including malicious user detection, attack pattern recognition, and damaged utility recovery. In addition to existing attacks, we explore new adaptive adversarial activities for our mitigation design. For detection, we present a new method to precisely identify bogus reports, and thus LDP aggregation can be performed over the ''clean'' data. When the attack behavior becomes stealthy and direct filtering out malicious users is difficult, we further propose a detection that can effectively recognize hidden adversarial patterns, thus facilitating the decision-making of service providers. These detection methods require no additional data or attack information and incur minimal computational cost. Our experiment demonstrates their excellent performance and substantial improvement over previous work in various settings. In addition, we conduct an empirical analysis of LDP post-processing for corrupted data recovery and propose a new post-processing method, through which we reveal new insights into protocol recommendations in practice and key design principles for future research.

  PublisherDOI

• On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning Attacks

  2025-01-01 · 4 citations

  articleOpen accessSenior author

  Recent studies reveal that local differential privacy (LDP) protocols are vulnerable to data poisoning attacks where an attacker can manipulate the final estimate on the server by leveraging the characteristics of LDP and sending carefully crafted data from a small fraction of controlled local clients.This vulnerability raises concerns regarding the robustness and reliability of LDP in hostile environments.In this paper, we conduct a systematic investigation of the robustness of state-of-the-art LDP protocols for numerical attributes, i.e., categorical frequency oracles (CFOs) with binning and consistency, and distribution reconstruction.We evaluate protocol robustness through an attack-driven approach and propose new metrics for cross-protocol attack gain measurement.The results indicate that Square Wave and CFO-based protocols in the Server setting are more robust against the attack compared to the CFO-based protocols in the User setting.Our evaluation also unfolds new relationships between LDP security and its inherent design choices.We found that the hash domain size in local-hashing-based LDP has a profound impact on protocol robustness beyond the well-known effect on utility.Further, we propose a zero-shot attack detection by leveraging the rich reconstructed distribution information.The experiment show that our detection significantly improves the existing methods and effectively identifies data manipulation in challenging scenarios.

  PublisherDOI

• Mitigating Data Poisoning Attacks to Local Differential Privacy

  ArXiv.org · 2025-06-02

  preprintOpen accessSenior author

  The distributed nature of local differential privacy (LDP) invites data poisoning attacks and poses unforeseen threats to the underlying LDP-supported applications. In this paper, we propose a comprehensive mitigation framework for popular frequency estimation, which contains a suite of novel defenses, including malicious user detection, attack pattern recognition, and damaged utility recovery. In addition to existing attacks, we explore new adaptive adversarial activities for our mitigation design. For detection, we present a new method to precisely identify bogus reports and thus LDP aggregation can be performed over the ``clean'' data. When the attack behavior becomes stealthy and direct filtering out malicious users is difficult, we further propose a detection that can effectively recognize hidden adversarial patterns, thus facilitating the decision-making of service providers. These detection methods require no additional data and attack information and incur minimal computational cost. Our experiment demonstrates their excellent performance and substantial improvement over previous work in various settings. In addition, we conduct an empirical analysis of LDP post-processing for corrupted data recovery and propose a new post-processing method, through which we reveal new insights into protocol recommendations in practice and key design principles for future research.

  PublisherOA PDFDOI

• BFTRAND: Low-Latency Random Number Provider for BFT Smart Contracts

  2024-06-24 · 3 citations

  article

  Random numbers play a crucial role in decen-tralized applications (dApps) like decentralized finance (DeFi) and non-fungible tokens (NFTs). However, their generation faces challenges due to blolckchain's deterministic and decentralized nature, risking smart contract security and ecosystem stability. Prior solutions, including Oracles, employing commit-execute schemes, suffer from higher transaction fees, extended processing times, and increased on-chain storage, compromising efficiency. This paper proposes a novel random number provider (RNP) protocol for smart contracts, eliminating dependencies on traditional commit-execute approaches. Furthermore, we systematically identify potential random number-related attacks on smart contracts, particularly Post-reveal Undo Attacks (PUAs), where attackers may reverse contract operations when randomness is unfavorable, and discuss the security requirements. Our protocol addresses these attacks by (1) incorporating distributed random beacons (D RBs) with consensus processes, bridging the semantic gap between DRB and consensus, and (2) thoroughly analyzing and classifying four types of PUA and offering robust mitigations, alongside presenting a security proof. Our experiments show the protocol significantly enhances response times and security for random number queries in smart contracts, slashing request fees by at least 89 % and reducing on-chain data by 76.4% versus current methods. This work advances the integration of DRB protocols and consensus mechanisms, securing and optimizing random number applications in dApps, thus fostering the creation of more dependable, robust systems.

  PublisherDOI

• Basic Proof-of-Stake consensus mechanisms

  Institution of Engineering and Technology eBooks · 2024-04-15

  book-chapterSenior author

  In this chapter, we have discussed the basic PoS principles, from how it works as a PoW alternative to its economic implication, as well as several widely recognized chain-based PoS schemes: Peercoin, PoA, and Nxt. Among them, Peercoin was the first public blockchain to implement the PoS idea using coin age to evaluate stake weight; PoA leverages the Follow-The-Satoshi (FTS) mechanism to select a group of validators based on stake weight who will jointly sign a new block; Nxt improves Peercoin by abandoning coin age and refreshing the stake value for every new block cycle. These chain-based PoS schemes inherit Bitcoin's networking functions and blockchain finalization rules after block generation, including peer-to-peer block propagation and the longest-chain rule. We also highlighted the challenges of chain-based PoS related to costless simulation, such as the nothing-at-stake problem, bribery attack, long-range attack, and stake-grinding attack. Lastly, we provided an overview of alternative PoS mechanisms which have been the trend in the last several years.

  PublisherDOI

• PrivGrid: Privacy-Preserving Individual Load Forecasting Service for Smart Grid

  IEEE Transactions on Information Forensics and Security · 2024-01-01 · 11 citations

  article

  Smart meter-based individual load forecasts are more and more widely deployed to serve smart grid and home energy management. Customary load forecasting systems collect a massive amount of fine-grained electrical data from people’s smart meters in plaintext, inevitably raising privacy concerns and even anti-smart-meter initiatives. Current privacy solutions either compromise accuracy and efficacy or require the redeployment of trusted infrastructure. In this paper, we present PrivGrid, the first systematic solution for smart grids that collects, clusters, trains, and forecasts customers’ load data in a privacy-preserving way. Moreover, we highlight the technical contribution of our building block: a novel and fast arithmetic multiplication triple via secure inner product protocol outperforms the existing methods and may be included in other privacy computing modules. Then, we develop efficient secure protocols to enable the arithmetic operations of individual load forecasting in a server-aided model and utilize the best alternatives to nonlinear functions. Besides, aggregating all of our individual forecasts can produce a more accurate estimate of the system-level load than the typical aggregate technique. We rigorously prove that the servers cannot obtain the user’s historical load data and short-term load forecast values while providing services. PrivGrid is also tested on real residential smart meter data to show its efficiency, and the relevant code has been made available to the community for further research.

  PublisherDOI

• Confidential Distributed Ledgers for Online Syndicated Lending

  IEEE Transactions on Services Computing · 2024-08-07 · 2 citations

  article

  Online syndicated lending offers quick and convenient financing support to individuals, while diversifying risks by pooling funds from multiple lenders into loan projects. It has experienced explosive growth, reaching a multibillion-dollar market. Establishing transparency is essential for constructing a trusted, fair, and regulation-compliant financial collaboration model. Meanwhile, confidentiality must be maintained to protect the sensitive financial information of individual lenders. Multi-party computation (MPC) can protect the input privacy of lenders, but it cannot safeguard the sensitive information revealed by the fund flow itself. To address these challenges, we propose a new collaborative financial ledger for online syndicated lending. It leverages homomorphic encryption/commitment to enable the reuse of intermediary states without compromising privacy throughout the entire lifecycle of a loan. This system also supports efficient regulation-compliant auditing. We streamline the framework design to optimize performance and develop a prototype system. Even with a large syndicate of 100 lenders, the system still achieves low-latency performance.

  PublisherDOI

• Manipulated Transaction Collision Attack on Execute-Order-Validate Blockchain

  IEEE Transactions on Dependable and Secure Computing · 2024-07-16 · 2 citations

  article

  The Execute-Order-Validate blockchain enhances performance by allowing parallel transaction execution, yet it also introduces transaction conflicts that can cause state inconsistencies in the ledger. Previous research has focused on resolving conflicts under the assumption of the “good” intent of the senders. In this paper, we explore an unstudied scenario where a malicious user can intentionally generate transaction collisions to disrupt the service request of a target user to the underlying decentralized application (DApp). We call it manipulated transaction collision (MTC) attack. We overcome the challenges of identifying the conditions and best strategies to launch this targeted attack under various network settings. Our experiment results show that the MTC attack can effectively cause the victim to be continuously rejected by the blockchain, i.e., over 90% success rate in all tested cases on the Hyperledger Fabric blockchain. To combat this new threat, we first propose a machine-learning-assisted detection method that helps identify the adversarial behavior within massive background traffic. To further enhance blockchain resilience, we propose a more precise transaction conflicts definition and present a novel mitigation method, which not only prevents the attack but also significantly reduces the probability of natural conflicts by up to 75% in the tested DApp compared to state-of-the-art optimization methods.

  PublisherDOI

Recent grants

• CAREER: SaTC: Towards Machine-learnable Enhancing Framework for Local Differential Privacy

  NSF · $500k · 2023–2028

Frequent coauthors

• Wenjing Lou

  Virginia Tech

  20 shared

• Y. Thomas Hou

  Virginia Tech

  16 shared

• Hui Li

  Xidian University

  13 shared

• Xuefeng Liu

  9 shared

• Xiaoguang Li

  8 shared

• Boyang Wang

  University of Cincinnati

  7 shared

• Ning Cao

  Hohai University

  6 shared

• Ning Zhang

  Washington University in St. Louis

  5 shared

Labs

• Wenhai Sun LabPI

  Security and privacy issues in broad systems and applications, such as AI, cloud, blockchain, and cyber-physical systems.

Education

• PhD, Computer Science

  Virginia Tech

  2018

• PhD, School of Telecommunications Engineering

  Xidian University

  2014

Awards & honors

• NSF CAREER Award (2023)
• Distinguished Paper Award in ACM ASIACCS 2013
• IEEE Senior Member (2023)
• Distinguished Member of IEEE INFOCOM Technical Program Commi…
• Best-in-Session Presentation Award, IEEE INFOCOM (2018)