About Me

I’m Tianyi Li, a blockchain security engineer at CertiK.

Previous to that, I was a senior security engineer at Antgroup, designed and implemented high performance MPC computation system.

I received my Bachelor and Master degree at Wangxuan Institute of Computer Technology (WICT) of Peking University (PKU). My research includes browser fingerprinting and it’s detection techniques. I also worked on web security, privacy enhancing technologies and program (JavaScript and linux binary) analysis. I was a member of CTF team r3kapig (ID: n0b0dy), and I mainly focus on web challenges.

I’m interested in music. I have participated in the rehearsal of the PKU EECS chorus competition for 7 years (link), and I sing as Base in the choir. I’m also interested in Chinese opera.

Contact

• Email: contact [AT] litianyi.site
• Github: https://github.com/n0b0dyCN

Work Experience

• 2023.5 - present, Blockchain Security Engineer @ CertiK
• 2021.7 - 2023.5, Senior Security Engineer @ Antgroup
  • Develop distributed and fast MPC engine (TECC) from scratch
  • Design & implement distributed data analysis framework from scratch
  • Tech Stack: Rust, PURE C, Python, Intel SGX with Occlum, a little bit Java
  • Patents involved (first author): CN114726514A, CN114692060A
  • Patents involved (other): CN114726512A, CN114726511A, CN114726580A, CN114003962A, CN113992439A, CN113987554A
  • Public available resources: TECC white paper, TECC in WAIC 2022

Education

• 2018 - 2021, Peking University (PKU)
  • Wangxuan Institute of Computer Technology (WICT)
  • Master of Science in Computer Application Technology
• 2014 - 2018, Peking University (PKU)
  • School of Electronics Engineering and Computer Science (EECS)
  • Bachelor of Science in Computer Science and Technology

Research Interest

• Web Security & Privacy (Vulnerabilities, User Tracking, Web/Internet Measurement)
• Dynamic and Static Program Analysis (JavaScript, Binary)
• Trusted Execution Environment (Intel SGX)

Projects

1. gbdt-rs: A fast and secure GBDT library, supporting TEEs such as Intel SGX and ARM TrustZone
2. Redis Rogue Server: Redis <= 5.0.5 RCE exploit

Publications

[Google Scholar]

1. FPFlow: Detect and Prevent Browser Fingerprinting with Dynamic Taint Analysis
   Tianyi Li, Xiaofeng Zheng, Kaiwen Shen, Xinhui Han
   [S&P POSTER] Security & Privacy IEEE, 2021
   [CCSAC] China Cyber Security Annual Conference, 2021
   [Patent] 基于V8引擎的JavaScript动态污点跟踪方法及电子装置 [CN112199274A]
   poster abstract, paper
2. From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age
   Yixiong Wu, Jianwei Zhuge, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu and Jianju Hu
   [ICISSP] International Conference on Information Systems Security and Privacy, 2021
   pdf
3. Poster: gbdt-rs: Fast and Trustworthy Gradient Boosting Decision Tree
   Tianyi Li, Tongxin Li, Yu Ding, Yulong Zhang, Tao Wei, Xinhui Han
   [S&P POSTER] Security & Privacy IEEE, 2019
   pdf, code
4. POSTER: PT-DBG: Automatically anti-debugging bypassing based on Intel Processor Trace
   Guancheng Li, Yongheng Chen, Tianyi Li, Tongxin Li, Xinfeng Wu, Chao Zhang, Xinhui Han
   [S&P POSTER] Security & Privacy IEEE, 2018
   pdf

Patents

1. Dynamic JavaScript taint analysis: CN112199274A
2. Multiparty computation algorithms: CN114726514A, CN114692060A
3. Multiparty computation system design: CN114726512A, CN114726511A, CN114726580A, CN114003962A, CN113992439A, CN113987554A