BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Hang Fu

Hang Fu contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Securitymath.NTmath.AGmath.CO

Trust snapshot

Quick read

Trust 17 - UnverifiedVerification L1Unclaimed author
4works
0followers
4topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

4 published item(s)

preprint2026arXiv

Inhibitory Attacks on Backdoor-based Fingerprinting for Large Language Models

The widespread adoption of Large Language Model (LLM) in commercial and research settings has intensified the need for robust intellectual property protection. Backdoor-based LLM fingerprinting has emerged as a promising solution for this challenge. In practical application, the low-cost multi-model collaborative technique, LLM ensemble, combines diverse LLMs to leverage their complementary strengths, garnering significant attention and practical adoption. Unfortunately, the vulnerability of existing LLM fingerprinting for the ensemble scenario is unexplored. In order to comprehensively assess the robustness of LLM fingerprinting, in this paper, we propose two novel fingerprinting attack methods: token filter attack (TFA) and sentence verification attack (SVA). The TFA gets the next token from a unified set of tokens created by the token filter mechanism at each decoding step. The SVA filters out fingerprint responses through a sentence verification mechanism based on perplexity and voting. Experimentally, the proposed methods effectively inhibit the fingerprint response while maintaining ensemble performance. Compared with state-of-the-art attack methods, the proposed method can achieve better performance. The findings necessitate enhanced robustness in LLM fingerprinting.

0 citations0 reviewsNo code linkedOpen access
preprint2025arXiv

Towards Provably Secure Generative AI: Reliable Consensus Sampling

Existing research on generative AI security is primarily driven by mutually reinforcing attack and defense methodologies grounded in empirical experience. This dynamic frequently gives rise to previously unknown attacks that can circumvent current detection and prevention. This necessitates the continual updating of security mechanisms. Constructing generative AI with provable security and theoretically controllable risk is therefore necessary. Consensus Sampling (CS) is a promising algorithm toward provably secure AI. It controls risk by leveraging overlap in model output probabilities. However, we find that CS relies on frequent abstention to avoid unsafe outputs, which reduces utility. Moreover, CS becomes highly vulnerable when unsafe models are maliciously manipulated. To address these issues, we propose a new primitive called Reliable Consensus Sampling (RCS), that traces acceptance probability to tolerate extreme adversarial behaviors, improving robustness. RCS also eliminates the need for abstention entirely. We further develop a feedback algorithm to continuously and dynamically enhance the safety of RCS. We provide theoretical guarantees that RCS maintains a controllable risk threshold. Extensive experiments show that RCS significantly improves robustness and utility while maintaining latency comparable to CS. We hope this work contributes to the development of provably secure generative AI.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Elliptic curves with common torsion $x$-coordinates and hyperelliptic torsion packets

We establish a connection between torsion packets on curves of genus $2$ and pairs of elliptic curves realized as double covers of the projective line $\mathbb{P}_{x}^{1}$ that have many common torsion $x$-coordinates. This can be used to show that the set of common torsion $x$-coordinates has size at least $22$ infinitely often and has $34$ elements in some cases. We also explain how we obtained the current record example of a hyperelliptic torsion packet on a genus $2$ curve.

0 citations0 reviewsNo code linkedOpen access
preprint2019arXiv

Projective Equivalence for the Roots of Unity

Let $μ_{\infty}\subseteq\mathbb{C}$ be the collection of roots of unity and $\mathcal{C}_{n}:=\{(s_{1},\cdots,s_{n})\inμ_{\infty}^{n}:s_{i}\neq s_{j}\text{ for any }1\leq i<j\leq n\}$. Two elements $(s_{1},\cdots,s_{n})$ and $(t_{1},\cdots,t_{n})$ of $\mathcal{C}_{n}$ are said to be projectively equivalent if there exists $γ\in\text{PGL}(2,\mathbb{C})$ such that $γ(s_{i})=t_{i}$ for any $1\leq i\leq n$. In this article, we will give a complete classification for the projectively equivalent pairs. As a consequence, we will show that the maximal length for the nontrivial projectively equivalent pairs is $14$.

0 citations0 reviewsNo code linkedOpen access