publications

2025

1. Notion

   rLLM: A Framework for Post-Training Language Agents

   Sijun Tan*, Michael Luo*, Colin Cai*, Tarun Venkat, Kyle Montgomery, Aaron Hao, Tianhao Wu, Arnav Balyan, Manan Roongta, Chenguang Wang, Li Erran Li, Raluca Ada Popa, and Ion Stoica

   2025

   Blog Code
2. Notion

   DeepSWE: Training a State-of-the-Art Coding Agent from Scratch by Scaling RL

   Michael Luo^, Naman Jain^, Jaskirat Singh^, Sijun Tan^, Ameen Patel^, Qingyang Wu^, Alpay Ariyak^, Colin Cai^, Tarun Venkat, Shang Zhu, Ben Athiwaratkun, Manan Roongta, Ce Zhang, Li Erran Li, Raluca Ada Popa, Koushik Sen, and Ion Stoica

   2025

   Blog Code
3. preprint

   Auditing Black-Box LLM APIs with a Rank-Based Uniformity Test

   Xiaoyuan Zhu, Yaowen Ye, Tianyi Qiu, Hanlin Zhu, Sijun Tan, Ajraf Mannan, Jonathan Michala, Raluca Ada Popa, and Willie Neiswanger

   2025
4. Notion

   DeepCoder: A Fully Open-Source 14B Coder at O3-mini Level

   Michael Luo*, Sijun Tan*, Roy Huang*, Ameen Patel, Alpay Ariyak, Qingyang Wu, Xiaoxiang Shi, Rachel Xin, Colin Cai, Maurice Weber, Ce Zhang, Li Erran Li, Raluca Ada Popa, and Ion Stoica

   2025

   Blog Code
5. Notion

   DeepScaleR: Surpassing O1-Preview with a 1.5B Model by Scaling RL

   Michael Luo*, Sijun Tan*, Justin Wong, Xiaoxiang Shi, William Y. Tang, Manan Roongta, Colin Cai, Jeffrey Luo, Tianjun Zhang*, Li Erran Li, Raluca Ada Popa, and Ion Stoica

   2025

   Blog Code Website
6. ICLR

   JudgeBench: A Benchmark for Evaluating LLM-based Judges

   Sijun Tan*, Siyuan Zhuang*, Kyle Montgomery*, Willian Y. Tang, Alejandro Cuadron, Chenguang Wang, Raluca Ada Popa, and Ion Stoica

   International Conference on Learning Representations (ICLR), 2025

   Paper Code

2024

1. EMNLP

   LLoCO: Learning Long Contexts Offline

   Sijun Tan*, Xiuyu Li*, Shishir Patil, Ziyang Wu, Tianjun Zhang, Kurt Keutzer, Joseph E. Gonzalez, and Raluca Ada Popa

   Empirical Methods in Natural Language Processing (EMNLP), 2024

   Paper Code
2. preprint

   Proof of Sampling: A Nash Equilibrium-Secured Verification Protocol for Decentralized Systems

   Yue Zhang*, Shouqiao Wang*, Sijun Tan*, Xiaoyuan Liu, Raluca Ada Popa, and Ciamac C. Moallemi

   2024

   Paper
3. OSDI

   Flock: A Framework for Deploying On-Demand Distributed Trust

   Darya Kaviani*, Sijun Tan*, Pravein Govindan Kannan, and Raluca Ada Popa

   Operating Systems Design and Implementation (OSDI), 2024

   Paper Code

2023

1. IEEE S&P

   MPCAuth: Multi-factor Authentication for Distributed-trust Systems

   Sijun Tan, Weikeng Chen, Ryan Deng, and Raluca Ada Popa

   IEEE Symposium on Security and Privacy (Oakland), 2023

   Paper TL;DR

   Systems with distributed trust have attracted growing research attention and seen increasing industry adoptions. In these systems, critical secrets are distributed across N servers, and computations are performed privately using secure multi-party computation (SMPC). Authentication for these distributed-trust systems faces two challenges. The first challenge is ease-of-use. Namely, how can an authentication protocol maintain its user experience without sacrificing security? To avoid a central point of attack, a client needs to authenticate to each server separately. However, this would require the client to authenticate N times for each authentication factor, which greatly hampers usability. The second challenge is privacy, as the client’s sensitive profiles are now exposed to all N servers under different trust domains, which creates N times the attack surface for the profile data. To address both challenges, we present MPCAuth, a multi-factor authentication system for distributed-trust applications. Our system enables a client to authenticate to N servers independently with the work of only one authentication. In addition, our system is profile hiding, meaning that the client’s authentication profiles such as her email username, phone number, passwords, and biometric features are not revealed unless all servers are compromised. We propose secure and practical protocols for an array of widely adopted authentication factors, including email passcodes, SMS messages, U2F, security questions/passwords, and biometrics. Our system finds practical applications in the space of cryptocurrency custody and collaborative machine learning, and benefits future adoptions of distributed-trust applications.

2. ACSAC

   Secure Softmax/Sigmoid for Machine-learning Computation

   Yu Zheng, Qizhi Zhang, Sherman S. M. Chow, Yuxiang Peng, Sijun Tan, Lichun Li, and Shan Yin

   In Proceedings of the 39th Annual Computer Security Applications Conference (ACSAC), 2023

   Paper

2021

1. IEEE S&P

   CryptGPU: Fast Privacy Preserving Machine Learning on the GPU

   Sijun Tan, Brian Knott, Yuan Tian, and David J Wu

   IEEE Symposium on Security and Privacy (Oakland), 2021

   Paper TL;DR Code

   We introduce CryptGPU, a system for privacy-preserving machine learning that implements all operations on the GPU (graphics processing unit). Just as GPUs played a pivotal role in the success of modern deep learning, they are also essential for realizing scalable privacy-preserving deep learning. In this work, we start by introducing a new interface to losslessly embed cryptographic operations over secret-shared values (in a discrete domain) into floating-point operations that can be processed by highly-optimized CUDA kernels for linear algebra. We then identify a sequence of "GPU-friendly" cryptographic protocols to enable privacy-preserving evaluation of both linear and non-linear operations on the GPU. Our microbenchmarks indicate that our private GPU-based convolution protocol is over 150× faster than the analogous CPU-based protocol; for non-linear operations like the ReLU activation function, our GPU-based protocol is around 10× faster than its CPU analog. With CryptGPU, we support private inference and training on convolutional neural networks with over 60 million parameters as well as handle large datasets like ImageNet. Compared to the previous state-of-the-art, our protocols achieve a 2× to 8× improvement in private inference for large networks and datasets. For private training, we achieve a 6× to 36× improvement over prior state-of-the-art. Our work not only showcases the viability of performing secure multiparty computation (MPC) entirely on the GPU to newly enable fast privacy-preserving machine learning, but also highlights the importance of designing new MPC primitives that can take full advantage of the GPU’s computing capabilities.

2. NeurIPS

   Least Square Calibration for Peer Reviews

   Sijun Tan*, Jibang Wu*, Xiaohui Bei, and Haifeng Xu

   Conference on Neural Information Processing Systems (NeurIPS) 2021

   Paper