Moti Yung

Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.

Moti Yung
Alma materColumbia University
Scientific career
ThesisMinimum-Knowledge Transfer Protocol (1988)
Doctoral advisorZvi Galil
Doctoral students


Yung earned his PhD from Columbia University in 1988 under the supervision of Zvi Galil.[1] In the past, he worked at the IBM Thomas J. Watson Research Center,[2] CertCo, RSA Laboratories, and Google.[3] In 2016, Yung moved from Google to Snap Inc.[4] Yung is currently a research scientist at Google.[5]

Yung is an adjunct senior research faculty member at Columbia University[5] and has co-advised PhD students including Gödel Prize winner Matthew K. Franklin[1] and Jonathan Katz.[1]


Yung research covers primarily the area of cryptography and its applications to information security and data privacy. He has worked on defining and implementing malicious (offensive) cryptography: cryptovirology[6] and kleptography,[7] and on various other foundational and applied fields of cryptographic research, including: user and entity electronic authentication,[8][9]information-theoretic security,[10][11] secure multi-party computation,[12][13][14][15] threshold cryptosystems,[16][17] and zero-knowledge proofs,[18][19][20]


In 1996, Adam L. Young and Yung coined the term cryptovirology to denote the use of cryptography as an attack weapon via computer viruses and other malware in contrast to its traditional protective role.[6] In particular, they described the first instances of ransomware using public-key cryptography.[21][22]


In 1996, Adam L. Young and Yung introduced the notion of kleptography[7] to show how cryptography could be used to attack host cryptosystems where the malicious resulting system with the embedded cryptologic tool in it resists reverse-engineering and cannot be detected by interacting with the host cryptosystem,[23][24][25][26][27] as an argument against cryptographic systems and devices given by an external body as "black boxes" as was the Clipper chip and the Capstone program.[28]

After the 2013 Snowden affair, the NIST was believed to have mounted the first kleptographic attack against the American Federal Information Processing Standard detailing the Dual EC DRBG,[29] essentially exploiting the repeated discrete logarithm based "kleptogram" introduced by Young and Yung.[30]


Selected publicationsEdit

  • 1989: Universal one-way hash functions and their cryptographic applications (with M. Naor; ACM’s STOC).
  • 1990: Public-key cryptosystems provably secure against chosen ciphertext attacks (with M. Naor; ACM’s STOC).
  • 1991: How to withstand mobile virus attack (with Ostrovsky; ACM’s PODC).
  • 1992: Multi-Receiver/Multi-Sender Network Security: Efficient Authenticated Multicast/Feedback (with Desmedt and Frankel; IEEE's INFOCOM 1992)
  • 1999: Non-Interactive CryptoComputing For NC1 (with Sander and Young; IEEE's FOCS 1999).
  • 2000: Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation (with Katz; Fast Software Encryption (FSE)).
  • 2004: Malicious Cryptography: Exposing Cryptovirology (with A. Young; Wiley 2004: A book).
  • 2009: Efficient and secure authenticated key exchange using weak passwords (with Katz and Ostrovsky; JACM 57(1)).
  • 2009: A unified framework for the analysis of side-channel key recovery attacks (with Standaert and Malkin; Eurocrypt).
  • 2017: Generic Semantic Security against a Kleptographic Adversary (with A. Russell, Q. Tang, and H-S Zhou; ACM's CCS)


  1. ^ a b c Moti Yung at the Mathematics Genealogy Project
  2. ^ "IBM T.J. Watson: Cryptography Research". IBM Research. Retrieved October 29, 2020.
  3. ^ Moti Yung page: Google Research [1]
  4. ^ Dave, Paresh (March 29, 2016), "This week in L.A. tech: Three Day Rule lands funding, Snapchat snags encryption expert and Surf Air flies north", Los Angeles Times
  5. ^ a b "Moti Yung". IEEE Computer Society. Retrieved 28 December 2019.
  6. ^ a b c Young, A.; M. Yung (1996). Cryptovirology: extortion-based security threats and countermeasures. IEEE Symposium on Security and Privacy. pp. 129–140. doi:10.1109/SECPRI.1996.502676. ISBN 0-8186-7417-2.
  7. ^ a b Infosecurity Magazine: The Dark Side of Cryptography: Kleptography in Black-Box Implementations
  8. ^ Ray Bird, Inder S. Gopal, Amir Herzberg, Philippe A. Janson, Shay Kutten, Refik Molva, Moti Yung: Systematic Design of Two-Party Authentication Protocols. CRYPTO 1991: 44-61 [2]
  9. ^ John G. Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo, Moti Yung: Fourth-factor authentication: somebody you know. ACM Conference on Computer and Communications Security (CCS) 2006 [3]
  10. ^ Carlo Blundo, Alfredo De Santis, Amir Herzberg, Shay Kutten, Ugo Vaccaro, Moti Yung: Perfectly-Secure Key Distribution for Dynamic Conferences. CRYPTO 1992: 471-486 [4]
  11. ^ Danny Dolev, Cynthia Dwork, Orli Waarts, Moti Yung: Perfectly Secure Message Transmission. J. ACM 40(1): 17-47 (1993)[5]
  12. ^ R. Cramer, Introduction to Secure Computation
  13. ^ Zvi Galil, Stuart Haber, Moti Yung: Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model. CRYPTO 1987: 135-155 [6]
  14. ^ Matthew K. Franklin, Moti Yung: Communication Complexity of Secure Computation (Extended Abstract). STOC 1992: 699-710 [7]
  15. ^ VentureBeat: Google’s Private Join and Compute gives companies data insights while preserving privacy [8]
  16. ^ Alfredo De Santis, Yvo Desmedt, Yair Frankel, Moti Yung: How to share a function securely. STOC 1994: 522-533 [9]
  17. ^ NISTIR 8214: Threshold Schemes for Cryptographic Primitives -- Challenges and Opportunities in Standardization and Validation of Threshold Cryptography, by Luís T. A. N. Brandão, Nicky Mouha, and Apostol Vassilev [10]
  18. ^ Russell Impagliazzo, Moti Yung: Direct Minimum-Knowledge Computations. CRYPTO 1987: 40-51 [11]
  19. ^ Gilles Brassard, Claude Crépeau, Moti Yung: Constant-Round Perfect Zero-Knowledge Computationally Convincing Protocols. Theor. Comput. Sci. 84(1): 23-52 (1991)[12]
  20. ^ Andrew Chi-Chih Yao, Moti Yung, Yunlei Zhao: Concurrent Knowledge Extraction in Public-Key Models. J. Cryptology 29(1): 156-219 (2016)[13]
  21. ^ Skeptical Experts and Smart Attackers. Feb. 2 2013
  22. ^ Ransomware: The future of extortion By Jibu Elias September 04, 2017
  23. ^ Young, Adam; Yung, Moti (1996), "The Dark Side of "Black-Box" Cryptography or: Should We Trust Capstone?", Adam L. Young, Moti Yung: The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone? CRYPTO 1996: 89-103, Lecture Notes in Computer Science, 1109, p. 89, doi:10.1007/3-540-68697-5_8, ISBN 978-3-540-61512-5
  24. ^ Young, Adam; Yung, Moti (1997), "Kleptography: Using Cryptography Against Cryptography", Adam L. Young, Moti Yung: Kleptography: Using Cryptography Against Cryptography. EUROCRYPT 1997: 62-74, Lecture Notes in Computer Science, 1233, p. 62, doi:10.1007/3-540-69053-0_6, ISBN 978-3-540-62975-7
  25. ^ Young, Adam; Yung, Moti (1997), "The prevalence of kleptographic attacks on discrete-log based cryptosystems", Adam L. Young, Moti Yung: The Prevalence of Kleptographic Attacks on Discrete-Log Based Cryptosystems. CRYPTO 1997: 264-276, Lecture Notes in Computer Science, 1294, p. 264, doi:10.1007/BFb0052241, ISBN 978-3-540-63384-6
  26. ^ Young, Adam; Yung, Moti (1998), "Monkey: Black-Box Symmetric Ciphers Designed for MONopolizing KEYs", Adam L. Young, Moti Yung: Monkey: Black-Box Symmetric Ciphers Designed for MONopolizing KEYs. FSE 1998: 122-133, Lecture Notes in Computer Science, 1372, p. 122, doi:10.1007/3-540-69710-1_9, ISBN 978-3-540-64265-7
  27. ^ Young, Adam; Yung, Moti (2001), "Bandwidth-Optimal Kleptographic Attacks", Adam L. Young, Moti Yung: Bandwidth-Optimal Kleptographic Attacks. CHES 2001: 235-250, Lecture Notes in Computer Science, 2162, p. 235, doi:10.1007/3-540-44709-1_20, ISBN 978-3-540-42521-2
  28. ^ How to Design — And Defend Against — The Perfect Security Backdoor, Bruce Schneier, Wired Magazine, 10/16/2013[14]
  29. ^ Larry Greenemeier (18 September 2013). "NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography Standard". Scientific American.
  30. ^ Green, Matt, presentation: From Heartbleed to Juniper and Beyond (PDF)
  31. ^ IACR Distinguished Lectures, retrieved 2012-03-11
  32. ^ ACM Names Fellows for Computing Advances that Are Transforming Science and Society Archived 2014-07-22 at the Wayback Machine, Association for Computing Machinery, accessed 2013-12-10
  33. ^ Esorics Awards
  34. ^ IACR Moti Yung, IACR Fellow, 2014
  35. ^ SIGSAC Awards
  36. ^ [15] IEEE fellows 2015
  37. ^ [16] EATCS fellows
  38. ^ Moti Yung Received IEEE Computer Society 2018 W. Wallace McDowell Award
  39. ^ Yiannis Tsiounis, Moti Yung: On the Security of ElGamal Based Encryption. Public Key Cryptography 1998 117-134. Lecture Notes in Computer Science 1431, Springer, 1998 [17]
  40. ^ [18] PKC Test of Time Awards
  41. ^ [19] IEEE 2020 Symp. on Security and Privacy Best Paper Awards.
  42. ^ [20] Moti Yung Award Recipient

External linksEdit